Parsing certs/keys from Strings in Scala
I found it surprisingly difficult to get a straight answer online about how to parse the text of an RSA key-pair or certificate into their corresponding Java objects. Here's a basic step-by-step of how to do that. (All of this should basically apply to Java as well). A full example is at the bottom.

Create a factory what you're trying to decode.

// For X.509 certificates
val x509CertFactory: CertificateFactory = CertificateFactory.getInstance("X.509")
// For RSA keys
val rsaKeyFactory: KeyFactory = KeyFactory.getInstance("RSA")
def stripCertText(certText: String): String =
certText
.stripMargin
.replace("\n", "")
.replace("-----BEGIN CERTIFICATE-----", "")
.replace("-----END CERTIFICATE-----", "")
def stripPrivateKeyText(keyText: String): String =
keyText
.stripMargin
.replace("\n", "")
.replace("-----BEGIN PRIVATE KEY-----", "")
.replace("-----END PRIVATE KEY-----", "")
def stripPublicKeyText(keyText: String): String =
keyText
.stripMargin
.replace("\n", "")
.replace("-----BEGIN PUBLIC KEY-----", "")
.replace("-----END PUBLIC KEY-----", "")
The header/footer tag text may be different depending on what type of key you're decoding.

Decode base-64

val bytes = Base64.getDecoder.decode(strippedKeyText)

Generate certificate/key

val x509Cert: X509Certificate = x509CertFactory
.generateCertificate(new ByteArrayInputStream(certBytes))
.asInstanceOf[X509Certificate] // Needs to get cast because CertificateFactory is lame
val rsaPublicKey: PublicKey = rsaKeyFactory.generatePublic(new X509EncodedKeySpec(bytes))
val rsaPrivateKey: PrivateKey = rsaKeyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes))
Use the EncodedKeySpec based on the type of your keys. In this example, I used X509EncodedKeySpec for the public key and PKCS8EncodedKeySpec for the private key.
The certificate factory just takes in a ByteArrayInputStream.

Full example for parsing a certificate:

import java.io.ByteArrayInputStream
import java.security.cert.{ CertificateFactory, X509Certificate }
import java.util.Base64
val certText: String = "-----BEGIN CERTIFICATE-----\nMIIDHDCCAgSgAwIBAgIIW <...> IeilJ1C7Xtj+hKJEsk=-----END CERTIFICATE-----\n"
val factory: CertificateFactory = CertificateFactory.getInstance("X.509")
val strippedCertText: String = certText
.stripMargin
.replace("\n", "")
.replace("-----BEGIN CERTIFICATE-----", "")
.replace("-----END CERTIFICATE-----", "")
val certBytes: Array[Byte] = Base64.getDecoder.decode(strippedCertText)
val certByteArrayInputStream: ByteArrayInputStream = new ByteArrayInputStream(certBytes)
val x509Cert: X509Certificate = factory.generateCertificate(certByteArrayInputStream).asInstanceOf[X509Certificate]
Export as PDF
Copy link
On this page
Create a factory what you're trying to decode.
Strip unnecessary characters. Remove new lines and header/footer tags.
Decode base-64
Generate certificate/key
Full example for parsing a certificate: