Source code

001package com.nimbusds.jose.jwk;
002
003
004import java.nio.charset.Charset;
005import java.security.MessageDigest;
006import java.security.NoSuchAlgorithmException;
007import java.util.LinkedHashMap;
008
009import net.minidev.json.JSONObject;
010
011import com.nimbusds.jose.JOSEException;
012import com.nimbusds.jose.util.Base64URL;
013
014
015/**
016 * Thumbprint utilities.
017 *
018 * <p>See RFC 7638.
019 *
020 * @author Vladimir Dzhuvinov
021 * @version 2015-09-28
022 */
023public final class ThumbprintUtils {
024
025
026        /**
027         * Computes the SHA-256 thumbprint for the specified JWK.
028         *
029         * @param jwk The JWK. Must not be {@code null}.
030         *
031         * @return The JWK thumbprint.
032         *
033         * @throws JOSEException If the SHA-256 hash algorithm is not
034         *                       supported.
035         */
036        public static Base64URL compute(final JWK jwk)
037                throws JOSEException {
038
039                return compute("SHA-256", jwk);
040        }
041
042
043        /**
044         * Computes the thumbprint for the specified JWK.
045         *
046         * @param hashAlg The hash algorithm. Must not be {@code null}.
047         * @param jwk     The JWK. Must not be {@code null}.
048         *
049         * @return The JWK thumbprint.
050         *
051         * @throws JOSEException If the hash algorithm is not supported.
052         */
053        public static Base64URL compute(final String hashAlg, final JWK jwk)
054                throws JOSEException {
055
056                final LinkedHashMap<String,?> orderedParams = jwk.getRequiredParams();
057
058                return compute(hashAlg, orderedParams);
059        }
060
061
062        /**
063         * Computes the thumbprint for the specified required JWK parameters.
064         *
065         * @param hashAlg The hash algorithm. Must not be {@code null}.
066         * @param params  The required JWK parameters, alphanumerically sorted
067         *                by parameter name and ready for JSON object
068         *                serialisation. Must not be {@code null}.
069         *
070         * @return The JWK thumbprint.
071         *
072         * @throws JOSEException If the hash algorithm is not supported.
073         */
074        public static Base64URL compute(final String hashAlg, final LinkedHashMap<String,?> params)
075                throws JOSEException {
076
077                final String json = JSONObject.toJSONString(params);
078
079                final MessageDigest md;
080
081                try {
082                        md = MessageDigest.getInstance(hashAlg);
083
084                } catch (NoSuchAlgorithmException e) {
085
086                        throw new JOSEException("Couldn't compute JWK thumbprint: Unsupported hash algorithm: " + e.getMessage(), e);
087                }
088
089                md.update(json.getBytes(Charset.forName("UTF-8")));
090
091                return Base64URL.encode(md.digest());
092        }
093}