(Android™) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Chilkat Android™ Downloads Android™ Java Libraries Android C/C++ Libraries

// Important: Don't forget to include the call to System.loadLibrary
// as shown at the bottom of this code sample.
package com.test;

import android.app.Activity;
import com.chilkatsoft.*;

import android.widget.TextView;
import android.os.Bundle;

public class SimpleActivity extends Activity {

  private static final String TAG = "Chilkat";

  // Called when the activity is first created.
  @Override
  public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    // This example creates the following JWK Set from two certificates:

    // {
    //   "keys": [
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "n": "nYf1jpn7cFdQ...9Iw",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIDBTCCAe2...Z+NTZo"
    //       ]
    //     },
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "n": "xHScZMPo8F...EO4QQ",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIC8TCCAdmgA...Vt5432GA=="
    //       ]
    //     }
    //   ]
    // }

    // First get two certificates from files.
    CkCert cert1 = new CkCert();
    boolean success = cert1.LoadFromFile("qa_data/certs/brasil_cert.pem");
    if (success != true) {
        Log.i(TAG, cert1.lastErrorText());
        return;
        }

    CkCert cert2 = new CkCert();
    success = cert2.LoadFromFile("qa_data/certs/testCert.cer");
    if (success != true) {
        Log.i(TAG, cert2.lastErrorText());
        return;
        }

    // We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
    CkCrypt2 crypt = new CkCrypt2();

    CkJsonObject json = new CkJsonObject();

    // Let's begin with the 1st cert:
    json.put_I(0);
    json.UpdateString("keys[i].kty","RSA");
    json.UpdateString("keys[i].use","sig");

    String hexThumbprint = cert1.sha1Thumbprint();
    String base64Thumbprint = crypt.reEncode(hexThumbprint,"hex","base64");
    json.UpdateString("keys[i].kid",base64Thumbprint);
    json.UpdateString("keys[i].x5t",base64Thumbprint);

    // (We're assuming these are RSA certificates)
    // To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
    CkPublicKey pubKey = cert1.ExportPublicKey();
    CkJsonObject pubKeyJwk = new CkJsonObject();
    pubKeyJwk.Load(pubKey.getJwk());

    json.UpdateString("keys[i].n",pubKeyJwk.stringOf("n"));
    json.UpdateString("keys[i].e",pubKeyJwk.stringOf("e"));

    // Now add the entire X.509 certificate 
    json.UpdateString("keys[i].x5c[0]",cert1.getEncoded());

    // Now do the same for cert2..
    json.put_I(1);

    json.UpdateString("keys[i].kty","RSA");
    json.UpdateString("keys[i].use","sig");

    hexThumbprint = cert2.sha1Thumbprint();
    base64Thumbprint = crypt.reEncode(hexThumbprint,"hex","base64");
    json.UpdateString("keys[i].kid",base64Thumbprint);
    json.UpdateString("keys[i].x5t",base64Thumbprint);

    pubKey = cert2.ExportPublicKey();
    pubKeyJwk.Load(pubKey.getJwk());

    json.UpdateString("keys[i].n",pubKeyJwk.stringOf("n"));
    json.UpdateString("keys[i].e",pubKeyJwk.stringOf("e"));

    // Now add the entire X.509 certificate 
    json.UpdateString("keys[i].x5c[0]",cert2.getEncoded());

    // Emit the JSON..
    json.put_EmitCompact(false);
    Log.i(TAG, json.emit());

  }

  static {
      System.loadLibrary("chilkat");

      // Note: If the incorrect library name is passed to System.loadLibrary,
      // then you will see the following error message at application startup:
      //"The application <your-application-name> has stopped unexpectedly. Please try again."
  }
}