How to create JWKS from keystore

Brian Campbell

I should probably have some better examples up for working with JWKs and JWKSs but here’s a little code that shows how some of this can work.

        // get your keys from the keystore or wherever you have them
        // generating new one here just for simplicity
        RsaKeyUtil keyUtil = new RsaKeyUtil();
        KeyPair keyPair = keyUtil.generateKeyPair(2048);
        PublicKey publicKey = keyPair.getPublic();
        PrivateKey privateKey = keyPair.getPrivate();

        // Create a JWK object from the public key
        PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(publicKey);

        // you probably don't need or want to do this but you can set the private key on the JWK
        jwk.setPrivateKey(privateKey);

        // maybe give each JWK a Key ID (kid)
        jwk.setKeyId("abcde123 or whatever");

        // add all the JWK objects to a list
        List<JsonWebKey> jwkList = new ArrayList<>();
        jwkList.add(jwk);

        // create a JsonWebKeySet object with the list of JWK objects
        JsonWebKeySet jwks = new JsonWebKeySet(jwkList);

        // and output the JSON of the JWKS
        String jwksJson = jwks.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY);

        System.out.println(jwksJson);

‌

2020-08-28T20:37:23+00:00

Anurag Srivastava reporter

I dont see x509 certificate added in this. I am trying to generate JWKs from my keystore file

2020-08-28T22:22:10+00:00

Brian Campbell

jwk.setCertificateChain(...)

‌

2020-08-28T22:23:45+00:00

Anurag Srivastava reporter

How to get cert chain? please share the code

2020-08-28T22:29:02+00:00

Brian Campbell

It takes a list List<X509Certificate> certificateChain or even a varargs setCertificateChain(X509Certificate... certificates) which can be passed a single certificate.

2020-08-28T22:39:17+00:00

Comments (5)