(Objective-C) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Chilkat Objective-C Library Downloads MAC OS X (Cocoa) Libs iOS Libs

#import <CkoCert.h>
#import <CkoCrypt2.h>
#import <CkoJsonObject.h>
#import <NSString.h>
#import <CkoPublicKey.h>

// This example creates the following JWK Set from two certificates:

// {
//   "keys": [
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "n": "nYf1jpn7cFdQ...9Iw",
//       "e": "AQAB",
//       "x5c": [
//         "MIIDBTCCAe2...Z+NTZo"
//       ]
//     },
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "n": "xHScZMPo8F...EO4QQ",
//       "e": "AQAB",
//       "x5c": [
//         "MIIC8TCCAdmgA...Vt5432GA=="
//       ]
//     }
//   ]
// }

// First get two certificates from files.
CkoCert *cert1 = [[CkoCert alloc] init];
BOOL success = [cert1 LoadFromFile: @"qa_data/certs/brasil_cert.pem"];
if (success != YES) {
    NSLog(@"%@",cert1.LastErrorText);
    return;
}

CkoCert *cert2 = [[CkoCert alloc] init];
success = [cert2 LoadFromFile: @"qa_data/certs/testCert.cer"];
if (success != YES) {
    NSLog(@"%@",cert2.LastErrorText);
    return;
}

// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
CkoCrypt2 *crypt = [[CkoCrypt2 alloc] init];

CkoJsonObject *json = [[CkoJsonObject alloc] init];

// Let's begin with the 1st cert:
json.I = [NSNumber numberWithInt:0];
[json UpdateString: @"keys[i].kty" value: @"RSA"];
[json UpdateString: @"keys[i].use" value: @"sig"];

NSString *hexThumbprint = cert1.Sha1Thumbprint;
NSString *base64Thumbprint = [crypt ReEncode: hexThumbprint fromEncoding: @"hex" toEncoding: @"base64"];
[json UpdateString: @"keys[i].kid" value: base64Thumbprint];
[json UpdateString: @"keys[i].x5t" value: base64Thumbprint];

// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
CkoPublicKey *pubKey = [cert1 ExportPublicKey];
CkoJsonObject *pubKeyJwk = [[CkoJsonObject alloc] init];
[pubKeyJwk Load: [pubKey GetJwk]];

[json UpdateString: @"keys[i].n" value: [pubKeyJwk StringOf: @"n"]];
[json UpdateString: @"keys[i].e" value: [pubKeyJwk StringOf: @"e"]];

// Now add the entire X.509 certificate 
[json UpdateString: @"keys[i].x5c[0]" value: [cert1 GetEncoded]];

// Now do the same for cert2..
json.I = [NSNumber numberWithInt:1];

[json UpdateString: @"keys[i].kty" value: @"RSA"];
[json UpdateString: @"keys[i].use" value: @"sig"];

hexThumbprint = cert2.Sha1Thumbprint;
base64Thumbprint = [crypt ReEncode: hexThumbprint fromEncoding: @"hex" toEncoding: @"base64"];
[json UpdateString: @"keys[i].kid" value: base64Thumbprint];
[json UpdateString: @"keys[i].x5t" value: base64Thumbprint];

pubKey = [cert2 ExportPublicKey];
[pubKeyJwk Load: [pubKey GetJwk]];

[json UpdateString: @"keys[i].n" value: [pubKeyJwk StringOf: @"n"]];
[json UpdateString: @"keys[i].e" value: [pubKeyJwk StringOf: @"e"]];

// Now add the entire X.509 certificate 
[json UpdateString: @"keys[i].x5c[0]" value: [cert2 GetEncoded]];

// Emit the JSON..
json.EmitCompact = NO;
NSLog(@"%@",[json Emit]);