Unicode C
Unicode C
Create JWK Set Containing Certificates
See more Certificates Examples
Demonstrates how to create a JWK Set containing N certificates.Chilkat Unicode C Downloads
#include <C_CkCertW.h>
#include <C_CkCrypt2W.h>
#include <C_CkJsonObjectW.h>
#include <C_CkPublicKeyW.h>
void ChilkatSample(void)
{
BOOL success;
HCkCertW cert1;
HCkCertW cert2;
HCkCrypt2W crypt;
HCkJsonObjectW json;
const wchar_t *hexThumbprint;
const wchar_t *base64Thumbprint;
HCkPublicKeyW pubKey;
HCkJsonObjectW pubKeyJwk;
success = FALSE;
// This example creates the following JWK Set from two certificates:
// {
// "keys": [
// {
// "kty": "RSA",
// "use": "sig",
// "kid": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
// "x5t": "BB8CeFVqyaGrGNuehJIiL4dfjzw",
// "n": "nYf1jpn7cFdQ...9Iw",
// "e": "AQAB",
// "x5c": [
// "MIIDBTCCAe2...Z+NTZo"
// ]
// },
// {
// "kty": "RSA",
// "use": "sig",
// "kid": "M6pX7RHoraLsprfJeRCjSxuURhc",
// "x5t": "M6pX7RHoraLsprfJeRCjSxuURhc",
// "n": "xHScZMPo8F...EO4QQ",
// "e": "AQAB",
// "x5c": [
// "MIIC8TCCAdmgA...Vt5432GA=="
// ]
// }
// ]
// }
// First get two certificates from files.
cert1 = CkCertW_Create();
success = CkCertW_LoadFromFile(cert1,L"qa_data/certs/brasil_cert.pem");
if (success == FALSE) {
wprintf(L"%s\n",CkCertW_lastErrorText(cert1));
CkCertW_Dispose(cert1);
return;
}
cert2 = CkCertW_Create();
success = CkCertW_LoadFromFile(cert2,L"qa_data/certs/testCert.cer");
if (success == FALSE) {
wprintf(L"%s\n",CkCertW_lastErrorText(cert2));
CkCertW_Dispose(cert1);
CkCertW_Dispose(cert2);
return;
}
// We'll need this crypt object re-encode the SHA1 thumbprint from hex to base64.
crypt = CkCrypt2W_Create();
json = CkJsonObjectW_Create();
// Let's begin with the 1st cert:
CkJsonObjectW_putI(json,0);
CkJsonObjectW_UpdateString(json,L"keys[i].kty",L"RSA");
CkJsonObjectW_UpdateString(json,L"keys[i].use",L"sig");
hexThumbprint = CkCertW_sha1Thumbprint(cert1);
base64Thumbprint = CkCrypt2W_reEncode(crypt,hexThumbprint,L"hex",L"base64");
CkJsonObjectW_UpdateString(json,L"keys[i].kid",base64Thumbprint);
CkJsonObjectW_UpdateString(json,L"keys[i].x5t",base64Thumbprint);
// (We're assuming these are RSA certificates)
// To get the modulus (n) and exponent (e), we need to get the cert's public key and then get its JWK.
pubKey = CkPublicKeyW_Create();
CkCertW_GetPublicKey(cert1,pubKey);
pubKeyJwk = CkJsonObjectW_Create();
CkJsonObjectW_Load(pubKeyJwk,CkPublicKeyW_getJwk(pubKey));
CkJsonObjectW_UpdateString(json,L"keys[i].n",CkJsonObjectW_stringOf(pubKeyJwk,L"n"));
CkJsonObjectW_UpdateString(json,L"keys[i].e",CkJsonObjectW_stringOf(pubKeyJwk,L"e"));
// Now add the entire X.509 certificate
CkJsonObjectW_UpdateString(json,L"keys[i].x5c[0]",CkCertW_getEncoded(cert1));
// Now do the same for cert2..
CkJsonObjectW_putI(json,1);
CkJsonObjectW_UpdateString(json,L"keys[i].kty",L"RSA");
CkJsonObjectW_UpdateString(json,L"keys[i].use",L"sig");
hexThumbprint = CkCertW_sha1Thumbprint(cert2);
base64Thumbprint = CkCrypt2W_reEncode(crypt,hexThumbprint,L"hex",L"base64");
CkJsonObjectW_UpdateString(json,L"keys[i].kid",base64Thumbprint);
CkJsonObjectW_UpdateString(json,L"keys[i].x5t",base64Thumbprint);
CkCertW_GetPublicKey(cert2,pubKey);
CkJsonObjectW_Load(pubKeyJwk,CkPublicKeyW_getJwk(pubKey));
CkJsonObjectW_UpdateString(json,L"keys[i].n",CkJsonObjectW_stringOf(pubKeyJwk,L"n"));
CkJsonObjectW_UpdateString(json,L"keys[i].e",CkJsonObjectW_stringOf(pubKeyJwk,L"e"));
// Now add the entire X.509 certificate
CkJsonObjectW_UpdateString(json,L"keys[i].x5c[0]",CkCertW_getEncoded(cert2));
// Emit the JSON..
CkJsonObjectW_putEmitCompact(json,FALSE);
wprintf(L"%s\n",CkJsonObjectW_emit(json));
CkCertW_Dispose(cert1);
CkCertW_Dispose(cert2);
CkCrypt2W_Dispose(crypt);
CkJsonObjectW_Dispose(json);
CkPublicKeyW_Dispose(pubKey);
CkJsonObjectW_Dispose(pubKeyJwk);
}