(JavaScript) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Note: This example requires Chilkat v11.0.0 or greater.

Note

This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat v11.4.0 or greater.

var success = false;

// This example creates the following JWK Set from two certificates:

// {
//   "keys": [
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "n": "nYf1jpn7cFdQ...9Iw",
//       "e": "AQAB",
//       "x5c": [
//         "MIIDBTCCAe2...Z+NTZo"
//       ]
//     },
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "n": "xHScZMPo8F...EO4QQ",
//       "e": "AQAB",
//       "x5c": [
//         "MIIC8TCCAdmgA...Vt5432GA=="
//       ]
//     }
//   ]
// }

// First get two certificates from files.
var cert1 = new CkCert();
success = cert1.LoadFromFile("qa_data/certs/brasil_cert.pem");
if (success == false) {
    console.log(cert1.LastErrorText);
    return;
}

var cert2 = new CkCert();
success = cert2.LoadFromFile("qa_data/certs/testCert.cer");
if (success == false) {
    console.log(cert2.LastErrorText);
    return;
}

// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
var crypt = new CkCrypt2();

var json = new CkJsonObject();

// Let's begin with the 1st cert:
json.I = 0;
json.UpdateString("keys[i].kty","RSA");
json.UpdateString("keys[i].use","sig");

var hexThumbprint = cert1.Sha1Thumbprint;
var base64Thumbprint = crypt.ReEncode(hexThumbprint,"hex","base64");
json.UpdateString("keys[i].kid",base64Thumbprint);
json.UpdateString("keys[i].x5t",base64Thumbprint);

// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
var pubKey = new CkPublicKey();
cert1.GetPublicKey(pubKey);

var pubKeyJwk = new CkJsonObject();
pubKeyJwk.Load(pubKey.GetJwk());
json.UpdateString("keys[i].n",pubKeyJwk.StringOf("n"));
json.UpdateString("keys[i].e",pubKeyJwk.StringOf("e"));

// Now add the entire X.509 certificate 
json.UpdateString("keys[i].x5c[0]",cert1.GetEncoded());

// Now do the same for cert2..
json.I = 1;

json.UpdateString("keys[i].kty","RSA");
json.UpdateString("keys[i].use","sig");

hexThumbprint = cert2.Sha1Thumbprint;
base64Thumbprint = crypt.ReEncode(hexThumbprint,"hex","base64");
json.UpdateString("keys[i].kid",base64Thumbprint);
json.UpdateString("keys[i].x5t",base64Thumbprint);
cert2.GetPublicKey(pubKey);

pubKeyJwk.Load(pubKey.GetJwk());
json.UpdateString("keys[i].n",pubKeyJwk.StringOf("n"));
json.UpdateString("keys[i].e",pubKeyJwk.StringOf("e"));

// Now add the entire X.509 certificate 
json.UpdateString("keys[i].x5c[0]",cert2.GetEncoded());

// Emit the JSON..
json.EmitCompact = false;
console.log(json.Emit());