how do i programmatically create a keystore and import my certificate into it?

My app can be used two ways:
1. in regular Java Apps
2. In a web App
In both cases, whether or not there is security depends on whether the app (web or other app) that is using my code has turned security on. So I need to be able to execute whether or not security is on. As well, keytool (the usual way of creating a keystore and importing your certificate) is not included in the simple JRE install. So when my app installs itself, it needs a way to create a keystore, import the cert and help the user add the keystore and "grant" to their policy file. Anyone know how to do this?

Anyone interested, I got the answer:

//CREATE A KEYSTORE OF TYPE "Java Key Store"
KeyStore ks = KeyStore.getInstance("JKS");
/*
 * LOAD THE STORE
 * The first time you're doing this (i.e. the keystore does not
 * yet exist - you're creating it), you HAVE to load the keystore
 * from a null source with null password. Before any methods can
 * be called on your keystore you HAVE to load it first. Loading
 * it from a null source and null password simply creates an empty
 * keystore. At a later time, when you want to verify the keystore
 * or get certificates (or whatever) you can load it from the
 * file with your password.
 */
ks.load( null, null );
//GET THE FILE CONTAINING YOUR CERTIFICATE
FileInputStream fis = new FileInputStream( "MyCert.cer" );
BufferedInputStream bis = new BufferedInputStream(fis);
//I USE x.509 BECAUSE THAT'S WHAT keytool CREATES
CertificateFactory cf = CertificateFactory.getInstance( "X.509" );
//NOTE: THIS IS java.security.cert.Certificate NOT java.security.Certificate
Certificate cert = null;
/*
 * I ONLY HAVE ONE CERT, I JUST USED "while" BECAUSE I'M JUST
 * DOING TESTING AND WAS TAKING WHATEVER CODE I FOUND IN
 * THE API DOCUMENTATION. I COULD HAVE DONE AN "if", BUT I
 * WANTED TO SHOW HOW YOU WOULD HANDLE IT IF YOU GOT A CERT
 * FROM VERISIGN THAT CONTAINED MULTIPLE CERTS
 */
//GET THE CERTS CONTAINED IN THIS ROOT CERT FILE
while ( bis.available() > 0 )
{
 cert = cf.generateCertificate( bis );
 ks.setCertificateEntry( "SGCert", cert );
}
//ADD TO THE KEYSTORE AND GIVE IT AN ALIAS NAME
ks.setCertificateEntry( "SGCert", cert );
//SAVE THE KEYSTORE TO A FILE
/*
 * After this is saved, I believe you can just do setCertificateEntry
 * to add entries and then not call store. I believe it will update
 * the existing store you load it from and not just in memory.
 */
ks.store( new FileOutputStream( "NewClientKeyStore" ), "MyPass".toCharArray() );