Sample code for 30+ languages & platforms
C

Load Particular CA Certs into a Java KeyStore

See more Java KeyStore (JKS) Examples

Opens a PEM file containing many CA root certificates, and creates a Java keystore containing a subset of the certificates.

Chilkat C Downloads

C
#include <C_CkJavaKeyStore.h>
#include <C_CkTrustedRoots.h>
#include <C_CkStringBuilder.h>
#include <C_CkCert.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkJavaKeyStore jks;
    HCkTrustedRoots troots;
    HCkStringBuilder sbDn;
    HCkStringBuilder sbAlias;
    BOOL caseSensitive;
    int i;
    int numCerts;
    int numAdded;
    HCkCert cacert;
    int numJksCerts;

    success = FALSE;

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    jks = CkJavaKeyStore_Create();

    troots = CkTrustedRoots_Create();

    // Load certificates from a file.
    success = CkTrustedRoots_LoadCaCertsPem(troots,"qa_data/curl_cacert.pem");
    if (success != TRUE) {
        printf("%s\n",CkTrustedRoots_lastErrorText(troots));
        CkJavaKeyStore_Dispose(jks);
        CkTrustedRoots_Dispose(troots);
        return;
    }

    sbDn = CkStringBuilder_Create();
    sbAlias = CkStringBuilder_Create();
    caseSensitive = FALSE;

    i = 0;
    numCerts = CkTrustedRoots_getNumCerts(troots);
    numAdded = 0;
    while ((i < numCerts)) {
        cacert = CkTrustedRoots_GetCert(troots,i);
        CkStringBuilder_Clear(sbDn);
        CkStringBuilder_Append(sbDn,CkCert_subjectDN(cacert));
        if (CkStringBuilder_Contains(sbDn,"Entrust.net",caseSensitive) == TRUE) {
            printf("%s\n",CkCert_subjectDN(cacert));

            // The alias is an arbitrary unique string for each cert in the JKS.
            CkStringBuilder_Clear(sbAlias);
            CkStringBuilder_Append(sbAlias,"cacert_");
            CkStringBuilder_AppendInt(sbAlias,i + 1);
            CkJavaKeyStore_AddTrustedCert(jks,cacert,CkStringBuilder_getAsString(sbAlias));
            numAdded = numAdded + 1;
        }

        CkCert_Dispose(cacert);
        i = i + 1;
    }

    // Verify the number of certs in the JKS equals the number we added.
    numJksCerts = CkJavaKeyStore_getNumTrustedCerts(jks);
    printf("NumTrustedCerts = %d\n",numJksCerts);
    if (numJksCerts != numAdded) {
        printf("Something is amiss!\n");
        CkJavaKeyStore_Dispose(jks);
        CkTrustedRoots_Dispose(troots);
        CkStringBuilder_Dispose(sbDn);
        CkStringBuilder_Dispose(sbAlias);
        return;
    }

    // Save the JKS.
    success = CkJavaKeyStore_ToFile(jks,"myPassword","qa_data/jks/entrust_caCerts.jks");
    if (success != TRUE) {
        printf("%s\n",CkJavaKeyStore_lastErrorText(jks));
        CkJavaKeyStore_Dispose(jks);
        CkTrustedRoots_Dispose(troots);
        CkStringBuilder_Dispose(sbDn);
        CkStringBuilder_Dispose(sbAlias);
        return;
    }

    printf("Success.\n");

    // The output of this program when tested was:

    // C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
    // O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
    // C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
    // NumTrustedCerts = 3
    // Success.


    CkJavaKeyStore_Dispose(jks);
    CkTrustedRoots_Dispose(troots);
    CkStringBuilder_Dispose(sbDn);
    CkStringBuilder_Dispose(sbAlias);

    }