sohalloran · May 14, 2019 13:03
diff --git a/App.java b/App.java
 package com.salesforce.app;

 import java.io.IOException;
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateFactory;
 import java.util.Base64;
 import java.util.Base64.Encoder;
 import java.util.Base64.Decoder;
 import java.util.HashMap;
 import java.util.Map;
 import java.io.FileInputStream;
 import javax.xml.bind.DatatypeConverter;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import com.google.gson.*;
 import java.security.cert.X509Certificate;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.util.X509CertUtils;
 import java.security.*;
 import java.security.interfaces.*;
 import java.util.*;
 import com.nimbusds.jose.jwk.*;
 import com.nimbusds.jose.jwk.gen.*;

 public class App {
    public static void main(String[] args) {
        System.out.println("JWKS Generator");
        try {
            Gson gson = new Gson();
            System.out.println(generateJWK(args[0], args[0]));
            System.out.println();
            System.out.println("-------manual-JWK----");
            System.out.println(gson.toJson(generateJWK(args[0], args[0])));
            System.out.println("-------manual-JWK----");
            FileInputStream fin = new FileInputStream(args[0]);
            CertificateFactory f = CertificateFactory.getInstance("X.509");
            X509Certificate certificate = (X509Certificate) f.generateCertificate(fin);
            X509Certificate cert = X509CertUtils.parse(certificate.getEncoded());
            RSAKey rsaJWK = RSAKey.parse(cert);
            System.out.println("-------om.nimbusds.jose.jwk.RSAKey-JWK----");
            System.out.println(rsaJWK.toPublicJWK());
            System.out.println("-------om.nimbusds.jose.jwk.RSAKey-JWK----");

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private static Map<String, Object> generateJWK(String env, String location) {
        Map<String, Object> values = new HashMap<>();
        try {
            FileInputStream fin = new FileInputStream(location);
            CertificateFactory f = CertificateFactory.getInstance("X.509");
            X509Certificate certificate = (X509Certificate) f.generateCertificate(fin);
            String thumbprint = getThumbprint(certificate);

            System.out.println("Subject DN : " + certificate.getSubjectDN().getName());
            System.out.println("Issuer : " + certificate.getIssuerDN().getName());
            System.out.println("Not After: " + certificate.getNotAfter());
            System.out.println("Not Before: " + certificate.getNotBefore());
            System.out.println("version: " + certificate.getVersion());
            System.out.println("serial number : " + certificate.getSerialNumber());

            PublicKey pk = certificate.getPublicKey();
            RSAPublicKey rsa = (RSAPublicKey) pk;
            values.put("kty", rsa.getAlgorithm()); // getAlgorithm() returns kty not algorithm
            values.put("kid", env);
            values.put("x5t", thumbprint);
            values.put("n", Base64.getUrlEncoder().encodeToString(rsa.getModulus().toByteArray()));
            values.put("e", Base64.getUrlEncoder().encodeToString(rsa.getPublicExponent().toByteArray()));
            values.put("alg", "RS256");
            values.put("use", "sig");
        } catch (Exception e) {
            e.printStackTrace();
        }
        return values;
    }

    private static String getThumbprint(X509Certificate cert)
            throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest md = MessageDigest.getInstance("SHA-1");
        byte[] der = cert.getEncoded();
        md.update(der);
        byte[] digest = md.digest();
        String digestHex = DatatypeConverter.printHexBinary(digest);
        return digestHex.toLowerCase();
    }

