(C) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <C_CkCert.h>
#include <C_CkCrypt2.h>
#include <C_CkJsonObject.h>
#include <C_CkPublicKey.h>

void ChilkatSample(void)
    {
    HCkCert cert1;
    BOOL success;
    HCkCert cert2;
    HCkCrypt2 crypt;
    HCkJsonObject json;
    const char *hexThumbprint;
    const char *base64Thumbprint;
    HCkPublicKey pubKey;
    HCkJsonObject pubKeyJwk;

    // This example creates the following JWK Set from two certificates:

    // {
    //   "keys": [
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "n": "nYf1jpn7cFdQ...9Iw",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIDBTCCAe2...Z+NTZo"
    //       ]
    //     },
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "n": "xHScZMPo8F...EO4QQ",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIC8TCCAdmgA...Vt5432GA=="
    //       ]
    //     }
    //   ]
    // }

    // First get two certificates from files.
    cert1 = CkCert_Create();
    success = CkCert_LoadFromFile(cert1,"qa_data/certs/brasil_cert.pem");
    if (success != TRUE) {
        printf("%s\n",CkCert_lastErrorText(cert1));
        CkCert_Dispose(cert1);
        return;
    }

    cert2 = CkCert_Create();
    success = CkCert_LoadFromFile(cert2,"qa_data/certs/testCert.cer");
    if (success != TRUE) {
        printf("%s\n",CkCert_lastErrorText(cert2));
        CkCert_Dispose(cert1);
        CkCert_Dispose(cert2);
        return;
    }

    // We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
    crypt = CkCrypt2_Create();

    json = CkJsonObject_Create();

    // Let's begin with the 1st cert:
    CkJsonObject_putI(json,0);
    CkJsonObject_UpdateString(json,"keys[i].kty","RSA");
    CkJsonObject_UpdateString(json,"keys[i].use","sig");

    hexThumbprint = CkCert_sha1Thumbprint(cert1);
    base64Thumbprint = CkCrypt2_reEncode(crypt,hexThumbprint,"hex","base64");
    CkJsonObject_UpdateString(json,"keys[i].kid",base64Thumbprint);
    CkJsonObject_UpdateString(json,"keys[i].x5t",base64Thumbprint);

    // (We're assuming these are RSA certificates)
    // To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
    pubKey = CkCert_ExportPublicKey(cert1);
    pubKeyJwk = CkJsonObject_Create();
    CkJsonObject_Load(pubKeyJwk,CkPublicKey_getJwk(pubKey));
    CkPublicKey_Dispose(pubKey);
    CkJsonObject_UpdateString(json,"keys[i].n",CkJsonObject_stringOf(pubKeyJwk,"n"));
    CkJsonObject_UpdateString(json,"keys[i].e",CkJsonObject_stringOf(pubKeyJwk,"e"));

    // Now add the entire X.509 certificate 
    CkJsonObject_UpdateString(json,"keys[i].x5c[0]",CkCert_getEncoded(cert1));

    // Now do the same for cert2..
    CkJsonObject_putI(json,1);

    CkJsonObject_UpdateString(json,"keys[i].kty","RSA");
    CkJsonObject_UpdateString(json,"keys[i].use","sig");

    hexThumbprint = CkCert_sha1Thumbprint(cert2);
    base64Thumbprint = CkCrypt2_reEncode(crypt,hexThumbprint,"hex","base64");
    CkJsonObject_UpdateString(json,"keys[i].kid",base64Thumbprint);
    CkJsonObject_UpdateString(json,"keys[i].x5t",base64Thumbprint);

    pubKey = CkCert_ExportPublicKey(cert2);
    CkJsonObject_Load(pubKeyJwk,CkPublicKey_getJwk(pubKey));
    CkPublicKey_Dispose(pubKey);
    CkJsonObject_UpdateString(json,"keys[i].n",CkJsonObject_stringOf(pubKeyJwk,"n"));
    CkJsonObject_UpdateString(json,"keys[i].e",CkJsonObject_stringOf(pubKeyJwk,"e"));

    // Now add the entire X.509 certificate 
    CkJsonObject_UpdateString(json,"keys[i].x5c[0]",CkCert_getEncoded(cert2));

    // Emit the JSON..
    CkJsonObject_putEmitCompact(json,FALSE);
    printf("%s\n",CkJsonObject_emit(json));


    CkCert_Dispose(cert1);
    CkCert_Dispose(cert2);
    CkCrypt2_Dispose(crypt);
    CkJsonObject_Dispose(json);
    CkJsonObject_Dispose(pubKeyJwk);

    }