Need some information on below if anyone implemented below? How to generate x5t#S256 value within apigee?
https://datatracker.ietf.org/doc/html/rfc8705#section-3.1
To represent the hash of a certificate in a JWT, this specification
defines the new JWT Confirmation Method [RFC7800] member "x5t#S256" for the X.509 Certificate SHA-256 Thumbprint. The value of the "x5t#S256" member is a base64url-encoded [RFC4648] SHA-256 [SHS] hash (a.k.a., thumbprint, fingerprint, or digest) of the DER encoding
[X690] of the X.509 certificate [RFC5280]. The base64url-encoded
value MUST omit all trailing pad '=' characters and MUST NOT include
any line breaks, whitespace, or other additional characters.
Is it just extracting certificate thumbprint and performing base64 url encoding & omit the trailing pad & any line breaks, whitespace or anything more to it?
Any reference?
Thanks.
Solved! Go to Solution.
Was able to figure out..
Just FYI: May be below will help.. General command line way.
echo "<<Place SHA256 thumbprint of cert>>" |xxd -r -p | openssl enc -a | tr -d '=' | tr '/+' '_-'
Java(snippet):
MessageDigest sha256 = MessageDigest.getInstance("SHA-256"); //Use a sha-256 MessageDigest instance
byte[] x5tS256 = sha256.digest(cert.getEncoded()); //cert is X509Certificate - Hash the bytes of the entire certificate
String encodedx5tS256 = Base64.getUrlEncoder().withoutPadding()
.encodeToString(x5tS256);
Once you have the value which you can use it in "x5t#S256" confirmation method member while generating JWT token using apigee JWT policies..
Was able to figure out..
Just FYI: May be below will help.. General command line way.
echo "<<Place SHA256 thumbprint of cert>>" |xxd -r -p | openssl enc -a | tr -d '=' | tr '/+' '_-'
Java(snippet):
MessageDigest sha256 = MessageDigest.getInstance("SHA-256"); //Use a sha-256 MessageDigest instance
byte[] x5tS256 = sha256.digest(cert.getEncoded()); //cert is X509Certificate - Hash the bytes of the entire certificate
String encodedx5tS256 = Base64.getUrlEncoder().withoutPadding()
.encodeToString(x5tS256);
Once you have the value which you can use it in "x5t#S256" confirmation method member while generating JWT token using apigee JWT policies..
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |