SQL Server
SQL Server
Add Private Key to Java Keystore
See more Java KeyStore (JKS) Examples
Adds a private key to an existing Java keystore.Chilkat SQL Server Downloads
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
DECLARE @hr int
-- Important: Do not use nvarchar(max). See the warning about using nvarchar(max).
DECLARE @sTmp0 nvarchar(4000)
DECLARE @success int
SELECT @success = 0
-- This requires the Chilkat API to have been previously unlocked.
-- See Global Unlock Sample for sample code.
DECLARE @jks int
EXEC @hr = sp_OACreate 'Chilkat.JavaKeyStore', @jks OUT
IF @hr <> 0
BEGIN
PRINT 'Failed to create ActiveX component'
RETURN
END
DECLARE @jksPassword nvarchar(4000)
SELECT @jksPassword = 'myJksPassword'
DECLARE @jksPath nvarchar(4000)
SELECT @jksPath = '/someDir/keyStore.jks'
-- Load the Java keystore from a file.
EXEC sp_OAMethod @jks, 'LoadFile', @success OUT, @jksPassword, @jksPath
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
RETURN
END
-- A JKS private key entry consists of both the private key,
-- it's associated certificate (which contains the matching public key
-- within the X.509 of the certificate), and the certificates in the
-- chain of authentication to the root.
--
-- Therefore, to add a private key entry to a JKS requires
-- a Chilkat certificate object that has a private key and which also
-- has the certificate chain (up to the root) available.
-- There are many ways to get a Chilkat certificate object
-- that contains (within it) the private key and the certificate chain
-- This example will show two possibilities:
-- (1) Where the cert and issuing root are provided in PEM format in .crt files,
-- and the private key is also provided in unencrypted PEM format (.key file).
-- (2) Where the cert, private key, and issuing root are provided in a single PFX.
-- First for the .crt / .key files:
DECLARE @cert int
EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT
-- Chilkat will automatically determine the format of the cert file and load it correctly.
EXEC sp_OAMethod @cert, 'LoadFromFile', @success OUT, '/mycerts/alice.crt'
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
RETURN
END
-- Certificates required for building the chain of authentication can be
-- added to an XML certificate vault object, and then provided as
-- a source for obtaining certs when building the chain.
DECLARE @certVault int
EXEC @hr = sp_OACreate 'Chilkat.XmlCertVault', @certVault OUT
EXEC sp_OAMethod @certVault, 'AddCertFile', @success OUT, '/mycerts/ca.crt'
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @certVault, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
RETURN
END
EXEC sp_OAMethod @cert, 'UseCertVault', @success OUT, @certVault
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
RETURN
END
-- Now provide the associated private key to the certificate object.
-- The Chilkat private key class provides methods for loading from many formats (both
-- encrypted and unencrypted).
DECLARE @privKey int
EXEC @hr = sp_OACreate 'Chilkat.PrivateKey', @privKey OUT
EXEC sp_OAMethod @privKey, 'LoadPemFile', @success OUT, '/mycerts/alice.key'
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @privKey, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
EXEC @hr = sp_OADestroy @privKey
RETURN
END
-- Provide the certificate object with the private key:
EXEC sp_OAMethod @cert, 'SetPrivateKey', @success OUT, @privKey
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
EXEC @hr = sp_OADestroy @privKey
RETURN
END
-- Our certificate object now contains all that we need to add it as a private key entry
-- to the Java keystore:
DECLARE @alias nvarchar(4000)
SELECT @alias = 'alice'
EXEC sp_OAMethod @jks, 'AddPrivateKey', @success OUT, @cert, @alias, @jksPassword
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
EXEC @hr = sp_OADestroy @privKey
RETURN
END
-- Write the updated JKS, which contains the new private key entry w/ certificate chain.
EXEC sp_OAMethod @jks, 'ToFile', @success OUT, @jksPassword, @jksPath
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
EXEC @hr = sp_OADestroy @privKey
RETURN
END
PRINT 'Added new private key entry (from .crt and .key files) to the JKS!'
-- Now let's add a new private key entry from a PFX that contains a single
-- private key with associated cert and cert chain.
DECLARE @pfx int
EXEC @hr = sp_OACreate 'Chilkat.Pfx', @pfx OUT
EXEC sp_OAMethod @pfx, 'LoadPfxFile', @success OUT, '/myPfxFiles/my.pfx', 'pfxPassword'
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @pfx, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @pfx
RETURN
END
-- This is easy -- simply add the PFX to the JKS
SELECT @alias = 'bob'
EXEC sp_OAMethod @jks, 'AddPfx', @success OUT, @pfx, @alias, @jksPassword
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @pfx
RETURN
END
-- Write the updated JKS, which contains the new private key entry w/ certificate chain
-- that came from the PFX.
EXEC sp_OAMethod @jks, 'ToFile', @success OUT, @jksPassword, @jksPath
IF @success <> 1
BEGIN
EXEC sp_OAGetProperty @jks, 'LastErrorText', @sTmp0 OUT
PRINT @sTmp0
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @pfx
RETURN
END
PRINT 'Added new private key entry (from PFX) to the JKS!'
EXEC @hr = sp_OADestroy @jks
EXEC @hr = sp_OADestroy @cert
EXEC @hr = sp_OADestroy @certVault
EXEC @hr = sp_OADestroy @privKey
EXEC @hr = sp_OADestroy @pfx
END
GO