How to utilize keytool programmatically?

It seems to me that there are hardly any good tools out there that help webapp deployers secure their environment. I feel like a lot of deployment grief comes in because the admin hasn't been properly tooled to ignore the intricacies and of TLS/SSL. I once had the good luck of seeing a really good UI management tha开发者_开发技巧t was intuitive, for an admin of any level, in either websphere or weblogic (i forget) but nothing like that is available today out in the open source community. I would like to put together something for tomcat one day so I'm experimenting and trying to figure out how "not to re-invent" the wheel but it just seems like I can't get my hands on the source code for keytool ... and the class itself is final I think ... so extending it would be out of the question. Does anyone know why SUN made it so hard to do good and intutive security?

Real Question: Are there ways that you know of where someone can programmatically utilize keytool to its fullest?

You can use java's KeyStore api to do what keytool does, programmatically. Over the years both the KeyStore api and keytool command line tool have evolved. You can refer to the KeyStore api docs here:

Java 7 KeyStore

Java 8 KeyStore

Java 9 KeyStore

If you are curious on how keytool does it, a quick google search yielded this link, which contains its code.