com.google.api.client.json.webtoken.DerEncoder Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of google-http-client Show documentation

Google HTTP Client Library for Java. Functionality that works on all supported Java platforms, including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.

There is a newer version: 1.45.1

Show newest version

/*
 * Copyright 2020 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.google.api.client.json.webtoken;

import com.google.api.client.util.Preconditions;
import java.math.BigInteger;
import java.util.Arrays;

/**
 * Utilities for re-encoding a signature byte array with DER encoding.
 *
 * Note: that this is not a general purpose encoder and currently only handles 512 bit
 * signatures. ES256 verification algorithms expect the signature bytes in DER encoding.
 */
public class DerEncoder {
  private static byte DER_TAG_SIGNATURE_OBJECT = 0x30;
  private static byte DER_TAG_ASN1_INTEGER = 0x02;

  static byte[] encode(byte[] signature) {
    // expect the signature to be 64 bytes long
    Preconditions.checkState(signature.length == 64);

    byte[] int1 = new BigInteger(1, Arrays.copyOfRange(signature, 0, 32)).toByteArray();
    byte[] int2 = new BigInteger(1, Arrays.copyOfRange(signature, 32, 64)).toByteArray();
    byte[] der = new byte[6 + int1.length + int2.length];

    // Mark that this is a signature object
    der[0] = DER_TAG_SIGNATURE_OBJECT;
    der[1] = (byte) (der.length - 2);

    // Start ASN1 integer and write the first 32 bits
    der[2] = DER_TAG_ASN1_INTEGER;
    der[3] = (byte) int1.length;
    System.arraycopy(int1, 0, der, 4, int1.length);

    // Start ASN1 integer and write the second 32 bits
    int offset = int1.length + 4;
    der[offset] = DER_TAG_ASN1_INTEGER;
    der[offset + 1] = (byte) int2.length;
    System.arraycopy(int2, 0, der, offset + 2, int2.length);

    return der;
  }
}