(PureBasic) Add Private Key to Java Keystore

Adds a private key to an existing Java keystore.

Chilkat PureBasic Module Download Chilkat PureBasic Module

IncludeFile "CkPrivateKey.pb"
IncludeFile "CkCert.pb"
IncludeFile "CkPfx.pb"
IncludeFile "CkJavaKeyStore.pb"
IncludeFile "CkXmlCertVault.pb"

Procedure ChilkatExample()

    ; This requires the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    jks.i = CkJavaKeyStore::ckCreate()
    If jks.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    jksPassword.s = "myJksPassword"
    jksPath.s = "/someDir/keyStore.jks"

    ; Load the Java keystore from a file.
    success.i = CkJavaKeyStore::ckLoadFile(jks,jksPassword,jksPath)
    If success <> 1
        Debug CkJavaKeyStore::ckLastErrorText(jks)
        CkJavaKeyStore::ckDispose(jks)
        ProcedureReturn
    EndIf

    ; A JKS private key entry consists of both the private key,
    ; it's associated certificate (which contains the matching public key
    ; within the X.509 of the certificate), and the certificates in the
    ; chain of authentication to the root.
    ; 
    ; Therefore, to add a private key entry to a JKS requires
    ; a Chilkat certificate object that has a private key and which also
    ; has the certificate chain (up to the root) available.

    ; There are many ways to get a Chilkat certificate object
    ; that contains (within it) the private key and the certificate chain
    ; This example will show two possibilities:
    ; (1) Where the cert and issuing root are provided in PEM format in .crt files,
    ; and the private key is also provided in unencrypted PEM format (.key file).
    ; (2) Where the cert, private key, and issuing root are provided in a single PFX.

    ; First for the .crt / .key files:
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Chilkat will automatically determine the format of the cert file and load it correctly.
    success = CkCert::ckLoadFromFile(cert,"/mycerts/alice.crt")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; Certificates required for building the chain of authentication can be
    ; added to an XML certificate vault object, and then provided as
    ; a source for obtaining certs when building the chain.
    certVault.i = CkXmlCertVault::ckCreate()
    If certVault.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkXmlCertVault::ckAddCertFile(certVault,"/mycerts/ca.crt")
    If success <> 1
        Debug CkXmlCertVault::ckLastErrorText(certVault)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        CkXmlCertVault::ckDispose(certVault)
        ProcedureReturn
    EndIf

    success = CkCert::ckUseCertVault(cert,certVault)
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        CkXmlCertVault::ckDispose(certVault)
        ProcedureReturn
    EndIf

    ; Now provide the associated private key to the certificate object.
    ; The Chilkat private key class provides methods for loading from many formats (both
    ; encrypted and unencrypted).
    privKey.i = CkPrivateKey::ckCreate()
    If privKey.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkPrivateKey::ckLoadPemFile(privKey,"/mycerts/alice.key")
    If success <> 1
        Debug CkPrivateKey::ckLastErrorText(privKey)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        CkXmlCertVault::ckDispose(certVault)
        CkPrivateKey::ckDispose(privKey)
        ProcedureReturn
    EndIf

    ; Provide the certificate object with the private key:
    success = CkCert::ckSetPrivateKey(cert,privKey)
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        CkXmlCertVault::ckDispose(certVault)
        CkPrivateKey::ckDispose(privKey)
        ProcedureReturn
    EndIf

    ; Our certificate object now contains all that we need to add it as a private key entry
    ; to the Java keystore:
    alias.s = "alice"
    success = CkJavaKeyStore::ckAddPrivateKey(jks,cert,alias,jksPassword)
    If success <> 1
        Debug CkJavaKeyStore::ckLastErrorText(jks)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        CkXmlCertVault::ckDispose(certVault)
        CkPrivateKey::ckDispose(privKey)
        ProcedureReturn
    EndIf

    ; Write the updated JKS, which contains the new private key entry w/ certificate chain.
    success = CkJavaKeyStore::ckToFile(jks,jksPassword,jksPath)
    If success <> 1
        Debug CkJavaKeyStore::ckLastErrorText(jks)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        CkXmlCertVault::ckDispose(certVault)
        CkPrivateKey::ckDispose(privKey)
        ProcedureReturn
    EndIf

    Debug "Added new private key entry (from .crt and .key files) to the JKS!"

    ; Now let's add a new private key entry from a PFX that contains a single
    ; private key with associated cert and cert chain.
    pfx.i = CkPfx::ckCreate()
    If pfx.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkPfx::ckLoadPfxFile(pfx,"/myPfxFiles/my.pfx","pfxPassword")
    If success <> 1
        Debug CkPfx::ckLastErrorText(pfx)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        CkXmlCertVault::ckDispose(certVault)
        CkPrivateKey::ckDispose(privKey)
        CkPfx::ckDispose(pfx)
        ProcedureReturn
    EndIf

    ; This is easy -- simply add the PFX to the JKS
    alias = "bob"
    success = CkJavaKeyStore::ckAddPfx(jks,pfx,alias,jksPassword)
    If success <> 1
        Debug CkJavaKeyStore::ckLastErrorText(jks)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        CkXmlCertVault::ckDispose(certVault)
        CkPrivateKey::ckDispose(privKey)
        CkPfx::ckDispose(pfx)
        ProcedureReturn
    EndIf

    ; Write the updated JKS, which contains the new private key entry w/ certificate chain
    ; that came from the PFX.
    success = CkJavaKeyStore::ckToFile(jks,jksPassword,jksPath)
    If success <> 1
        Debug CkJavaKeyStore::ckLastErrorText(jks)
        CkJavaKeyStore::ckDispose(jks)
        CkCert::ckDispose(cert)
        CkXmlCertVault::ckDispose(certVault)
        CkPrivateKey::ckDispose(privKey)
        CkPfx::ckDispose(pfx)
        ProcedureReturn
    EndIf

    Debug "Added new private key entry (from PFX) to the JKS!"


    CkJavaKeyStore::ckDispose(jks)
    CkCert::ckDispose(cert)
    CkXmlCertVault::ckDispose(certVault)
    CkPrivateKey::ckDispose(privKey)
    CkPfx::ckDispose(pfx)


    ProcedureReturn
EndProcedure