PowerShell
PowerShell
Create JWK Set Containing Certificates
See more Certificates Examples
Demonstrates how to create a JWK Set containing N certificates.Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
# This example creates the following JWK Set from two certificates:
# {
# "keys": [
# {
# "kty": "RSA",
# "use": "sig",
# "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
# "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
# "n": "nYf1jpn7cFdQ...9Iw",
# "e": "AQAB",
# "x5c": [
# "MIIDBTCCAe2...Z+NTZo"
# ]
# },
# {
# "kty": "RSA",
# "use": "sig",
# "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
# "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
# "n": "xHScZMPo8F...EO4QQ",
# "e": "AQAB",
# "x5c": [
# "MIIC8TCCAdmgA...Vt5432GA=="
# ]
# }
# ]
# }
# First get two certificates from files.
$cert1 = New-Object Chilkat.Cert
$success = $cert1.LoadFromFile("qa_data/certs/brasil_cert.pem")
if ($success -eq $false) {
$($cert1.LastErrorText)
exit
}
$cert2 = New-Object Chilkat.Cert
$success = $cert2.LoadFromFile("qa_data/certs/testCert.cer")
if ($success -eq $false) {
$($cert2.LastErrorText)
exit
}
# We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
$crypt = New-Object Chilkat.Crypt2
$json = New-Object Chilkat.JsonObject
# Let's begin with the 1st cert:
$json.I = 0
$json.UpdateString("keys[i].kty","RSA")
$json.UpdateString("keys[i].use","sig")
$hexThumbprint = $cert1.Sha1Thumbprint
$base64Thumbprint = $crypt.ReEncode($hexThumbprint,"hex","base64")
$json.UpdateString("keys[i].kid",$base64Thumbprint)
$json.UpdateString("keys[i].x5t",$base64Thumbprint)
# (We're assuming these are RSA certificates)
# To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
$pubKey = New-Object Chilkat.PublicKey
$cert1.GetPublicKey($pubKey)
$pubKeyJwk = New-Object Chilkat.JsonObject
$pubKeyJwk.Load($pubKey.GetJwk())
$json.UpdateString("keys[i].n",$pubKeyJwk.StringOf("n"))
$json.UpdateString("keys[i].e",$pubKeyJwk.StringOf("e"))
# Now add the entire X.509 certificate
$json.UpdateString("keys[i].x5c[0]",$cert1.GetEncoded())
# Now do the same for cert2..
$json.I = 1
$json.UpdateString("keys[i].kty","RSA")
$json.UpdateString("keys[i].use","sig")
$hexThumbprint = $cert2.Sha1Thumbprint
$base64Thumbprint = $crypt.ReEncode($hexThumbprint,"hex","base64")
$json.UpdateString("keys[i].kid",$base64Thumbprint)
$json.UpdateString("keys[i].x5t",$base64Thumbprint)
$cert2.GetPublicKey($pubKey)
$pubKeyJwk.Load($pubKey.GetJwk())
$json.UpdateString("keys[i].n",$pubKeyJwk.StringOf("n"))
$json.UpdateString("keys[i].e",$pubKeyJwk.StringOf("e"))
# Now add the entire X.509 certificate
$json.UpdateString("keys[i].x5c[0]",$cert2.GetEncoded())
# Emit the JSON..
$json.EmitCompact = $false
$($json.Emit())