Swift
Swift
Create JWK Set Containing Certificates
See more Certificates Examples
Demonstrates how to create a JWK Set containing N certificates.Chilkat Swift Downloads
func chilkatTest() {
var success: Bool = false
// This example creates the following JWK Set from two certificates:
// {
// "keys": [
// {
// "kty": "RSA",
// "use": "sig",
// "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
// "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
// "n": "nYf1jpn7cFdQ...9Iw",
// "e": "AQAB",
// "x5c": [
// "MIIDBTCCAe2...Z+NTZo"
// ]
// },
// {
// "kty": "RSA",
// "use": "sig",
// "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
// "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
// "n": "xHScZMPo8F...EO4QQ",
// "e": "AQAB",
// "x5c": [
// "MIIC8TCCAdmgA...Vt5432GA=="
// ]
// }
// ]
// }
// First get two certificates from files.
let cert1 = CkoCert()!
success = cert1.load(fromFile: "qa_data/certs/brasil_cert.pem")
if success == false {
print("\(cert1.lastErrorText!)")
return
}
let cert2 = CkoCert()!
success = cert2.load(fromFile: "qa_data/certs/testCert.cer")
if success == false {
print("\(cert2.lastErrorText!)")
return
}
// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
let crypt = CkoCrypt2()!
let json = CkoJsonObject()!
// Let's begin with the 1st cert:
json.i = 0
json.updateString(jsonPath: "keys[i].kty", value: "RSA")
json.updateString(jsonPath: "keys[i].use", value: "sig")
var hexThumbprint: String? = cert1.sha1Thumbprint
var base64Thumbprint: String? = crypt.reEncode(data: hexThumbprint, fromEncoding: "hex", toEncoding: "base64")
json.updateString(jsonPath: "keys[i].kid", value: base64Thumbprint)
json.updateString(jsonPath: "keys[i].x5t", value: base64Thumbprint)
// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
let pubKey = CkoPublicKey()!
cert1.getPublicKey(pubKey: pubKey)
let pubKeyJwk = CkoJsonObject()!
pubKeyJwk.load(json: pubKey.getJwk())
json.updateString(jsonPath: "keys[i].n", value: pubKeyJwk.string(of: "n"))
json.updateString(jsonPath: "keys[i].e", value: pubKeyJwk.string(of: "e"))
// Now add the entire X.509 certificate
json.updateString(jsonPath: "keys[i].x5c[0]", value: cert1.getEncoded())
// Now do the same for cert2..
json.i = 1
json.updateString(jsonPath: "keys[i].kty", value: "RSA")
json.updateString(jsonPath: "keys[i].use", value: "sig")
hexThumbprint = cert2.sha1Thumbprint
base64Thumbprint = crypt.reEncode(data: hexThumbprint, fromEncoding: "hex", toEncoding: "base64")
json.updateString(jsonPath: "keys[i].kid", value: base64Thumbprint)
json.updateString(jsonPath: "keys[i].x5t", value: base64Thumbprint)
cert2.getPublicKey(pubKey: pubKey)
pubKeyJwk.load(json: pubKey.getJwk())
json.updateString(jsonPath: "keys[i].n", value: pubKeyJwk.string(of: "n"))
json.updateString(jsonPath: "keys[i].e", value: pubKeyJwk.string(of: "e"))
// Now add the entire X.509 certificate
json.updateString(jsonPath: "keys[i].x5c[0]", value: cert2.getEncoded())
// Emit the JSON..
json.emitCompact = false
print("\(json.emit()!)")
}