< Summary - Kestrun — Combined Coverage

Information
Class: Public.Certificate.ConvertTo-KrJwkJson
Assembly: Kestrun.PowerShell.Public
File(s): /home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Certificate/ConvertTo-KrJwkJson.ps1
Tag: Kestrun/Kestrun@5f1d2b981c9d7292c11fd448428c6ab6c811c5de
Line coverage
0%
Covered lines: 0
Uncovered lines: 23
Coverable lines: 23
Total lines: 134
Line coverage: 0%
Branch coverage
N/A
Covered branches: 0
Total branches: 0
Branch coverage: N/A
Method coverage

Feature is only available for sponsors

Upgrade to PRO version

Coverage history

Coverage history 0 25 50 75 100 11/19/2025 - 17:40:50 Line coverage: 0% (0/23) Total lines: 141 Tag: Kestrun/Kestrun@fcf33342333cef0516fe0d0912a86709874fd02604/19/2026 - 15:52:57 Line coverage: 0% (0/23) Total lines: 134 Tag: Kestrun/Kestrun@765a8f13c573c01494250a29d6392b6037f087c9

Coverage delta

Coverage delta 1 -1

Metrics

Method
ConvertTo-KrJwkJson()

File(s)

/home/runner/work/Kestrun/Kestrun/src/PowerShell/Kestrun/Public/Certificate/ConvertTo-KrJwkJson.ps1

