private static string ComputeSHA256Thumbprint(string jwk, ThumbprintEncoding thumbprintEncoding, byte?truncate = null)
{
var jwkBytes = Encoding.UTF8.GetBytes(jwk);
using (var hashAlgorithm = SHA256.Create())
{
var hash = hashAlgorithm.ComputeHash(jwkBytes);
if (truncate.HasValue)
{
hash = hash.Take(truncate.Value).ToArray();
}
if (thumbprintEncoding == ThumbprintEncoding.Base64Url)
{
return(WebEncoders.Base64UrlEncode(hash));
}
else if (thumbprintEncoding == ThumbprintEncoding.Base62)
{
return(new Base62Converter().Encode(hash));
}
else
{
throw new NotSupportedException($"Thumbprint encoding {thumbprintEncoding} not supported.");
}
}
}
/// <summary>
/// Computes a thumbprint of the JWK using SHA-256 as per https://tools.ietf.org/html/rfc7638, JSON Web Key (JWK) Thumbprint.
/// </summary>
/// <param name="kty">JWA key type.</param>
/// <param name="e">RSA exponent parameter (required for kty=RSA).</param>
/// <param name="n">RSA modulus parameter (required for kty=RSA).</param>
/// <param name="thumbprintEncoding">Decides how the thumbprint should be encoded.</param>
/// <param name="truncate">Truncates the thumbprint with the given number of bytes (by taking the leftmost bytes from the hash) before applying the encoding.</param>
public static string ComputeSHA256ThumbprintRSA(
string kty,
byte[] e,
byte[] n,
ThumbprintEncoding thumbprintEncoding,
byte?truncate = null) =>
ComputeSHA256Thumbprint(SerializeRSA(kty, e, n), thumbprintEncoding, truncate);
/// <summary>
/// Computes a thumbprint of the JWK using SHA-256 as per https://tools.ietf.org/html/rfc7638, JSON Web Key (JWK) Thumbprint.
/// </summary>
/// <param name="kty">JWA key type.</param>
/// <param name="crv">Curve type (required for kty=EC).</param>
/// <param name="x">EC x coordinate (required for kty=EC).</param>
/// <param name="y">EC y coordinate (required for kty=EC).</param>
/// <param name="thumbprintEncoding">Decides how the thumbprint should be encoded.</param>
/// <param name="truncate">Truncates the thumbprint with the given number of bytes (by taking the leftmost bytes from the hash) before applying the encoding.</param>
public static string ComputeSHA256ThumbprintEC(
string kty,
string crv,
byte[] x,
byte[] y,
ThumbprintEncoding thumbprintEncoding,
byte?truncate = null) =>
ComputeSHA256Thumbprint(SerializeEC(kty, crv, x, y), thumbprintEncoding, truncate);
/// <summary>
/// Computes a thumbprint of the JWK using SHA-256 as per https://tools.ietf.org/html/rfc7638, JSON Web Key (JWK) Thumbprint.
/// </summary>
/// <param name="kty">JWA key type.</param>
/// <param name="k">'k' (Symmetric - Key Value).</param>
/// <param name="thumbprintEncoding">Decides how the thumbprint should be encoded.</param>
/// <param name="truncate">Truncates the thumbprint with the given number of bytes (by taking the leftmost bytes from the hash) before applying the encoding.</param>
public static string ComputeSHA256ThumbprintOctet(
string kty,
byte[] k,
ThumbprintEncoding thumbprintEncoding,
byte?truncate = null) =>
ComputeSHA256Thumbprint(SerializeOctet(kty, k), thumbprintEncoding, truncate);