 }
	package com.salesforce.app;

	import java.io.IOException;
	import java.net.URISyntaxException;
	import java.nio.file.Files;
	import java.nio.file.Paths;
	import java.security.KeyFactory;
	import java.security.NoSuchAlgorithmException;
	import java.security.PrivateKey;
	import java.security.PublicKey;
	import java.security.interfaces.RSAPublicKey;
	import java.security.spec.InvalidKeySpecException;
	import java.security.spec.PKCS8EncodedKeySpec;
	import java.security.spec.X509EncodedKeySpec;
	import java.security.cert.X509Certificate;
	import java.security.cert.CertificateFactory;
	import java.util.Base64;
	import java.util.Base64.Encoder;
	import java.util.Base64.Decoder;
	import java.util.HashMap;
	import java.util.Map;
	import java.io.FileInputStream;
	import javax.xml.bind.DatatypeConverter;
	import java.security.MessageDigest;
	import java.security.NoSuchAlgorithmException;
	import java.security.cert.CertificateEncodingException;
	import java.security.cert.CertificateException;
	import java.security.cert.CertificateFactory;
	import com.google.gson.*;
	import java.security.cert.X509Certificate;
	import com.nimbusds.jose.jwk.RSAKey;
	import com.nimbusds.jose.util.X509CertUtils;
	import java.security.*;
	import java.security.interfaces.*;
	import java.util.*;
	import com.nimbusds.jose.jwk.*;
	import com.nimbusds.jose.jwk.gen.*;

	public class App {
	public static void main(String[] args) {
	System.out.println("JWKS Generator");
	try {
	Gson gson = new Gson();
	System.out.println(generateJWK(args[0], args[0]));
	System.out.println();
	System.out.println("-------manual-JWK----");
	System.out.println(gson.toJson(generateJWK(args[0], args[0])));
	System.out.println("-------manual-JWK----");
	FileInputStream fin = new FileInputStream(args[0]);
	CertificateFactory f = CertificateFactory.getInstance("X.509");
	X509Certificate certificate = (X509Certificate) f.generateCertificate(fin);
	X509Certificate cert = X509CertUtils.parse(certificate.getEncoded());
	RSAKey rsaJWK = RSAKey.parse(cert);
	System.out.println("-------om.nimbusds.jose.jwk.RSAKey-JWK----");
	System.out.println(rsaJWK.toPublicJWK());
	System.out.println("-------om.nimbusds.jose.jwk.RSAKey-JWK----");

	} catch (Exception e) {
	e.printStackTrace();
	}
	}

	private static Map<String, Object> generateJWK(String env, String location) {
	Map<String, Object> values = new HashMap<>();
	try {
	FileInputStream fin = new FileInputStream(location);
	CertificateFactory f = CertificateFactory.getInstance("X.509");
	X509Certificate certificate = (X509Certificate) f.generateCertificate(fin);
	String thumbprint = getThumbprint(certificate);

	System.out.println("Subject DN : " + certificate.getSubjectDN().getName());
	System.out.println("Issuer : " + certificate.getIssuerDN().getName());
	System.out.println("Not After: " + certificate.getNotAfter());
	System.out.println("Not Before: " + certificate.getNotBefore());
	System.out.println("version: " + certificate.getVersion());
	System.out.println("serial number : " + certificate.getSerialNumber());

	PublicKey pk = certificate.getPublicKey();
	RSAPublicKey rsa = (RSAPublicKey) pk;
	values.put("kty", rsa.getAlgorithm()); // getAlgorithm() returns kty not algorithm
	values.put("kid", env);
	values.put("x5t", thumbprint);
	values.put("n", Base64.getUrlEncoder().encodeToString(rsa.getModulus().toByteArray()));
	values.put("e", Base64.getUrlEncoder().encodeToString(rsa.getPublicExponent().toByteArray()));
	values.put("alg", "RS256");
	values.put("use", "sig");
	} catch (Exception e) {
	e.printStackTrace();
	}
	return values;
	}

	private static String getThumbprint(X509Certificate cert)
	throws NoSuchAlgorithmException, CertificateEncodingException {
	MessageDigest md = MessageDigest.getInstance("SHA-1");
	byte[] der = cert.getEncoded();
	md.update(der);
	byte[] digest = md.digest();
	String digestHex = DatatypeConverter.printHexBinary(digest);
	return digestHex.toLowerCase();
	}

	}