Unicode C
Unicode C
Add Private Key to Java Keystore
See more Java KeyStore (JKS) Examples
Adds a private key to an existing Java keystore.Chilkat Unicode C Downloads
#include <C_CkJavaKeyStoreW.h>
#include <C_CkCertW.h>
#include <C_CkXmlCertVaultW.h>
#include <C_CkPrivateKeyW.h>
#include <C_CkPfxW.h>
void ChilkatSample(void)
{
BOOL success;
HCkJavaKeyStoreW jks;
const wchar_t *jksPassword;
const wchar_t *jksPath;
HCkCertW cert;
HCkXmlCertVaultW certVault;
HCkPrivateKeyW privKey;
const wchar_t *alias;
HCkPfxW pfx;
success = FALSE;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
jks = CkJavaKeyStoreW_Create();
jksPassword = L"myJksPassword";
jksPath = L"/someDir/keyStore.jks";
// Load the Java keystore from a file.
success = CkJavaKeyStoreW_LoadFile(jks,jksPassword,jksPath);
if (success != TRUE) {
wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
CkJavaKeyStoreW_Dispose(jks);
return;
}
// A JKS private key entry consists of both the private key,
// it's associated certificate (which contains the matching public key
// within the X.509 of the certificate), and the certificates in the
// chain of authentication to the root.
//
// Therefore, to add a private key entry to a JKS requires
// a Chilkat certificate object that has a private key and which also
// has the certificate chain (up to the root) available.
// There are many ways to get a Chilkat certificate object
// that contains (within it) the private key and the certificate chain
// This example will show two possibilities:
// (1) Where the cert and issuing root are provided in PEM format in .crt files,
// and the private key is also provided in unencrypted PEM format (.key file).
// (2) Where the cert, private key, and issuing root are provided in a single PFX.
// First for the .crt / .key files:
cert = CkCertW_Create();
// Chilkat will automatically determine the format of the cert file and load it correctly.
success = CkCertW_LoadFromFile(cert,L"/mycerts/alice.crt");
if (success != TRUE) {
wprintf(L"%s\n",CkCertW_lastErrorText(cert));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
return;
}
// Certificates required for building the chain of authentication can be
// added to an XML certificate vault object, and then provided as
// a source for obtaining certs when building the chain.
certVault = CkXmlCertVaultW_Create();
success = CkXmlCertVaultW_AddCertFile(certVault,L"/mycerts/ca.crt");
if (success != TRUE) {
wprintf(L"%s\n",CkXmlCertVaultW_lastErrorText(certVault));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
return;
}
success = CkCertW_UseCertVault(cert,certVault);
if (success != TRUE) {
wprintf(L"%s\n",CkCertW_lastErrorText(cert));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
return;
}
// Now provide the associated private key to the certificate object.
// The Chilkat private key class provides methods for loading from many formats (both
// encrypted and unencrypted).
privKey = CkPrivateKeyW_Create();
success = CkPrivateKeyW_LoadPemFile(privKey,L"/mycerts/alice.key");
if (success != TRUE) {
wprintf(L"%s\n",CkPrivateKeyW_lastErrorText(privKey));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
CkPrivateKeyW_Dispose(privKey);
return;
}
// Provide the certificate object with the private key:
success = CkCertW_SetPrivateKey(cert,privKey);
if (success != TRUE) {
wprintf(L"%s\n",CkCertW_lastErrorText(cert));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
CkPrivateKeyW_Dispose(privKey);
return;
}
// Our certificate object now contains all that we need to add it as a private key entry
// to the Java keystore:
alias = L"alice";
success = CkJavaKeyStoreW_AddPrivateKey(jks,cert,alias,jksPassword);
if (success != TRUE) {
wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
CkPrivateKeyW_Dispose(privKey);
return;
}
// Write the updated JKS, which contains the new private key entry w/ certificate chain.
success = CkJavaKeyStoreW_ToFile(jks,jksPassword,jksPath);
if (success != TRUE) {
wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
CkPrivateKeyW_Dispose(privKey);
return;
}
wprintf(L"Added new private key entry (from .crt and .key files) to the JKS!\n");
// Now let's add a new private key entry from a PFX that contains a single
// private key with associated cert and cert chain.
pfx = CkPfxW_Create();
success = CkPfxW_LoadPfxFile(pfx,L"/myPfxFiles/my.pfx",L"pfxPassword");
if (success != TRUE) {
wprintf(L"%s\n",CkPfxW_lastErrorText(pfx));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
CkPrivateKeyW_Dispose(privKey);
CkPfxW_Dispose(pfx);
return;
}
// This is easy -- simply add the PFX to the JKS
alias = L"bob";
success = CkJavaKeyStoreW_AddPfx(jks,pfx,alias,jksPassword);
if (success != TRUE) {
wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
CkPrivateKeyW_Dispose(privKey);
CkPfxW_Dispose(pfx);
return;
}
// Write the updated JKS, which contains the new private key entry w/ certificate chain
// that came from the PFX.
success = CkJavaKeyStoreW_ToFile(jks,jksPassword,jksPath);
if (success != TRUE) {
wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
CkPrivateKeyW_Dispose(privKey);
CkPfxW_Dispose(pfx);
return;
}
wprintf(L"Added new private key entry (from PFX) to the JKS!\n");
CkJavaKeyStoreW_Dispose(jks);
CkCertW_Dispose(cert);
CkXmlCertVaultW_Dispose(certVault);
CkPrivateKeyW_Dispose(privKey);
CkPfxW_Dispose(pfx);
}