Created
April 3, 2024 10:05
-
-
Save fumieval/8dfd1363d8689a5a91dd84731bb384e0 to your computer and use it in GitHub Desktop.
Calculating JWK thumbprint of a X.509 certificate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import Crypto.Hash | |
| import Crypto.JWT | |
| import Crypto.JOSE.Types | |
| import Data.Aeson as J | |
| import Data.ByteArray.Encoding qualified as BA | |
| import Data.ByteString.Lazy qualified as BL | |
| import RIO | |
| import Data.X509.File qualified as X509 | |
| import Data.Text.IO (putStrLn) | |
| -- JSON Web Key (JWK) Thumbprint | |
| -- https://datatracker.ietf.org/doc/html/rfc7638 | |
| calculateKid :: JWK -> Kid | |
| calculateKid key = decodeUtf8Lenient | |
| $ BA.convertToBase BA.Base64 | |
| $ hashWith SHA256 | |
| $ BL.toStrict | |
| $ J.encode | |
| $ key ^. jwkMaterial | |
| inspectCertificate :: FilePath -> IO () | |
| inspectCertificate path = do | |
| [cert] <- X509.readSignedObject path | |
| case fromX509Certificate cert of | |
| Left e -> putStrLn $ "Failed to parse certificate: " <> tshow (e :: JWTError) | |
| Right key -> do | |
| let thumb = calculateKid key | |
| putStrLn $ "Thumbprint: " <> thumb |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment