Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/karasiq/cryptoutils

Scala wrappers for JCA/BouncyCastle
https://github.com/karasiq/cryptoutils

bouncy-castle certificates jca scala-wrappers tls

Last synced: 3 months ago
JSON representation

Scala wrappers for JCA/BouncyCastle

Host: GitHub
URL: https://github.com/karasiq/cryptoutils
Owner: Karasiq
License: mit
Created: 2015-09-10T11:48:11.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2020-12-02T04:58:37.000Z (about 4 years ago)
Last Synced: 2023-07-26T21:59:42.413Z (over 1 year ago)
Topics: bouncy-castle, certificates, jca, scala-wrappers, tls
Language: Scala
Size: 85.9 KB
Stars: 6
Watchers: 3
Forks: 5
Open Issues: 4
Metadata Files:
- Readme: README.MD
- License: LICENSE

Awesome Lists containing this project

README

        # cryptoutils [![Build Status](https://travis-ci.org/Karasiq/cryptoutils.svg?branch=master)](https://travis-ci.org/Karasiq/cryptoutils) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.github.karasiq/cryptoutils_2.12/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.github.karasiq/cryptoutils_2.12)

Scala wrappers for JCA/BouncyCastle classes

# How to use

Add to `build.sbt`:

```scala

libraryDependencies ++= Seq(

  "org.bouncycastle" % "bcprov-jdk15on" % "1.58",

  "org.bouncycastle" % "bcpkix-jdk15on" % "1.58",

  "com.github.karasiq" %% "cryptoutils" % "1.4.3"

)

```

# Managing key pairs and certificates

## Generating X.509 certificate

```scala

val keyGenerator = CertificateGenerator()

// Self-signed CA certificate

val caSubject = X509Utils.subject("Example Root CA", "US", "California", "San Francisco", "Example", "Example Root CA", "[email protected]")

val ca: TLS.CertificateKey = keyGenerator.generate(caSubject, "RSA", 2048, extensions = CertExtension.certificationAuthorityExtensions()) 

println(s"Self-signed: ${ca.certificate.getSubject}")

// CA-signed certificate

val subject = X509Utils.subject("Example Subject", "US", "California", "San Francisco", "Example", "Example", "[email protected]")

val cert: TLS.CertificateKey = keyGenerator.generate(subject, "RSA", 2048, Some(ca), BigInt(1))

println(s"CA signed: ${cert.certificate.getSubject}")

```

## X.509 certification request

```scala

val keyGenerator = CertificateGenerator()

val subject = X509Utils.subject("Example Subject", "US", "California", "San Francisco", "Example", "Example", "[email protected]")

val keyPair: java.security.KeyPair = ??? // Generate/load key pair

// Creating request

val request = keyGenerator.createRequest(keyPair, subject)

// Signing request

val ca: TLS.CertificateKey = ... // Certification authority certificate and private key

val cert: TLS.CertificateChain = keyGenerator.signRequest(request, ca) // Resulting certificate chain

```

## Verifying X.509 certificate

```scala

val verifier = CertificateVerifier(CertificateStatusProvider.CRL, ca.certificate) // Or from java trust store: CertificateVerifier.fromTrustStore(TrustStore.fromFile("example-trust.jks"), CertificateStatusProvider.CRL)

if (verifier.isChainValid(cert.certificateChain)) {

  println(s"Verified: ${cert.getSubject}")

}

```

## Using PEM files

```scala

val certificationAuthority = PEM.certificate.fromFile("ca.crt")

val myCertificate = PEM.certificate.fromFile("mycert.crt")

val keyPair = PEM.keyPair.fromFile("mykey.key")

val certKey = TLS.CertificateKey(new TLS.CertificateChain(Array(myCertificate, certificationAuthority)), keyPair)

```

## Using Java Key Store

```scala

// Open key store

val keyStore = TLSKeyStore.open("example.jks", "123456")

// Reading key

val (key, chain) = (keyStore.getKey("example"), keyStore.getCertificateChain("example"))

// Reading key set

val keySet: TLS.KeySet = keyStore.getKeySet("example")

// Adding new key

val newKey: TLS.CertificateKey = ??? // Generate key and certificate (see above)

keyStore.putKey("example-new", newKey)

// Saving to file

keyStore.saveAs("example.jks")

```

# Using TLS (transport layer security)

## TLS client

```scala

val verifier: CertificateVerifier = ??? // Certificate verifier

val clientKeySet: TLS.KeySet = ??? // Client authorization

val address = new InetSocketAddress("example.com", 443) // Server address

// Opening connection:

val clientWrapper = new TLSClientWrapper(verifier, address, clientKeySet)

val socket = clientWrapper(SocketChannel.open(address))

// ... Do read/write, etc ...

socket.close()

```

## TLS server

```scala              

val verifier: CertificateVerifier = ... // Client certificate verifier

val serverKeySet: TLS.KeySet = keyStore.getKeySet("example-server") // Server certificate is required

// Accepting connection

val serverWrapper = new TLSServerWrapper(serverKeySet, clientAuth = true, verifier)

val serverSocket = ServerSocketChannel.open()

serverSocket.bind(new InetSocketAddress("0.0.0.0", 443))

val socket = serverWrapper(serverSocket.accept())

// ... Do read/write, etc ...

socket.close()

```