• Home
• com.gu
• pan-domain-auth-verification_2.11
• 0.3.0
• source code
• Crypto.scala

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.gu.pandomainauth.service.Crypto.scala Maven / Gradle / Ivy

package com.gu.pandomainauth.service

import java.security.spec.{PKCS8EncodedKeySpec, X509EncodedKeySpec}
import java.security.{KeyFactory, Security, Signature}

import com.gu.pandomainauth.{PrivateKey, PublicKey}
import org.apache.commons.codec.binary.Base64._
import org.bouncycastle.jce.provider.BouncyCastleProvider


object Crypto {
  /**
   * You can generate a das key pair as follows:
   *
   * openssl genrsa -out private_key.pem 4096
   * openssl rsa -pubout -in private_key.pem -out public_key.pem
   *
   * Note: you only need to pass the key ie the blob of base64 between the start and end markers in the pem file.
   */

  Security.addProvider(new BouncyCastleProvider())

  val signatureAlgorithm: String = "SHA256withRSA"
  val keyFactory = KeyFactory.getInstance("RSA")

  def signData(data: Array[Byte], prvKey: PrivateKey): Array[Byte] = {
    val rsa = Signature.getInstance(signatureAlgorithm, "BC")
    val privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(decodeBase64(prvKey.key)))
    rsa.initSign(privateKey)

    rsa.update(data)
    rsa.sign()
  }

  def verifySignature(data: Array[Byte], signature: Array[Byte], pubKey: PublicKey) : Boolean = {
    val rsa = Signature.getInstance(signatureAlgorithm, "BC")
    val publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(decodeBase64(pubKey.key)))
    rsa.initVerify(publicKey)

    rsa.update(data)
    rsa.verify(signature)
  }
}