(CkPython) Add Private Key to Java Keystore

Adds a private key to an existing Java keystore.

Chilkat Python Downloads install with pip pip3 install chilkat or download... Python Module for Windows, MacOS, Linux, Alpine Linux, Solaris

import sys
import chilkat

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

jks = chilkat.CkJavaKeyStore()

jksPassword = "myJksPassword"
jksPath = "/someDir/keyStore.jks"

# Load the Java keystore from a file.
success = jks.LoadFile(jksPassword,jksPath)
if (success != True):
    print(jks.lastErrorText())
    sys.exit()

# A JKS private key entry consists of both the private key,
# it's associated certificate (which contains the matching public key
# within the X.509 of the certificate), and the certificates in the
# chain of authentication to the root.
# 
# Therefore, to add a private key entry to a JKS requires
# a Chilkat certificate object that has a private key and which also
# has the certificate chain (up to the root) available.

# There are many ways to get a Chilkat certificate object
# that contains (within it) the private key and the certificate chain
# This example will show two possibilities:
# (1) Where the cert and issuing root are provided in PEM format in .crt files,
# and the private key is also provided in unencrypted PEM format (.key file).
# (2) Where the cert, private key, and issuing root are provided in a single PFX.

# First for the .crt / .key files:
cert = chilkat.CkCert()

# Chilkat will automatically determine the format of the cert file and load it correctly.
success = cert.LoadFromFile("/mycerts/alice.crt")
if (success != True):
    print(cert.lastErrorText())
    sys.exit()

# Certificates required for building the chain of authentication can be
# added to an XML certificate vault object, and then provided as
# a source for obtaining certs when building the chain.
certVault = chilkat.CkXmlCertVault()
success = certVault.AddCertFile("/mycerts/ca.crt")
if (success != True):
    print(certVault.lastErrorText())
    sys.exit()

success = cert.UseCertVault(certVault)
if (success != True):
    print(cert.lastErrorText())
    sys.exit()

# Now provide the associated private key to the certificate object.
# The Chilkat private key class provides methods for loading from many formats (both
# encrypted and unencrypted).
privKey = chilkat.CkPrivateKey()
success = privKey.LoadPemFile("/mycerts/alice.key")
if (success != True):
    print(privKey.lastErrorText())
    sys.exit()

# Provide the certificate object with the private key:
success = cert.SetPrivateKey(privKey)
if (success != True):
    print(cert.lastErrorText())
    sys.exit()

# Our certificate object now contains all that we need to add it as a private key entry
# to the Java keystore:
alias = "alice"
success = jks.AddPrivateKey(cert,alias,jksPassword)
if (success != True):
    print(jks.lastErrorText())
    sys.exit()

# Write the updated JKS, which contains the new private key entry w/ certificate chain.
success = jks.ToFile(jksPassword,jksPath)
if (success != True):
    print(jks.lastErrorText())
    sys.exit()

print("Added new private key entry (from .crt and .key files) to the JKS!")

# Now let's add a new private key entry from a PFX that contains a single
# private key with associated cert and cert chain.
pfx = chilkat.CkPfx()

success = pfx.LoadPfxFile("/myPfxFiles/my.pfx","pfxPassword")
if (success != True):
    print(pfx.lastErrorText())
    sys.exit()

# This is easy -- simply add the PFX to the JKS
alias = "bob"
success = jks.AddPfx(pfx,alias,jksPassword)
if (success != True):
    print(jks.lastErrorText())
    sys.exit()

# Write the updated JKS, which contains the new private key entry w/ certificate chain
# that came from the PFX.
success = jks.ToFile(jksPassword,jksPath)
if (success != True):
    print(jks.lastErrorText())
    sys.exit()

print("Added new private key entry (from PFX) to the JKS!")