Package org.forgerock.json.jose.utils

Class DerUtils

  • public final class DerUtils
extends Object
    Utility methods for reading and writing DER-encoded values. This is just the absolute minimum needed to decode and encode ECDSA signatures to ES256 format.

    • Field Detail

      • INTEGER_TAG

        public static final byte INTEGER_TAG
        DER tag for integer values.
        See Also:
        Constant Field Values

      • SEQUENCE_TAG

        public static final byte SEQUENCE_TAG
        DER tag for sequence values.
        See Also:
        Constant Field Values

    • Method Detail

      • readUnsignedInteger

        public static void readUnsignedInteger​(ByteBuffer input,
                                       byte[] output,
                                       int offset,
                                       int length)
        Reads an unsigned integer value into the given byte array. The output will be in big-endian format and aligned to take up exactly length bytes (leaving untouched any unused leading bytes).
        Parameters:
        input - the input DER-encoded byte buffer.
        output - the output byte array.
        offset - the offset into the byte array to start writing the integer value.
        length - the maximum length of the byte value (excluding any leading sign byte).
        Throws:
        BufferOverflowException - if the integer does not fit in the given output buffer slice.

      • writeInteger

        public static void writeInteger​(ByteBuffer buffer,
                                byte[] data)
        Writes an integer value in DER format to the given buffer.
        Parameters:
        buffer - the buffer to write the value to
        data - the integer value (in big-endian format) to write

      • readLength

        public static int readLength​(ByteBuffer buffer)
        Reads a DER-encoded length field from the given byte buffer.
        Parameters:
        buffer - the buffer to read a length field from.
        Returns:
        the length field.

      • writeLength

        public static void writeLength​(ByteBuffer output,
                               int length)
        Writes a length field to the output. If the length is 127 or less, the byte is the length. If the length is 128 or greater, the first byte is a combination of 0x80 to indicate the length is defined and the number of bytes to specify that length. See DER specification for more information.
        Parameters:
        output - the output buffer.
        length - the length to write.

      • decodeEcdsaSignature

        public static byte[] decodeEcdsaSignature​(byte[] signature,
                                          int signatureSize)
        Minimal DER decoder for the format returned by the SunEC signature provider.
        Parameters:
        signature - DER signature
        signatureSize - size
        Returns:
        decoded signature

      • encodeEcdsaSignature

        public static byte[] encodeEcdsaSignature​(byte[] signature)
        Minimal DER encoder for the format expected by the SunEC signature provider.
        Parameters:
        signature - raw signature
        Returns:
        DER encoded signature