java.security.KeyFactory Scala Examples
The following examples show how to use java.security.KeyFactory.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
Example 1
| Source File: KeyUtils.scala From daml with Apache License 2.0 | 6 votes |
|
// Copyright (c) 2020 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
// SPDX-License-Identifier: Apache-2.0
package com.daml.jwt
import java.io.{File, FileInputStream}
import java.nio.charset.StandardCharsets
import java.nio.file.Files
import java.security.cert.CertificateFactory
import java.security.interfaces.{ECPublicKey, RSAPrivateKey, RSAPublicKey}
import java.security.spec.PKCS8EncodedKeySpec
import java.security.KeyFactory
import com.daml.lf.data.TryOps.Bracket.bracket
import scalaz.Show
import scalaz.syntax.show._
import scala.util.Try
object KeyUtils {
final case class Error(what: Symbol, message: String)
object Error {
implicit val showInstance: Show[Error] =
Show.shows(e => s"KeyUtils.Error: ${e.what}, ${e.message}")
}
private val mimeCharSet = StandardCharsets.ISO_8859_1
def generateJwks(keys: Map[String, RSAPublicKey]): String = {
def generateKeyEntry(keyId: String, key: RSAPublicKey): String =
s""" {
| "kid": "$keyId",
| "kty": "RSA",
| "alg": "RS256",
| "use": "sig",
| "e": "${java.util.Base64.getUrlEncoder
.encodeToString(key.getPublicExponent.toByteArray)}",
| "n": "${java.util.Base64.getUrlEncoder.encodeToString(key.getModulus.toByteArray)}"
| }""".stripMargin
s"""
|{
| "keys": [
|${keys.toList.map { case (keyId, key) => generateKeyEntry(keyId, key) }.mkString(",\n")}
| ]
|}
""".stripMargin
}
}
Example 2
| Source File: GatlingFeeder.scala From matcher with MIT License | 5 votes |
|
package com.wavesplatform.dex.load
import java.io.{File, PrintWriter}
import java.security
import java.security.KeyFactory
import java.security.spec.PKCS8EncodedKeySpec
import java.util.Base64
import com.wavesplatform.dex.api.ws.protocol.WsAddressSubscribe.JwtPayload
import com.wavesplatform.dex.auth.JwtUtils
import com.wavesplatform.dex.domain.account.{AddressScheme, PrivateKey, PublicKey}
import com.wavesplatform.dex.domain.bytes.ByteStr
import com.wavesplatform.wavesj.PrivateKeyAccount
import play.api.libs.json.Json
import scala.concurrent.duration._
import scala.io.Source
import scala.util.Random
object GatlingFeeder {
def authServiceKeyPair(rawPrivateKey: String): security.PrivateKey = {
val privateKeyContent = rawPrivateKey
.replace("-----BEGIN PRIVATE KEY-----", "")
.replace("-----END PRIVATE KEY-----", "")
.replaceAll("\\n", "")
val kf = KeyFactory.getInstance("RSA")
val ksPkcs8 = new PKCS8EncodedKeySpec(Base64.getDecoder.decode(privateKeyContent))
val privateKey = kf.generatePrivate(ksPkcs8)
privateKey
}
private def mkJwtSignedPayload(a: PrivateKeyAccount): JwtPayload = {
val exp = System.currentTimeMillis() / 1000 + 24.hour.toSeconds
JwtPayload(
signature = ByteStr(Array.emptyByteArray),
publicKey = PublicKey(a.getPublicKey),
networkByte = AddressScheme.current.chainId.toChar.toString,
clientId = "test",
firstTokenExpirationInSeconds = exp,
activeTokenExpirationInSeconds = exp,
scope = List("general")
).signed(PrivateKey(a.getPrivateKey))
}
private def mkAusString(accountPrivateKey: PrivateKeyAccount, authKp: security.PrivateKey): String = {
