Module org.apache.santuario.xmlsec
Package org.apache.xml.security.utils

Class DERDecoderUtils

  • public class DERDecoderUtils
extends Object
    Provides the means to navigate through a DER-encoded byte array, to help in decoding the contents.

    It maintains a "current position" in the array that advances with each operation, providing a simple means to handle the type-length-value encoding of DER. For example 

       decoder.expect(TYPE);
   int length = decoder.getLength();
   byte[] value = decoder.getBytes(len);

    • Field Detail

      • TYPE_BIT_STRING

        public static final byte TYPE_BIT_STRING
        DER type identifier for a bit string value
        See Also:
        Constant Field Values

      • TYPE_OCTET_STRING

        public static final byte TYPE_OCTET_STRING
        DER type identifier for a octet string value
        See Also:
        Constant Field Values

      • TYPE_SEQUENCE

        public static final byte TYPE_SEQUENCE
        DER type identifier for a sequence value
        See Also:
        Constant Field Values

      • TYPE_OBJECT_IDENTIFIER

        public static final byte TYPE_OBJECT_IDENTIFIER
        DER type identifier for ASN.1 "OBJECT IDENTIFIER" value.
        See Also:
        Constant Field Values

    • Constructor Detail

      • DERDecoderUtils

        public DERDecoderUtils()

    • Method Detail

      • getAlgorithmIdBytes

        public static byte[] getAlgorithmIdBytes​(InputStream derEncodedIS)
                                  throws DERDecodingException,
                                         IOException
        Simple method parses an ASN.1 encoded byte array. The encoding uses "DER", a BER/1 subset, that means a triple { typeId, length, data }. with the following structure: 

          PublicKeyInfo ::= SEQUENCE {
      algorithm   AlgorithmIdentifier,
      PublicKey   BIT STRING
  }

        Where AlgorithmIdentifier is formatted as: 

          AlgorithmIdentifier ::= SEQUENCE {
      algorithm   OBJECT IDENTIFIER,
      parameters  ANY DEFINED BY algorithm OPTIONAL
  }
        Parameters:
        derEncodedIS - the DER-encoded input stream to decode.
        Throws:
        DERDecodingException - in case of decoding error or if given InputStream is null or empty.
        IOException - if an I/O error occurs.

      • readObjectIdentifier

        public static byte[] readObjectIdentifier​(InputStream derEncodedIS)
                                   throws DERDecodingException
        Read the next object identifier from the given DER-encoded input stream.

        Parameters:
        derEncodedIS - the DER-encoded input stream to decode.
        Returns:
        the object identifier as a byte array.
        Throws:
        DERDecodingException - if parse error occurs.

      • getAlgorithmIdFromPublicKey

        public static String getAlgorithmIdFromPublicKey​(PublicKey publicKey)
                                          throws DERDecodingException
        The method extracts the algorithm OID from the public key and returns it as "dot encoded" OID string.
        Parameters:
        publicKey - the public key for which method returns algorithm ID.
        Returns:
        String representing the algorithm ID.
        Throws:
        DERDecodingException - if the algorithm ID cannot be determined.

      • readLength

        public static int readLength​(InputStream derEncodedIs)
                      throws DERDecodingException,
                             IOException
        Get the DER length at the current position.

        DER length is encoded as

        • If the first byte is 0x00 to 0x7F, it describes the actual length.
        • If the first byte is 0x80 + n with 0The length value 0x80, used only in constructed types, is defined as "indefinite length".
        Returns:
        the length, -1 for indefinite length.
        Throws:
        DERDecodingException - if the current position is at the end of the array or there is an incomplete length specification.
        IOException - if an I/O error occurs.

      • decodeOID

        public static String decodeOID​(byte[] oidBytes)
        The first two nodes of the OID are encoded onto a single byte. The first node is multiplied by the decimal 40 and the result is added to the value of the second node. Node values less than or equal to 127 are encoded in one byte. Node values greater than or equal to 128 are encoded on multiple bytes. Bit 7 of the leftmost byte is set to one. Bits 0 through 6 of each byte contains the encoded value.
        Parameters:
        oidBytes - the byte array containing the OID
        Returns:
        the decoded OID as a string