C
C
Load Particular CA Certs into a Java KeyStore
See more Java KeyStore (JKS) Examples
Opens a PEM file containing many CA root certificates, and creates a Java keystore containing a subset of the certificates.Chilkat C Downloads
#include <C_CkJavaKeyStore.h>
#include <C_CkTrustedRoots.h>
#include <C_CkStringBuilder.h>
#include <C_CkCert.h>
void ChilkatSample(void)
{
BOOL success;
HCkJavaKeyStore jks;
HCkTrustedRoots troots;
HCkStringBuilder sbDn;
HCkStringBuilder sbAlias;
BOOL caseSensitive;
int i;
int numCerts;
int numAdded;
HCkCert cacert;
int numJksCerts;
success = FALSE;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
jks = CkJavaKeyStore_Create();
troots = CkTrustedRoots_Create();
// Load certificates from a file.
success = CkTrustedRoots_LoadCaCertsPem(troots,"qa_data/curl_cacert.pem");
if (success != TRUE) {
printf("%s\n",CkTrustedRoots_lastErrorText(troots));
CkJavaKeyStore_Dispose(jks);
CkTrustedRoots_Dispose(troots);
return;
}
sbDn = CkStringBuilder_Create();
sbAlias = CkStringBuilder_Create();
caseSensitive = FALSE;
i = 0;
numCerts = CkTrustedRoots_getNumCerts(troots);
numAdded = 0;
while ((i < numCerts)) {
cacert = CkTrustedRoots_GetCert(troots,i);
CkStringBuilder_Clear(sbDn);
CkStringBuilder_Append(sbDn,CkCert_subjectDN(cacert));
if (CkStringBuilder_Contains(sbDn,"Entrust.net",caseSensitive) == TRUE) {
printf("%s\n",CkCert_subjectDN(cacert));
// The alias is an arbitrary unique string for each cert in the JKS.
CkStringBuilder_Clear(sbAlias);
CkStringBuilder_Append(sbAlias,"cacert_");
CkStringBuilder_AppendInt(sbAlias,i + 1);
CkJavaKeyStore_AddTrustedCert(jks,cacert,CkStringBuilder_getAsString(sbAlias));
numAdded = numAdded + 1;
}
CkCert_Dispose(cacert);
i = i + 1;
}
// Verify the number of certs in the JKS equals the number we added.
numJksCerts = CkJavaKeyStore_getNumTrustedCerts(jks);
printf("NumTrustedCerts = %d\n",numJksCerts);
if (numJksCerts != numAdded) {
printf("Something is amiss!\n");
CkJavaKeyStore_Dispose(jks);
CkTrustedRoots_Dispose(troots);
CkStringBuilder_Dispose(sbDn);
CkStringBuilder_Dispose(sbAlias);
return;
}
// Save the JKS.
success = CkJavaKeyStore_ToFile(jks,"myPassword","qa_data/jks/entrust_caCerts.jks");
if (success != TRUE) {
printf("%s\n",CkJavaKeyStore_lastErrorText(jks));
CkJavaKeyStore_Dispose(jks);
CkTrustedRoots_Dispose(troots);
CkStringBuilder_Dispose(sbDn);
CkStringBuilder_Dispose(sbAlias);
return;
}
printf("Success.\n");
// The output of this program when tested was:
// C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
// O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
// C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
// NumTrustedCerts = 3
// Success.
CkJavaKeyStore_Dispose(jks);
CkTrustedRoots_Dispose(troots);
CkStringBuilder_Dispose(sbDn);
CkStringBuilder_Dispose(sbAlias);
}