Sample code for 30+ languages & platforms
SQL Server

Add Private Key to Java Keystore

See more Java KeyStore (JKS) Examples

Adds a private key to an existing Java keystore.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @jks int
    EXEC @hr = sp_OACreate 'Chilkat.JavaKeyStore', @jks OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @jksPassword nvarchar(4000)
    SELECT @jksPassword = 'myJksPassword'
    DECLARE @jksPath nvarchar(4000)
    SELECT @jksPath = '/someDir/keyStore.jks'

    -- Load the Java keystore from a file.
    EXEC sp_OAMethod @jks, 'LoadFile', @success OUT, @jksPassword, @jksPath
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        RETURN
      END

    -- A JKS private key entry consists of both the private key,
    -- it's associated certificate (which contains the matching public key
    -- within the X.509 of the certificate), and the certificates in the
    -- chain of authentication to the root.
    -- 
    -- Therefore, to add a private key entry to a JKS requires
    -- a Chilkat certificate object that has a private key and which also
    -- has the certificate chain (up to the root) available.

    -- There are many ways to get a Chilkat certificate object
    -- that contains (within it) the private key and the certificate chain
    -- This example will show two possibilities:
    -- (1) Where the cert and issuing root are provided in PEM format in .crt files,
    -- and the private key is also provided in unencrypted PEM format (.key file).
    -- (2) Where the cert, private key, and issuing root are provided in a single PFX.

    -- First for the .crt / .key files:
    DECLARE @cert int
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT

    -- Chilkat will automatically determine the format of the cert file and load it correctly.
    EXEC sp_OAMethod @cert, 'LoadFromFile', @success OUT, '/mycerts/alice.crt'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Certificates required for building the chain of authentication can be
    -- added to an XML certificate vault object, and then provided as
    -- a source for obtaining certs when building the chain.
    DECLARE @certVault int
    EXEC @hr = sp_OACreate 'Chilkat.XmlCertVault', @certVault OUT

    EXEC sp_OAMethod @certVault, 'AddCertFile', @success OUT, '/mycerts/ca.crt'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @certVault, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @certVault
        RETURN
      END
    EXEC sp_OAMethod @cert, 'UseCertVault', @success OUT, @certVault
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @certVault
        RETURN
      END

    -- Now provide the associated private key to the certificate object.
    -- The Chilkat private key class provides methods for loading from many formats (both
    -- encrypted and unencrypted).
    DECLARE @privKey int
    EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @privKey OUT

    EXEC sp_OAMethod @privKey, 'LoadPemFile', @success OUT, '/mycerts/alice.key'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @certVault
        EXEC @hr = sp_OADestroy @privKey
        RETURN
      END

    -- Provide the certificate object with the private key:
    EXEC sp_OAMethod @cert, 'SetPrivateKey', @success OUT, @privKey
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @certVault
        EXEC @hr = sp_OADestroy @privKey
        RETURN
      END

    -- Our certificate object now contains all that we need to add it as a private key entry
    -- to the Java keystore:
    DECLARE @alias nvarchar(4000)
    SELECT @alias = 'alice'
    EXEC sp_OAMethod @jks, 'AddPrivateKey', @success OUT, @cert, @alias, @jksPassword
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @certVault
        EXEC @hr = sp_OADestroy @privKey
        RETURN
      END

    -- Write the updated JKS, which contains the new private key entry w/ certificate chain.
    EXEC sp_OAMethod @jks, 'ToFile', @success OUT, @jksPassword, @jksPath
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @certVault
        EXEC @hr = sp_OADestroy @privKey
        RETURN
      END


    PRINT 'Added new private key entry (from .crt and .key files) to the JKS!'

    -- Now let's add a new private key entry from a PFX that contains a single
    -- private key with associated cert and cert chain.
    DECLARE @pfx int
    EXEC @hr = sp_OACreate 'Chilkat.Pfx', @pfx OUT

    EXEC sp_OAMethod @pfx, 'LoadPfxFile', @success OUT, '/myPfxFiles/my.pfx', 'pfxPassword'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @pfx, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @certVault
        EXEC @hr = sp_OADestroy @privKey
        EXEC @hr = sp_OADestroy @pfx
        RETURN
      END

    -- This is easy -- simply add the PFX to the JKS
    SELECT @alias = 'bob'
    EXEC sp_OAMethod @jks, 'AddPfx', @success OUT, @pfx, @alias, @jksPassword
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @certVault
        EXEC @hr = sp_OADestroy @privKey
        EXEC @hr = sp_OADestroy @pfx
        RETURN
      END

    -- Write the updated JKS, which contains the new private key entry w/ certificate chain
    -- that came from the PFX.
    EXEC sp_OAMethod @jks, 'ToFile', @success OUT, @jksPassword, @jksPath
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @jks
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @certVault
        EXEC @hr = sp_OADestroy @privKey
        EXEC @hr = sp_OADestroy @pfx
        RETURN
      END


    PRINT 'Added new private key entry (from PFX) to the JKS!'

    EXEC @hr = sp_OADestroy @jks
    EXEC @hr = sp_OADestroy @cert
    EXEC @hr = sp_OADestroy @certVault
    EXEC @hr = sp_OADestroy @privKey
    EXEC @hr = sp_OADestroy @pfx


END
GO