Sample code for 30+ languages & platforms
Delphi DLL

Load Particular CA Certs into a Java KeyStore

See more Java KeyStore (JKS) Examples

Opens a PEM file containing many CA root certificates, and creates a Java keystore containing a subset of the certificates.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, TrustedRoots, JavaKeyStore, Cert, StringBuilder;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
jks: HCkJavaKeyStore;
troots: HCkTrustedRoots;
sbDn: HCkStringBuilder;
sbAlias: HCkStringBuilder;
caseSensitive: Boolean;
i: Integer;
numCerts: Integer;
numAdded: Integer;
cacert: HCkCert;
numJksCerts: Integer;

begin
success := False;

// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

jks := CkJavaKeyStore_Create();

troots := CkTrustedRoots_Create();

// Load certificates from a file.
success := CkTrustedRoots_LoadCaCertsPem(troots,'qa_data/curl_cacert.pem');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkTrustedRoots__lastErrorText(troots));
    Exit;
  end;

sbDn := CkStringBuilder_Create();
sbAlias := CkStringBuilder_Create();
caseSensitive := False;

i := 0;
numCerts := CkTrustedRoots_getNumCerts(troots);
numAdded := 0;
while (i < numCerts) do
  begin
    cacert := CkTrustedRoots_GetCert(troots,i);
    CkStringBuilder_Clear(sbDn);
    CkStringBuilder_Append(sbDn,CkCert__subjectDN(cacert));
    if (CkStringBuilder_Contains(sbDn,'Entrust.net',caseSensitive) = True) then
      begin
        Memo1.Lines.Add(CkCert__subjectDN(cacert));

        // The alias is an arbitrary unique string for each cert in the JKS.
        CkStringBuilder_Clear(sbAlias);
        CkStringBuilder_Append(sbAlias,'cacert_');
        CkStringBuilder_AppendInt(sbAlias,i + 1);
        CkJavaKeyStore_AddTrustedCert(jks,cacert,CkStringBuilder__getAsString(sbAlias));
        numAdded := numAdded + 1;
      end;
    CkCert_Dispose(cacert);
    i := i + 1;
  end;

// Verify the number of certs in the JKS equals the number we added.
numJksCerts := CkJavaKeyStore_getNumTrustedCerts(jks);
Memo1.Lines.Add('NumTrustedCerts = ' + IntToStr(numJksCerts));
if (numJksCerts <> numAdded) then
  begin
    Memo1.Lines.Add('Something is amiss!');
    Exit;
  end;

// Save the JKS.
success := CkJavaKeyStore_ToFile(jks,'myPassword','qa_data/jks/entrust_caCerts.jks');
if (success <> True) then
  begin
    Memo1.Lines.Add(CkJavaKeyStore__lastErrorText(jks));
    Exit;
  end;

Memo1.Lines.Add('Success.');

// The output of this program when tested was:

// C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
// O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
// C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
// NumTrustedCerts = 3
// Success.

CkJavaKeyStore_Dispose(jks);
CkTrustedRoots_Dispose(troots);
CkStringBuilder_Dispose(sbDn);
CkStringBuilder_Dispose(sbAlias);

end;