(SQL Server) Load a JWK Set into a JCEKS (Convert JWK Set to JCEKS)

Demonstrates how to convert JSON Web Key Sets to JCEKS format.

This example uses the JWK sample files that you may download from Sample JWK Sets

This example requires Chilkat v9.5.0.66 or greater.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- IMPORTANT: This example requires Chilkat v9.5.0.66 or greater.

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @jceks int
    -- Use "Chilkat_9_5_0.JavaKeyStore" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.JavaKeyStore', @jceks OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    -- First load the following JWK Set (found in secretKeys.json)

    -- { 
    --   "keys": [
    --     { 
    --       "kty": "oct",
    --       "alg": "AES",
    --       "k": "vHekQQB0Gc1NvppapUTW2g",
    --       "kid": "my aes key"
    --     },
    --     { 
    --       "kty": "oct",
    --       "alg": "BLOWFISH",
    --       "k": "qHsdXaJsXicVCZbK8l8hJQpYOa0GkiO9gsRK9WLtht8",
    --       "kid": "my blowfish key"
    --     },
    --     { 
    --       "kty": "oct",
    --       "alg": "HMAC_SHA256",
    --       "k": "VGhpcyBpcyBteSBITUFDIGtleQ",
    --       "kid": "my hmac key"
    --     },
    --     { 
    --       "kty": "oct",
    --       "alg": "CHACHA",
    --       "k": "yNv832U43C9BcWvaQAH2_rG-GwfmpgT5JBRllWGQY1o",
    --       "kid": "my chacha20 key"
    --     }
    --   ]
    -- }

    DECLARE @jwkSet int
    -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jwkSet OUT

    DECLARE @success int
    EXEC sp_OAMethod @jwkSet, 'LoadFile', @success OUT, 'qa_data/jwk/secretKeys.json'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jwkSet, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jceks
        EXEC @hr = sp_OADestroy @jwkSet
        RETURN
      END

    -- The password is applied to each of the keys in the set.
    -- (It is the password that will be required to access the item after the JCEKS is opened.)
    DECLARE @password nvarchar(4000)
    SELECT @password = 'secret'
    EXEC sp_OAMethod @jceks, 'LoadJwkSet', @success OUT, @password, @jwkSet
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jceks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jceks
        EXEC @hr = sp_OADestroy @jwkSet
        RETURN
      END

    -- Write the JCEKS to a file, then examine with a tool such as the KeyStore Explorer
    -- to verify that all is OK.  (The "kid" becomes the alias of each key.)
    DECLARE @filePassword nvarchar(4000)
    SELECT @filePassword = 'secret2'
    EXEC sp_OAMethod @jceks, 'ToFile', @success OUT, @filePassword, 'qa_output/secretKeys.jceks'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jceks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jceks
        EXEC @hr = sp_OADestroy @jwkSet
        RETURN
      END

    -- -------------------------------------------------------------------------
    -- Now load a JWK Set that contains one ECC private key (and certs)
    -- This is the JSON that is loaded from ecc_jwkset.json:

    -- { 
    --   "keys": [
    --     { 
    --       "kty": "EC",
    --       "crv": "P-384",
    --       "x": "uB62JGMJKXnp1PNsOOIYKGhrzfLev3O-UuthL6UzEqNNDTd8dEYMUQP_DTS3qk98",
    --       "y": "gyQEFxdmZUsPF0fFokkZZ1cV6z7QD3MsPvSjrBzB0GUB3r8CLnDK_F4pF2Q995hr",
    --       "d": "ugTy2ZpuQqv1uQyLSgz1SPRvngzrd5vLyzU2ICaJd25zZRIxxlNR-uFo9UWC6llt",
    --       "kid": "my_ecc_key",
    --       "x5c": [
    --         "MIICzjCCAlOgAwIBAgIETULS8zAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEfMB0GA1UECxMWRm9yIFRlc3QgUHVycG9zZXMgT25seTElMCMGA1UEAxMcRW50cnVzdCBFQ0MgRGVtb25zdHJhdGlvbiBDQTAeFw0xNjAzMTgxMjM5MzFaFw0xNjA1MTcxMzA5MzFaMFgxHzAdBgNVBAsTFkZvciBUZXN0IFB1cnBvc2VzIE9ubHkxHTAbBgNVBAsTFFBlcnNvbmEgTm90IFZlcmlmaWVkMRYwFAYDVQQDEw1DaGlsa2F0IEFkbWluMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEuB62JGMJKXnp1PNsOOIYKGhrzfLev3O+UuthL6UzEqNNDTd8dEYMUQP/DTS3qk98gyQEFxdmZUsPF0fFokkZZ1cV6z7QD3MsPvSjrBzB0GUB3r8CLnDK/F4pF2Q995hro4HYMIHVMA4GA1UdDwEB/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwNwYDVR0fBDAwLjAsoCqgKIYmaHR0cDovL2NybC5lbnRydXN0LmNvbS9DUkwvZWNjZGVtby5jcmwwIAYDVR0RBBkwF4EVYWRtaW5AY2hpbGthdHNvZnQuY29tMB8GA1UdIwQYMBaAFCQFS+Fkghr4Ccz7eHkh+nDmkzLqMB0GA1UdDgQWBBTB82fmvrdG2iX5uS/agVW3L4DisjAJBgNVHRMEAjAAMAoGCCqGSM49BAMDA2kAMGYCMQCHILghMprWoYPEp9mCE+tpVE7vYwkFV3m0RDzT2BSUezL8Ky78XNk+XPqSB2biT70CMQDCase1oaPY4AxCmjB+rEB1ir+QS8mrtF+iCSqHVv1aIxT6abQL57BZSdvwIm/TT8o=",
    --         "MIICljCCAhugAwIBAgIETUHhezAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEfMB0GA1UECxMWRm9yIFRlc3QgUHVycG9zZXMgT25seTElMCMGA1UEAxMcRW50cnVzdCBFQ0MgRGVtb25zdHJhdGlvbiBDQTAeFw0xMTAxMjcyMDQ5NTRaFw0zNjAxMjcyMTE5NTRaMG0xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMR8wHQYDVQQLExZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MSUwIwYDVQQDExxFbnRydXN0IEVDQyBEZW1vbnN0cmF0aW9uIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEhCWBpuJuzvRtQyibkcbCj7EkcwAqS2EqRQ/QntroTdRM2SssEN4TruTxtwcY/7lR64L6Tfjz3+ujrfjNFss3EWVpUlbOJ+xHC3xHPteNyAGZtHbZO3tVuhP6yX6dFqCCo4GLMIGIMCsGA1UdEAQkMCKADzIwMTEwMTI3MjA0OTU0WoEPMjAzNjAxMjcyMTE5NTRaMAsGA1UdDwQEAwIBBjAfBgNVHSMEGDAWgBQkBUvhZIIa+AnM+3h5Ifpw5pMy6jAdBgNVHQ4EFgQUJAVL4WSCGvgJzPt4eSH6cOaTMuowDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAyAhA70OIb6lbfN6kOTQloHyCLmihNK+PT5wOuaMR//KSQP2c/H18YhDYnlwMxF9fAjEA0URaJOXMF0qwdvS2rm7N5PWMLc/4BbeOZyZ94XJiG5u96iTgp6N9JI0MMmCQE87N"
    --       ]
    --     }
    --   ]
    -- }

    EXEC sp_OAMethod @jwkSet, 'LoadFile', @success OUT, 'qa_data/jwk/ecc_jwkset.json'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jwkSet, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jceks
        EXEC @hr = sp_OADestroy @jwkSet
        RETURN
      END

    SELECT @password = 'secret'
    EXEC sp_OAMethod @jceks, 'LoadJwkSet', @success OUT, @password, @jwkSet
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jceks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jceks
        EXEC @hr = sp_OADestroy @jwkSet
        RETURN
      END

    SELECT @filePassword = 'secret2'
    EXEC sp_OAMethod @jceks, 'ToFile', @success OUT, @filePassword, 'qa_output/ecc.jceks'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jceks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jceks
        EXEC @hr = sp_OADestroy @jwkSet
        RETURN
      END


    PRINT 'Success.'

    EXEC @hr = sp_OADestroy @jceks
    EXEC @hr = sp_OADestroy @jwkSet


END
GO