(Node.js) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Install Chilkat for Node.js and Electron using npm at Chilkat npm packages for Node.js Chilkat npm packages for Electron on Windows, Linux, MacOSX, and ARM

var os = require('os');
if (os.platform() == 'win32') {  
    if (os.arch() == 'ia32') {
        var chilkat = require('@chilkat/ck-node21-win-ia32');
    } else {
        var chilkat = require('@chilkat/ck-node21-win64'); 
    }
} else if (os.platform() == 'linux') {
    if (os.arch() == 'arm') {
        var chilkat = require('@chilkat/ck-node21-arm');
    } else if (os.arch() == 'x86') {
        var chilkat = require('@chilkat/ck-node21-linux32');
    } else {
        var chilkat = require('@chilkat/ck-node21-linux64');
    }
} else if (os.platform() == 'darwin') {
    if (os.arch() == 'arm64') {
        var chilkat = require('@chilkat/ck-node21-mac-m1');
    } else {
        var chilkat = require('@chilkat/ck-node21-macosx');
    }
}

function chilkatExample() {

    // This example creates the following JWK Set from two certificates:

    // {
    //   "keys": [
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    //       "n": "nYf1jpn7cFdQ...9Iw",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIDBTCCAe2...Z+NTZo"
    //       ]
    //     },
    //     {
    //       "kty": "RSA",
    //       "use": "sig",
    //       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
    //       "n": "xHScZMPo8F...EO4QQ",
    //       "e": "AQAB",
    //       "x5c": [
    //         "MIIC8TCCAdmgA...Vt5432GA=="
    //       ]
    //     }
    //   ]
    // }

    // First get two certificates from files.
    var cert1 = new chilkat.Cert();
    var success = cert1.LoadFromFile("qa_data/certs/brasil_cert.pem");
    if (success !== true) {
        console.log(cert1.LastErrorText);
        return;
    }

    var cert2 = new chilkat.Cert();
    success = cert2.LoadFromFile("qa_data/certs/testCert.cer");
    if (success !== true) {
        console.log(cert2.LastErrorText);
        return;
    }

    // We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
    var crypt = new chilkat.Crypt2();

    var json = new chilkat.JsonObject();

    // Let's begin with the 1st cert:
    json.I = 0;
    json.UpdateString("keys[i].kty","RSA");
    json.UpdateString("keys[i].use","sig");

    var hexThumbprint = cert1.Sha1Thumbprint;
    var base64Thumbprint = crypt.ReEncode(hexThumbprint,"hex","base64");
    json.UpdateString("keys[i].kid",base64Thumbprint);
    json.UpdateString("keys[i].x5t",base64Thumbprint);

    // (We're assuming these are RSA certificates)
    // To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
    // pubKey: PublicKey
    var pubKey = cert1.ExportPublicKey();
    var pubKeyJwk = new chilkat.JsonObject();
    pubKeyJwk.Load(pubKey.GetJwk());

    json.UpdateString("keys[i].n",pubKeyJwk.StringOf("n"));
    json.UpdateString("keys[i].e",pubKeyJwk.StringOf("e"));

    // Now add the entire X.509 certificate 
    json.UpdateString("keys[i].x5c[0]",cert1.GetEncoded());

    // Now do the same for cert2..
    json.I = 1;

    json.UpdateString("keys[i].kty","RSA");
    json.UpdateString("keys[i].use","sig");

    hexThumbprint = cert2.Sha1Thumbprint;
    base64Thumbprint = crypt.ReEncode(hexThumbprint,"hex","base64");
    json.UpdateString("keys[i].kid",base64Thumbprint);
    json.UpdateString("keys[i].x5t",base64Thumbprint);

    pubKey = cert2.ExportPublicKey();
    pubKeyJwk.Load(pubKey.GetJwk());

    json.UpdateString("keys[i].n",pubKeyJwk.StringOf("n"));
    json.UpdateString("keys[i].e",pubKeyJwk.StringOf("e"));

    // Now add the entire X.509 certificate 
    json.UpdateString("keys[i].x5c[0]",cert2.GetEncoded());

    // Emit the JSON..
    json.EmitCompact = false;
    console.log(json.Emit());

}

chilkatExample();