Java
Java
Create JWK Set Containing Certificates
See more Certificates Examples
Demonstrates how to create a JWK Set containing N certificates.Chilkat Java Downloads
import com.chilkatsoft.*;
public class ChilkatExample {
static {
try {
System.loadLibrary("chilkat");
} catch (UnsatisfiedLinkError e) {
System.err.println("Native code library failed to load.\n" + e);
System.exit(1);
}
}
public static void main(String argv[])
{
boolean success = false;
// This example creates the following JWK Set from two certificates:
// {
// "keys": [
// {
// "kty": "RSA",
// "use": "sig",
// "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
// "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
// "n": "nYf1jpn7cFdQ...9Iw",
// "e": "AQAB",
// "x5c": [
// "MIIDBTCCAe2...Z+NTZo"
// ]
// },
// {
// "kty": "RSA",
// "use": "sig",
// "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
// "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
// "n": "xHScZMPo8F...EO4QQ",
// "e": "AQAB",
// "x5c": [
// "MIIC8TCCAdmgA...Vt5432GA=="
// ]
// }
// ]
// }
// First get two certificates from files.
CkCert cert1 = new CkCert();
success = cert1.LoadFromFile("qa_data/certs/brasil_cert.pem");
if (success == false) {
System.out.println(cert1.lastErrorText());
return;
}
CkCert cert2 = new CkCert();
success = cert2.LoadFromFile("qa_data/certs/testCert.cer");
if (success == false) {
System.out.println(cert2.lastErrorText());
return;
}
// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
CkCrypt2 crypt = new CkCrypt2();
CkJsonObject json = new CkJsonObject();
// Let's begin with the 1st cert:
json.put_I(0);
json.UpdateString("keys[i].kty","RSA");
json.UpdateString("keys[i].use","sig");
String hexThumbprint = cert1.sha1Thumbprint();
String base64Thumbprint = crypt.reEncode(hexThumbprint,"hex","base64");
json.UpdateString("keys[i].kid",base64Thumbprint);
json.UpdateString("keys[i].x5t",base64Thumbprint);
// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
CkPublicKey pubKey = new CkPublicKey();
cert1.GetPublicKey(pubKey);
CkJsonObject pubKeyJwk = new CkJsonObject();
pubKeyJwk.Load(pubKey.getJwk());
json.UpdateString("keys[i].n",pubKeyJwk.stringOf("n"));
json.UpdateString("keys[i].e",pubKeyJwk.stringOf("e"));
// Now add the entire X.509 certificate
json.UpdateString("keys[i].x5c[0]",cert1.getEncoded());
// Now do the same for cert2..
json.put_I(1);
json.UpdateString("keys[i].kty","RSA");
json.UpdateString("keys[i].use","sig");
hexThumbprint = cert2.sha1Thumbprint();
base64Thumbprint = crypt.reEncode(hexThumbprint,"hex","base64");
json.UpdateString("keys[i].kid",base64Thumbprint);
json.UpdateString("keys[i].x5t",base64Thumbprint);
cert2.GetPublicKey(pubKey);
pubKeyJwk.Load(pubKey.getJwk());
json.UpdateString("keys[i].n",pubKeyJwk.stringOf("n"));
json.UpdateString("keys[i].e",pubKeyJwk.stringOf("e"));
// Now add the entire X.509 certificate
json.UpdateString("keys[i].x5c[0]",cert2.getEncoded());
// Emit the JSON..
json.put_EmitCompact(false);
System.out.println(json.emit());
}
}