| | | 1 | | <# |
| | | 2 | | .SYNOPSIS |
| | | 3 | | Computes an RFC 7638 JWK thumbprint for an RSA key. |
| | | 4 | | |
| | | 5 | | .DESCRIPTION |
| | | 6 | | Returns the Base64Url-encoded SHA-256 hash of the canonical JWK (RSA) built from the key's n and e values. |
| | | 7 | | You can provide either an X509Certificate2 (preferred) or a JWK hashtable with kty='RSA', n and e. |
| | | 8 | | |
| | | 9 | | .PARAMETER Certificate |
| | | 10 | | X.509 certificate containing an RSA public key. |
| | | 11 | | |
| | | 12 | | .PARAMETER Jwk |
| | | 13 | | Hashtable representing an RSA JWK with keys: kty, n, e. |
| | | 14 | | |
| | | 15 | | .EXAMPLE |
| | | 16 | | Get-KrJwkThumbprint -Certificate $cert |
| | | 17 | | |
| | | 18 | | .EXAMPLE |
| | | 19 | | Get-KrJwkThumbprint -Jwk @{ kty='RSA'; n=$n; e=$e } |
| | | 20 | | #> |
| | | 21 | | function Get-KrJwkThumbprint { |
| | | 22 | | [KestrunRuntimeApi('Everywhere')] |
| | | 23 | | [CmdletBinding(DefaultParameterSetName = 'Certificate')] |
| | | 24 | | [OutputType([string])] |
| | | 25 | | param( |
| | | 26 | | [Parameter(Mandatory, ParameterSetName = 'Certificate', Position = 0)] |
| | | 27 | | [System.Security.Cryptography.X509Certificates.X509Certificate2] |
| | | 28 | | $Certificate, |
| | | 29 | | |
| | | 30 | | [Parameter(Mandatory, ParameterSetName = 'Jwk', Position = 0)] |
| | | 31 | | [hashtable] |
| | | 32 | | $Jwk |
| | | 33 | | ) |
| | | 34 | | |
| | 0 | 35 | | switch ($PSCmdlet.ParameterSetName) { |
| | | 36 | | 'Certificate' { |
| | 0 | 37 | | return [Kestrun.Jwt.JwkUtilities]::ComputeThumbprintFromCertificate($Certificate) |
| | | 38 | | } |
| | | 39 | | 'Jwk' { |
| | 0 | 40 | | if (-not $Jwk.kty -or $Jwk.kty -ne 'RSA' -or -not $Jwk.n -or -not $Jwk.e) { |
| | 0 | 41 | | throw "JWK must include kty='RSA', n and e" |
| | | 42 | | } |
| | 0 | 43 | | return [Kestrun.Jwt.JwkUtilities]::ComputeThumbprintRsa([string]$Jwk.n, [string]$Jwk.e) |
| | | 44 | | } |
| | | 45 | | } |
| | | 46 | | } |