Skip to content

Instantly share code, notes, and snippets.

@fumieval
Created April 3, 2024 10:05
Show Gist options
  • Save fumieval/8dfd1363d8689a5a91dd84731bb384e0 to your computer and use it in GitHub Desktop.
Save fumieval/8dfd1363d8689a5a91dd84731bb384e0 to your computer and use it in GitHub Desktop.
Calculating JWK thumbprint of a X.509 certificate
import Crypto.Hash
import Crypto.JWT
import Crypto.JOSE.Types
import Data.Aeson as J
import Data.ByteArray.Encoding qualified as BA
import Data.ByteString.Lazy qualified as BL
import RIO
import Data.X509.File qualified as X509
import Data.Text.IO (putStrLn)
-- JSON Web Key (JWK) Thumbprint
-- https://datatracker.ietf.org/doc/html/rfc7638
calculateKid :: JWK -> Kid
calculateKid key = decodeUtf8Lenient
$ BA.convertToBase BA.Base64
$ hashWith SHA256
$ BL.toStrict
$ J.encode
$ key ^. jwkMaterial
inspectCertificate :: FilePath -> IO ()
inspectCertificate path = do
[cert] <- X509.readSignedObject path
case fromX509Certificate cert of
Left e -> putStrLn $ "Failed to parse certificate: " <> tshow (e :: JWTError)
Right key -> do
let thumb = calculateKid key
putStrLn $ "Thumbprint: " <> thumb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment