Tcl
Tcl
Load Particular CA Certs into a Java KeyStore
See more Java KeyStore (JKS) Examples
Opens a PEM file containing many CA root certificates, and creates a Java keystore containing a subset of the certificates.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set jks [new_CkJavaKeyStore]
set troots [new_CkTrustedRoots]
# Load certificates from a file.
set success [CkTrustedRoots_LoadCaCertsPem $troots "qa_data/curl_cacert.pem"]
if {$success != 1} then {
puts [CkTrustedRoots_lastErrorText $troots]
delete_CkJavaKeyStore $jks
delete_CkTrustedRoots $troots
exit
}
set sbDn [new_CkStringBuilder]
set sbAlias [new_CkStringBuilder]
set caseSensitive 0
set i 0
set numCerts [CkTrustedRoots_get_NumCerts $troots]
set numAdded 0
while {$i < $numCerts} {
# cacert is a CkCert
set cacert [CkTrustedRoots_GetCert $troots $i]
CkStringBuilder_Clear $sbDn
CkStringBuilder_Append $sbDn [CkCert_subjectDN $cacert]
if {[CkStringBuilder_Contains $sbDn "Entrust.net" $caseSensitive] == 1} then {
puts [CkCert_subjectDN $cacert]
# The alias is an arbitrary unique string for each cert in the JKS.
CkStringBuilder_Clear $sbAlias
CkStringBuilder_Append $sbAlias "cacert_"
CkStringBuilder_AppendInt $sbAlias [expr $i + 1]
CkJavaKeyStore_AddTrustedCert $jks $cacert [CkStringBuilder_getAsString $sbAlias]
set numAdded [expr $numAdded + 1]
}
delete_CkCert $cacert
set i [expr $i + 1]
}
# Verify the number of certs in the JKS equals the number we added.
set numJksCerts [CkJavaKeyStore_get_NumTrustedCerts $jks]
puts "NumTrustedCerts = $numJksCerts"
if {$numJksCerts != $numAdded} then {
puts "Something is amiss!"
delete_CkJavaKeyStore $jks
delete_CkTrustedRoots $troots
delete_CkStringBuilder $sbDn
delete_CkStringBuilder $sbAlias
exit
}
# Save the JKS.
set success [CkJavaKeyStore_ToFile $jks "myPassword" "qa_data/jks/entrust_caCerts.jks"]
if {$success != 1} then {
puts [CkJavaKeyStore_lastErrorText $jks]
delete_CkJavaKeyStore $jks
delete_CkTrustedRoots $troots
delete_CkStringBuilder $sbDn
delete_CkStringBuilder $sbAlias
exit
}
puts "Success."
# The output of this program when tested was:
# C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
# O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
# C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
# NumTrustedCerts = 3
# Success.
delete_CkJavaKeyStore $jks
delete_CkTrustedRoots $troots
delete_CkStringBuilder $sbDn
delete_CkStringBuilder $sbAlias