Sample code for 30+ languages & platforms
Tcl

Load Java KeyStore and Access Contents

See more Java KeyStore (JKS) Examples

Loads a Java keystore file and iterates over the contents. A Java keystore (.jks) file can contain one or more trusted root certificate entries and/or one or more private key entries. Each private key entry includes an associated certificate chain.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set jks [new_CkJavaKeyStore]

# Load the Java keystore from a file.  The JKS file password is used
# to verify the keyed digest that is found at the very end of the keystore.
# It verifies there has been no tampering with the file.
set success [CkJavaKeyStore_LoadFile $jks "jksFilePassword" "/someDir/keyStore.jks"]
if {$success == 0} then {
    puts [CkJavaKeyStore_lastErrorText $jks]
    delete_CkJavaKeyStore $jks
    exit
}

# Find out how many of each type of entry:
set numTrustedCerts [CkJavaKeyStore_get_NumTrustedCerts $jks]
set numPrivateKeys [CkJavaKeyStore_get_NumPrivateKeys $jks]

set cert [new_CkCert]

# For each trusted certificate, access it by getting
# it as a cert object.  Also get the alias associated with the certificate.
puts "Trusted Certs:"
set i 0
while {$i < $numTrustedCerts} {
    set success [CkJavaKeyStore_TrustedCertAt $jks $i $cert]
    puts [CkJavaKeyStore_getTrustedCertAlias $jks $i]: [CkCert_subjectDN $cert]
    set i [expr $i + 1]
}

set privKey [new_CkPrivateKey]

set certChain [new_CkCertChain]

# For each private key entry, get the private key and
# the associated certificate chain.
# Each private key is password protected.  Usually it is the same
# password as used for the keyed digest of the entire JKS.  
# However, this does not have to be.  The password is passed
# here to handle the possibility of each private key requiring
# a different password.
puts "Private Keys:"
set i 0
while {$i < $numPrivateKeys} {
    CkJavaKeyStore_PrivateKeyAt $jks "jksFilePassword" $i $privKey
    puts [CkJavaKeyStore_getPrivateKeyAlias $jks $i]
    CkJavaKeyStore_CertChainAt $jks $i $certChain

    # The 1st certificate in the chain is the one associated with the private key.
    CkCertChain_CertAt $certChain 0 $cert
    puts [CkCert_subjectDN $cert]

    set i [expr $i + 1]
}

delete_CkJavaKeyStore $jks
delete_CkCert $cert
delete_CkPrivateKey $privKey
delete_CkCertChain $certChain