s"""{"T":"aus","S":"${accountPrivateKey.getAddress}","t":"jwt","j":"${JwtUtils.mkJwt(authKp,
Json.toJsObject(mkJwtSignedPayload(accountPrivateKey)))}"}"""
}
private def mkObsStrings(pairsFile: File, numberPerClient: Int): String = {
val source = Source.fromFile(pairsFile)
try {
val pairs = Random.shuffle(source.getLines.toVector)
require(numberPerClient <= pairs.size, "numberPerClient > available asset pairs in file")
pairs.take(numberPerClient).map(x => s"""{"T":"obs","S":"$x","d":100}""").mkString(";")
} finally source.close()
}
def mkFile(accountsNumber: Int,
seedPrefix: String,
authKp: security.PrivateKey,
pairsFile: File,
orderBookNumberPerAccount: Int,
feederFile: File): Unit = {
val output = new PrintWriter(feederFile, "utf-8")
try {
(0 until accountsNumber).foreach { i =>
val pk = PrivateKeyAccount.fromSeed(s"$seedPrefix$i", 0, AddressScheme.current.chainId)
output.println(s"""${pk.getAddress};${mkAusString(pk, authKp)};${mkObsStrings(pairsFile, orderBookNumberPerAccount)}""")
}
} finally output.close()
println(s"Results have been saved to $feederFile")
}
}
Example 3
| Source File: ParseEncodedKeySpec.scala From tsec with MIT License | 5 votes |
|
package tsec.jwt.util
import java.security.KeyFactory
import java.security.spec.{PKCS8EncodedKeySpec, X509EncodedKeySpec}
import cats.MonadError
import tsec.signature.jca._
object ParseEncodedKeySpec {
def pubKeyFromBytes[F[_], A](keyBytes: Array[Byte])(implicit kt: KFTag[A]): SigPublicKey[A] = {
val spec = new X509EncodedKeySpec(keyBytes)
SigPublicKey[A](
KeyFactory
.getInstance(kt.keyFactoryAlgo, "BC")
.generatePublic(spec)
)
}
def privKeyFromBytes[F[_], A](keyBytes: Array[Byte])(implicit kt: KFTag[A]): SigPrivateKey[A] = {
val spec = new PKCS8EncodedKeySpec(keyBytes)
SigPrivateKey[A](
KeyFactory
.getInstance(kt.keyFactoryAlgo, "BC")
.generatePrivate(spec)
)
}
def concatSignatureToDER[F[_], A](
signature: Array[Byte]
)(implicit me: MonadError[F, Throwable], ecTag: ECKFTag[A]): F[Array[Byte]] = {
var (r, s) = signature.splitAt(signature.length / 2)
r = r.dropWhile(_ == 0)
if (r.length > 0 && r(0) < 0)
r +:= 0.toByte
s = s.dropWhile(_ == 0)
if (s.length > 0 && s(0) < 0)
s +:= 0.toByte
val signatureLength = 2 + r.length + 2 + s.length
if (signatureLength > 255)
me.raiseError(GeneralSignatureError("Invalid ECDSA signature format"))
var signatureDER = scala.collection.mutable.ListBuffer.empty[Byte]
signatureDER += 48
if (signatureLength >= 128)
signatureDER += 0x81.toByte
signatureDER += signatureLength.toByte
signatureDER += 2.toByte += r.length.toByte ++= r
signatureDER += 2.toByte += s.length.toByte ++= s
me.pure(signatureDER.toArray)
}
}
Example 4
| Source File: JwsAlgorithm.scala From akka-http-session with Apache License 2.0 | 5 votes |
|
package com.softwaremill.session
import java.nio.charset.StandardCharsets.UTF_8
import java.security.spec.PKCS8EncodedKeySpec
import java.security.{KeyFactory, PrivateKey, Signature}
import java.util.Base64
import com.typesafe.config.Config
import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec
import scala.util.{Failure, Success, Try}
sealed trait JwsAlgorithm {
def value: String
def sign(message: String): String
protected def encode(bytes: Array[Byte]): String =
Base64.getUrlEncoder.withoutPadding().encodeToString(bytes)
}
object JwsAlgorithm {
