Sample code for 30+ languages & platforms
Tcl

Load Particular CA Certs into a Java KeyStore

See more Java KeyStore (JKS) Examples

Opens a PEM file containing many CA root certificates, and creates a Java keystore containing a subset of the certificates.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set jks [new_CkJavaKeyStore]

set troots [new_CkTrustedRoots]

# Load certificates from a file.
set success [CkTrustedRoots_LoadCaCertsPem $troots "qa_data/curl_cacert.pem"]
if {$success != 1} then {
    puts [CkTrustedRoots_lastErrorText $troots]
    delete_CkJavaKeyStore $jks
    delete_CkTrustedRoots $troots
    exit
}

set sbDn [new_CkStringBuilder]

set sbAlias [new_CkStringBuilder]

set caseSensitive 0

set i 0
set numCerts [CkTrustedRoots_get_NumCerts $troots]
set numAdded 0
while {$i < $numCerts} {
    # cacert is a CkCert
    set cacert [CkTrustedRoots_GetCert $troots $i]
    CkStringBuilder_Clear $sbDn
    CkStringBuilder_Append $sbDn [CkCert_subjectDN $cacert]
    if {[CkStringBuilder_Contains $sbDn "Entrust.net" $caseSensitive] == 1} then {
        puts [CkCert_subjectDN $cacert]

        # The alias is an arbitrary unique string for each cert in the JKS.
        CkStringBuilder_Clear $sbAlias
        CkStringBuilder_Append $sbAlias "cacert_"
        CkStringBuilder_AppendInt $sbAlias [expr $i + 1]
        CkJavaKeyStore_AddTrustedCert $jks $cacert [CkStringBuilder_getAsString $sbAlias]
        set numAdded [expr $numAdded + 1]
    }

    delete_CkCert $cacert

    set i [expr $i + 1]
}

# Verify the number of certs in the JKS equals the number we added.
set numJksCerts [CkJavaKeyStore_get_NumTrustedCerts $jks]
puts "NumTrustedCerts = $numJksCerts"
if {$numJksCerts != $numAdded} then {
    puts "Something is amiss!"
    delete_CkJavaKeyStore $jks
    delete_CkTrustedRoots $troots
    delete_CkStringBuilder $sbDn
    delete_CkStringBuilder $sbAlias
    exit
}

# Save the JKS.
set success [CkJavaKeyStore_ToFile $jks "myPassword" "qa_data/jks/entrust_caCerts.jks"]
if {$success != 1} then {
    puts [CkJavaKeyStore_lastErrorText $jks]
    delete_CkJavaKeyStore $jks
    delete_CkTrustedRoots $troots
    delete_CkStringBuilder $sbDn
    delete_CkStringBuilder $sbAlias
    exit
}

puts "Success."

# The output of this program when tested was:

# C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
# O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
# C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
# NumTrustedCerts = 3
# Success.

delete_CkJavaKeyStore $jks
delete_CkTrustedRoots $troots
delete_CkStringBuilder $sbDn
delete_CkStringBuilder $sbAlias