Sample code for 30+ languages & platforms
Lianja

Create JWK Set Containing Certificates

See more Certificates Examples

Demonstrates how to create a JWK Set containing N certificates.

Chilkat Lianja Downloads

Lianja
llSuccess = .F.

// This example creates the following JWK Set from two certificates:

// {
//   "keys": [
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "n": "nYf1jpn7cFdQ...9Iw",
//       "e": "AQAB",
//       "x5c": [
//         "MIIDBTCCAe2...Z+NTZo"
//       ]
//     },
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "n": "xHScZMPo8F...EO4QQ",
//       "e": "AQAB",
//       "x5c": [
//         "MIIC8TCCAdmgA...Vt5432GA=="
//       ]
//     }
//   ]
// }

// First get two certificates from files.
loCert1 = createobject("CkCert")
llSuccess = loCert1.LoadFromFile("qa_data/certs/brasil_cert.pem")
if (llSuccess = .F.) then
    ? loCert1.LastErrorText
    release loCert1
    return
endif

loCert2 = createobject("CkCert")
llSuccess = loCert2.LoadFromFile("qa_data/certs/testCert.cer")
if (llSuccess = .F.) then
    ? loCert2.LastErrorText
    release loCert1
    release loCert2
    return
endif

// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
loCrypt = createobject("CkCrypt2")

loJson = createobject("CkJsonObject")

// Let's begin with the 1st cert:
loJson.I = 0
loJson.UpdateString("keys[i].kty","RSA")
loJson.UpdateString("keys[i].use","sig")

lcHexThumbprint = loCert1.Sha1Thumbprint
lcBase64Thumbprint = loCrypt.ReEncode(lcHexThumbprint,"hex","base64")
loJson.UpdateString("keys[i].kid",lcBase64Thumbprint)
loJson.UpdateString("keys[i].x5t",lcBase64Thumbprint)

// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
loPubKey = createobject("CkPublicKey")
loCert1.GetPublicKey(loPubKey)

loPubKeyJwk = createobject("CkJsonObject")
loPubKeyJwk.Load(loPubKey.GetJwk())
loJson.UpdateString("keys[i].n",loPubKeyJwk.StringOf("n"))
loJson.UpdateString("keys[i].e",loPubKeyJwk.StringOf("e"))

// Now add the entire X.509 certificate 
loJson.UpdateString("keys[i].x5c[0]",loCert1.GetEncoded())

// Now do the same for cert2..
loJson.I = 1

loJson.UpdateString("keys[i].kty","RSA")
loJson.UpdateString("keys[i].use","sig")

lcHexThumbprint = loCert2.Sha1Thumbprint
lcBase64Thumbprint = loCrypt.ReEncode(lcHexThumbprint,"hex","base64")
loJson.UpdateString("keys[i].kid",lcBase64Thumbprint)
loJson.UpdateString("keys[i].x5t",lcBase64Thumbprint)
loCert2.GetPublicKey(loPubKey)

loPubKeyJwk.Load(loPubKey.GetJwk())
loJson.UpdateString("keys[i].n",loPubKeyJwk.StringOf("n"))
loJson.UpdateString("keys[i].e",loPubKeyJwk.StringOf("e"))

// Now add the entire X.509 certificate 
loJson.UpdateString("keys[i].x5c[0]",loCert2.GetEncoded())

// Emit the JSON..
loJson.EmitCompact = .F.
? loJson.Emit()


release loCert1
release loCert2
release loCrypt
release loJson
release loPubKey
release loPubKeyJwk