case class Rsa(privateKey: PrivateKey) extends JwsAlgorithm {
override val value: String = "RS256"
override def sign(message: String): String = {
val privateSignature: Signature = Signature.getInstance("SHA256withRSA")
privateSignature.initSign(privateKey)
privateSignature.update(message.getBytes(UTF_8))
encode(privateSignature.sign())
}
}
object Rsa {
def fromConfig(jwsConfig: Config): Try[Rsa] = {
def readKeyFromConf(): Try[String] = {
val configKey = "rsa-private-key"
Option(jwsConfig.hasPath(configKey))
.filter(identity)
.flatMap(_ => Option(jwsConfig.getString(configKey)))
.filter(_.trim.nonEmpty)
.map(_.replaceAll("\\s", "").replaceAll("-----[^-]+-----", ""))
.map(Success(_))
.getOrElse(Failure(new IllegalArgumentException(
"akka.http.session.jws.rsa-private-key must be defined in order to use alg = RS256")))
}
readKeyFromConf()
.flatMap { key =>
Try {
val keyFactory = KeyFactory.getInstance("RSA")
val privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder.decode(key)))
Rsa(privateKey)
}.recoverWith {
case ex => Failure(new IllegalArgumentException("Invalid RSA private key", ex))
}
}
}
}
case class HmacSHA256(serverSecret: String) extends JwsAlgorithm {
override val value: String = "HS256"
override def sign(message: String): String = {
val key = serverSecret.getBytes("UTF-8")
val mac = Mac.getInstance("HmacSHA256")
mac.init(new SecretKeySpec(key, "HmacSHA256"))
encode(mac.doFinal(message.getBytes("utf-8")))
}
}
}
Example 5
| Source File: KeyUtils.scala From grpc-scala-microservice-kit with Apache License 2.0 | 5 votes |
|
package mu.node.echod.util
import java.nio.file.{Files, Paths}
import java.security.{KeyFactory, PrivateKey, PublicKey}
import java.security.spec.{PKCS8EncodedKeySpec, X509EncodedKeySpec}
import pdi.jwt.JwtAlgorithm.RS256
trait KeyUtils {
val jwtDsa = RS256
def loadPkcs8PrivateKey(path: String): PrivateKey = {
val keyBytes = Files.readAllBytes(Paths.get(path))
val spec = new PKCS8EncodedKeySpec(keyBytes)
KeyFactory.getInstance("RSA").generatePrivate(spec)
}
def loadX509PublicKey(path: String): PublicKey = {
val keyBytes = Files.readAllBytes(Paths.get(path))
val spec = new X509EncodedKeySpec(keyBytes)
KeyFactory.getInstance("RSA").generatePublic(spec)
}
}
Example 6
| Source File: AkkaGrpcServerScala.scala From akka-grpc with Apache License 2.0 | 5 votes |
|
package akka.grpc.interop
import java.io.FileInputStream
import java.nio.file.{ Files, Paths }
import java.security.cert.CertificateFactory
import java.security.spec.PKCS8EncodedKeySpec
import java.security.{ KeyFactory, KeyStore, SecureRandom }
import scala.concurrent.duration._
import akka.actor.ActorSystem
import akka.util.ByteString
import akka.http.scaladsl.Http.ServerBinding
import akka.http.scaladsl.model.{ HttpRequest, HttpResponse }
import akka.http.scaladsl.{ Http2, HttpsConnectionContext }
import akka.stream.SystemMaterializer
import io.grpc.internal.testing.TestUtils
import javax.net.ssl.{ KeyManagerFactory, SSLContext }
import scala.concurrent.{ Await, Future }
case class AkkaGrpcServerScala(serverHandlerFactory: ActorSystem => HttpRequest => Future[HttpResponse])
extends GrpcServer[(ActorSystem, ServerBinding)] {
override def start() = {
implicit val sys = ActorSystem()
implicit val mat = SystemMaterializer(sys).materializer
val testService = serverHandlerFactory(sys)
