Sample code for 30+ languages & platforms
Delphi DLL

Create JWK Set Containing Certificates

See more Certificates Examples

Demonstrates how to create a JWK Set containing N certificates.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, PublicKey, Cert, JsonObject, Crypt2;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
cert1: HCkCert;
cert2: HCkCert;
crypt: HCkCrypt2;
json: HCkJsonObject;
hexThumbprint: PWideChar;
base64Thumbprint: PWideChar;
pubKey: HCkPublicKey;
pubKeyJwk: HCkJsonObject;

begin
success := False;

// This example creates the following JWK Set from two certificates:

// {
//   "keys": [
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "n": "nYf1jpn7cFdQ...9Iw",
//       "e": "AQAB",
//       "x5c": [
//         "MIIDBTCCAe2...Z+NTZo"
//       ]
//     },
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "n": "xHScZMPo8F...EO4QQ",
//       "e": "AQAB",
//       "x5c": [
//         "MIIC8TCCAdmgA...Vt5432GA=="
//       ]
//     }
//   ]
// }

// First get two certificates from files.
cert1 := CkCert_Create();
success := CkCert_LoadFromFile(cert1,'qa_data/certs/brasil_cert.pem');
if (success = False) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert1));
    Exit;
  end;

cert2 := CkCert_Create();
success := CkCert_LoadFromFile(cert2,'qa_data/certs/testCert.cer');
if (success = False) then
  begin
    Memo1.Lines.Add(CkCert__lastErrorText(cert2));
    Exit;
  end;

// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
crypt := CkCrypt2_Create();

json := CkJsonObject_Create();

// Let's begin with the 1st cert:
CkJsonObject_putI(json,0);
CkJsonObject_UpdateString(json,'keys[i].kty','RSA');
CkJsonObject_UpdateString(json,'keys[i].use','sig');

hexThumbprint := CkCert__sha1Thumbprint(cert1);
base64Thumbprint := CkCrypt2__reEncode(crypt,hexThumbprint,'hex','base64');
CkJsonObject_UpdateString(json,'keys[i].kid',base64Thumbprint);
CkJsonObject_UpdateString(json,'keys[i].x5t',base64Thumbprint);

// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
pubKey := CkPublicKey_Create();
CkCert_GetPublicKey(cert1,pubKey);

pubKeyJwk := CkJsonObject_Create();
CkJsonObject_Load(pubKeyJwk,CkPublicKey__getJwk(pubKey));
CkJsonObject_UpdateString(json,'keys[i].n',CkJsonObject__stringOf(pubKeyJwk,'n'));
CkJsonObject_UpdateString(json,'keys[i].e',CkJsonObject__stringOf(pubKeyJwk,'e'));

// Now add the entire X.509 certificate 
CkJsonObject_UpdateString(json,'keys[i].x5c[0]',CkCert__getEncoded(cert1));

// Now do the same for cert2..
CkJsonObject_putI(json,1);

CkJsonObject_UpdateString(json,'keys[i].kty','RSA');
CkJsonObject_UpdateString(json,'keys[i].use','sig');

hexThumbprint := CkCert__sha1Thumbprint(cert2);
base64Thumbprint := CkCrypt2__reEncode(crypt,hexThumbprint,'hex','base64');
CkJsonObject_UpdateString(json,'keys[i].kid',base64Thumbprint);
CkJsonObject_UpdateString(json,'keys[i].x5t',base64Thumbprint);
CkCert_GetPublicKey(cert2,pubKey);

CkJsonObject_Load(pubKeyJwk,CkPublicKey__getJwk(pubKey));
CkJsonObject_UpdateString(json,'keys[i].n',CkJsonObject__stringOf(pubKeyJwk,'n'));
CkJsonObject_UpdateString(json,'keys[i].e',CkJsonObject__stringOf(pubKeyJwk,'e'));

// Now add the entire X.509 certificate 
CkJsonObject_UpdateString(json,'keys[i].x5c[0]',CkCert__getEncoded(cert2));

// Emit the JSON..
CkJsonObject_putEmitCompact(json,False);
Memo1.Lines.Add(CkJsonObject__emit(json));

CkCert_Dispose(cert1);
CkCert_Dispose(cert2);
CkCrypt2_Dispose(crypt);
CkJsonObject_Dispose(json);
CkPublicKey_Dispose(pubKey);
CkJsonObject_Dispose(pubKeyJwk);

end;