|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(Tcl) Add Private Key to Java KeystoreAdds a private key to an existing Java keystore.
load ./chilkat.dll # This requires the Chilkat API to have been previously unlocked. # See Global Unlock Sample for sample code. set jks [new_CkJavaKeyStore] set jksPassword "myJksPassword" set jksPath "/someDir/keyStore.jks" # Load the Java keystore from a file. set success [CkJavaKeyStore_LoadFile $jks $jksPassword $jksPath] if {$success != 1} then { puts [CkJavaKeyStore_lastErrorText $jks] delete_CkJavaKeyStore $jks exit } # A JKS private key entry consists of both the private key, # it's associated certificate (which contains the matching public key # within the X.509 of the certificate), and the certificates in the # chain of authentication to the root. # # Therefore, to add a private key entry to a JKS requires # a Chilkat certificate object that has a private key and which also # has the certificate chain (up to the root) available. # There are many ways to get a Chilkat certificate object # that contains (within it) the private key and the certificate chain # This example will show two possibilities: # (1) Where the cert and issuing root are provided in PEM format in .crt files, # and the private key is also provided in unencrypted PEM format (.key file). # (2) Where the cert, private key, and issuing root are provided in a single PFX. # First for the .crt / .key files: set cert [new_CkCert] # Chilkat will automatically determine the format of the cert file and load it correctly. set success [CkCert_LoadFromFile $cert "/mycerts/alice.crt"] if {$success != 1} then { puts [CkCert_lastErrorText $cert] delete_CkJavaKeyStore $jks delete_CkCert $cert exit } # Certificates required for building the chain of authentication can be # added to an XML certificate vault object, and then provided as # a source for obtaining certs when building the chain. set certVault [new_CkXmlCertVault] set success [CkXmlCertVault_AddCertFile $certVault "/mycerts/ca.crt"] if {$success != 1} then { puts [CkXmlCertVault_lastErrorText $certVault] delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault exit } set success [CkCert_UseCertVault $cert $certVault] if {$success != 1} then { puts [CkCert_lastErrorText $cert] delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault exit } # Now provide the associated private key to the certificate object. # The Chilkat private key class provides methods for loading from many formats (both # encrypted and unencrypted). set privKey [new_CkPrivateKey] set success [CkPrivateKey_LoadPemFile $privKey "/mycerts/alice.key"] if {$success != 1} then { puts [CkPrivateKey_lastErrorText $privKey] delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault delete_CkPrivateKey $privKey exit } # Provide the certificate object with the private key: set success [CkCert_SetPrivateKey $cert $privKey] if {$success != 1} then { puts [CkCert_lastErrorText $cert] delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault delete_CkPrivateKey $privKey exit } # Our certificate object now contains all that we need to add it as a private key entry # to the Java keystore: set alias "alice" set success [CkJavaKeyStore_AddPrivateKey $jks $cert $alias $jksPassword] if {$success != 1} then { puts [CkJavaKeyStore_lastErrorText $jks] delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault delete_CkPrivateKey $privKey exit } # Write the updated JKS, which contains the new private key entry w/ certificate chain. set success [CkJavaKeyStore_ToFile $jks $jksPassword $jksPath] if {$success != 1} then { puts [CkJavaKeyStore_lastErrorText $jks] delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault delete_CkPrivateKey $privKey exit } puts "Added new private key entry (from .crt and .key files) to the JKS!" # Now let's add a new private key entry from a PFX that contains a single # private key with associated cert and cert chain. set pfx [new_CkPfx] set success [CkPfx_LoadPfxFile $pfx "/myPfxFiles/my.pfx" "pfxPassword"] if {$success != 1} then { puts [CkPfx_lastErrorText $pfx] delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault delete_CkPrivateKey $privKey delete_CkPfx $pfx exit } # This is easy -- simply add the PFX to the JKS set alias "bob" set success [CkJavaKeyStore_AddPfx $jks $pfx $alias $jksPassword] if {$success != 1} then { puts [CkJavaKeyStore_lastErrorText $jks] delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault delete_CkPrivateKey $privKey delete_CkPfx $pfx exit } # Write the updated JKS, which contains the new private key entry w/ certificate chain # that came from the PFX. set success [CkJavaKeyStore_ToFile $jks $jksPassword $jksPath] if {$success != 1} then { puts [CkJavaKeyStore_lastErrorText $jks] delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault delete_CkPrivateKey $privKey delete_CkPfx $pfx exit } puts "Added new private key entry (from PFX) to the JKS!" delete_CkJavaKeyStore $jks delete_CkCert $cert delete_CkXmlCertVault $certVault delete_CkPrivateKey $privKey delete_CkPfx $pfx |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.