val bindingFuture = Http2().bindAndHandleAsync(
testService,
interface = "127.0.0.1",
port = 0,
parallelism = 256, // TODO remove once https://github.com/akka/akka-http/pull/2146 is merged
connectionContext = serverHttpContext())
val binding = Await.result(bindingFuture, 10.seconds)
(sys, binding)
}
override def stop(binding: (ActorSystem, ServerBinding)) =
binding match {
case (sys, binding) =>
sys.log.info("Exception thrown, unbinding")
Await.result(binding.unbind(), 10.seconds)
Await.result(sys.terminate(), 10.seconds)
}
private def serverHttpContext() = {
val keyEncoded =
new String(Files.readAllBytes(Paths.get(TestUtils.loadCert("server1.key").getAbsolutePath)), "UTF-8")
.replace("-----BEGIN PRIVATE KEY-----\n", "")
.replace("-----END PRIVATE KEY-----\n", "")
.replace("\n", "")
val decodedKey = ByteString(keyEncoded).decodeBase64.toArray
val spec = new PKCS8EncodedKeySpec(decodedKey)
val kf = KeyFactory.getInstance("RSA")
val privateKey = kf.generatePrivate(spec)
val fact = CertificateFactory.getInstance("X.509")
val is = new FileInputStream(TestUtils.loadCert("server1.pem"))
val cer = fact.generateCertificate(is)
val ks = KeyStore.getInstance("PKCS12")
ks.load(null)
ks.setKeyEntry("private", privateKey, Array.empty, Array(cer))
val keyManagerFactory = KeyManagerFactory.getInstance("SunX509")
keyManagerFactory.init(ks, null)
val context = SSLContext.getInstance("TLS")
context.init(keyManagerFactory.getKeyManagers, null, new SecureRandom)
new HttpsConnectionContext(context)
}
override def getPort(binding: (ActorSystem, ServerBinding)): Int = binding._2.localAddress.getPort
}
Example 7
package com.wavesplatform.lang.v1.evaluator.ctx.impl.crypto
import java.security.spec.X509EncodedKeySpec
import java.security.{KeyFactory, Signature}
import org.bouncycastle.jce.provider.BouncyCastleProvider
object RSA {
lazy val bouncyCastleProvider = new BouncyCastleProvider
sealed trait DigestAlgorithm
case object NONE extends DigestAlgorithm
case object MD5 extends DigestAlgorithm
case object SHA1 extends DigestAlgorithm
case object SHA224 extends DigestAlgorithm
case object SHA256 extends DigestAlgorithm
case object SHA384 extends DigestAlgorithm
case object SHA512 extends DigestAlgorithm
case object SHA3224 extends DigestAlgorithm
case object SHA3256 extends DigestAlgorithm
case object SHA3384 extends DigestAlgorithm
case object SHA3512 extends DigestAlgorithm
def digestAlgorithmPrefix(alg: DigestAlgorithm): String = {
alg match {
case NONE => "NONE"
case MD5 => "MD5"
case SHA1 => "SHA1"
case SHA224 => "SHA224"
case SHA256 => "SHA256"
case SHA384 => "SHA384"
case SHA512 => "SHA512"
case SHA3224 => "SHA3-224"
case SHA3256 => "SHA3-256"
case SHA3384 => "SHA3-384"
case SHA3512 => "SHA3-512"
}
}
def verify(digestAlgorithm: DigestAlgorithm, message: Array[Byte], signature: Array[Byte], publicKey: Array[Byte]): Boolean = {
val algorithm = {
val digestPrefix = digestAlgorithmPrefix(digestAlgorithm)
s"${digestPrefix}withRSA"
}
val publicSignature = Signature.getInstance(algorithm, bouncyCastleProvider)
val jPublicKeySpec = new X509EncodedKeySpec(publicKey)
val jPublicKey = KeyFactory.getInstance("RSA").generatePublic(jPublicKeySpec)
publicSignature.initVerify(jPublicKey)
publicSignature.update(message)
publicSignature.verify(signature)
}
}
