Scala wrappers for JCA/BouncyCastle classes
Fork of karasiq/cryptoutils to add Scala 2.13 and Scala 3 support
Add to build.sbt
:
libraryDependencies ++= Seq(
"org.bouncycastle" % "bcprov-jdk15on" % "1.58",
"org.bouncycastle" % "bcpkix-jdk15on" % "1.58",
"com.henricook" %% "cryptoutils" % "1.5.3"
)
val keyGenerator = CertificateGenerator()
// Self-signed CA certificate
val caSubject = X509Utils.subject("Example Root CA", "US", "California", "San Francisco", "Example", "Example Root CA", "[email protected]")
val ca: TLS.CertificateKey = keyGenerator.generate(caSubject, "RSA", 2048, extensions = CertExtension.certificationAuthorityExtensions())
println(s"Self-signed: ${ca.certificate.getSubject}")
// CA-signed certificate
val subject = X509Utils.subject("Example Subject", "US", "California", "San Francisco", "Example", "Example", "[email protected]")
val cert: TLS.CertificateKey = keyGenerator.generate(subject, "RSA", 2048, Some(ca), BigInt(1))
println(s"CA signed: ${cert.certificate.getSubject}")
val keyGenerator = CertificateGenerator()
val subject = X509Utils.subject("Example Subject", "US", "California", "San Francisco", "Example", "Example", "[email protected]")
val keyPair: java.security.KeyPair = ??? // Generate/load key pair
// Creating request
val request = keyGenerator.createRequest(keyPair, subject)
// Signing request
val ca: TLS.CertificateKey = ... // Certification authority certificate and private key
val cert: TLS.CertificateChain = keyGenerator.signRequest(request, ca) // Resulting certificate chain
val verifier = CertificateVerifier(CertificateStatusProvider.CRL, ca.certificate) // Or from java trust store: CertificateVerifier.fromTrustStore(TrustStore.fromFile("example-trust.jks"), CertificateStatusProvider.CRL)
if (verifier.isChainValid(cert.certificateChain)) {
println(s"Verified: ${cert.getSubject}")
}
val certificationAuthority = PEM.certificate.fromFile("ca.crt")
val myCertificate = PEM.certificate.fromFile("mycert.crt")
val keyPair = PEM.keyPair.fromFile("mykey.key")
val certKey = TLS.CertificateKey(new TLS.CertificateChain(Array(myCertificate, certificationAuthority)), keyPair)
// Open key store
val keyStore = TLSKeyStore.open("example.jks", "123456")
// Reading key
val (key, chain) = (keyStore.getKey("example"), keyStore.getCertificateChain("example"))
// Reading key set
val keySet: TLS.KeySet = keyStore.getKeySet("example")
// Adding new key
val newKey: TLS.CertificateKey = ??? // Generate key and certificate (see above)
keyStore.putKey("example-new", newKey)
// Saving to file
keyStore.saveAs("example.jks")
val verifier: CertificateVerifier = ??? // Certificate verifier
val clientKeySet: TLS.KeySet = ??? // Client authorization
val address = new InetSocketAddress("example.com", 443) // Server address
// Opening connection:
val clientWrapper = new TLSClientWrapper(verifier, address, clientKeySet)
val socket = clientWrapper(SocketChannel.open(address))
// ... Do read/write, etc ...
socket.close()
val verifier: CertificateVerifier = ... // Client certificate verifier
val serverKeySet: TLS.KeySet = keyStore.getKeySet("example-server") // Server certificate is required
// Accepting connection
val serverWrapper = new TLSServerWrapper(serverKeySet, clientAuth = true, verifier)
val serverSocket = ServerSocketChannel.open()
serverSocket.bind(new InetSocketAddress("0.0.0.0", 443))
val socket = serverWrapper(serverSocket.accept())
// ... Do read/write, etc ...
socket.close()