PureBasic
PureBasic
Create JWK Set Containing Certificates
See more Certificates Examples
Demonstrates how to create a JWK Set containing N certificates.Chilkat PureBasic Downloads
IncludeFile "CkCert.pb"
IncludeFile "CkJsonObject.pb"
IncludeFile "CkPublicKey.pb"
IncludeFile "CkCrypt2.pb"
Procedure ChilkatExample()
success.i = 0
; This example creates the following JWK Set from two certificates:
; {
; "keys": [
; {
; "kty": "RSA",
; "use": "sig",
; "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
; "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
; "n": "nYf1jpn7cFdQ...9Iw",
; "e": "AQAB",
; "x5c": [
; "MIIDBTCCAe2...Z+NTZo"
; ]
; },
; {
; "kty": "RSA",
; "use": "sig",
; "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
; "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
; "n": "xHScZMPo8F...EO4QQ",
; "e": "AQAB",
; "x5c": [
; "MIIC8TCCAdmgA...Vt5432GA=="
; ]
; }
; ]
; }
; First get two certificates from files.
cert1.i = CkCert::ckCreate()
If cert1.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkCert::ckLoadFromFile(cert1,"qa_data/certs/brasil_cert.pem")
If success = 0
Debug CkCert::ckLastErrorText(cert1)
CkCert::ckDispose(cert1)
ProcedureReturn
EndIf
cert2.i = CkCert::ckCreate()
If cert2.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
success = CkCert::ckLoadFromFile(cert2,"qa_data/certs/testCert.cer")
If success = 0
Debug CkCert::ckLastErrorText(cert2)
CkCert::ckDispose(cert1)
CkCert::ckDispose(cert2)
ProcedureReturn
EndIf
; We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
crypt.i = CkCrypt2::ckCreate()
If crypt.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
json.i = CkJsonObject::ckCreate()
If json.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
; Let's begin with the 1st cert:
CkJsonObject::setCkI(json, 0)
CkJsonObject::ckUpdateString(json,"keys[i].kty","RSA")
CkJsonObject::ckUpdateString(json,"keys[i].use","sig")
hexThumbprint.s = CkCert::ckSha1Thumbprint(cert1)
base64Thumbprint.s = CkCrypt2::ckReEncode(crypt,hexThumbprint,"hex","base64")
CkJsonObject::ckUpdateString(json,"keys[i].kid",base64Thumbprint)
CkJsonObject::ckUpdateString(json,"keys[i].x5t",base64Thumbprint)
; (We're assuming these are RSA certificates)
; To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
pubKey.i = CkPublicKey::ckCreate()
If pubKey.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkCert::ckGetPublicKey(cert1,pubKey)
pubKeyJwk.i = CkJsonObject::ckCreate()
If pubKeyJwk.i = 0
Debug "Failed to create object."
ProcedureReturn
EndIf
CkJsonObject::ckLoad(pubKeyJwk,CkPublicKey::ckGetJwk(pubKey))
CkJsonObject::ckUpdateString(json,"keys[i].n",CkJsonObject::ckStringOf(pubKeyJwk,"n"))
CkJsonObject::ckUpdateString(json,"keys[i].e",CkJsonObject::ckStringOf(pubKeyJwk,"e"))
; Now add the entire X.509 certificate
CkJsonObject::ckUpdateString(json,"keys[i].x5c[0]",CkCert::ckGetEncoded(cert1))
; Now do the same for cert2..
CkJsonObject::setCkI(json, 1)
CkJsonObject::ckUpdateString(json,"keys[i].kty","RSA")
CkJsonObject::ckUpdateString(json,"keys[i].use","sig")
hexThumbprint = CkCert::ckSha1Thumbprint(cert2)
base64Thumbprint = CkCrypt2::ckReEncode(crypt,hexThumbprint,"hex","base64")
CkJsonObject::ckUpdateString(json,"keys[i].kid",base64Thumbprint)
CkJsonObject::ckUpdateString(json,"keys[i].x5t",base64Thumbprint)
CkCert::ckGetPublicKey(cert2,pubKey)
CkJsonObject::ckLoad(pubKeyJwk,CkPublicKey::ckGetJwk(pubKey))
CkJsonObject::ckUpdateString(json,"keys[i].n",CkJsonObject::ckStringOf(pubKeyJwk,"n"))
CkJsonObject::ckUpdateString(json,"keys[i].e",CkJsonObject::ckStringOf(pubKeyJwk,"e"))
; Now add the entire X.509 certificate
CkJsonObject::ckUpdateString(json,"keys[i].x5c[0]",CkCert::ckGetEncoded(cert2))
; Emit the JSON..
CkJsonObject::setCkEmitCompact(json, 0)
Debug CkJsonObject::ckEmit(json)
CkCert::ckDispose(cert1)
CkCert::ckDispose(cert2)
CkCrypt2::ckDispose(crypt)
CkJsonObject::ckDispose(json)
CkPublicKey::ckDispose(pubKey)
CkJsonObject::ckDispose(pubKeyJwk)
ProcedureReturn
EndProcedure