Package org.forgerock.json.jose.utils

Class DerUtils

java.lang.Object

org.forgerock.json.jose.utils.DerUtils

public final class DerUtils
extends Object

Utility methods for reading and writing DER-encoded values. This is just the absolute minimum needed to decode and encode ECDSA signatures to ES256 format.

Field Summary

Fields

Modifier and Type	Field	Description
static final byte	INTEGER_TAG	DER tag for integer values.
static final byte	SEQUENCE_TAG	DER tag for sequence values.

Method Summary

Modifier and Type	Method	Description
static byte[]	decodeEcdsaSignature(byte[] signature, int signatureSize)	Minimal DER decoder for the format returned by the SunEC signature provider.
static byte[]	encodeEcdsaSignature(byte[] signature)	Minimal DER encoder for the format expected by the SunEC signature provider.
static int	readLength(ByteBuffer buffer)	Reads a DER-encoded length field from the given byte buffer.
static void	readUnsignedInteger(ByteBuffer input, byte[] output, int offset, int length)	Reads an unsigned integer value into the given byte array.
static void	writeInteger(ByteBuffer buffer, byte[] data)	Writes an integer value in DER format to the given buffer.
static void	writeLength(ByteBuffer output, int length)	Writes a length field to the output.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

INTEGER_TAG

public static final byte INTEGER_TAG

DER tag for integer values.

See Also:

• Constant Field Values

SEQUENCE_TAG

public static final byte SEQUENCE_TAG

DER tag for sequence values.

See Also:

• Constant Field Values

Method Details

readUnsignedInteger

public static void readUnsignedInteger(ByteBuffer input,
 byte[] output,
 int offset,
 int length)

Reads an unsigned integer value into the given byte array. The output will be in big-endian format and aligned to take up exactly length bytes (leaving untouched any unused leading bytes).

Parameters:

input - the input DER-encoded byte buffer.

output - the output byte array.

offset - the offset into the byte array to start writing the integer value.

length - the maximum length of the byte value (excluding any leading sign byte).

Throws:

BufferOverflowException - if the integer does not fit in the given output buffer slice.

writeInteger

public static void writeInteger(ByteBuffer buffer,
 byte[] data)

Writes an integer value in DER format to the given buffer.

Parameters:

buffer - the buffer to write the value to

data - the integer value (in big-endian format) to write

readLength

public static int readLength(ByteBuffer buffer)

Reads a DER-encoded length field from the given byte buffer.

Parameters:

buffer - the buffer to read a length field from.

Returns:

the length field.

writeLength

public static void writeLength(ByteBuffer output,
 int length)

Writes a length field to the output. If the length is 127 or less, the byte is the length. If the length is 128 or greater, the first byte is a combination of 0x80 to indicate the length is defined and the number of bytes to specify that length. See DER specification for more information.

Parameters:

output - the output buffer.

length - the length to write.

decodeEcdsaSignature

public static byte[] decodeEcdsaSignature(byte[] signature,
 int signatureSize)

Minimal DER decoder for the format returned by the SunEC signature provider.

Parameters:

signature - DER signature

signatureSize - size

Returns:

decoded signature

encodeEcdsaSignature

public static byte[] encodeEcdsaSignature(byte[] signature)

Minimal DER encoder for the format expected by the SunEC signature provider.

Parameters:

signature - raw signature

Returns:

DER encoded signature