Enum jwt_compact::Thumbprint

#[non_exhaustive]
pub enum Thumbprint<const N: usize> {
    Bytes([u8; N]),
    String(String),
}

Representation of a X.509 certificate thumbprint (x5t and x5t#S256 fields in the JWT Header).

As per the JWS spec in RFC 7515, a certificate thumbprint (i.e., the SHA-1 / SHA-256 digest of the certificate) must be base64url-encoded. Some JWS implementations however encode not the thumbprint itself, but rather its hex encoding, sometimes even with additional chars spliced within. To account for these implementations, a thumbprint is represented as an enum – either a properly encoded hash digest, or an opaque base64-encoded string.

Examples

let key = Hs256Key::new(b"super_secret_key_donut_steel");

// Creates a token with a custom-encoded SHA-1 thumbprint.
let thumbprint = "65:AF:69:09:B1:B0:75:8E:06:C6:E0:48:C4:60:02:B5:C6:95:E3:6B";
let header = Header::empty()
    .with_key_id("my_key")
    .with_certificate_sha1_thumbprint(thumbprint);
let token = Hs256.token(&header, &Claims::empty(), &key)?;
println!("{token}");

// Deserialize the token and check that its header fields are readable.
let token = UntrustedToken::new(&token)?;
let deserialized_thumbprint =
    token.header().certificate_sha1_thumbprint.as_ref();
assert_matches!(
    deserialized_thumbprint,
    Some(Thumbprint::String(s)) if s == thumbprint
);

Variants (Non-exhaustive)

Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

Bytes([u8; N])

Byte representation of a SHA-1 or SHA-256 digest.

String(String)

Opaque string representation of the thumbprint. It is the responsibility of an application to verify that this value is valid.

Trait Implementations

impl<const N: usize> Clone for Thumbprint<N>

fn clone(&self) -> Thumbprint<N>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<const N: usize> Debug for Thumbprint<N>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de, const N: usize> Deserialize<'de> for Thumbprint<N>

fn deserialize<D: Deserializer<'de>>(deserializer: D) -> Result<Self, D::Error>

Deserialize this value from the given Serde deserializer.

impl<const N: usize> From<&str> for Thumbprint<N>

fn from(s: &str) -> Self

Converts to this type from the input type.

impl<const N: usize> From<[u8; N]> for Thumbprint<N>

fn from(value: [u8; N]) -> Self

Converts to this type from the input type.

impl<const N: usize> From<String> for Thumbprint<N>

fn from(s: String) -> Self

Converts to this type from the input type.

impl<const N: usize> Hash for Thumbprint<N>

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl<const N: usize> PartialEq for Thumbprint<N>

fn eq(&self, other: &Thumbprint<N>) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl<const N: usize> Serialize for Thumbprint<N>

fn serialize<S: Serializer>(&self, serializer: S) -> Result<S::Ok, S::Error>

Serialize this value into the given Serde serializer.

impl<const N: usize> Eq for Thumbprint<N>

impl<const N: usize> StructuralPartialEq for Thumbprint<N>