#LineLine coverage
 1<#
 2    .SYNOPSIS
 3        Converts an X509 certificate or RSA private key PEM to an RSA JWK JSON string.
 4    .DESCRIPTION
 5        This function converts either:
 6          - an X509 certificate object, or
 7          - an RSA private key in PEM format
 8        to a JSON Web Key (JWK) representation using the
 9        Kestrun.Certificates.CertificateManager backend.
 10
 11        For certificates:
 12          - By default it exports only the public parameters (suitable for JWKS).
 13          - If -IncludePrivateParameters is specified, the private RSA parameters
 14            are included as well (for local/secure use only; never publish those).
 15
 16        For RSA private key PEM:
 17          - The output is always a full private JWK (public + private parameters),
 18            as the source is inherently private key material.
 19    .PARAMETER Certificate
 20        The X509Certificate2 object to convert to JWK JSON.
 21        Typically obtained from Import-KrCertificate and passed via the pipeline.
 22    .PARAMETER RsaPrivateKeyPem
 23        A string containing an RSA private key in PEM format
 24        (e.g. "-----BEGIN RSA PRIVATE KEY----- ...").
 25    .PARAMETER RsaPrivateKeyPath
 26        Path to a file containing an RSA private key PEM. The file is read as raw text
 27        and passed to CertificateManager.CreateJwkJsonFromRsaPrivateKeyPem().
 28    .PARAMETER IncludePrivateParameters
 29        When converting from a certificate:
 30            If specified, includes private RSA parameters (d, p, q, dp, dq, qi) in the JWK JSON.
 31            Requires that the certificate has a private key.
 32        When converting from RSA private key PEM:
 33            Ignored. The output always contains private parameters because the source
 34            is a private key.
 35    .OUTPUTS
 36        [string] – the JWK JSON string.
 37    .EXAMPLE
 38        Import-KrCertificate -Path './certs/client.pfx' |
 39            ConvertTo-KrJwkJson
 40
 41        Imports a certificate and converts it to a public-only JWK JSON string.
 42    .EXAMPLE
 43        Import-KrCertificate -Path './certs/client.pfx' |
 44            ConvertTo-KrJwkJson -IncludePrivateParameters
 45
 46        Imports the certificate and returns a full private JWK JSON string.
 47    .EXAMPLE
 48        $pem = Get-Content './Assets/certs/private.pem' -Raw
 49        ConvertTo-KrJwkJson -RsaPrivateKeyPem $pem
 50
 51        Converts the RSA private key PEM to a full private JWK JSON string.
 52    .EXAMPLE
 53        ConvertTo-KrJwkJson -RsaPrivateKeyPath './Assets/certs/private.pem'
 54
 55        Reads the RSA private key PEM from disk and converts it to a full private JWK JSON string.
 56    .NOTES
 57        Requires the Kestrun module and the Kestrun.Certificates assembly to be loaded.
 58#>
 59function ConvertTo-KrJwkJson {
 60    [KestrunRuntimeApi('Everywhere')]
 61    [CmdletBinding(DefaultParameterSetName = 'ByCertificate')]
 62    [OutputType([string])]
 63    param(
 64        [Parameter(Mandatory = $true, ValueFromPipeline = $true, ParameterSetName = 'ByCertificate')]
 65        [System.Security.Cryptography.X509Certificates.X509Certificate2]$Certificate,
 66
 67        [Parameter(Mandatory = $true, ParameterSetName = 'ByRsaPrivateKeyPem')]
 68        [string]$RsaPrivateKeyPem,
 69
 70        [Parameter(Mandatory = $true, ParameterSetName = 'ByRsaPrivateKeyPath')]
 71        [string]$RsaPrivateKeyPath,
 72
 73        [Parameter()]
 74        [switch]$IncludePrivateParameters
 75    )
 76    process {
 077        switch ($PSCmdlet.ParameterSetName) {
 78            'ByCertificate' {
 079                $cert = $Certificate
 80
 081                if ($null -eq $cert) {
 082                    throw "Failed to obtain certificate instance."
 83                }
 84
 085                if ($IncludePrivateParameters.IsPresent -and -not $cert.HasPrivateKey) {
 086                    throw "Certificate does not contain a private key, cannot include private parameters in JWK."
 87                }
 88
 089                $json = [Kestrun.Certificates.CertificateManager]::CreateJwkJsonFromCertificate(
 90                    $cert,
 91                    $IncludePrivateParameters.IsPresent
 92                )
 93
 094                Write-KrLog -Level Verbose -Message "Converted certificate to JWK JSON (IncludePrivateParameters=$($Incl
 095                $json
 96            }
 97
 98            'ByRsaPrivateKeyPem' {
 099                if ([string]::IsNullOrWhiteSpace($RsaPrivateKeyPem)) {
 0100                    throw "RsaPrivateKeyPem parameter cannot be null or empty."
 101                }
 102
 103                # For private key PEM we always get a full private JWK.
 0104                $json = [Kestrun.Certificates.CertificateManager]::CreateJwkJsonFromRsaPrivateKeyPem(
 105                    $RsaPrivateKeyPem,
 106                    $null
 107                )
 108
 0109                Write-KrLog -Level Verbose -Message "Converted RSA private key PEM (inline) to JWK JSON (private key mat
 0110                $json
 111            }
 112
 113            'ByRsaPrivateKeyPath' {
 0114                if ([string]::IsNullOrWhiteSpace($RsaPrivateKeyPath)) {
 0115                    throw "RsaPrivateKeyPath parameter cannot be null or empty."
 116                }
 117
 0118                $resolved = Resolve-KrPath -Path $RsaPrivateKeyPath -KestrunRoot
 0119                if (-not (Test-Path -LiteralPath $resolved)) {
 0120                    throw "RSA private key PEM file not found: $resolved"
 121                }
 122
 0123                $pem = Get-Content -LiteralPath $resolved -Raw
 0124                $json = [Kestrun.Certificates.CertificateManager]::CreateJwkJsonFromRsaPrivateKeyPem(
 125                    $pem,
 126                    $null
 127                )
 128
 0129                Write-KrLog -Level Verbose -Message "Converted RSA private key PEM from '$resolved' to JWK JSON (private
 0130                $json
 131            }
 132        }
 133    }
 134}
Generated by: ReportGenerator 5.5.9.0
05/07/2026 - 03:56:33
GitHub | reportgenerator.io

Methods/Properties

ConvertTo-KrJwkJson()