mirror of
https://codeberg.org/tyy/aspm
synced 2024-12-23 02:29:29 -07:00
Adjust to new fingerprint algorithm
This commit is contained in:
parent
f70b1fcce8
commit
c59825b2fd
2 changed files with 27 additions and 14 deletions
|
@ -15,7 +15,7 @@ openssl = "0.10.55"
|
||||||
reqwest = "0.11.18"
|
reqwest = "0.11.18"
|
||||||
serde = { version = "1.0.164", features = ["derive"] }
|
serde = { version = "1.0.164", features = ["derive"] }
|
||||||
serde-email = "2.0.0"
|
serde-email = "2.0.0"
|
||||||
serde_json = "1.0.99"
|
serde_json = { version = "1.0.99", features = ["preserve_order"] }
|
||||||
sha2 = "0.10.7"
|
sha2 = "0.10.7"
|
||||||
thiserror = "1.0.40"
|
thiserror = "1.0.40"
|
||||||
tokio = { version = "1.28.2", features = ["macros", "rt-multi-thread"] }
|
tokio = { version = "1.28.2", features = ["macros", "rt-multi-thread"] }
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
use anyhow::{bail, Context};
|
use anyhow::{bail, Context};
|
||||||
use data_encoding::{BASE32_NOPAD, BASE64URL_NOPAD, BASE64_NOPAD};
|
use data_encoding::{BASE32_NOPAD, BASE64_NOPAD};
|
||||||
use josekit::{
|
use josekit::{
|
||||||
jwe::JweHeader,
|
jwe::JweHeader,
|
||||||
jwe::{self, alg::aesgcmkw::AesgcmkwJweAlgorithm::A256gcmkw},
|
jwe::{self, alg::aesgcmkw::AesgcmkwJweAlgorithm::A256gcmkw},
|
||||||
|
@ -10,6 +10,7 @@ use josekit::{
|
||||||
jws::ES256,
|
jws::ES256,
|
||||||
};
|
};
|
||||||
use openssl::pkey::PKey;
|
use openssl::pkey::PKey;
|
||||||
|
use serde_json::Map;
|
||||||
use sha2::{Digest, Sha512};
|
use sha2::{Digest, Sha512};
|
||||||
|
|
||||||
pub trait JwtExt {
|
pub trait JwtExt {
|
||||||
|
@ -22,18 +23,30 @@ pub trait JwtExt {
|
||||||
|
|
||||||
impl JwtExt for Jwk {
|
impl JwtExt for Jwk {
|
||||||
fn get_fingerprint(&self) -> anyhow::Result<String> {
|
fn get_fingerprint(&self) -> anyhow::Result<String> {
|
||||||
// Get the "x" value of the JWK
|
// Construct a JSON object with only the "crv", "kty", "x", and potentially "y" values
|
||||||
let fingerprint = self
|
let fingerprint: String = {
|
||||||
.parameter("x")
|
let mut map = Map::new();
|
||||||
.context(r#"Jwk "x" parameter was not present"#)?;
|
map.insert(
|
||||||
// Base64url decode the "x" value and use that as the public key value
|
"crv".to_string(),
|
||||||
let fingerprint = BASE64URL_NOPAD
|
self.curve()
|
||||||
.decode(
|
.context("Key did not contain a 'crv' value")?
|
||||||
// The as_str() can be unwrapped safely because it is impossible to create a Jwk struct where the "x" value is not a string
|
.into(),
|
||||||
fingerprint.as_str().unwrap().as_bytes(),
|
);
|
||||||
)
|
map.insert("kty".to_string(), self.key_type().into());
|
||||||
.unwrap(); // The decode() can be unwrapped safely because it is impossible to create a Jwk struct where the "x" value is not base64url decodable
|
map.insert(
|
||||||
// Sha512 hash the public key
|
"x".to_string(),
|
||||||
|
self.parameter("x")
|
||||||
|
.context("Key did not contain an 'x' value")?
|
||||||
|
.clone(),
|
||||||
|
);
|
||||||
|
if let Some(y) = self.parameter("y") {
|
||||||
|
map.insert("y".to_string(), y.clone());
|
||||||
|
}
|
||||||
|
|
||||||
|
serde_json::to_string(&map)
|
||||||
|
.context("Unable to serialize key into ordered, minimal JSON")?
|
||||||
|
};
|
||||||
|
// Sha512 hash the JSON
|
||||||
let fingerprint: Vec<u8> = {
|
let fingerprint: Vec<u8> = {
|
||||||
let mut hash = Sha512::new();
|
let mut hash = Sha512::new();
|
||||||
hash.update(fingerprint);
|
hash.update(fingerprint);
|
||||||
|
|
Loading…
Reference in a new issue