(DataFlex) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

Use ChilkatAx-9.5.0-win32.pkg

Procedure Test
    Handle hoCert1
    Boolean iSuccess
    Handle hoCert2
    Handle hoCrypt
    Handle hoJson
    String sHexThumbprint
    String sBase64Thumbprint
    Variant vPubKey
    Handle hoPubKey
    Handle hoPubKeyJwk
    String sTemp1

    // This example creates the following JWK Set from two certificates:

    // {
    //   "keys": [
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "n": "nYf1jpn7cFdQ...9Iw",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIDBTCCAe2...Z+NTZo"
    //       ]
    //     },
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "n": "xHScZMPo8F...EO4QQ",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIC8TCCAdmgA...Vt5432GA=="
    //       ]
    //     }
    //   ]
    // }

    // First get two certificates from files.
    Get Create (RefClass(cComChilkatCert)) To hoCert1
    If (Not(IsComObjectCreated(hoCert1))) Begin
        Send CreateComObject of hoCert1
    End
    Get ComLoadFromFile Of hoCert1 "qa_data/certs/brasil_cert.pem" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCert1 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get Create (RefClass(cComChilkatCert)) To hoCert2
    If (Not(IsComObjectCreated(hoCert2))) Begin
        Send CreateComObject of hoCert2
    End
    Get ComLoadFromFile Of hoCert2 "qa_data/certs/testCert.cer" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCert2 To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
    Get Create (RefClass(cComChilkatCrypt2)) To hoCrypt
    If (Not(IsComObjectCreated(hoCrypt))) Begin
        Send CreateComObject of hoCrypt
    End

    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End

    // Let's begin with the 1st cert:
    Set ComI Of hoJson To 0
    Get ComUpdateString Of hoJson "keys[i].kty" "RSA" To iSuccess
    Get ComUpdateString Of hoJson "keys[i].use" "sig" To iSuccess

    Get ComSha1Thumbprint Of hoCert1 To sHexThumbprint
    Get ComReEncode Of hoCrypt sHexThumbprint "hex" "base64" To sBase64Thumbprint
    Get ComUpdateString Of hoJson "keys[i].kid" sBase64Thumbprint To iSuccess
    Get ComUpdateString Of hoJson "keys[i].x5t" sBase64Thumbprint To iSuccess

    // (We're assuming these are RSA certificates)
    // To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
    Get ComExportPublicKey Of hoCert1 To vPubKey
    If (IsComObject(vPubKey)) Begin
        Get Create (RefClass(cComChilkatPublicKey)) To hoPubKey
        Set pvComObject Of hoPubKey To vPubKey
    End
    Get Create (RefClass(cComChilkatJsonObject)) To hoPubKeyJwk
    If (Not(IsComObjectCreated(hoPubKeyJwk))) Begin
        Send CreateComObject of hoPubKeyJwk
    End
    Get ComGetJwk Of hoPubKey To sTemp1
    Get ComLoad Of hoPubKeyJwk sTemp1 To iSuccess
    Send Destroy of hoPubKey
    Get ComStringOf Of hoPubKeyJwk "n" To sTemp1
    Get ComUpdateString Of hoJson "keys[i].n" sTemp1 To iSuccess
    Get ComStringOf Of hoPubKeyJwk "e" To sTemp1
    Get ComUpdateString Of hoJson "keys[i].e" sTemp1 To iSuccess

    // Now add the entire X.509 certificate 
    Get ComGetEncoded Of hoCert1 To sTemp1
    Get ComUpdateString Of hoJson "keys[i].x5c[0]" sTemp1 To iSuccess

    // Now do the same for cert2..
    Set ComI Of hoJson To 1

    Get ComUpdateString Of hoJson "keys[i].kty" "RSA" To iSuccess
    Get ComUpdateString Of hoJson "keys[i].use" "sig" To iSuccess

    Get ComSha1Thumbprint Of hoCert2 To sHexThumbprint
    Get ComReEncode Of hoCrypt sHexThumbprint "hex" "base64" To sBase64Thumbprint
    Get ComUpdateString Of hoJson "keys[i].kid" sBase64Thumbprint To iSuccess
    Get ComUpdateString Of hoJson "keys[i].x5t" sBase64Thumbprint To iSuccess

    Get ComExportPublicKey Of hoCert2 To vPubKey
    If (IsComObject(vPubKey)) Begin
        Get Create (RefClass(cComChilkatPublicKey)) To hoPubKey
        Set pvComObject Of hoPubKey To vPubKey
    End
    Get ComGetJwk Of hoPubKey To sTemp1
    Get ComLoad Of hoPubKeyJwk sTemp1 To iSuccess
    Send Destroy of hoPubKey
    Get ComStringOf Of hoPubKeyJwk "n" To sTemp1
    Get ComUpdateString Of hoJson "keys[i].n" sTemp1 To iSuccess
    Get ComStringOf Of hoPubKeyJwk "e" To sTemp1
    Get ComUpdateString Of hoJson "keys[i].e" sTemp1 To iSuccess

    // Now add the entire X.509 certificate 
    Get ComGetEncoded Of hoCert2 To sTemp1
    Get ComUpdateString Of hoJson "keys[i].x5c[0]" sTemp1 To iSuccess

    // Emit the JSON..
    Set ComEmitCompact Of hoJson To False
    Get ComEmit Of hoJson To sTemp1
    Showln sTemp1


End_Procedure