Perl
Perl
Add Private Key to Java Keystore
See more Java KeyStore (JKS) Examples
Adds a private key to an existing Java keystore.Chilkat Perl Downloads
use chilkat();
$success = 0;
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
$jks = chilkat::CkJavaKeyStore->new();
$jksPassword = "myJksPassword";
$jksPath = "/someDir/keyStore.jks";
# Load the Java keystore from a file.
$success = $jks->LoadFile($jksPassword,$jksPath);
if ($success != 1) {
print $jks->lastErrorText() . "\r\n";
exit;
}
# A JKS private key entry consists of both the private key,
# it's associated certificate (which contains the matching public key
# within the X.509 of the certificate), and the certificates in the
# chain of authentication to the root.
#
# Therefore, to add a private key entry to a JKS requires
# a Chilkat certificate object that has a private key and which also
# has the certificate chain (up to the root) available.
# There are many ways to get a Chilkat certificate object
# that contains (within it) the private key and the certificate chain
# This example will show two possibilities:
# (1) Where the cert and issuing root are provided in PEM format in .crt files,
# and the private key is also provided in unencrypted PEM format (.key file).
# (2) Where the cert, private key, and issuing root are provided in a single PFX.
# First for the .crt / .key files:
$cert = chilkat::CkCert->new();
# Chilkat will automatically determine the format of the cert file and load it correctly.
$success = $cert->LoadFromFile("/mycerts/alice.crt");
if ($success != 1) {
print $cert->lastErrorText() . "\r\n";
exit;
}
# Certificates required for building the chain of authentication can be
# added to an XML certificate vault object, and then provided as
# a source for obtaining certs when building the chain.
$certVault = chilkat::CkXmlCertVault->new();
$success = $certVault->AddCertFile("/mycerts/ca.crt");
if ($success != 1) {
print $certVault->lastErrorText() . "\r\n";
exit;
}
$success = $cert->UseCertVault($certVault);
if ($success != 1) {
print $cert->lastErrorText() . "\r\n";
exit;
}
# Now provide the associated private key to the certificate object.
# The Chilkat private key class provides methods for loading from many formats (both
# encrypted and unencrypted).
$privKey = chilkat::CkPrivateKey->new();
$success = $privKey->LoadPemFile("/mycerts/alice.key");
if ($success != 1) {
print $privKey->lastErrorText() . "\r\n";
exit;
}
# Provide the certificate object with the private key:
$success = $cert->SetPrivateKey($privKey);
if ($success != 1) {
print $cert->lastErrorText() . "\r\n";
exit;
}
# Our certificate object now contains all that we need to add it as a private key entry
# to the Java keystore:
$alias = "alice";
$success = $jks->AddPrivateKey($cert,$alias,$jksPassword);
if ($success != 1) {
print $jks->lastErrorText() . "\r\n";
exit;
}
# Write the updated JKS, which contains the new private key entry w/ certificate chain.
$success = $jks->ToFile($jksPassword,$jksPath);
if ($success != 1) {
print $jks->lastErrorText() . "\r\n";
exit;
}
print "Added new private key entry (from .crt and .key files) to the JKS!" . "\r\n";
# Now let's add a new private key entry from a PFX that contains a single
# private key with associated cert and cert chain.
$pfx = chilkat::CkPfx->new();
$success = $pfx->LoadPfxFile("/myPfxFiles/my.pfx","pfxPassword");
if ($success != 1) {
print $pfx->lastErrorText() . "\r\n";
exit;
}
# This is easy -- simply add the PFX to the JKS
$alias = "bob";
$success = $jks->AddPfx($pfx,$alias,$jksPassword);
if ($success != 1) {
print $jks->lastErrorText() . "\r\n";
exit;
}
# Write the updated JKS, which contains the new private key entry w/ certificate chain
# that came from the PFX.
$success = $jks->ToFile($jksPassword,$jksPath);
if ($success != 1) {
print $jks->lastErrorText() . "\r\n";
exit;
}
print "Added new private key entry (from PFX) to the JKS!" . "\r\n";