alanqthomas.io
  • Home
  • Scala
    • Understanding Scala Options
    • FirebaseApp Client in Scala
    • Parsing certs/keys from Strings in Scala
    • ZIO Striped Locking
  • Typescript
    • Option in Typescript
    • Redux Without Boilerplate
    • Redux Middleware Explained
  • Twitter
  • GitHub
  • LinkedIn
Powered by GitBook
On this page
  • Create a factory what you're trying to decode.
  • Strip unnecessary characters. Remove new lines and header/footer tags.
  • Decode base-64
  • Generate certificate/key
  • Full example for parsing a certificate:

Was this helpful?

Export as PDF
  1. Scala

Parsing certs/keys from Strings in Scala

I found it surprisingly difficult to get a straight answer online about how to parse the text of an RSA key-pair or certificate into their corresponding Java objects. Here's a basic step-by-step of how to do that. (All of this should basically apply to Java as well). A full example is at the bottom.

Create a factory what you're trying to decode.

// For X.509 certificates
val x509CertFactory: CertificateFactory = CertificateFactory.getInstance("X.509")

// For RSA keys
val rsaKeyFactory: KeyFactory = KeyFactory.getInstance("RSA")

Strip unnecessary characters. Remove new lines and header/footer tags.

def stripCertText(certText: String): String =
  certText
    .stripMargin
    .replace("\n", "")
    .replace("-----BEGIN CERTIFICATE-----", "")
    .replace("-----END CERTIFICATE-----", "")

def stripPrivateKeyText(keyText: String): String =
  keyText
    .stripMargin
    .replace("\n", "")
    .replace("-----BEGIN PRIVATE KEY-----", "")
    .replace("-----END PRIVATE KEY-----", "")

def stripPublicKeyText(keyText: String): String =
  keyText
    .stripMargin
    .replace("\n", "")
    .replace("-----BEGIN PUBLIC KEY-----", "")
    .replace("-----END PUBLIC KEY-----", "")

The header/footer tag text may be different depending on what type of key you're decoding.

Decode base-64

val bytes = Base64.getDecoder.decode(strippedKeyText)

Generate certificate/key

val x509Cert: X509Certificate = x509CertFactory
      .generateCertificate(new ByteArrayInputStream(certBytes))
      .asInstanceOf[X509Certificate] // Needs to get cast because CertificateFactory is lame

val rsaPublicKey: PublicKey = rsaKeyFactory.generatePublic(new X509EncodedKeySpec(bytes))
val rsaPrivateKey: PrivateKey = rsaKeyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes))

Use the EncodedKeySpec based on the type of your keys. In this example, I used X509EncodedKeySpec for the public key and PKCS8EncodedKeySpec for the private key.

The certificate factory just takes in a ByteArrayInputStream.

Full example for parsing a certificate:

import java.io.ByteArrayInputStream
import java.security.cert.{ CertificateFactory, X509Certificate }
import java.util.Base64

val certText: String = "-----BEGIN CERTIFICATE-----\nMIIDHDCCAgSgAwIBAgIIW <...> IeilJ1C7Xtj+hKJEsk=-----END CERTIFICATE-----\n"
val factory: CertificateFactory = CertificateFactory.getInstance("X.509")
val strippedCertText: String = certText
  .stripMargin
  .replace("\n", "")
  .replace("-----BEGIN CERTIFICATE-----", "")
  .replace("-----END CERTIFICATE-----", "")
val certBytes: Array[Byte] = Base64.getDecoder.decode(strippedCertText)
val certByteArrayInputStream: ByteArrayInputStream = new ByteArrayInputStream(certBytes)
val x509Cert: X509Certificate = factory.generateCertificate(certByteArrayInputStream).asInstanceOf[X509Certificate]
PreviousFirebaseApp Client in ScalaNextZIO Striped Locking

Last updated 5 years ago

Was this helpful?