feat: update certificate hash algorithm to sha256

OfficeDev · Sep 26, 2024 · f284f06 · f284f06
1 parent 1b70004
commit f284f06
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 7 deletions.
diff --git a/packages/sdk/src/util/utils.node.ts b/packages/sdk/src/util/utils.node.ts
@@ -52,13 +52,13 @@ export function parseCertificate(
     internalLogger.error(errorMsg);
     throw new ErrorWithCode(errorMsg, ErrorCode.InvalidCertificate);
   }
-  const thumbprint = createHash("sha1")
+  const thumbprint = createHash("sha256")
     .update(Buffer.from(match[3], "base64"))
     .digest("hex")
     .toUpperCase();
 
   return {
-    thumbprint: thumbprint,
+    thumbprintSha256: thumbprint,
     privateKey: certificateContent,
   };
 }
diff --git a/packages/sdk/src/util/utils.ts b/packages/sdk/src/util/utils.ts
@@ -229,6 +229,6 @@ export function validateConfig(config: any): void {
  * @internal
  */
 export interface ClientCertificate {
-  thumbprint: string;
+  thumbprintSha256: string;
   privateKey: string;
 }
diff --git a/packages/sdk/test/unit/node/appCredential.spec.ts b/packages/sdk/test/unit/node/appCredential.spec.ts
@@ -62,8 +62,8 @@ fakeCert
     assert.strictEqual(credential.msalClient.config.auth.clientId, clientId);
     assert.strictEqual(credential.msalClient.config.auth.authority, authorityHost + "/" + tenantId);
     assert.strictEqual(
-      credential.msalClient.config.auth.clientCertificate.thumbprint,
-      "06BA994A93FF2138DC51E669EB284ABAB8112153" // thumbprint is calculated from certificate content "fakeCert"
+      credential.msalClient.config.auth.clientCertificate.thumbprintSha256,
+      "90AF5A3B906DCC32226BCCD6D369165CFB9F1E0FE123F0D18B7CC48261995A6C" // thumbprint is calculated from certificate content "fakeCert"
     );
     assert.strictEqual(credential.msalClient.config.auth.clientSecret, "");
   });

diff --git a/packages/sdk/test/unit/node/core/onBehalfOfUserCredential.spec.ts b/packages/sdk/test/unit/node/core/onBehalfOfUserCredential.spec.ts
@@ -134,8 +134,8 @@ fakeCert
 
     // certificateContent has higher priority than clientSecret
     assert.strictEqual(
-      oboCredential.msalClient.config.auth.clientCertificate.thumbprint,
-      "06BA994A93FF2138DC51E669EB284ABAB8112153" // thumbprint is calculated from certificate content "fakeCert"
+      oboCredential.msalClient.config.auth.clientCertificate.thumbprintSha256,
+      "90AF5A3B906DCC32226BCCD6D369165CFB9F1E0FE123F0D18B7CC48261995A6C" // thumbprint is calculated from certificate content "fakeCert"
     );
     assert.strictEqual(oboCredential.msalClient.config.auth.clientSecret, "");
   });