• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# lws minimal example for X509
2
3The example shows how to:
4
5 - confirm one PEM cert or chain (-c) was signed by a trusted PEM cert (-t)
6 - convert a certificate public key to JWK
7 - convert a certificate public key and its private key PEM to a private JWK
8
9The examples work for EC and RSA certs and on mbedtls and OpenSSL the same.
10
11Notice the logging is on stderr, and only the JWK is output on stdout.
12
13## build
14
15```
16 $ cmake . && make
17```
18
19## usage
20
21Commandline option|Meaning
22---|---
23-d <loglevel>|Debug verbosity in decimal, eg, -d15
24-c <PEM certificate path>|Required PEM Certificate(s) to operate on... may be multiple concatednated PEM
25-t <PEM certificate path>|Single PEM trusted certificate
26-p <PEM private key path>|Optional private key matching certificate given in -c.  If given, only the private JWK is printed to stdout
27
28Example for confirming trust relationship.  Notice the PEM in -c must contain not only
29the final certificate but also the certificates for any intermediate CAs.
30
31```
32 $ ./lws-crypto-x509 -c ec-cert.pem -t ca-cert.pem
33[2019/01/02 20:31:13:2031] USER: LWS X509 api example
34[2019/01/02 20:31:13:2032] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
35[2019/01/02 20:31:13:2043] NOTICE: main: certs loaded OK
36[2019/01/02 20:31:13:2043] NOTICE: main: verified OK  <<<<======
37[2019/01/02 20:31:13:2045] NOTICE: Cert Public JWK
38{"crv":"P-521","kty":"EC","x":"_uRNBbIbm0zhk8v6ujvQX9924264ZkqJhit0qamAoCegzuJbLf434kN7_aFEt6u-QWUu6-N1R8t6OlvrLo2jrNY","y":"AU-29XpNyB7e5e3s5t0ylzGEnF601A8A7Tx8m8xxngARZX_bn22itGJ3Y57BTcclPMoG80KjWAMnRVtrKqrD_aGD"}
39
40[2019/01/02 20:31:13:2045] NOTICE: main: OK
41```
42
43Example creating JWKs for public and public + private cert + PEM keys:
44
45```
46 $ ./lws-crypto-x509 -c ec-cert.pem -p ec-key.pem
47[2019/01/02 20:14:43:4966] USER: LWS X509 api example
48[2019/01/02 20:14:43:5225] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
49[2019/01/02 20:14:43:5707] NOTICE: lws_x509_public_to_jwk: EC key
50[2019/01/02 20:24:59:9514] USER: LWS X509 api example
51[2019/01/02 20:24:59:9741] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
52[2019/01/02 20:25:00:1261] NOTICE: lws_x509_public_to_jwk: key type 408 "id-ecPublicKey"
53[2019/01/02 20:25:00:1269] NOTICE: lws_x509_public_to_jwk: EC key
54[2019/01/02 20:25:00:2097] NOTICE: Cert + Key Private JWK
55{"crv":"P-521","d":"AU3iQSKfPskMTW4ZncrYLhipUYzLYty2XhemTQ_nSuUB1vB76jHmOYUTRXFBLkVCW8cQYyMa5dMa3Bvv-cdvH0IB","kty":"EC","x":"_uRNBbIbm0zhk8v6ujvQX9924264ZkqJhit0qamAoCegzuJbLf434kN7_aFEt6u-QWUu6-N1R8t6OlvrLo2jrNY","y":"AU-29XpNyB7e5e3s5t0ylzGEnF601A8A7Tx8m8xxngARZX_bn22itGJ3Y57BTcclPMoG80KjWAMnRVtrKqrD_aGD"}
56
57[2019/01/02 20:25:00:2207] NOTICE: main: OK
58```
59
60