AutoIt
AutoIt
Create JWK Set Containing Certificates
See more Certificates Examples
Demonstrates how to create a JWK Set containing N certificates.Chilkat AutoIt Downloads
Local $bSuccess = False
; This example creates the following JWK Set from two certificates:
; {
; "keys": [
; {
; "kty": "RSA",
; "use": "sig",
; "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
; "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
; "n": "nYf1jpn7cFdQ...9Iw",
; "e": "AQAB",
; "x5c": [
; "MIIDBTCCAe2...Z+NTZo"
; ]
; },
; {
; "kty": "RSA",
; "use": "sig",
; "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
; "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
; "n": "xHScZMPo8F...EO4QQ",
; "e": "AQAB",
; "x5c": [
; "MIIC8TCCAdmgA...Vt5432GA=="
; ]
; }
; ]
; }
; First get two certificates from files.
$oCert1 = ObjCreate("Chilkat.Cert")
$bSuccess = $oCert1.LoadFromFile("qa_data/certs/brasil_cert.pem")
If ($bSuccess = False) Then
ConsoleWrite($oCert1.LastErrorText & @CRLF)
Exit
EndIf
$oCert2 = ObjCreate("Chilkat.Cert")
$bSuccess = $oCert2.LoadFromFile("qa_data/certs/testCert.cer")
If ($bSuccess = False) Then
ConsoleWrite($oCert2.LastErrorText & @CRLF)
Exit
EndIf
; We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
$oCrypt = ObjCreate("Chilkat.Crypt2")
$oJson = ObjCreate("Chilkat.JsonObject")
; Let's begin with the 1st cert:
$oJson.I = 0
$oJson.UpdateString("keys[i].kty","RSA")
$oJson.UpdateString("keys[i].use","sig")
Local $sHexThumbprint = $oCert1.Sha1Thumbprint
Local $sBase64Thumbprint = $oCrypt.ReEncode($sHexThumbprint,"hex","base64")
$oJson.UpdateString("keys[i].kid",$sBase64Thumbprint)
$oJson.UpdateString("keys[i].x5t",$sBase64Thumbprint)
; (We're assuming these are RSA certificates)
; To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
$oPubKey = ObjCreate("Chilkat.PublicKey")
$oCert1.GetPublicKey($oPubKey)
$oPubKeyJwk = ObjCreate("Chilkat.JsonObject")
$oPubKeyJwk.Load($oPubKey.GetJwk())
$oJson.UpdateString("keys[i].n",$oPubKeyJwk.StringOf("n"))
$oJson.UpdateString("keys[i].e",$oPubKeyJwk.StringOf("e"))
; Now add the entire X.509 certificate
$oJson.UpdateString("keys[i].x5c[0]",$oCert1.GetEncoded())
; Now do the same for cert2..
$oJson.I = 1
$oJson.UpdateString("keys[i].kty","RSA")
$oJson.UpdateString("keys[i].use","sig")
$sHexThumbprint = $oCert2.Sha1Thumbprint
$sBase64Thumbprint = $oCrypt.ReEncode($sHexThumbprint,"hex","base64")
$oJson.UpdateString("keys[i].kid",$sBase64Thumbprint)
$oJson.UpdateString("keys[i].x5t",$sBase64Thumbprint)
$oCert2.GetPublicKey($oPubKey)
$oPubKeyJwk.Load($oPubKey.GetJwk())
$oJson.UpdateString("keys[i].n",$oPubKeyJwk.StringOf("n"))
$oJson.UpdateString("keys[i].e",$oPubKeyJwk.StringOf("e"))
; Now add the entire X.509 certificate
$oJson.UpdateString("keys[i].x5c[0]",$oCert2.GetEncoded())
; Emit the JSON..
$oJson.EmitCompact = False
ConsoleWrite($oJson.Emit() & @CRLF)