Add support for x5t#S256 header (#203)

2021-08-25 22:29:30 +02:00 · 2021-08-25 22:29:30 +02:00 · 6a7eec9030
parent a11106faff
commit 6a7eec9030
2 changed files with 21 additions and 5 deletions
--- a/src/header.rs
+++ b/src/header.rs
@ -50,11 +50,19 @@ pub struct Header {
    /// Defined in [RFC7515#4.1.6](https://tools.ietf.org/html/rfc7515#section-4.1.6).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub x5c: Option<Vec<String>>,
-    /// X.509 certificate thumbprint
+    /// X.509 SHA1 certificate thumbprint
    ///
    /// Defined in [RFC7515#4.1.7](https://tools.ietf.org/html/rfc7515#section-4.1.7).
    #[serde(skip_serializing_if = "Option::is_none")]
    pub x5t: Option<String>,
+    /// X.509 SHA256 certificate thumbprint
+    ///
+    /// Defined in [RFC7515#4.1.8](https://tools.ietf.org/html/rfc7515#section-4.1.8).
+    ///
+    /// This will be serialized/deserialized as "x5t#S256", as defined by the RFC.
+    #[serde(skip_serializing_if = "Option::is_none")]
+    #[serde(rename = "x5t#S256")]
+    pub x5t_s256: Option<String>,
 }

 impl Header {
@ -70,6 +78,7 @@ impl Header {
            x5u: None,
            x5c: None,
            x5t: None,
+            x5t_s256: None,
        }
    }

--- a/src/jwk.rs
+++ b/src/jwk.rs
@ -168,21 +168,28 @@ pub struct CommonParameters {
    pub key_id: Option<String>,

    /// X.509 Public key cerfificate URL. This is currently not implemented (correctly).
+    ///
    /// Serialized to `x5u`.
    #[serde(rename = "x5u", skip_serializing_if = "Option::is_none")]
    pub x509_url: Option<String>,

    /// X.509 public key certificate chain. This is currently not implemented (correctly).
+    ///
    /// Serialized to `x5c`.
    #[serde(rename = "x5c", skip_serializing_if = "Option::is_none")]
    pub x509_chain: Option<Vec<String>>,

-    /// X.509 Certificate thumbprint. This is currently not implemented (correctly).
-    /// Also not implemented, is the SHA-256 thumbprint variant of this header.
+    /// X.509 Certificate SHA1 thumbprint. This is currently not implemented (correctly).
+    ///
    /// Serialized to `x5t`.
-    // TODO: How to make sure the headers are mutually exclusive?
    #[serde(rename = "x5t", skip_serializing_if = "Option::is_none")]
-    pub x509_fingerprint: Option<String>,
+    pub x509_sha1_fingerprint: Option<String>,
+
+    /// X.509 Certificate SHA256 thumbprint. This is currently not implemented (correctly).
+    ///
+    /// Serialized to `x5t#S256`.
+    #[serde(rename = "x5t#S256", skip_serializing_if = "Option::is_none")]
+    pub x509_sha256_fingerprint: Option<String>,
 }

 /// Key type value for an Elliptic Curve Key.