(Delphi ActiveX) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Chilkat for Delphi Downloads Chilkat ActiveX DLL for Delphi Chilkat non-ActiveX DLL for Delphi * The examples here use the ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
cert1: TChilkatCert;
success: Integer;
cert2: TChilkatCert;
crypt: TChilkatCrypt2;
json: TChilkatJsonObject;
hexThumbprint: WideString;
base64Thumbprint: WideString;
pubKey: IPublicKey;
pubKeyJwk: TChilkatJsonObject;

begin
// This example creates the following JWK Set from two certificates:

// {
//   "keys": [
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "n": "nYf1jpn7cFdQ...9Iw",
//       "e": "AQAB",
//       "x5c": [
//         "MIIDBTCCAe2...Z+NTZo"
//       ]
//     },
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "n": "xHScZMPo8F...EO4QQ",
//       "e": "AQAB",
//       "x5c": [
//         "MIIC8TCCAdmgA...Vt5432GA=="
//       ]
//     }
//   ]
// }

// First get two certificates from files.
cert1 := TChilkatCert.Create(Self);
success := cert1.LoadFromFile('qa_data/certs/brasil_cert.pem');
if (success <> 1) then
  begin
    Memo1.Lines.Add(cert1.LastErrorText);
    Exit;
  end;

cert2 := TChilkatCert.Create(Self);
success := cert2.LoadFromFile('qa_data/certs/testCert.cer');
if (success <> 1) then
  begin
    Memo1.Lines.Add(cert2.LastErrorText);
    Exit;
  end;

// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
crypt := TChilkatCrypt2.Create(Self);

json := TChilkatJsonObject.Create(Self);

// Let's begin with the 1st cert:
json.I := 0;
json.UpdateString('keys[i].kty','RSA');
json.UpdateString('keys[i].use','sig');

hexThumbprint := cert1.Sha1Thumbprint;
base64Thumbprint := crypt.ReEncode(hexThumbprint,'hex','base64');
json.UpdateString('keys[i].kid',base64Thumbprint);
json.UpdateString('keys[i].x5t',base64Thumbprint);

// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
pubKey := cert1.ExportPublicKey();
pubKeyJwk := TChilkatJsonObject.Create(Self);
pubKeyJwk.Load(pubKey.GetJwk());

json.UpdateString('keys[i].n',pubKeyJwk.StringOf('n'));
json.UpdateString('keys[i].e',pubKeyJwk.StringOf('e'));

// Now add the entire X.509 certificate 
json.UpdateString('keys[i].x5c[0]',cert1.GetEncoded());

// Now do the same for cert2..
json.I := 1;

json.UpdateString('keys[i].kty','RSA');
json.UpdateString('keys[i].use','sig');

hexThumbprint := cert2.Sha1Thumbprint;
base64Thumbprint := crypt.ReEncode(hexThumbprint,'hex','base64');
json.UpdateString('keys[i].kid',base64Thumbprint);
json.UpdateString('keys[i].x5t',base64Thumbprint);

pubKey := cert2.ExportPublicKey();
pubKeyJwk.Load(pubKey.GetJwk());

json.UpdateString('keys[i].n',pubKeyJwk.StringOf('n'));
json.UpdateString('keys[i].e',pubKeyJwk.StringOf('e'));

// Now add the entire X.509 certificate 
json.UpdateString('keys[i].x5c[0]',cert2.GetEncoded());

// Emit the JSON..
json.EmitCompact := 0;
Memo1.Lines.Add(json.Emit());
end;