1*1c60b9acSAndroid Build Coastguard Worker# lws minimal example for X509 2*1c60b9acSAndroid Build Coastguard Worker 3*1c60b9acSAndroid Build Coastguard WorkerThe example shows how to: 4*1c60b9acSAndroid Build Coastguard Worker 5*1c60b9acSAndroid Build Coastguard Worker - confirm one PEM cert or chain (-c) was signed by a trusted PEM cert (-t) 6*1c60b9acSAndroid Build Coastguard Worker - convert a certificate public key to JWK 7*1c60b9acSAndroid Build Coastguard Worker - convert a certificate public key and its private key PEM to a private JWK 8*1c60b9acSAndroid Build Coastguard Worker 9*1c60b9acSAndroid Build Coastguard WorkerThe examples work for EC and RSA certs and on mbedtls and OpenSSL the same. 10*1c60b9acSAndroid Build Coastguard Worker 11*1c60b9acSAndroid Build Coastguard WorkerNotice the logging is on stderr, and only the JWK is output on stdout. 12*1c60b9acSAndroid Build Coastguard Worker 13*1c60b9acSAndroid Build Coastguard Worker## build 14*1c60b9acSAndroid Build Coastguard Worker 15*1c60b9acSAndroid Build Coastguard Worker``` 16*1c60b9acSAndroid Build Coastguard Worker $ cmake . && make 17*1c60b9acSAndroid Build Coastguard Worker``` 18*1c60b9acSAndroid Build Coastguard Worker 19*1c60b9acSAndroid Build Coastguard Worker## usage 20*1c60b9acSAndroid Build Coastguard Worker 21*1c60b9acSAndroid Build Coastguard WorkerCommandline option|Meaning 22*1c60b9acSAndroid Build Coastguard Worker---|--- 23*1c60b9acSAndroid Build Coastguard Worker-d <loglevel>|Debug verbosity in decimal, eg, -d15 24*1c60b9acSAndroid Build Coastguard Worker-c <PEM certificate path>|Required PEM Certificate(s) to operate on... may be multiple concatednated PEM 25*1c60b9acSAndroid Build Coastguard Worker-t <PEM certificate path>|Single PEM trusted certificate 26*1c60b9acSAndroid Build Coastguard Worker-p <PEM private key path>|Optional private key matching certificate given in -c. If given, only the private JWK is printed to stdout 27*1c60b9acSAndroid Build Coastguard Worker 28*1c60b9acSAndroid Build Coastguard WorkerExample for confirming trust relationship. Notice the PEM in -c must contain not only 29*1c60b9acSAndroid Build Coastguard Workerthe final certificate but also the certificates for any intermediate CAs. 30*1c60b9acSAndroid Build Coastguard Worker 31*1c60b9acSAndroid Build Coastguard Worker``` 32*1c60b9acSAndroid Build Coastguard Worker $ ./lws-crypto-x509 -c ec-cert.pem -t ca-cert.pem 33*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:31:13:2031] USER: LWS X509 api example 34*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:31:13:2032] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off 35*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:31:13:2043] NOTICE: main: certs loaded OK 36*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:31:13:2043] NOTICE: main: verified OK <<<<====== 37*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:31:13:2045] NOTICE: Cert Public JWK 38*1c60b9acSAndroid Build Coastguard Worker{"crv":"P-521","kty":"EC","x":"_uRNBbIbm0zhk8v6ujvQX9924264ZkqJhit0qamAoCegzuJbLf434kN7_aFEt6u-QWUu6-N1R8t6OlvrLo2jrNY","y":"AU-29XpNyB7e5e3s5t0ylzGEnF601A8A7Tx8m8xxngARZX_bn22itGJ3Y57BTcclPMoG80KjWAMnRVtrKqrD_aGD"} 39*1c60b9acSAndroid Build Coastguard Worker 40*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:31:13:2045] NOTICE: main: OK 41*1c60b9acSAndroid Build Coastguard Worker``` 42*1c60b9acSAndroid Build Coastguard Worker 43*1c60b9acSAndroid Build Coastguard WorkerExample creating JWKs for public and public + private cert + PEM keys: 44*1c60b9acSAndroid Build Coastguard Worker 45*1c60b9acSAndroid Build Coastguard Worker``` 46*1c60b9acSAndroid Build Coastguard Worker $ ./lws-crypto-x509 -c ec-cert.pem -p ec-key.pem 47*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:14:43:4966] USER: LWS X509 api example 48*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:14:43:5225] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off 49*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:14:43:5707] NOTICE: lws_x509_public_to_jwk: EC key 50*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:24:59:9514] USER: LWS X509 api example 51*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:24:59:9741] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off 52*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:25:00:1261] NOTICE: lws_x509_public_to_jwk: key type 408 "id-ecPublicKey" 53*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:25:00:1269] NOTICE: lws_x509_public_to_jwk: EC key 54*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:25:00:2097] NOTICE: Cert + Key Private JWK 55*1c60b9acSAndroid Build Coastguard Worker{"crv":"P-521","d":"AU3iQSKfPskMTW4ZncrYLhipUYzLYty2XhemTQ_nSuUB1vB76jHmOYUTRXFBLkVCW8cQYyMa5dMa3Bvv-cdvH0IB","kty":"EC","x":"_uRNBbIbm0zhk8v6ujvQX9924264ZkqJhit0qamAoCegzuJbLf434kN7_aFEt6u-QWUu6-N1R8t6OlvrLo2jrNY","y":"AU-29XpNyB7e5e3s5t0ylzGEnF601A8A7Tx8m8xxngARZX_bn22itGJ3Y57BTcclPMoG80KjWAMnRVtrKqrD_aGD"} 56*1c60b9acSAndroid Build Coastguard Worker 57*1c60b9acSAndroid Build Coastguard Worker[2019/01/02 20:25:00:2207] NOTICE: main: OK 58*1c60b9acSAndroid Build Coastguard Worker``` 59*1c60b9acSAndroid Build Coastguard Worker 60