(Go) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Chilkat Go Downloads Go Package for Windows, MacOS, Linux, Alpine Linux, Solaris

    // This example creates the following JWK Set from two certificates:

    // {
    //   "keys": [
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "n": "nYf1jpn7cFdQ...9Iw",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIDBTCCAe2...Z+NTZo"
    //       ]
    //     },
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "n": "xHScZMPo8F...EO4QQ",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIC8TCCAdmgA...Vt5432GA=="
    //       ]
    //     }
    //   ]
    // }

    // First get two certificates from files.
    cert1 := chilkat.NewCert()
    success := cert1.LoadFromFile("qa_data/certs/brasil_cert.pem")
    if success != true {
        fmt.Println(cert1.LastErrorText())
        cert1.DisposeCert()
        return
    }

    cert2 := chilkat.NewCert()
    success = cert2.LoadFromFile("qa_data/certs/testCert.cer")
    if success != true {
        fmt.Println(cert2.LastErrorText())
        cert1.DisposeCert()
        cert2.DisposeCert()
        return
    }

    // We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
    crypt := chilkat.NewCrypt2()

    json := chilkat.NewJsonObject()

    // Let's begin with the 1st cert:
    json.SetI(0)
    json.UpdateString("keys[i].kty","RSA")
    json.UpdateString("keys[i].use","sig")

    hexThumbprint := cert1.Sha1Thumbprint()
    base64Thumbprint := crypt.ReEncode(hexThumbprint,"hex","base64")
    json.UpdateString("keys[i].kid",*base64Thumbprint)
    json.UpdateString("keys[i].x5t",*base64Thumbprint)

    // (We're assuming these are RSA certificates)
    // To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
    pubKey := cert1.ExportPublicKey()
    pubKeyJwk := chilkat.NewJsonObject()
    pubKeyJwk.Load(*pubKey.GetJwk())
    pubKey.DisposePublicKey()
    json.UpdateString("keys[i].n",*pubKeyJwk.StringOf("n"))
    json.UpdateString("keys[i].e",*pubKeyJwk.StringOf("e"))

    // Now add the entire X.509 certificate 
    json.UpdateString("keys[i].x5c[0]",*cert1.GetEncoded())

    // Now do the same for cert2..
    json.SetI(1)

    json.UpdateString("keys[i].kty","RSA")
    json.UpdateString("keys[i].use","sig")

    hexThumbprint = cert2.Sha1Thumbprint()
    base64Thumbprint = crypt.ReEncode(hexThumbprint,"hex","base64")
    json.UpdateString("keys[i].kid",*base64Thumbprint)
    json.UpdateString("keys[i].x5t",*base64Thumbprint)

    pubKey = cert2.ExportPublicKey()
    pubKeyJwk.Load(*pubKey.GetJwk())
    pubKey.DisposePublicKey()
    json.UpdateString("keys[i].n",*pubKeyJwk.StringOf("n"))
    json.UpdateString("keys[i].e",*pubKeyJwk.StringOf("e"))

    // Now add the entire X.509 certificate 
    json.UpdateString("keys[i].x5c[0]",*cert2.GetEncoded())

    // Emit the JSON..
    json.SetEmitCompact(false)
    fmt.Println(*json.Emit())

    cert1.DisposeCert()
    cert2.DisposeCert()
    crypt.DisposeCrypt2()
    json.DisposeJsonObject()
    pubKeyJwk.DisposeJsonObject()