(PureBasic) Create JWK Set Containing Certificates

Demonstrates how to create a JWK Set containing N certificates.

Chilkat PureBasic Module Download Chilkat PureBasic Module

IncludeFile "CkCert.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkPublicKey.pb"
IncludeFile "CkCrypt2.pb"

Procedure ChilkatExample()

    ; This example creates the following JWK Set from two certificates:

    ; {
    ;   "keys": [
    ;     {
    ;       "kty": "RSA",
    ;       "use": "sig",
    ;       "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    ;       "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
    ;       "n": "nYf1jpn7cFdQ...9Iw",
    ;       "e": "AQAB",
    ;       "x5c": [
    ;         "MIIDBTCCAe2...Z+NTZo"
    ;       ]
    ;     },
    ;     {
    ;       "kty": "RSA",
    ;       "use": "sig",
    ;       "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
    ;       "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
    ;       "n": "xHScZMPo8F...EO4QQ",
    ;       "e": "AQAB",
    ;       "x5c": [
    ;         "MIIC8TCCAdmgA...Vt5432GA=="
    ;       ]
    ;     }
    ;   ]
    ; }

    ; First get two certificates from files.
    cert1.i = CkCert::ckCreate()
    If cert1.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success.i = CkCert::ckLoadFromFile(cert1,"qa_data/certs/brasil_cert.pem")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert1)
        CkCert::ckDispose(cert1)
        ProcedureReturn
    EndIf

    cert2.i = CkCert::ckCreate()
    If cert2.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadFromFile(cert2,"qa_data/certs/testCert.cer")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert2)
        CkCert::ckDispose(cert1)
        CkCert::ckDispose(cert2)
        ProcedureReturn
    EndIf

    ; We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
    crypt.i = CkCrypt2::ckCreate()
    If crypt.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    json.i = CkJsonObject::ckCreate()
    If json.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Let's begin with the 1st cert:
    CkJsonObject::setCkI(json, 0)
    CkJsonObject::ckUpdateString(json,"keys[i].kty","RSA")
    CkJsonObject::ckUpdateString(json,"keys[i].use","sig")

    hexThumbprint.s = CkCert::ckSha1Thumbprint(cert1)
    base64Thumbprint.s = CkCrypt2::ckReEncode(crypt,hexThumbprint,"hex","base64")
    CkJsonObject::ckUpdateString(json,"keys[i].kid",base64Thumbprint)
    CkJsonObject::ckUpdateString(json,"keys[i].x5t",base64Thumbprint)

    ; (We're assuming these are RSA certificates)
    ; To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
    pubKey.i = CkCert::ckExportPublicKey(cert1)
    pubKeyJwk.i = CkJsonObject::ckCreate()
    If pubKeyJwk.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    CkJsonObject::ckLoad(pubKeyJwk,CkPublicKey::ckGetJwk(pubKey))
    CkPublicKey::ckDispose(pubKey)

    CkJsonObject::ckUpdateString(json,"keys[i].n",CkJsonObject::ckStringOf(pubKeyJwk,"n"))
    CkJsonObject::ckUpdateString(json,"keys[i].e",CkJsonObject::ckStringOf(pubKeyJwk,"e"))

    ; Now add the entire X.509 certificate 
    CkJsonObject::ckUpdateString(json,"keys[i].x5c[0]",CkCert::ckGetEncoded(cert1))

    ; Now do the same for cert2..
    CkJsonObject::setCkI(json, 1)

    CkJsonObject::ckUpdateString(json,"keys[i].kty","RSA")
    CkJsonObject::ckUpdateString(json,"keys[i].use","sig")

    hexThumbprint = CkCert::ckSha1Thumbprint(cert2)
    base64Thumbprint = CkCrypt2::ckReEncode(crypt,hexThumbprint,"hex","base64")
    CkJsonObject::ckUpdateString(json,"keys[i].kid",base64Thumbprint)
    CkJsonObject::ckUpdateString(json,"keys[i].x5t",base64Thumbprint)

    pubKey = CkCert::ckExportPublicKey(cert2)
    CkJsonObject::ckLoad(pubKeyJwk,CkPublicKey::ckGetJwk(pubKey))
    CkPublicKey::ckDispose(pubKey)

    CkJsonObject::ckUpdateString(json,"keys[i].n",CkJsonObject::ckStringOf(pubKeyJwk,"n"))
    CkJsonObject::ckUpdateString(json,"keys[i].e",CkJsonObject::ckStringOf(pubKeyJwk,"e"))

    ; Now add the entire X.509 certificate 
    CkJsonObject::ckUpdateString(json,"keys[i].x5c[0]",CkCert::ckGetEncoded(cert2))

    ; Emit the JSON..
    CkJsonObject::setCkEmitCompact(json, 0)
    Debug CkJsonObject::ckEmit(json)


    CkCert::ckDispose(cert1)
    CkCert::ckDispose(cert2)
    CkCrypt2::ckDispose(crypt)
    CkJsonObject::ckDispose(json)
    CkJsonObject::ckDispose(pubKeyJwk)


    ProcedureReturn
EndProcedure