Sample code for 30+ languages & platforms
DataFlex

Add Private Key to Java Keystore

See more Java KeyStore (JKS) Examples

Adds a private key to an existing Java keystore.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoJks
    String sJksPassword
    String sJksPath
    Variant vCert
    Handle hoCert
    Variant vCertVault
    Handle hoCertVault
    Variant vPrivKey
    Handle hoPrivKey
    String sAlias
    Variant vPfx
    Handle hoPfx
    String sTemp1

    Move False To iSuccess

    // This requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatJavaKeyStore)) To hoJks
    If (Not(IsComObjectCreated(hoJks))) Begin
        Send CreateComObject of hoJks
    End

    Move "myJksPassword" To sJksPassword
    Move "/someDir/keyStore.jks" To sJksPath

    // Load the Java keystore from a file.
    Get ComLoadFile Of hoJks sJksPassword sJksPath To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoJks To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // A JKS private key entry consists of both the private key,
    // it's associated certificate (which contains the matching public key
    // within the X.509 of the certificate), and the certificates in the
    // chain of authentication to the root.
    // 
    // Therefore, to add a private key entry to a JKS requires
    // a Chilkat certificate object that has a private key and which also
    // has the certificate chain (up to the root) available.

    // There are many ways to get a Chilkat certificate object
    // that contains (within it) the private key and the certificate chain
    // This example will show two possibilities:
    // (1) Where the cert and issuing root are provided in PEM format in .crt files,
    // and the private key is also provided in unencrypted PEM format (.key file).
    // (2) Where the cert, private key, and issuing root are provided in a single PFX.

    // First for the .crt / .key files:
    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End

    // Chilkat will automatically determine the format of the cert file and load it correctly.
    Get ComLoadFromFile Of hoCert "/mycerts/alice.crt" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Certificates required for building the chain of authentication can be
    // added to an XML certificate vault object, and then provided as
    // a source for obtaining certs when building the chain.
    Get Create (RefClass(cComChilkatXmlCertVault)) To hoCertVault
    If (Not(IsComObjectCreated(hoCertVault))) Begin
        Send CreateComObject of hoCertVault
    End
    Get ComAddCertFile Of hoCertVault "/mycerts/ca.crt" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCertVault To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Get pvComObject of hoCertVault to vCertVault
    Get ComUseCertVault Of hoCert vCertVault To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Now provide the associated private key to the certificate object.
    // The Chilkat private key class provides methods for loading from many formats (both
    // encrypted and unencrypted).
    Get Create (RefClass(cComChilkatPrivateKey)) To hoPrivKey
    If (Not(IsComObjectCreated(hoPrivKey))) Begin
        Send CreateComObject of hoPrivKey
    End
    Get ComLoadPemFile Of hoPrivKey "/mycerts/alice.key" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoPrivKey To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Provide the certificate object with the private key:
    Get pvComObject of hoPrivKey to vPrivKey
    Get ComSetPrivateKey Of hoCert vPrivKey To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Our certificate object now contains all that we need to add it as a private key entry
    // to the Java keystore:
    Move "alice" To sAlias
    Get pvComObject of hoCert to vCert
    Get ComAddPrivateKey Of hoJks vCert sAlias sJksPassword To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoJks To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Write the updated JKS, which contains the new private key entry w/ certificate chain.
    Get ComToFile Of hoJks sJksPassword sJksPath To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoJks To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Added new private key entry (from .crt and .key files) to the JKS!"

    // Now let's add a new private key entry from a PFX that contains a single
    // private key with associated cert and cert chain.
    Get Create (RefClass(cComChilkatPfx)) To hoPfx
    If (Not(IsComObjectCreated(hoPfx))) Begin
        Send CreateComObject of hoPfx
    End

    Get ComLoadPfxFile Of hoPfx "/myPfxFiles/my.pfx" "pfxPassword" To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoPfx To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // This is easy -- simply add the PFX to the JKS
    Move "bob" To sAlias
    Get pvComObject of hoPfx to vPfx
    Get ComAddPfx Of hoJks vPfx sAlias sJksPassword To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoJks To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Write the updated JKS, which contains the new private key entry w/ certificate chain
    // that came from the PFX.
    Get ComToFile Of hoJks sJksPassword sJksPath To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoJks To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Added new private key entry (from PFX) to the JKS!"


End_Procedure