From 904cbeed1b4714f8c2e122830339ceb70f469d39 Mon Sep 17 00:00:00 2001
From: Yvo Brevoort <yvo@muze.nl>
Date: Fri, 7 Feb 2025 16:03:41 +0100
Subject: [PATCH 1/3] for for the generation of the JWK Thumbprint

---
 src/Utils/DPop.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Utils/DPop.php b/src/Utils/DPop.php
index 51d6d76..1e4acdf 100644
--- a/src/Utils/DPop.php
+++ b/src/Utils/DPop.php
@@ -140,7 +140,7 @@ public function makeJwkThumbprint($jwk) {
 				$jwk['y']
 			]);			
 		}
-		$hash    = hash('sha256', $json);
+		$hash    = hash('sha256', json_encode($json), true);
 		$encoded = Base64Url::encode($hash);
 		return $encoded;
 	}

From 5c39a2bf7fba188ee52aba50692080e4f5007e9e Mon Sep 17 00:00:00 2001
From: Yvo Brevoort <yvo@muze.nl>
Date: Fri, 7 Feb 2025 16:24:40 +0100
Subject: [PATCH 2/3] add test for thumb calculation based on the RFC example

---
 tests/unit/Utils/DPOPTest.php | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/tests/unit/Utils/DPOPTest.php b/tests/unit/Utils/DPOPTest.php
index b86515b..3157257 100644
--- a/tests/unit/Utils/DPOPTest.php
+++ b/tests/unit/Utils/DPOPTest.php
@@ -619,6 +619,27 @@ final public function testGetWebIdWithDpop(): void
         $this->assertEquals(self::MOCK_SUBJECT, $actual);
     }
 
+    /**
+     * @testdox makeJwkThumbprint test with a known key and expected result
+     *
+     * @covers ::makeJwkThumbprint
+     *
+     * @uses \Pdsinterop\Solid\Auth\Utils\DPop::makeJwkThumbprint
+     */
+    final public function testMakeJwkThumbprint(): void
+    {
+        $mockJtiValidator = $this->createMockJtiValidator();
+        $dpop = new DPop($mockJtiValidator);
+
+        // Example thumbprint calculation from https://www.rfc-editor.org/rfc/rfc7638#ref-SHS
+        $jwk = json_decode('{"kty": "RSA","n": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw","e": "AQAB","alg": "RS256","kid": "2011-04-29"}', true);
+        $expectedThumbprint = 'NzbLsXh8uDCcd-6MNwXF4W_7noWXFZAfHkxZsRGC9Xs';
+
+        $actual = $dpop->makeJwkThumbprint($jwk);
+
+        $this->assertEquals($expectedThumbprint, $actual);
+    }
+
     ////////////////////////////// MOCKS AND STUBS \\\\\\\\\\\\\\\\\\\\\\\\\\\\\
 
     private function createMockJtiValidator()

From f385692aa97efc655a2e6141463da2b41b4dfdad Mon Sep 17 00:00:00 2001
From: Yvo Brevoort <yvo@muze.nl>
Date: Fri, 7 Feb 2025 16:25:00 +0100
Subject: [PATCH 3/3] fix calculation

---
 src/Utils/DPop.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Utils/DPop.php b/src/Utils/DPop.php
index 1e4acdf..2e40ec0 100644
--- a/src/Utils/DPop.php
+++ b/src/Utils/DPop.php
@@ -140,7 +140,7 @@ public function makeJwkThumbprint($jwk) {
 				$jwk['y']
 			]);			
 		}
-		$hash    = hash('sha256', json_encode($json), true);
+		$hash    = hash('sha256', $json, true);
 		$encoded = Base64Url::encode($hash);
 		return $encoded;
 	}