Tcl
Tcl
Load Java KeyStore and Access Contents
See more Java KeyStore (JKS) Examples
Loads a Java keystore file and iterates over the contents. A Java keystore (.jks) file can contain one or more trusted root certificate entries and/or one or more private key entries. Each private key entry includes an associated certificate chain.Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set jks [new_CkJavaKeyStore]
# Load the Java keystore from a file. The JKS file password is used
# to verify the keyed digest that is found at the very end of the keystore.
# It verifies there has been no tampering with the file.
set success [CkJavaKeyStore_LoadFile $jks "jksFilePassword" "/someDir/keyStore.jks"]
if {$success == 0} then {
puts [CkJavaKeyStore_lastErrorText $jks]
delete_CkJavaKeyStore $jks
exit
}
# Find out how many of each type of entry:
set numTrustedCerts [CkJavaKeyStore_get_NumTrustedCerts $jks]
set numPrivateKeys [CkJavaKeyStore_get_NumPrivateKeys $jks]
set cert [new_CkCert]
# For each trusted certificate, access it by getting
# it as a cert object. Also get the alias associated with the certificate.
puts "Trusted Certs:"
set i 0
while {$i < $numTrustedCerts} {
set success [CkJavaKeyStore_TrustedCertAt $jks $i $cert]
puts [CkJavaKeyStore_getTrustedCertAlias $jks $i]: [CkCert_subjectDN $cert]
set i [expr $i + 1]
}
set privKey [new_CkPrivateKey]
set certChain [new_CkCertChain]
# For each private key entry, get the private key and
# the associated certificate chain.
# Each private key is password protected. Usually it is the same
# password as used for the keyed digest of the entire JKS.
# However, this does not have to be. The password is passed
# here to handle the possibility of each private key requiring
# a different password.
puts "Private Keys:"
set i 0
while {$i < $numPrivateKeys} {
CkJavaKeyStore_PrivateKeyAt $jks "jksFilePassword" $i $privKey
puts [CkJavaKeyStore_getPrivateKeyAlias $jks $i]
CkJavaKeyStore_CertChainAt $jks $i $certChain
# The 1st certificate in the chain is the one associated with the private key.
CkCertChain_CertAt $certChain 0 $cert
puts [CkCert_subjectDN $cert]
set i [expr $i + 1]
}
delete_CkJavaKeyStore $jks
delete_CkCert $cert
delete_CkPrivateKey $privKey
delete_CkCertChain $certChain