PHP Extension
PHP Extension
Create JWK Set Containing Certificates
See more Certificates Examples
Demonstrates how to create a JWK Set containing N certificates.Chilkat PHP Extension Downloads
<?php
include("chilkat.php");
$success = false;
// This example creates the following JWK Set from two certificates:
// {
// "keys": [
// {
// "kty": "RSA",
// "use": "sig",
// "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
// "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
// "n": "nYf1jpn7cFdQ...9Iw",
// "e": "AQAB",
// "x5c": [
// "MIIDBTCCAe2...Z+NTZo"
// ]
// },
// {
// "kty": "RSA",
// "use": "sig",
// "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
// "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
// "n": "xHScZMPo8F...EO4QQ",
// "e": "AQAB",
// "x5c": [
// "MIIC8TCCAdmgA...Vt5432GA=="
// ]
// }
// ]
// }
// First get two certificates from files.
$cert1 = new CkCert();
$success = $cert1->LoadFromFile('qa_data/certs/brasil_cert.pem');
if ($success == false) {
print $cert1->lastErrorText() . "\n";
exit;
}
$cert2 = new CkCert();
$success = $cert2->LoadFromFile('qa_data/certs/testCert.cer');
if ($success == false) {
print $cert2->lastErrorText() . "\n";
exit;
}
// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
$crypt = new CkCrypt2();
$json = new CkJsonObject();
// Let's begin with the 1st cert:
$json->put_I(0);
$json->UpdateString('keys[i].kty','RSA');
$json->UpdateString('keys[i].use','sig');
$hexThumbprint = $cert1->sha1Thumbprint();
$base64Thumbprint = $crypt->reEncode($hexThumbprint,'hex','base64');
$json->UpdateString('keys[i].kid',$base64Thumbprint);
$json->UpdateString('keys[i].x5t',$base64Thumbprint);
// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
$pubKey = new CkPublicKey();
$cert1->GetPublicKey($pubKey);
$pubKeyJwk = new CkJsonObject();
$pubKeyJwk->Load($pubKey->getJwk());
$json->UpdateString('keys[i].n',$pubKeyJwk->stringOf('n'));
$json->UpdateString('keys[i].e',$pubKeyJwk->stringOf('e'));
// Now add the entire X.509 certificate
$json->UpdateString('keys[i].x5c[0]',$cert1->getEncoded());
// Now do the same for cert2..
$json->put_I(1);
$json->UpdateString('keys[i].kty','RSA');
$json->UpdateString('keys[i].use','sig');
$hexThumbprint = $cert2->sha1Thumbprint();
$base64Thumbprint = $crypt->reEncode($hexThumbprint,'hex','base64');
$json->UpdateString('keys[i].kid',$base64Thumbprint);
$json->UpdateString('keys[i].x5t',$base64Thumbprint);
$cert2->GetPublicKey($pubKey);
$pubKeyJwk->Load($pubKey->getJwk());
$json->UpdateString('keys[i].n',$pubKeyJwk->stringOf('n'));
$json->UpdateString('keys[i].e',$pubKeyJwk->stringOf('e'));
// Now add the entire X.509 certificate
$json->UpdateString('keys[i].x5c[0]',$cert2->getEncoded());
// Emit the JSON..
$json->put_EmitCompact(false);
print $json->emit() . "\n";
?>