Pascal (Lazarus/Delphi)
Pascal (Lazarus/Delphi)
Add Private Key to Java Keystore
See more Java KeyStore (JKS) Examples
Adds a private key to an existing Java keystore.Chilkat Pascal (Lazarus/Delphi) Downloads
program ChilkatDemo;
// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.
{$IFDEF FPC}
{$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}
uses
{$IFDEF UNIX}
cthreads,
{$ENDIF}
SysUtils,
CkDllLoader,
Chilkat.XmlCertVault,
Chilkat.JavaKeyStore,
Chilkat.PrivateKey,
Chilkat.Cert,
Chilkat.Pfx;
// ---------------------------------------------------------------------------
procedure RunDemo;
var
success: Boolean;
jks: TJavaKeyStore;
jksPassword: string;
jksPath: string;
cert: TCert;
certVault: TXmlCertVault;
privKey: TPrivateKey;
alias: string;
pfx: TPfx;
begin
success := False;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
jks := TJavaKeyStore.Create;
jksPassword := 'myJksPassword';
jksPath := '/someDir/keyStore.jks';
// Load the Java keystore from a file.
success := jks.LoadFile(jksPassword,jksPath);
if (success <> True) then
begin
WriteLn(jks.LastErrorText);
Exit;
end;
// A JKS private key entry consists of both the private key,
// it's associated certificate (which contains the matching public key
// within the X.509 of the certificate), and the certificates in the
// chain of authentication to the root.
//
// Therefore, to add a private key entry to a JKS requires
// a Chilkat certificate object that has a private key and which also
// has the certificate chain (up to the root) available.
// There are many ways to get a Chilkat certificate object
// that contains (within it) the private key and the certificate chain
// This example will show two possibilities:
// (1) Where the cert and issuing root are provided in PEM format in .crt files,
// and the private key is also provided in unencrypted PEM format (.key file).
// (2) Where the cert, private key, and issuing root are provided in a single PFX.
// First for the .crt / .key files:
cert := TCert.Create;
// Chilkat will automatically determine the format of the cert file and load it correctly.
success := cert.LoadFromFile('/mycerts/alice.crt');
if (success <> True) then
begin
WriteLn(cert.LastErrorText);
Exit;
end;
// Certificates required for building the chain of authentication can be
// added to an XML certificate vault object, and then provided as
// a source for obtaining certs when building the chain.
certVault := TXmlCertVault.Create;
success := certVault.AddCertFile('/mycerts/ca.crt');
if (success <> True) then
begin
WriteLn(certVault.LastErrorText);
Exit;
end;
success := cert.UseCertVault(certVault);
if (success <> True) then
begin
WriteLn(cert.LastErrorText);
Exit;
end;
// Now provide the associated private key to the certificate object.
// The Chilkat private key class provides methods for loading from many formats (both
// encrypted and unencrypted).
privKey := TPrivateKey.Create;
success := privKey.LoadPemFile('/mycerts/alice.key');
if (success <> True) then
begin
WriteLn(privKey.LastErrorText);
Exit;
end;
// Provide the certificate object with the private key:
success := cert.SetPrivateKey(privKey);
if (success <> True) then
begin
WriteLn(cert.LastErrorText);
Exit;
end;
// Our certificate object now contains all that we need to add it as a private key entry
// to the Java keystore:
alias := 'alice';
success := jks.AddPrivateKey(cert,alias,jksPassword);
if (success <> True) then
begin
WriteLn(jks.LastErrorText);
Exit;
end;
// Write the updated JKS, which contains the new private key entry w/ certificate chain.
success := jks.ToFile(jksPassword,jksPath);
if (success <> True) then
begin
WriteLn(jks.LastErrorText);
Exit;
end;
WriteLn('Added new private key entry (from .crt and .key files) to the JKS!');
// Now let's add a new private key entry from a PFX that contains a single
// private key with associated cert and cert chain.
pfx := TPfx.Create;
success := pfx.LoadPfxFile('/myPfxFiles/my.pfx','pfxPassword');
if (success <> True) then
begin
WriteLn(pfx.LastErrorText);
Exit;
end;
// This is easy -- simply add the PFX to the JKS
alias := 'bob';
success := jks.AddPfx(pfx,alias,jksPassword);
if (success <> True) then
begin
WriteLn(jks.LastErrorText);
Exit;
end;
// Write the updated JKS, which contains the new private key entry w/ certificate chain
// that came from the PFX.
success := jks.ToFile(jksPassword,jksPath);
if (success <> True) then
begin
WriteLn(jks.LastErrorText);
Exit;
end;
WriteLn('Added new private key entry (from PFX) to the JKS!');
jks.Free;
cert.Free;
certVault.Free;
privKey.Free;
pfx.Free;
end;
// ---------------------------------------------------------------------------
begin
try
RunDemo;
except
on E: Exception do
WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
end;
WriteLn;
{$IFDEF MSWINDOWS}
WriteLn('Press Enter to exit...');
ReadLn;
{$ENDIF}
end.