1
0
Fork 0
mirror of https://codeberg.org/tyy/aspm synced 2024-12-23 02:29:29 -07:00

Adjust to new fingerprint algorithm

This commit is contained in:
Tyler Beckman 2023-07-29 18:29:18 -06:00
parent f70b1fcce8
commit c59825b2fd
Signed by: Ty
GPG key ID: 2813440C772555A4
2 changed files with 27 additions and 14 deletions

View file

@ -15,7 +15,7 @@ openssl = "0.10.55"
reqwest = "0.11.18" reqwest = "0.11.18"
serde = { version = "1.0.164", features = ["derive"] } serde = { version = "1.0.164", features = ["derive"] }
serde-email = "2.0.0" serde-email = "2.0.0"
serde_json = "1.0.99" serde_json = { version = "1.0.99", features = ["preserve_order"] }
sha2 = "0.10.7" sha2 = "0.10.7"
thiserror = "1.0.40" thiserror = "1.0.40"
tokio = { version = "1.28.2", features = ["macros", "rt-multi-thread"] } tokio = { version = "1.28.2", features = ["macros", "rt-multi-thread"] }

View file

@ -1,5 +1,5 @@
use anyhow::{bail, Context}; use anyhow::{bail, Context};
use data_encoding::{BASE32_NOPAD, BASE64URL_NOPAD, BASE64_NOPAD}; use data_encoding::{BASE32_NOPAD, BASE64_NOPAD};
use josekit::{ use josekit::{
jwe::JweHeader, jwe::JweHeader,
jwe::{self, alg::aesgcmkw::AesgcmkwJweAlgorithm::A256gcmkw}, jwe::{self, alg::aesgcmkw::AesgcmkwJweAlgorithm::A256gcmkw},
@ -10,6 +10,7 @@ use josekit::{
jws::ES256, jws::ES256,
}; };
use openssl::pkey::PKey; use openssl::pkey::PKey;
use serde_json::Map;
use sha2::{Digest, Sha512}; use sha2::{Digest, Sha512};
pub trait JwtExt { pub trait JwtExt {
@ -22,18 +23,30 @@ pub trait JwtExt {
impl JwtExt for Jwk { impl JwtExt for Jwk {
fn get_fingerprint(&self) -> anyhow::Result<String> { fn get_fingerprint(&self) -> anyhow::Result<String> {
// Get the "x" value of the JWK // Construct a JSON object with only the "crv", "kty", "x", and potentially "y" values
let fingerprint = self let fingerprint: String = {
.parameter("x") let mut map = Map::new();
.context(r#"Jwk "x" parameter was not present"#)?; map.insert(
// Base64url decode the "x" value and use that as the public key value "crv".to_string(),
let fingerprint = BASE64URL_NOPAD self.curve()
.decode( .context("Key did not contain a 'crv' value")?
// The as_str() can be unwrapped safely because it is impossible to create a Jwk struct where the "x" value is not a string .into(),
fingerprint.as_str().unwrap().as_bytes(), );
) map.insert("kty".to_string(), self.key_type().into());
.unwrap(); // The decode() can be unwrapped safely because it is impossible to create a Jwk struct where the "x" value is not base64url decodable map.insert(
// Sha512 hash the public key "x".to_string(),
self.parameter("x")
.context("Key did not contain an 'x' value")?
.clone(),
);
if let Some(y) = self.parameter("y") {
map.insert("y".to_string(), y.clone());
}
serde_json::to_string(&map)
.context("Unable to serialize key into ordered, minimal JSON")?
};
// Sha512 hash the JSON
let fingerprint: Vec<u8> = { let fingerprint: Vec<u8> = {
let mut hash = Sha512::new(); let mut hash = Sha512::new();
hash.update(fingerprint); hash.update(fingerprint);