jwks checking and making sure you key is valid


Let's say you're given a JWKS endpoint and you would like to check if the thumbprint and the certificate matches.

How to validate JWKS x5t and x5c

Get the thumbprint 

Given the following PEM certificate 

-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIJONNUmCmK7IXsMA0GCSqGSIb3DQEBCwUAMB4xHDAaBgNVBAMTE2tlcHVuZ2FwcC5hdXRoMC5jb20wHhcNMjAwMzExMjEyMjU5WhcNMzMxMTE4MjEyMjU5WjAeMRwwGgYDVQQDExNrZXB1bmdhcHAuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0elaWKPAE845DDF3m6oMc6pKqEvqAU4fBPU5YFEMqV59SZZJ8ovmBdkktfXCyy6/QNTnFI+JSZX0LeLvh3PpHKF1T0xdXkP9Q8KdP8NeQkmckYdc2TX1dfERxfHR0tK6R6L1CK6xohEsxcIXA8NdfHSUCnT+cbSFeDnb0/pUkIhcXOGVkrijoYHFBFhhISlG6cRhe/NTRPbwyo7YYGr/IC45xSz4hrCZt8Qx1x/oIdDfPakOiLw5ThxVIh8GUaZYpz3DPjGfigOaOYFd8l+i1aGyJHfT86mtI5qwP5BGMCKcUbn++6do+EfGirM6tMJ9Pik5ra3DYr4q305FgzyXQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQaBvGaWIDv/axzCxtYKOACgR63vzAOBgNVHQ8BAf8EBAMCAoQwDQYJKoZIhvcNAQELBQADggEBAI3RPqveXDDKUEoO6aqv5AYOK5ZFswdQdiUMsO+S8AqFDEMeTykQ19n2G+6lV1bvxwhy+NDTBvwwsZFQ2CuhPFu19eJfwE6pmDxRYxrAGy06NnMwCn2adw9pnkYWdGrHfR6ggrsPubxFOgD4hmC1Rl4wBEBzOOIyllGlNcsGCKYd63KTx2qmjPAIuiebVQhckl4riGfSiHi/pz3ojhJ/6NQgEIxPJUpXAeYjGeJ5cPuxc/OnGXXplRiaKMv55icOJbhzLIRA3ezZZpJ41ksp2/jnU6b3YEjFCc6tQzYtC0FIgVF4MgaZwyhnnT1HXcJ4EGL3AASP+uO/y823WKS2fRI=
-----END CERTIFICATE-----

You can check details of this cer by 

certutil -dump .\tet.cer (assuming you store it as tet.cer 

Or you can use this online tool here: https://www.samltool.com/fingerprint.php

You can see the it has the value - e04cc2c2f7c472b2907616c10eeea33d285c0be2

image.png

This is a hex value and you need to convert it to base64 - which is used by x5t. 

Go to this URL or use your own text editor 


Ensure the bytes and paste your e04cc2c2f7c472b2907616c10eeea33d285c0be2 to the textbox (underline with red).

Make sure you have selected Base64URL in the ENCODE/DECODE (middle part of the UI).





That would provide you with the 'based64 of 4EzCwvfEcrKQdhbBDu6jPShcC-I=

That's it! 

Comments

Post a Comment

Popular posts from this blog

The specified initialization vector (IV) does not match the block size for this algorithm

Image
If you're getting  exception when trying to assigned key to a symmetric key and getting error message below :- The specified initialization vector (IV) does not match the block size for this algorithm And your code probably look like something below :- Then you need to go into debug mode and start looking into the supported size for IV as shown in diagram below :- As you can see, IV is 16 bytes, so you need to provide 16 bytes. The same goes for Key field too, if you're adding anything to it. As long as you provide a valid key size, then we're good and you're code will be ready.
Read more