How to generate JWK from a X.509 PEM certificate in jose4j?

Question

I am trying to produce JWK from an X.509 PEM certificate in jose4j, but I am not getting any clue to do the same.

I have already achieved this using nimbus jose+jwt library , can someone please help me with equivalent code for jose4j?

Code piece for nimbus jose+jwt :

try {
      jwk1 = (RSAKey) JWK.parseFromPEMEncodedX509Cert(certificateString);
      Map<String, Object> jwkMap = jwk1.toJSONObject();
      jwkMap.put("use", "enc");
      jwkMap.put("alg", "RSA-OAEP-256");
      jwk1 = (RSAKey) JWK.parse(jwkMap);
    } catch (JOSEException ex) {
      log.error("Exception while creating JWK from X.509 certificate : {}", ex.getMessage());
    }

score 2 · Answer 1 · answered Jun 30 '22 at 13:13

Here's some roughly equivalent example code:

   String pemCert =
       "MIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n" +
       "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n" +
       "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n" +
       "YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw\n" +
       "ODIyMDUyNzQxWhcNMTcwODIxMDUyNzQxWjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE\n" +
       "CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs\n" +
       "ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0z9FeMynsC8+u\n" +
       "dvX+LciZxnh5uRj4C9S6tNeeAlIGCfQYk0zUcNFCoCkTknNQd/YEiawDLNbxBqut\n" +
       "bMDZ1aarys1a0lYmUeVLCIqvzBkPJTSQsCopQQ9V8WuT252zzNzs68dVGNdCJd5J\n" +
       "NRQykpwexmnjPPv0mvj7i8XgG379TyW6P+WWV5okeUkXJ9eJS2ouDYdR2SM9BoVW\n" +
       "+FgxDu6BmXhozW5EfsnajFp7HL8kQClI0QOc79yuKl3492rH6bzFsFn2lfwWy9ic\n" +
       "7cP8EpCTeFp1tFaD+vxBhPZkeTQ1HKx6hQ5zeHIB5ySJJZ7af2W8r4eTGYzbdRW2\n" +
       "4DDHCPhZAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAQMv+BFvGdMVzkQaQ3/+2noVz\n" +
       "/uAKbzpEL8xTcxYyP3lkOeh4FoxiSWqy5pGFALdPONoDuYFpLhjJSZaEwuvjI/Tr\n" +
       "rGhLV1pRG9frwDFshqD2Vaj4ENBCBh6UpeBop5+285zQ4SI7q4U9oSebUDJiuOx6\n" +
       "+tZ9KynmrbJpTSi0+BM=";

    X509Util x509Util = new X509Util();
    X509Certificate x509Certificate = x509Util.fromBase64Der(pemCert);

    // create the JWK object with the public key from the cert
    PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(x509Certificate.getPublicKey());

    // sets the cert on the JWK object, which will be output in the x5c parameter
    jwk.setCertificateChain(x509Certificate);

    jwk.setUse(Use.ENCRYPTION);
    jwk.setAlgorithm(KeyManagementAlgorithmIdentifiers.RSA_OAEP_256);

    System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));

How to generate JWK from a X.509 PEM certificate in jose4j?

1 Answers1