(PHP ActiveX) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows Note: The php_com_dotnet.dll may need to be enabled inside of php.ini.

<?php

// This example creates the following JWK Set from two certificates:

// {
//   "keys": [
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
//       "n": "nYf1jpn7cFdQ...9Iw",
//       "e": "AQAB",
//       "x5c": [
//         "MIIDBTCCAe2...Z+NTZo"
//       ]
//     },
//     {
//       "kty": "RSA",
//       "use": "sig",
//       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
//       "n": "xHScZMPo8F...EO4QQ",
//       "e": "AQAB",
//       "x5c": [
//         "MIIC8TCCAdmgA...Vt5432GA=="
//       ]
//     }
//   ]
// }

// First get two certificates from files.
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert')
$cert1 = new COM("Chilkat.Cert");
$success = $cert1->LoadFromFile('qa_data/certs/brasil_cert.pem');
if ($success != 1) {
    print $cert1->LastErrorText . "\n";
    exit;
}

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Cert')
$cert2 = new COM("Chilkat.Cert");
$success = $cert2->LoadFromFile('qa_data/certs/testCert.cer');
if ($success != 1) {
    print $cert2->LastErrorText . "\n";
    exit;
}

// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Crypt2')
$crypt = new COM("Chilkat.Crypt2");

// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.JsonObject')
$json = new COM("Chilkat.JsonObject");

// Let's begin with the 1st cert:
$json->I = 0;
$json->UpdateString('keys[i].kty','RSA');
$json->UpdateString('keys[i].use','sig');

$hexThumbprint = $cert1->Sha1Thumbprint;
$base64Thumbprint = $crypt->reEncode($hexThumbprint,'hex','base64');
$json->UpdateString('keys[i].kid',$base64Thumbprint);
$json->UpdateString('keys[i].x5t',$base64Thumbprint);

// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
// pubKey is a Chilkat.PublicKey
$pubKey = $cert1->ExportPublicKey();
// For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.JsonObject')
$pubKeyJwk = new COM("Chilkat.JsonObject");
$pubKeyJwk->Load($pubKey->getJwk());

$json->UpdateString('keys[i].n',$pubKeyJwk->stringOf('n'));
$json->UpdateString('keys[i].e',$pubKeyJwk->stringOf('e'));

// Now add the entire X.509 certificate 
$json->UpdateString('keys[i].x5c[0]',$cert1->getEncoded());

// Now do the same for cert2..
$json->I = 1;

$json->UpdateString('keys[i].kty','RSA');
$json->UpdateString('keys[i].use','sig');

$hexThumbprint = $cert2->Sha1Thumbprint;
$base64Thumbprint = $crypt->reEncode($hexThumbprint,'hex','base64');
$json->UpdateString('keys[i].kid',$base64Thumbprint);
$json->UpdateString('keys[i].x5t',$base64Thumbprint);

// pubKey is a Chilkat.PublicKey
$pubKey = $cert2->ExportPublicKey();
$pubKeyJwk->Load($pubKey->getJwk());

$json->UpdateString('keys[i].n',$pubKeyJwk->stringOf('n'));
$json->UpdateString('keys[i].e',$pubKeyJwk->stringOf('e'));

// Now add the entire X.509 certificate 
$json->UpdateString('keys[i].x5c[0]',$cert2->getEncoded());

// Emit the JSON..
$json->EmitCompact = 0;
print $json->emit() . "\n";

?>