(Java) Import a PFX/P12 into the Windows Certificate Stores

Demonstrates how to import the certificates contained in a .pfx/.p12 to the Windows certificate stores.

Chilkat Java Downloads Java Libs for Windows, MacOS, Linux, Alpine Linux, Solaris Java Libs for Android

import com.chilkatsoft.*;

public class ChilkatExample {

  static {
    try {
        System.loadLibrary("chilkat");
    } catch (UnsatisfiedLinkError e) {
      System.err.println("Native code library failed to load.\n" + e);
      System.exit(1);
    }
  }

  public static void main(String argv[])
  {
    CkCert primaryCert = new CkCert();

    // Load a PFX file into a certificate object.
    // The cert object will contain the certificate from the PFX that has a private key.
    // The certs in the chain of authentication (if contained in the PFX) are also loaded,
    // and can be accessed by getting the certificate chain (see below).
    // If the PFX did not include the issuer certs in the chain of authentication, then Chilkat will
    // automatically try to construct the issuer chain from the CA and intermedicate CA certs
    // already installed on the Windows system.
    String pfxPassword = "myPfxPassword";
    boolean success = primaryCert.LoadPfxFile("qa_data/pfx/somePfx.p12",pfxPassword);
    if (success == false) {
        System.out.println(primaryCert.lastErrorText());
        return;
        }

    CkCertChain certChain = primaryCert.GetCertChain();
    if (primaryCert.get_LastMethodSuccess() == false) {
        System.out.println(primaryCert.lastErrorText());
        return;
        }

    // If the certificate chain reaches the root CA cert, then the last cert in the chain
    // is the root CA cert.
    boolean chainReachesRoot = certChain.get_ReachesRoot();
    if (chainReachesRoot == true) {
        System.out.println("The certificate chain reaches the root CA cert.");
        }

    CkCert cert;
    int i = 0;
    int numCerts = certChain.get_NumCerts();
    while (i < numCerts) {
        cert = certChain.GetCert(i);
        System.out.println("SubjectDN " + i + ": " + cert.subjectDN());
        System.out.println("IssuerDN " + i + ": " + cert.issuerDN());
        System.out.println("--");

        i = i+1;
        }

    // The primary cert having the private key will be imported into the Current User "My" certificate store.
    // Any intermediate root certificates will be imported into certificate store for intermediate certificate authorities.
    // The root CA cert will be imported into the Root CA cert store.

    // Let's open each of these 3 certificate stores..
    CkCertStore certStoreCU = new CkCertStore();
    CkCertStore certStoreCA = new CkCertStore();
    CkCertStore certStoreRootCA = new CkCertStore();
    boolean readOnlyFlag = false;

    // "CurrentUser" and "My" are the exact keywords to select your user account's certificate store.
    success = certStoreCU.OpenWindowsStore("CurrentUser","My",readOnlyFlag);
    if (success == false) {
        System.out.println("Failed to open the CurrentUser/My certificate store for read/write.");

        return;
        }

    // Certificate store for intermediate certification authorities (CAs). 
    success = certStoreCA.OpenWindowsStore("CurrentUser","CertificationAuthority",readOnlyFlag);
    if (success == false) {
        System.out.println("Failed to open the CurrentUser/CertificationAuthority certificate store for read/write.");

        return;
        }

    // Certificate store for trusted root certification authorities (CAs). 
    success = certStoreRootCA.OpenWindowsStore("CurrentUser","Root",readOnlyFlag);
    if (success == false) {
        System.out.println("Failed to open the CurrentUser/Root certificate store for read/write.");

        return;
        }

    // Iterate over the certs in the chain and import each into the desired certificate store.
    boolean allSuccess = true;
    i = 0;
    while (i < numCerts) {
        cert = certChain.GetCert(i);
        if (i == 0) {
            // Import the primary certificate into the CurrentUser/My certificate store.
            success = certStoreCU.AddCertificate(cert);
            if (success == false) {
                System.out.println(certStoreCU.lastErrorText());
                allSuccess = false;
                }

            }
        else {
            if ((i == (numCerts - 1)) && (chainReachesRoot == true)) {
                // Add the root CA certificate to the CurrentUser/Root certificate store.
                // (Your application can obviously choose whether this should be done or not.  Perhaps you prompt the user.)

                // Note: If the root CA cert is already present in the Windows certificate store, Windows will display
                // a dialog to ask if it should be deleted.  Chilkat does not explicitly display dialogs.
                success = certStoreRootCA.AddCertificate(cert);
                if (success == false) {
                    System.out.println(certStoreRootCA.lastErrorText());
                    allSuccess = false;
                    }

                }
            else {
                // This is an intermediate CA certificate.
                success = certStoreCA.AddCertificate(cert);
                if (success == false) {
                    System.out.println(certStoreCA.lastErrorText());
                    allSuccess = false;
                    }

                }

            }

        if (success == false) {
            System.out.println("Failed to import certificate.");
            }

        i = i+1;
        }

    System.out.println("allSuccess = " + allSuccess);
  }
}