fix: allow sha256, sha384, sha512 hash functions in thumbprint, via #30

Author: lepture

pyproject.toml

@@ -59,6 +59,9 @@ dev-dependencies = [
     "ruff>=0.9.2",
 ]
 
+[tool.rye.scripts]
+test-cov = "pytest --cov --cov-report=html"
+
 [tool.ruff]
 line-length = 120
 

src/joserfc/rfc7517/models.py

@@ -80,6 +80,7 @@ class BaseKey(t.Generic[NativePrivateKey, NativePublicKey], metaclass=ABCMeta):
     value_registry: t.ClassVar[KeyParameterRegistryDict]
     param_registry: t.ClassVar[KeyParameterRegistryDict] = JWK_PARAMETER_REGISTRY
     operation_registry: t.ClassVar[KeyOperationRegistryDict] = JWK_OPERATION_REGISTRY
+    thumbprint_digest_method: t.ClassVar[t.Literal["sha256", "sha384", "sha512"]] = 'sha256'
 
     def __init__(
             self,
@@ -159,7 +160,7 @@ def thumbprint(self) -> str:
         defined in RFC7638."""
         fields = [k for k in self.value_registry if self.value_registry[k].required]
         fields.append("kty")
-        return thumbprint(self.dict_value, fields)
+        return thumbprint(self.dict_value, fields, self.thumbprint_digest_method)
 
     def as_dict(self, private: t.Optional[bool] = None, **params: t.Any) -> DictKey:
         """Output this key to a JWK format (in dict). By default, it will return

src/joserfc/rfc7638/__init__.py

@@ -4,13 +4,18 @@
 from ..util import to_bytes, json_dumps, urlsafe_b64encode
 
 
-def thumbprint(dict_value: t.Dict[str, t.Any], fields: t.List[str]) -> str:
+def thumbprint(
+    dict_value: t.Dict[str, t.Any],
+    fields: t.List[str],
+    digest_method: t.Literal['sha256', 'sha384', 'sha512'] = 'sha256',
+) -> str:
     sorted_fields = sorted(fields)
 
     data = OrderedDict()
     for k in sorted_fields:
         data[k] = dict_value[k]
 
     json_data = json_dumps(data)
-    digest_data = hashlib.sha256(to_bytes(json_data)).digest()
+    hash_value = hashlib.new(digest_method, to_bytes(json_data))
+    digest_data = hash_value.digest()
     return urlsafe_b64encode(digest_data).decode("utf-8")