| /* |
| * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package sun.security.util; |
| |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.util.ArrayList; |
| import java.util.Arrays; |
| |
| /** |
| * A package private utility class to convert indefinite length BER |
| * encoded byte arrays to definite length DER encoded byte arrays. |
| * <p> |
| * Note: This class only substitute indefinite length octets to definite |
| * length octets. It does not update the contents even if they are not DER. |
| * <p> |
| * This assumes that the basic data structure is "tag, length, value" |
| * triplet. In the case where the length is "indefinite", terminating |
| * end-of-contents bytes are expected. |
| * |
| * @author Hemma Prafullchandra |
| */ |
| class DerIndefLenConverter { |
| |
| private static final int LEN_LONG = 0x80; // bit 8 set |
| private static final int LEN_MASK = 0x7f; // bits 7 - 1 |
| |
| private byte[] data, newData; |
| private int newDataPos, dataPos, dataSize, index; |
| private int unresolved = 0; |
| |
| // A list to store each indefinite length occurrence. Whenever an indef |
| // length is seen, the position after the 0x80 byte is appended to the |
| // list as an integer. Whenever its matching EOC is seen, we know the |
| // actual length and the position value is substituted with a calculated |
| // length octets. At the end, the new DER encoding is a concatenation of |
| // all existing tags, existing definite length octets, existing contents, |
| // and the newly created definte length octets in this list. |
| private ArrayList<Object> ndefsList = new ArrayList<Object>(); |
| |
| // Length of extra bytes needed to convert indefinite encoding to definite. |
| // For each resolved indefinite length encoding, the starting 0x80 byte |
| // and the ending 00 00 bytes will be removed and a new definite length |
| // octets will be added. This value might be positive or negative. |
| private int numOfTotalLenBytes = 0; |
| |
| private static boolean isEOC(byte[] data, int pos) { |
| return data[pos] == 0 && data[pos + 1] == 0; |
| } |
| |
| // if bit 8 is set then it implies either indefinite length or long form |
| static boolean isLongForm(int lengthByte) { |
| return ((lengthByte & LEN_LONG) == LEN_LONG); |
| } |
| |
| /* |
| * Default package private constructor |
| */ |
| DerIndefLenConverter() { } |
| |
| /** |
| * Checks whether the given length byte is of the form |
| * <em>Indefinite</em>. |
| * |
| * @param lengthByte the length byte from a DER encoded |
| * object. |
| * @return true if the byte is of Indefinite form otherwise |
| * returns false. |
| */ |
| static boolean isIndefinite(int lengthByte) { |
| return (isLongForm(lengthByte) && ((lengthByte & LEN_MASK) == 0)); |
| } |
| |
| /** |
| * Consumes the tag at {@code dataPos}. |
| * <p> |
| * If it is EOC then replace the matching start position (i.e. the previous |
| * {@code dataPos} where an indefinite length was found by #parseLength) |
| * in {@code ndefsList} with a length octets for this section. |
| */ |
| private void parseTag() throws IOException { |
| if (isEOC(data, dataPos)) { |
| int numOfEncapsulatedLenBytes = 0; |
| Object elem = null; |
| int index; |
| for (index = ndefsList.size()-1; index >= 0; index--) { |
| // Determine the first element in the vector that does not |
| // have a matching EOC |
| elem = ndefsList.get(index); |
| if (elem instanceof Integer) { |
| break; |
| } else { |
| // For each existing converted part, 3 bytes (80 at the |
| // beginning and 00 00 at the end) are removed and a |
| // new length octets is added. |
| numOfEncapsulatedLenBytes += ((byte[])elem).length - 3; |
| } |
| } |
| if (index < 0) { |
| throw new IOException("EOC does not have matching " + |
| "indefinite-length tag"); |
| } |
| int sectionLen = dataPos - ((Integer)elem).intValue() + |
| numOfEncapsulatedLenBytes; |
| byte[] sectionLenBytes = getLengthBytes(sectionLen); |
| ndefsList.set(index, sectionLenBytes); |
| assert unresolved > 0; |
| unresolved--; |
| |
| // Add the number of bytes required to represent this section |
| // to the total number of length bytes, |
| // and subtract the indefinite-length tag (1 byte) and |
| // EOC bytes (2 bytes) for this section |
| numOfTotalLenBytes += (sectionLenBytes.length - 3); |
| } |
| dataPos++; |
| } |
| |
| /** |
| * Write the tag and if it is an end-of-contents tag |
| * then skip the tag and its 1 byte length of zero. |
| */ |
| private void writeTag() { |
| if (dataPos == dataSize) { |
| return; |
| } |
| assert dataPos + 1 < dataSize; |
| if (isEOC(data, dataPos)) { |
| dataPos += 2; // skip tag and length |
| writeTag(); |
| } else { |
| newData[newDataPos++] = data[dataPos++]; |
| } |
| } |
| |
| /** |
| * Parse the length octets started at {@code dataPos}. After this method |
| * is called, {@code dataPos} is placed after the length octets except |
| * -1 is returned. |
| * |
| * @return a) the length of definite length data next |
| * b) -1, if it is a definite length data next but the length |
| * octets is not complete to determine the actual length |
| * c) 0, if it is an indefinite length. Also, append the current |
| * position to the {@code ndefsList} vector. |
| * @throws IOException if invalid data is read |
| */ |
| private int parseLength() throws IOException { |
| if (dataPos == dataSize) { |
| return 0; |
| } |
| int lenByte = data[dataPos++] & 0xff; |
| if (isIndefinite(lenByte)) { |
| ndefsList.add(dataPos); |
| unresolved++; |
| return 0; |
| } |
| int curLen = 0; |
| if (isLongForm(lenByte)) { |
| lenByte &= LEN_MASK; |
| if (lenByte > 4) { |
| throw new IOException("Too much data"); |
| } |
| if ((dataSize - dataPos) < (lenByte + 1)) { |
| return -1; |
| } |
| for (int i = 0; i < lenByte; i++) { |
| curLen = (curLen << 8) + (data[dataPos++] & 0xff); |
| } |
| if (curLen < 0) { |
| throw new IOException("Invalid length bytes"); |
| } |
| } else { |
| curLen = (lenByte & LEN_MASK); |
| } |
| return curLen; |
| } |
| |
| /** |
| * Write the length and value. |
| * <p> |
| * If it was definite length, just re-write the length and copy the value. |
| * If it was an indefinite length, copy the precalculated definite octets |
| * from {@code ndefsList}. There is no values here because they will be |
| * sub-encodings of a constructed encoding. |
| */ |
| private void writeLengthAndValue() throws IOException { |
| if (dataPos == dataSize) { |
| return; |
| } |
| int curLen = 0; |
| int lenByte = data[dataPos++] & 0xff; |
| if (isIndefinite(lenByte)) { |
| byte[] lenBytes = (byte[])ndefsList.get(index++); |
| System.arraycopy(lenBytes, 0, newData, newDataPos, |
| lenBytes.length); |
| newDataPos += lenBytes.length; |
| } else { |
| if (isLongForm(lenByte)) { |
| lenByte &= LEN_MASK; |
| for (int i = 0; i < lenByte; i++) { |
| curLen = (curLen << 8) + (data[dataPos++] & 0xff); |
| } |
| if (curLen < 0) { |
| throw new IOException("Invalid length bytes"); |
| } |
| } else { |
| curLen = (lenByte & LEN_MASK); |
| } |
| writeLength(curLen); |
| writeValue(curLen); |
| } |
| } |
| |
| private void writeLength(int curLen) { |
| if (curLen < 128) { |
| newData[newDataPos++] = (byte)curLen; |
| |
| } else if (curLen < (1 << 8)) { |
| newData[newDataPos++] = (byte)0x81; |
| newData[newDataPos++] = (byte)curLen; |
| |
| } else if (curLen < (1 << 16)) { |
| newData[newDataPos++] = (byte)0x82; |
| newData[newDataPos++] = (byte)(curLen >> 8); |
| newData[newDataPos++] = (byte)curLen; |
| |
| } else if (curLen < (1 << 24)) { |
| newData[newDataPos++] = (byte)0x83; |
| newData[newDataPos++] = (byte)(curLen >> 16); |
| newData[newDataPos++] = (byte)(curLen >> 8); |
| newData[newDataPos++] = (byte)curLen; |
| |
| } else { |
| newData[newDataPos++] = (byte)0x84; |
| newData[newDataPos++] = (byte)(curLen >> 24); |
| newData[newDataPos++] = (byte)(curLen >> 16); |
| newData[newDataPos++] = (byte)(curLen >> 8); |
| newData[newDataPos++] = (byte)curLen; |
| } |
| } |
| |
| private byte[] getLengthBytes(int curLen) { |
| byte[] lenBytes; |
| int index = 0; |
| |
| if (curLen < 128) { |
| lenBytes = new byte[1]; |
| lenBytes[index++] = (byte)curLen; |
| |
| } else if (curLen < (1 << 8)) { |
| lenBytes = new byte[2]; |
| lenBytes[index++] = (byte)0x81; |
| lenBytes[index++] = (byte)curLen; |
| |
| } else if (curLen < (1 << 16)) { |
| lenBytes = new byte[3]; |
| lenBytes[index++] = (byte)0x82; |
| lenBytes[index++] = (byte)(curLen >> 8); |
| lenBytes[index++] = (byte)curLen; |
| |
| } else if (curLen < (1 << 24)) { |
| lenBytes = new byte[4]; |
| lenBytes[index++] = (byte)0x83; |
