Perl
Perl
Create JWK Set Containing Certificates
See more Certificates Examples
Demonstrates how to create a JWK Set containing N certificates.Chilkat Perl Downloads
use chilkat();
$success = 0;
# This example creates the following JWK Set from two certificates:
# {
# "keys": [
# {
# "kty": "RSA",
# "use": "sig",
# "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
# "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
# "n": "nYf1jpn7cFdQ...9Iw",
# "e": "AQAB",
# "x5c": [
# "MIIDBTCCAe2...Z+NTZo"
# ]
# },
# {
# "kty": "RSA",
# "use": "sig",
# "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
# "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
# "n": "xHScZMPo8F...EO4QQ",
# "e": "AQAB",
# "x5c": [
# "MIIC8TCCAdmgA...Vt5432GA=="
# ]
# }
# ]
# }
# First get two certificates from files.
$cert1 = chilkat::CkCert->new();
$success = $cert1->LoadFromFile("qa_data/certs/brasil_cert.pem");
if ($success == 0) {
print $cert1->lastErrorText() . "\r\n";
exit;
}
$cert2 = chilkat::CkCert->new();
$success = $cert2->LoadFromFile("qa_data/certs/testCert.cer");
if ($success == 0) {
print $cert2->lastErrorText() . "\r\n";
exit;
}
# We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
$crypt = chilkat::CkCrypt2->new();
$json = chilkat::CkJsonObject->new();
# Let's begin with the 1st cert:
$json->put_I(0);
$json->UpdateString("keys[i].kty","RSA");
$json->UpdateString("keys[i].use","sig");
$hexThumbprint = $cert1->sha1Thumbprint();
$base64Thumbprint = $crypt->reEncode($hexThumbprint,"hex","base64");
$json->UpdateString("keys[i].kid",$base64Thumbprint);
$json->UpdateString("keys[i].x5t",$base64Thumbprint);
# (We're assuming these are RSA certificates)
# To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
$pubKey = chilkat::CkPublicKey->new();
$cert1->GetPublicKey($pubKey);
$pubKeyJwk = chilkat::CkJsonObject->new();
$pubKeyJwk->Load($pubKey->getJwk());
$json->UpdateString("keys[i].n",$pubKeyJwk->stringOf("n"));
$json->UpdateString("keys[i].e",$pubKeyJwk->stringOf("e"));
# Now add the entire X.509 certificate
$json->UpdateString("keys[i].x5c[0]",$cert1->getEncoded());
# Now do the same for cert2..
$json->put_I(1);
$json->UpdateString("keys[i].kty","RSA");
$json->UpdateString("keys[i].use","sig");
$hexThumbprint = $cert2->sha1Thumbprint();
$base64Thumbprint = $crypt->reEncode($hexThumbprint,"hex","base64");
$json->UpdateString("keys[i].kid",$base64Thumbprint);
$json->UpdateString("keys[i].x5t",$base64Thumbprint);
$cert2->GetPublicKey($pubKey);
$pubKeyJwk->Load($pubKey->getJwk());
$json->UpdateString("keys[i].n",$pubKeyJwk->stringOf("n"));
$json->UpdateString("keys[i].e",$pubKeyJwk->stringOf("e"));
# Now add the entire X.509 certificate
$json->UpdateString("keys[i].x5c[0]",$cert2->getEncoded());
# Emit the JSON..
$json->put_EmitCompact(0);
print $json->emit() . "\r\n";