Tcl
Tcl
Get the Certificate with Private Key from a Java KeyStore
See more Java KeyStore (JKS) Examples
Load a Chilkat certificate object from a Java KeyStore.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
# Most of the time a .jks contains one certificate with it's associated private key.
# (Similar to how a .pfx/.p12 usually contains a particular certificate with private key.)
# This example demonstrates how to get the certificate with private key such that it can be used
# by other Chilkat classes wherever a cert w/ private key is needed.
set jks [new_CkJavaKeyStore]
set password "secret"
set success [CkJavaKeyStore_LoadFile $jks $password "qa_data/jks/test_secret.jks"]
if {$success == 0} then {
puts [CkJavaKeyStore_lastErrorText $jks]
delete_CkJavaKeyStore $jks
exit
}
# Make sure we have a private key.
if {[CkJavaKeyStore_get_NumPrivateKeys $jks] < 1} then {
puts "No private key available."
delete_CkJavaKeyStore $jks
exit
}
# -------------------------------------------------------------------------
# Get the certificate chain associated with the 1st (and probably only) private key in the JKS.
set chain [new_CkCertChain]
set success [CkJavaKeyStore_CertChainAt $jks 0 $chain]
if {$success == 0} then {
puts [CkJavaKeyStore_lastErrorText $jks]
delete_CkJavaKeyStore $jks
delete_CkCertChain $chain
exit
}
set cert [new_CkCert]
set success [CkCertChain_CertAt $chain 0 $cert]
if {$success == 0} then {
puts [CkCertChain_lastErrorText $chain]
delete_CkJavaKeyStore $jks
delete_CkCertChain $chain
delete_CkCert $cert
exit
}
# Verify again that this cert has a private key.
if {[CkCert_HasPrivateKey $cert] != 1} then {
puts "Certificate has no associated private key."
delete_CkJavaKeyStore $jks
delete_CkCertChain $chain
delete_CkCert $cert
exit
}
# We now have the cert object with it's associated private key, and it can be used in other Chilkat classes where needed.
# For example..
set crypt [new_CkCrypt2]
set success [CkCrypt2_SetSigningCert $crypt $cert]
if {$success == 0} then {
puts [CkCrypt2_lastErrorText $crypt]
delete_CkJavaKeyStore $jks
delete_CkCertChain $chain
delete_CkCert $cert
delete_CkCrypt2 $crypt
exit
}
# ...
# ...
delete_CkJavaKeyStore $jks
delete_CkCertChain $chain
delete_CkCert $cert
delete_CkCrypt2 $crypt