| lenBytes[index++] = (byte)(curLen >> 16); |
| lenBytes[index++] = (byte)(curLen >> 8); |
| lenBytes[index++] = (byte)curLen; |
| |
| } else { |
| lenBytes = new byte[5]; |
| lenBytes[index++] = (byte)0x84; |
| lenBytes[index++] = (byte)(curLen >> 24); |
| lenBytes[index++] = (byte)(curLen >> 16); |
| lenBytes[index++] = (byte)(curLen >> 8); |
| lenBytes[index++] = (byte)curLen; |
| } |
| |
| return lenBytes; |
| } |
| |
| // Returns the number of bytes needed to represent the given length |
| // in ASN.1 notation |
| private int getNumOfLenBytes(int len) { |
| int numOfLenBytes = 0; |
| |
| if (len < 128) { |
| numOfLenBytes = 1; |
| } else if (len < (1 << 8)) { |
| numOfLenBytes = 2; |
| } else if (len < (1 << 16)) { |
| numOfLenBytes = 3; |
| } else if (len < (1 << 24)) { |
| numOfLenBytes = 4; |
| } else { |
| numOfLenBytes = 5; |
| } |
| return numOfLenBytes; |
| } |
| |
| /** |
| * Write the value; |
| */ |
| private void writeValue(int curLen) { |
| System.arraycopy(data, dataPos, newData, newDataPos, curLen); |
| dataPos += curLen; |
| newDataPos += curLen; |
| } |
| |
| /** |
| * Converts a indefinite length DER encoded byte array to |
| * a definte length DER encoding. |
| * |
| * @param indefData the byte array holding the indefinite |
| * length encoding. |
| * @return the byte array containing the definite length |
| * DER encoding, or null if there is not enough data. |
| * @exception IOException on parsing or re-writing errors. |
| */ |
| byte[] convertBytes(byte[] indefData) throws IOException { |
| data = indefData; |
| dataPos = 0; |
| dataSize = data.length; |
| |
| // parse and set up the vectors of all the indefinite-lengths |
| while (dataPos < dataSize) { |
| if (dataPos + 2 > dataSize) { |
| // There should be at least one tag and one length |
| return null; |
| } |
| parseTag(); |
| int len = parseLength(); |
| if (len < 0) { |
| return null; |
| } |
| dataPos += len; |
| if (dataPos < 0) { |
| // overflow |
| throw new IOException("Data overflow"); |
| } |
| if (unresolved == 0) { |
| assert !ndefsList.isEmpty() && ndefsList.get(0) instanceof byte[]; |
| break; |
| } |
| } |
| |
| if (unresolved != 0) { |
| return null; |
| } |
| |
| int unused = dataSize - dataPos; |
| assert unused >= 0; |
| dataSize = dataPos; |
| |
| newData = new byte[dataSize + numOfTotalLenBytes + unused]; |
| dataPos = 0; newDataPos = 0; index = 0; |
| |
| // write out the new byte array replacing all the indefinite-lengths |
| // and EOCs |
| while (dataPos < dataSize) { |
| writeTag(); |
| writeLengthAndValue(); |
| } |
| System.arraycopy(indefData, dataSize, |
| newData, dataSize + numOfTotalLenBytes, unused); |
| |
| return newData; |
| } |
| |
| /** |
| * Read the input stream into a DER byte array. If an indef len BER is |
| * not resolved this method will try to read more data until EOF is reached. |
| * This may block. |
| * |
| * @param in the input stream with tag and lenByte already read |
| * @param lenByte the length of the length field to remember |
| * @param tag the tag to remember |
| * @return a DER byte array |
| * @throws IOException if not all indef len BER |
| * can be resolved or another I/O error happens |
| */ |
| public static byte[] convertStream(InputStream in, byte lenByte, byte tag) |
| throws IOException { |
| int offset = 2; // for tag and length bytes |
| int readLen = in.available(); |
| byte[] indefData = new byte[readLen + offset]; |
| indefData[0] = tag; |
| indefData[1] = lenByte; |
| while (true) { |
| int bytesRead = in.readNBytes(indefData, offset, readLen); |
| if (bytesRead != readLen) { |
| readLen = bytesRead; |
| indefData = Arrays.copyOf(indefData, offset + bytesRead); |
| } |
| DerIndefLenConverter derIn = new DerIndefLenConverter(); |
| byte[] result = derIn.convertBytes(indefData); |
| if (result == null) { |
| int next = in.read(); // This could block, but we need more |
| if (next == -1) { |
| throw new IOException("not enough data to resolve indef len BER"); |
| } |
| int more = in.available(); |
| // expand array to include next and more |
| indefData = Arrays.copyOf(indefData, offset + readLen + 1 + more); |
| indefData[offset + readLen] = (byte)next; |
| offset = offset + readLen + 1; |
| readLen = more; |
| } else { |
| return result; |
| } |
| } |
| } |
| } |