fumieval/rfc7638.hs

## rfc7638.hs
import Crypto.Hash
import Crypto.JWT
import Crypto.JOSE.Types
import Data.Aeson as J
import Data.ByteArray.Encoding qualified as BA
import Data.ByteString.Lazy qualified as BL
import RIO
import Data.X509.File qualified as X509
import Data.Text.IO (putStrLn)

-- JSON Web Key (JWK) Thumbprint
-- https://datatracker.ietf.org/doc/html/rfc7638
calculateKid :: JWK -> Kid
calculateKid key = decodeUtf8Lenient
  $ BA.convertToBase BA.Base64
  $ hashWith SHA256
  $ BL.toStrict
  $ J.encode
  $ key ^. jwkMaterial

inspectCertificate :: FilePath -> IO ()
inspectCertificate path = do
  [cert] <- X509.readSignedObject path
  case fromX509Certificate cert of
    Left e -> putStrLn $ "Failed to parse certificate: " <> tshow (e :: JWTError)
    Right key -> do
      let thumb = calculateKid key
      putStrLn $ "Thumbprint: " <> thumb
	import Crypto.Hash
	import Crypto.JWT
	import Crypto.JOSE.Types
	import Data.Aeson as J
	import Data.ByteArray.Encoding qualified as BA
	import Data.ByteString.Lazy qualified as BL
	import RIO
	import Data.X509.File qualified as X509
	import Data.Text.IO (putStrLn)

	-- JSON Web Key (JWK) Thumbprint
	-- https://datatracker.ietf.org/doc/html/rfc7638
	calculateKid :: JWK -> Kid
	calculateKid key = decodeUtf8Lenient
	$ BA.convertToBase BA.Base64
	$ hashWith SHA256
	$ BL.toStrict
	$ J.encode
	$ key ^. jwkMaterial

	inspectCertificate :: FilePath -> IO ()
	inspectCertificate path = do
	[cert] <- X509.readSignedObject path
	case fromX509Certificate cert of
	Left e -> putStrLn $ "Failed to parse certificate: " <> tshow (e :: JWTError)
	Right key -> do
	let thumb = calculateKid key
	putStrLn $ "Thumbprint: " <> thumb