Sample code for 30+ languages & platforms
Unicode C

Load Particular CA Certs into a Java KeyStore

See more Java KeyStore (JKS) Examples

Opens a PEM file containing many CA root certificates, and creates a Java keystore containing a subset of the certificates.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkJavaKeyStoreW.h>
#include <C_CkTrustedRootsW.h>
#include <C_CkStringBuilderW.h>
#include <C_CkCertW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkJavaKeyStoreW jks;
    HCkTrustedRootsW troots;
    HCkStringBuilderW sbDn;
    HCkStringBuilderW sbAlias;
    BOOL caseSensitive;
    int i;
    int numCerts;
    int numAdded;
    HCkCertW cacert;
    int numJksCerts;

    success = FALSE;

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    jks = CkJavaKeyStoreW_Create();

    troots = CkTrustedRootsW_Create();

    // Load certificates from a file.
    success = CkTrustedRootsW_LoadCaCertsPem(troots,L"qa_data/curl_cacert.pem");
    if (success != TRUE) {
        wprintf(L"%s\n",CkTrustedRootsW_lastErrorText(troots));
        CkJavaKeyStoreW_Dispose(jks);
        CkTrustedRootsW_Dispose(troots);
        return;
    }

    sbDn = CkStringBuilderW_Create();
    sbAlias = CkStringBuilderW_Create();
    caseSensitive = FALSE;

    i = 0;
    numCerts = CkTrustedRootsW_getNumCerts(troots);
    numAdded = 0;
    while ((i < numCerts)) {
        cacert = CkTrustedRootsW_GetCert(troots,i);
        CkStringBuilderW_Clear(sbDn);
        CkStringBuilderW_Append(sbDn,CkCertW_subjectDN(cacert));
        if (CkStringBuilderW_Contains(sbDn,L"Entrust.net",caseSensitive) == TRUE) {
            wprintf(L"%s\n",CkCertW_subjectDN(cacert));

            // The alias is an arbitrary unique string for each cert in the JKS.
            CkStringBuilderW_Clear(sbAlias);
            CkStringBuilderW_Append(sbAlias,L"cacert_");
            CkStringBuilderW_AppendInt(sbAlias,i + 1);
            CkJavaKeyStoreW_AddTrustedCert(jks,cacert,CkStringBuilderW_getAsString(sbAlias));
            numAdded = numAdded + 1;
        }

        CkCertW_Dispose(cacert);
        i = i + 1;
    }

    // Verify the number of certs in the JKS equals the number we added.
    numJksCerts = CkJavaKeyStoreW_getNumTrustedCerts(jks);
    wprintf(L"NumTrustedCerts = %d\n",numJksCerts);
    if (numJksCerts != numAdded) {
        wprintf(L"Something is amiss!\n");
        CkJavaKeyStoreW_Dispose(jks);
        CkTrustedRootsW_Dispose(troots);
        CkStringBuilderW_Dispose(sbDn);
        CkStringBuilderW_Dispose(sbAlias);
        return;
    }

    // Save the JKS.
    success = CkJavaKeyStoreW_ToFile(jks,L"myPassword",L"qa_data/jks/entrust_caCerts.jks");
    if (success != TRUE) {
        wprintf(L"%s\n",CkJavaKeyStoreW_lastErrorText(jks));
        CkJavaKeyStoreW_Dispose(jks);
        CkTrustedRootsW_Dispose(troots);
        CkStringBuilderW_Dispose(sbDn);
        CkStringBuilderW_Dispose(sbAlias);
        return;
    }

    wprintf(L"Success.\n");

    // The output of this program when tested was:

    // C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
    // O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
    // C=US, O="Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, OU="(c) 2006 Entrust, Inc.", CN=Entrust Root Certification Authority
    // NumTrustedCerts = 3
    // Success.


    CkJavaKeyStoreW_Dispose(jks);
    CkTrustedRootsW_Dispose(troots);
    CkStringBuilderW_Dispose(sbDn);
    CkStringBuilderW_Dispose(sbAlias);

    }