Sample code for 30+ languages & platforms
Unicode C

Add Private Key to Java Keystore

See more Java KeyStore (JKS) Examples

Adds a private key to an existing Java keystore.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkJavaKeyStoreW.h>
#include <C_CkCertW.h>
#include <C_CkXmlCertVaultW.h>
#include <C_CkPrivateKeyW.h>
#include <C_CkPfxW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkJavaKeyStoreW jks;
    const wchar_t *jksPassword;
    const wchar_t *jksPath;
    HCkCertW cert;
    HCkXmlCertVaultW certVault;
    HCkPrivateKeyW privKey;
    const wchar_t *alias;
    HCkPfxW pfx;

    success = FALSE;

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    jks = CkJavaKeyStoreW_Create();

    jksPassword = L"myJksPassword";
    jksPath = L"/someDir/keyStore.jks";

    // Load the Java keystore from a file.
    success = CkJavaKeyStoreW_LoadFile(jks,jksPassword,jksPath);
    if (success != TRUE) {
        wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
        CkJavaKeyStoreW_Dispose(jks);
        return;
    }

    // A JKS private key entry consists of both the private key,
    // it's associated certificate (which contains the matching public key
    // within the X.509 of the certificate), and the certificates in the
    // chain of authentication to the root.
    // 
    // Therefore, to add a private key entry to a JKS requires
    // a Chilkat certificate object that has a private key and which also
    // has the certificate chain (up to the root) available.

    // There are many ways to get a Chilkat certificate object
    // that contains (within it) the private key and the certificate chain
    // This example will show two possibilities:
    // (1) Where the cert and issuing root are provided in PEM format in .crt files,
    // and the private key is also provided in unencrypted PEM format (.key file).
    // (2) Where the cert, private key, and issuing root are provided in a single PFX.

    // First for the .crt / .key files:
    cert = CkCertW_Create();

    // Chilkat will automatically determine the format of the cert file and load it correctly.
    success = CkCertW_LoadFromFile(cert,L"/mycerts/alice.crt");
    if (success != TRUE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        return;
    }

    // Certificates required for building the chain of authentication can be
    // added to an XML certificate vault object, and then provided as
    // a source for obtaining certs when building the chain.
    certVault = CkXmlCertVaultW_Create();
    success = CkXmlCertVaultW_AddCertFile(certVault,L"/mycerts/ca.crt");
    if (success != TRUE) {
        wprintf(L"%s\n",CkXmlCertVaultW_lastErrorText(certVault));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        CkXmlCertVaultW_Dispose(certVault);
        return;
    }

    success = CkCertW_UseCertVault(cert,certVault);
    if (success != TRUE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        CkXmlCertVaultW_Dispose(certVault);
        return;
    }

    // Now provide the associated private key to the certificate object.
    // The Chilkat private key class provides methods for loading from many formats (both
    // encrypted and unencrypted).
    privKey = CkPrivateKeyW_Create();
    success = CkPrivateKeyW_LoadPemFile(privKey,L"/mycerts/alice.key");
    if (success != TRUE) {
        wprintf(L"%s\n",CkPrivateKeyW_lastErrorText(privKey));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        CkXmlCertVaultW_Dispose(certVault);
        CkPrivateKeyW_Dispose(privKey);
        return;
    }

    // Provide the certificate object with the private key:
    success = CkCertW_SetPrivateKey(cert,privKey);
    if (success != TRUE) {
        wprintf(L"%s\n",CkCertW_lastErrorText(cert));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        CkXmlCertVaultW_Dispose(certVault);
        CkPrivateKeyW_Dispose(privKey);
        return;
    }

    // Our certificate object now contains all that we need to add it as a private key entry
    // to the Java keystore:
    alias = L"alice";
    success = CkJavaKeyStoreW_AddPrivateKey(jks,cert,alias,jksPassword);
    if (success != TRUE) {
        wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        CkXmlCertVaultW_Dispose(certVault);
        CkPrivateKeyW_Dispose(privKey);
        return;
    }

    // Write the updated JKS, which contains the new private key entry w/ certificate chain.
    success = CkJavaKeyStoreW_ToFile(jks,jksPassword,jksPath);
    if (success != TRUE) {
        wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        CkXmlCertVaultW_Dispose(certVault);
        CkPrivateKeyW_Dispose(privKey);
        return;
    }

    wprintf(L"Added new private key entry (from .crt and .key files) to the JKS!\n");

    // Now let's add a new private key entry from a PFX that contains a single
    // private key with associated cert and cert chain.
    pfx = CkPfxW_Create();

    success = CkPfxW_LoadPfxFile(pfx,L"/myPfxFiles/my.pfx",L"pfxPassword");
    if (success != TRUE) {
        wprintf(L"%s\n",CkPfxW_lastErrorText(pfx));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        CkXmlCertVaultW_Dispose(certVault);
        CkPrivateKeyW_Dispose(privKey);
        CkPfxW_Dispose(pfx);
        return;
    }

    // This is easy -- simply add the PFX to the JKS
    alias = L"bob";
    success = CkJavaKeyStoreW_AddPfx(jks,pfx,alias,jksPassword);
    if (success != TRUE) {
        wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        CkXmlCertVaultW_Dispose(certVault);
        CkPrivateKeyW_Dispose(privKey);
        CkPfxW_Dispose(pfx);
        return;
    }

    // Write the updated JKS, which contains the new private key entry w/ certificate chain
    // that came from the PFX.
    success = CkJavaKeyStoreW_ToFile(jks,jksPassword,jksPath);
    if (success != TRUE) {
        wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
        CkJavaKeyStoreW_Dispose(jks);
        CkCertW_Dispose(cert);
        CkXmlCertVaultW_Dispose(certVault);
        CkPrivateKeyW_Dispose(privKey);
        CkPfxW_Dispose(pfx);
        return;
    }

    wprintf(L"Added new private key entry (from PFX) to the JKS!\n");


    CkJavaKeyStoreW_Dispose(jks);
    CkCertW_Dispose(cert);
    CkXmlCertVaultW_Dispose(certVault);
    CkPrivateKeyW_Dispose(privKey);
    CkPfxW_Dispose(pfx);

    }