Extend JWS to support Key ID.
Imported from https://youtrack.roxen.com/issue/PIKE-37
Reported by @grubba
Blocked by PIKE-38
ACME draft 7 6.2:
JWS objects sent in ACME requests MUST meet the following additional
criteria:
o The JWS MUST NOT have the value "none" in its "alg" field
o The JWS MUST NOT have a Message Authentication Code (MAC)-based
algorithm in its "alg" field
o The JWS Protected Header MUST include the following fields:
Barnes, et al. Expires December 23, 2017 [Page 9]
Internet-Draft ACME June 2017
* "alg" (Algorithm)
* "jwk" (JSON Web Key, only for requests to new-account and
revoke-cert resources)
* "kid" (Key ID, for all other requests)
* "nonce" (defined in Section 6.4 below)
* "url" (defined in Section 6.3 below)
The "jwk" and "kid" fields are mutually exclusive. Servers MUST
reject requests that contain both.
For new-account requests, and for revoke-cert requests authenticated
by certificate key, there MUST be a "jwk" field.
For all other requests, there MUST be a "kid" field. This field must
contain the account URL received by POSTing to the new-account
resource.