Sample code for 30+ languages & platforms
Chilkat2-Python

Create JWK Set Containing Certificates

See more Certificates Examples

Demonstrates how to create a JWK Set containing N certificates.

Chilkat Chilkat2-Python Downloads

Chilkat2-Python
import sys
import chilkat2

success = False

# This example creates the following JWK Set from two certificates:

# {
#   "keys": [
#     {
#       "kty": "RSA",
#       "use": "sig",
#       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
#       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
#       "n": "nYf1jpn7cFdQ...9Iw",
#       "e": "AQAB",
#       "x5c": [
#         "MIIDBTCCAe2...Z+NTZo"
#       ]
#     },
#     {
#       "kty": "RSA",
#       "use": "sig",
#       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
#       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
#       "n": "xHScZMPo8F...EO4QQ",
#       "e": "AQAB",
#       "x5c": [
#         "MIIC8TCCAdmgA...Vt5432GA=="
#       ]
#     }
#   ]
# }

# First get two certificates from files.
cert1 = chilkat2.Cert()
success = cert1.LoadFromFile("qa_data/certs/brasil_cert.pem")
if (success == False):
    print(cert1.LastErrorText)
    sys.exit()

cert2 = chilkat2.Cert()
success = cert2.LoadFromFile("qa_data/certs/testCert.cer")
if (success == False):
    print(cert2.LastErrorText)
    sys.exit()

# We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
crypt = chilkat2.Crypt2()

json = chilkat2.JsonObject()

# Let's begin with the 1st cert:
json.I = 0
json.UpdateString("keys[i].kty","RSA")
json.UpdateString("keys[i].use","sig")

hexThumbprint = cert1.Sha1Thumbprint
base64Thumbprint = crypt.ReEncode(hexThumbprint,"hex","base64")
json.UpdateString("keys[i].kid",base64Thumbprint)
json.UpdateString("keys[i].x5t",base64Thumbprint)

# (We're assuming these are RSA certificates)
# To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
pubKey = chilkat2.PublicKey()
cert1.GetPublicKey(pubKey)

pubKeyJwk = chilkat2.JsonObject()
pubKeyJwk.Load(pubKey.GetJwk())
json.UpdateString("keys[i].n",pubKeyJwk.StringOf("n"))
json.UpdateString("keys[i].e",pubKeyJwk.StringOf("e"))

# Now add the entire X.509 certificate 
json.UpdateString("keys[i].x5c[0]",cert1.GetEncoded())

# Now do the same for cert2..
json.I = 1

json.UpdateString("keys[i].kty","RSA")
json.UpdateString("keys[i].use","sig")

hexThumbprint = cert2.Sha1Thumbprint
base64Thumbprint = crypt.ReEncode(hexThumbprint,"hex","base64")
json.UpdateString("keys[i].kid",base64Thumbprint)
json.UpdateString("keys[i].x5t",base64Thumbprint)
cert2.GetPublicKey(pubKey)

pubKeyJwk.Load(pubKey.GetJwk())
json.UpdateString("keys[i].n",pubKeyJwk.StringOf("n"))
json.UpdateString("keys[i].e",pubKeyJwk.StringOf("e"))

# Now add the entire X.509 certificate 
json.UpdateString("keys[i].x5c[0]",cert2.GetEncoded())

# Emit the JSON..
json.EmitCompact = False
print(json.Emit())