Commit 9494134b authored by Simo Sorce's avatar Simo Sorce

Add thumbprint support to JWK

Signed-off-by: default avatarSimo Sorce <simo@redhat.com>

Closes #39
parent 9d5f953f
......@@ -31,7 +31,7 @@ def base64url_decode(payload):
def json_encode(string):
if isinstance(string, bytes):
string = string.decode('utf-8')
return json.dumps(string, separators=(',', ':'))
return json.dumps(string, separators=(',', ':'), sort_keys=True)
def json_decode(string):
......
......@@ -5,6 +5,7 @@ import os
from binascii import hexlify, unhexlify
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.asymmetric import rsa
......@@ -554,6 +555,20 @@ class JWK(object):
obj.import_from_pyca(key)
return obj
def thumbprint(self, hashalg=hashes.SHA256()):
"""Returns the key thumbprint as specified by RFC 7638.
:param hashalg: A hash function (defaults to SHA256)
"""
t = {'kty': self._params['kty']}
for name, val in iteritems(JWKValuesRegistry[t['kty']]):
if val[2] == 'Required':
t[name] = self._key[name]
digest = hashes.Hash(hashalg, backend=default_backend())
digest.update(bytes(json_encode(t).encode('utf8')))
return base64url_encode(digest.finalize())
class _JWKkeys(set):
......
......@@ -35,7 +35,9 @@ PublicKeys = {"keys": [
"nqDKgw",
"e": "AQAB",
"alg": "RS256",
"kid": "2011-04-29"}]}
"kid": "2011-04-29"}],
"thumbprints": ["cn-I_WNMClehiVp51i_0VpOENW1upEerA8sEam5hn-s",
"NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs"]}
# RFC 7517 - A.2
PrivateKeys = {"keys": [
......@@ -256,6 +258,13 @@ class TestJWK(unittest.TestCase):
ks3 = jwk.JWKSet.from_json(ks.export())
self.assertEqual(len(ks), len(ks3))
def test_thumbprint(self):
for i in range(0, len(PublicKeys['keys'])):
k = jwk.JWK(**PublicKeys['keys'][i])
self.assertEqual(
k.thumbprint(),
PublicKeys['thumbprints'][i])
# RFC 7515 - A.1
A1_protected = \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment