1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.apksig.internal.asn1; 18 19 import com.android.apksig.internal.asn1.ber.BerEncoding; 20 21 import java.io.ByteArrayOutputStream; 22 import java.lang.reflect.Field; 23 import java.lang.reflect.Modifier; 24 import java.math.BigInteger; 25 import java.nio.ByteBuffer; 26 import java.util.ArrayList; 27 import java.util.Collection; 28 import java.util.Collections; 29 import java.util.Comparator; 30 import java.util.List; 31 32 /** 33 * Encoder of ASN.1 structures into DER-encoded form. 34 * 35 * <p>Structure is described to the encoder by providing a class annotated with {@link Asn1Class}, 36 * containing fields annotated with {@link Asn1Field}. 37 */ 38 public final class Asn1DerEncoder { Asn1DerEncoder()39 private Asn1DerEncoder() {} 40 41 /** 42 * Returns the DER-encoded form of the provided ASN.1 structure. 43 * 44 * @param container container to be encoded. The container's class must meet the following 45 * requirements: 46 * <ul> 47 * <li>The class must be annotated with {@link Asn1Class}.</li> 48 * <li>Member fields of the class which are to be encoded must be annotated with 49 * {@link Asn1Field} and be public.</li> 50 * </ul> 51 * 52 * @throws Asn1EncodingException if the input could not be encoded 53 */ encode(Object container)54 public static byte[] encode(Object container) throws Asn1EncodingException { 55 Class<?> containerClass = container.getClass(); 56 Asn1Class containerAnnotation = containerClass.getDeclaredAnnotation(Asn1Class.class); 57 if (containerAnnotation == null) { 58 throw new Asn1EncodingException( 59 containerClass.getName() + " not annotated with " + Asn1Class.class.getName()); 60 } 61 62 Asn1Type containerType = containerAnnotation.type(); 63 switch (containerType) { 64 case CHOICE: 65 return toChoice(container); 66 case SEQUENCE: 67 return toSequence(container); 68 case UNENCODED_CONTAINER: 69 return toSequence(container, true); 70 default: 71 throw new Asn1EncodingException("Unsupported container type: " + containerType); 72 } 73 } 74 toChoice(Object container)75 private static byte[] toChoice(Object container) throws Asn1EncodingException { 76 Class<?> containerClass = container.getClass(); 77 List<AnnotatedField> fields = getAnnotatedFields(container); 78 if (fields.isEmpty()) { 79 throw new Asn1EncodingException( 80 "No fields annotated with " + Asn1Field.class.getName() 81 + " in CHOICE class " + containerClass.getName()); 82 } 83 84 AnnotatedField resultField = null; 85 for (AnnotatedField field : fields) { 86 Object fieldValue = getMemberFieldValue(container, field.getField()); 87 if (fieldValue != null) { 88 if (resultField != null) { 89 throw new Asn1EncodingException( 90 "Multiple non-null fields in CHOICE class " + containerClass.getName() 91 + ": " + resultField.getField().getName() 92 + ", " + field.getField().getName()); 93 } 94 resultField = field; 95 } 96 } 97 98 if (resultField == null) { 99 throw new Asn1EncodingException( 100 "No non-null fields in CHOICE class " + containerClass.getName()); 101 } 102 103 return resultField.toDer(); 104 } 105 toSequence(Object container)106 private static byte[] toSequence(Object container) throws Asn1EncodingException { 107 return toSequence(container, false); 108 } 109 toSequence(Object container, boolean omitTag)110 private static byte[] toSequence(Object container, boolean omitTag) 111 throws Asn1EncodingException { 112 Class<?> containerClass = container.getClass(); 113 List<AnnotatedField> fields = getAnnotatedFields(container); 114 Collections.sort( 115 fields, (f1, f2) -> f1.getAnnotation().index() - f2.getAnnotation().index()); 116 if (fields.size() > 1) { 117 AnnotatedField lastField = null; 118 for (AnnotatedField field : fields) { 119 if ((lastField != null) 120 && (lastField.getAnnotation().index() == field.getAnnotation().index())) { 121 throw new Asn1EncodingException( 122 "Fields have the same index: " + containerClass.getName() 123 + "." + lastField.getField().getName() 124 + " and ." + field.getField().getName()); 125 } 126 lastField = field; 127 } 128 } 129 130 List<byte[]> serializedFields = new ArrayList<>(fields.size()); 131 int contentLen = 0; 132 for (AnnotatedField field : fields) { 133 byte[] serializedField; 134 try { 135 serializedField = field.toDer(); 136 } catch (Asn1EncodingException e) { 137 throw new Asn1EncodingException( 138 "Failed to encode " + containerClass.getName() 139 + "." + field.getField().getName(), 140 e); 141 } 142 if (serializedField != null) { 143 serializedFields.add(serializedField); 144 contentLen += serializedField.length; 145 } 146 } 147 148 if (omitTag) { 149 byte[] unencodedResult = new byte[contentLen]; 150 int index = 0; 151 for (byte[] serializedField : serializedFields) { 152 System.arraycopy(serializedField, 0, unencodedResult, index, serializedField.length); 153 index += serializedField.length; 154 } 155 return unencodedResult; 156 } else { 157 return createTag( 158 BerEncoding.TAG_CLASS_UNIVERSAL, true, BerEncoding.TAG_NUMBER_SEQUENCE, 159 serializedFields.toArray(new byte[0][])); 160 } 161 } 162 toSetOf(Collection<?> values, Asn1Type elementType)163 private static byte[] toSetOf(Collection<?> values, Asn1Type elementType) throws Asn1EncodingException { 164 return toSequenceOrSetOf(values, elementType, true); 165 } 166 toSequenceOf(Collection<?> values, Asn1Type elementType)167 private static byte[] toSequenceOf(Collection<?> values, Asn1Type elementType) throws Asn1EncodingException { 168 return toSequenceOrSetOf(values, elementType, false); 169 } 170 toSequenceOrSetOf(Collection<?> values, Asn1Type elementType, boolean toSet)171 private static byte[] toSequenceOrSetOf(Collection<?> values, Asn1Type elementType, boolean toSet) 172 throws Asn1EncodingException { 173 List<byte[]> serializedValues = new ArrayList<>(values.size()); 174 for (Object value : values) { 175 serializedValues.add(JavaToDerConverter.toDer(value, elementType, null)); 176 } 177 int tagNumber; 178 if (toSet) { 179 if (serializedValues.size() > 1) { 180 Collections.sort(serializedValues, ByteArrayLexicographicComparator.INSTANCE); 181 } 182 tagNumber = BerEncoding.TAG_NUMBER_SET; 183 } else { 184 tagNumber = BerEncoding.TAG_NUMBER_SEQUENCE; 185 } 186 return createTag( 187 BerEncoding.TAG_CLASS_UNIVERSAL, true, tagNumber, 188 serializedValues.toArray(new byte[0][])); 189 } 190 191 /** 192 * Compares two bytes arrays based on their lexicographic order. Corresponding elements of the 193 * two arrays are compared in ascending order. Elements at out of range indices are assumed to 194 * be smaller than the smallest possible value for an element. 195 */ 196 private static class ByteArrayLexicographicComparator implements Comparator<byte[]> { 197 private static final ByteArrayLexicographicComparator INSTANCE = 198 new ByteArrayLexicographicComparator(); 199 200 @Override compare(byte[] arr1, byte[] arr2)201 public int compare(byte[] arr1, byte[] arr2) { 202 int commonLength = Math.min(arr1.length, arr2.length); 203 for (int i = 0; i < commonLength; i++) { 204 int diff = (arr1[i] & 0xff) - (arr2[i] & 0xff); 205 if (diff != 0) { 206 return diff; 207 } 208 } 209 return arr1.length - arr2.length; 210 } 211 } 212 getAnnotatedFields(Object container)213 private static List<AnnotatedField> getAnnotatedFields(Object container) 214 throws Asn1EncodingException { 215 Class<?> containerClass = container.getClass(); 216 Field[] declaredFields = containerClass.getDeclaredFields(); 217 List<AnnotatedField> result = new ArrayList<>(declaredFields.length); 218 for (Field field : declaredFields) { 219 Asn1Field annotation = field.getDeclaredAnnotation(Asn1Field.class); 220 if (annotation == null) { 221 continue; 222 } 223 if (Modifier.isStatic(field.getModifiers())) { 224 throw new Asn1EncodingException( 225 Asn1Field.class.getName() + " used on a static field: " 226 + containerClass.getName() + "." + field.getName()); 227 } 228 229 AnnotatedField annotatedField; 230 try { 231 annotatedField = new AnnotatedField(container, field, annotation); 232 } catch (Asn1EncodingException e) { 233 throw new Asn1EncodingException( 234 "Invalid ASN.1 annotation on " 235 + containerClass.getName() + "." + field.getName(), 236 e); 237 } 238 result.add(annotatedField); 239 } 240 return result; 241 } 242 toInteger(int value)243 private static byte[] toInteger(int value) { 244 return toInteger((long) value); 245 } 246 toInteger(long value)247 private static byte[] toInteger(long value) { 248 return toInteger(BigInteger.valueOf(value)); 249 } 250 toInteger(BigInteger value)251 private static byte[] toInteger(BigInteger value) { 252 return createTag( 253 BerEncoding.TAG_CLASS_UNIVERSAL, false, BerEncoding.TAG_NUMBER_INTEGER, 254 value.toByteArray()); 255 } 256 toBoolean(boolean value)257 private static byte[] toBoolean(boolean value) { 258 // A boolean should be encoded in a single byte with a value of 0 for false and any non-zero 259 // value for true. 260 byte[] result = new byte[1]; 261 if (value == false) { 262 result[0] = 0; 263 } else { 264 result[0] = 1; 265 } 266 return createTag(BerEncoding.TAG_CLASS_UNIVERSAL, false, BerEncoding.TAG_NUMBER_BOOLEAN, result); 267 } 268 toOid(String oid)269 private static byte[] toOid(String oid) throws Asn1EncodingException { 270 ByteArrayOutputStream encodedValue = new ByteArrayOutputStream(); 271 String[] nodes = oid.split("\\."); 272 if (nodes.length < 2) { 273 throw new Asn1EncodingException( 274 "OBJECT IDENTIFIER must contain at least two nodes: " + oid); 275 } 276 int firstNode; 277 try { 278 firstNode = Integer.parseInt(nodes[0]); 279 } catch (NumberFormatException e) { 280 throw new Asn1EncodingException("Node #1 not numeric: " + nodes[0]); 281 } 282 if ((firstNode > 6) || (firstNode < 0)) { 283 throw new Asn1EncodingException("Invalid value for node #1: " + firstNode); 284 } 285 286 int secondNode; 287 try { 288 secondNode = Integer.parseInt(nodes[1]); 289 } catch (NumberFormatException e) { 290 throw new Asn1EncodingException("Node #2 not numeric: " + nodes[1]); 291 } 292 if ((secondNode >= 40) || (secondNode < 0)) { 293 throw new Asn1EncodingException("Invalid value for node #2: " + secondNode); 294 } 295 int firstByte = firstNode * 40 + secondNode; 296 if (firstByte > 0xff) { 297 throw new Asn1EncodingException( 298 "First two nodes out of range: " + firstNode + "." + secondNode); 299 } 300 301 encodedValue.write(firstByte); 302 for (int i = 2; i < nodes.length; i++) { 303 String nodeString = nodes[i]; 304 int node; 305 try { 306 node = Integer.parseInt(nodeString); 307 } catch (NumberFormatException e) { 308 throw new Asn1EncodingException("Node #" + (i + 1) + " not numeric: " + nodeString); 309 } 310 if (node < 0) { 311 throw new Asn1EncodingException("Invalid value for node #" + (i + 1) + ": " + node); 312 } 313 if (node <= 0x7f) { 314 encodedValue.write(node); 315 continue; 316 } 317 if (node < 1 << 14) { 318 encodedValue.write(0x80 | (node >> 7)); 319 encodedValue.write(node & 0x7f); 320 continue; 321 } 322 if (node < 1 << 21) { 323 encodedValue.write(0x80 | (node >> 14)); 324 encodedValue.write(0x80 | ((node >> 7) & 0x7f)); 325 encodedValue.write(node & 0x7f); 326 continue; 327 } 328 throw new Asn1EncodingException("Node #" + (i + 1) + " too large: " + node); 329 } 330 331 return createTag( 332 BerEncoding.TAG_CLASS_UNIVERSAL, false, BerEncoding.TAG_NUMBER_OBJECT_IDENTIFIER, 333 encodedValue.toByteArray()); 334 } 335 getMemberFieldValue(Object obj, Field field)336 private static Object getMemberFieldValue(Object obj, Field field) 337 throws Asn1EncodingException { 338 try { 339 return field.get(obj); 340 } catch (ReflectiveOperationException e) { 341 throw new Asn1EncodingException( 342 "Failed to read " + obj.getClass().getName() + "." + field.getName(), e); 343 } 344 } 345 346 private static final class AnnotatedField { 347 private final Field mField; 348 private final Object mObject; 349 private final Asn1Field mAnnotation; 350 private final Asn1Type mDataType; 351 private final Asn1Type mElementDataType; 352 private final Asn1TagClass mTagClass; 353 private final int mDerTagClass; 354 private final int mDerTagNumber; 355 private final Asn1Tagging mTagging; 356 private final boolean mOptional; 357 AnnotatedField(Object obj, Field field, Asn1Field annotation)358 public AnnotatedField(Object obj, Field field, Asn1Field annotation) 359 throws Asn1EncodingException { 360 mObject = obj; 361 mField = field; 362 mAnnotation = annotation; 363 mDataType = annotation.type(); 364 mElementDataType = annotation.elementType(); 365 366 Asn1TagClass tagClass = annotation.cls(); 367 if (tagClass == Asn1TagClass.AUTOMATIC) { 368 if (annotation.tagNumber() != -1) { 369 tagClass = Asn1TagClass.CONTEXT_SPECIFIC; 370 } else { 371 tagClass = Asn1TagClass.UNIVERSAL; 372 } 373 } 374 mTagClass = tagClass; 375 mDerTagClass = BerEncoding.getTagClass(mTagClass); 376 377 int tagNumber; 378 if (annotation.tagNumber() != -1) { 379 tagNumber = annotation.tagNumber(); 380 } else if ((mDataType == Asn1Type.CHOICE) || (mDataType == Asn1Type.ANY)) { 381 tagNumber = -1; 382 } else { 383 tagNumber = BerEncoding.getTagNumber(mDataType); 384 } 385 mDerTagNumber = tagNumber; 386 387 mTagging = annotation.tagging(); 388 if (((mTagging == Asn1Tagging.EXPLICIT) || (mTagging == Asn1Tagging.IMPLICIT)) 389 && (annotation.tagNumber() == -1)) { 390 throw new Asn1EncodingException( 391 "Tag number must be specified when tagging mode is " + mTagging); 392 } 393 394 mOptional = annotation.optional(); 395 } 396 getField()397 public Field getField() { 398 return mField; 399 } 400 getAnnotation()401 public Asn1Field getAnnotation() { 402 return mAnnotation; 403 } 404 toDer()405 public byte[] toDer() throws Asn1EncodingException { 406 Object fieldValue = getMemberFieldValue(mObject, mField); 407 if (fieldValue == null) { 408 if (mOptional) { 409 return null; 410 } 411 throw new Asn1EncodingException("Required field not set"); 412 } 413 414 byte[] encoded = JavaToDerConverter.toDer(fieldValue, mDataType, mElementDataType); 415 switch (mTagging) { 416 case NORMAL: 417 return encoded; 418 case EXPLICIT: 419 return createTag(mDerTagClass, true, mDerTagNumber, encoded); 420 case IMPLICIT: 421 int originalTagNumber = BerEncoding.getTagNumber(encoded[0]); 422 if (originalTagNumber == 0x1f) { 423 throw new Asn1EncodingException("High-tag-number form not supported"); 424 } 425 if (mDerTagNumber >= 0x1f) { 426 throw new Asn1EncodingException( 427 "Unsupported high tag number: " + mDerTagNumber); 428 } 429 encoded[0] = BerEncoding.setTagNumber(encoded[0], mDerTagNumber); 430 encoded[0] = BerEncoding.setTagClass(encoded[0], mDerTagClass); 431 return encoded; 432 default: 433 throw new RuntimeException("Unknown tagging mode: " + mTagging); 434 } 435 } 436 } 437 createTag( int tagClass, boolean constructed, int tagNumber, byte[]... contents)438 private static byte[] createTag( 439 int tagClass, boolean constructed, int tagNumber, byte[]... contents) { 440 if (tagNumber >= 0x1f) { 441 throw new IllegalArgumentException("High tag numbers not supported: " + tagNumber); 442 } 443 // tag class & number fit into the first byte 444 byte firstIdentifierByte = 445 (byte) ((tagClass << 6) | (constructed ? 1 << 5 : 0) | tagNumber); 446 447 int contentsLength = 0; 448 for (byte[] c : contents) { 449 contentsLength += c.length; 450 } 451 int contentsPosInResult; 452 byte[] result; 453 if (contentsLength < 0x80) { 454 // Length fits into one byte 455 contentsPosInResult = 2; 456 result = new byte[contentsPosInResult + contentsLength]; 457 result[0] = firstIdentifierByte; 458 result[1] = (byte) contentsLength; 459 } else { 460 // Length is represented as multiple bytes 461 // The low 7 bits of the first byte represent the number of length bytes (following the 462 // first byte) in which the length is in big-endian base-256 form 463 if (contentsLength <= 0xff) { 464 contentsPosInResult = 3; 465 result = new byte[contentsPosInResult + contentsLength]; 466 result[1] = (byte) 0x81; // 1 length byte 467 result[2] = (byte) contentsLength; 468 } else if (contentsLength <= 0xffff) { 469 contentsPosInResult = 4; 470 result = new byte[contentsPosInResult + contentsLength]; 471 result[1] = (byte) 0x82; // 2 length bytes 472 result[2] = (byte) (contentsLength >> 8); 473 result[3] = (byte) (contentsLength & 0xff); 474 } else if (contentsLength <= 0xffffff) { 475 contentsPosInResult = 5; 476 result = new byte[contentsPosInResult + contentsLength]; 477 result[1] = (byte) 0x83; // 3 length bytes 478 result[2] = (byte) (contentsLength >> 16); 479 result[3] = (byte) ((contentsLength >> 8) & 0xff); 480 result[4] = (byte) (contentsLength & 0xff); 481 } else { 482 contentsPosInResult = 6; 483 result = new byte[contentsPosInResult + contentsLength]; 484 result[1] = (byte) 0x84; // 4 length bytes 485 result[2] = (byte) (contentsLength >> 24); 486 result[3] = (byte) ((contentsLength >> 16) & 0xff); 487 result[4] = (byte) ((contentsLength >> 8) & 0xff); 488 result[5] = (byte) (contentsLength & 0xff); 489 } 490 result[0] = firstIdentifierByte; 491 } 492 for (byte[] c : contents) { 493 System.arraycopy(c, 0, result, contentsPosInResult, c.length); 494 contentsPosInResult += c.length; 495 } 496 return result; 497 } 498 499 private static final class JavaToDerConverter { JavaToDerConverter()500 private JavaToDerConverter() {} 501 toDer(Object source, Asn1Type targetType, Asn1Type targetElementType)502 public static byte[] toDer(Object source, Asn1Type targetType, Asn1Type targetElementType) 503 throws Asn1EncodingException { 504 Class<?> sourceType = source.getClass(); 505 if (Asn1OpaqueObject.class.equals(sourceType)) { 506 ByteBuffer buf = ((Asn1OpaqueObject) source).getEncoded(); 507 byte[] result = new byte[buf.remaining()]; 508 buf.get(result); 509 return result; 510 } 511 512 if ((targetType == null) || (targetType == Asn1Type.ANY)) { 513 return encode(source); 514 } 515 516 switch (targetType) { 517 case OCTET_STRING: 518 case BIT_STRING: 519 byte[] value = null; 520 if (source instanceof ByteBuffer) { 521 ByteBuffer buf = (ByteBuffer) source; 522 value = new byte[buf.remaining()]; 523 buf.slice().get(value); 524 } else if (source instanceof byte[]) { 525 value = (byte[]) source; 526 } 527 if (value != null) { 528 return createTag( 529 BerEncoding.TAG_CLASS_UNIVERSAL, 530 false, 531 BerEncoding.getTagNumber(targetType), 532 value); 533 } 534 break; 535 case INTEGER: 536 if (source instanceof Integer) { 537 return toInteger((Integer) source); 538 } else if (source instanceof Long) { 539 return toInteger((Long) source); 540 } else if (source instanceof BigInteger) { 541 return toInteger((BigInteger) source); 542 } 543 break; 544 case BOOLEAN: 545 if (source instanceof Boolean) { 546 return toBoolean((Boolean) (source)); 547 } 548 break; 549 case UTC_TIME: 550 case GENERALIZED_TIME: 551 if (source instanceof String) { 552 return createTag(BerEncoding.TAG_CLASS_UNIVERSAL, false, 553 BerEncoding.getTagNumber(targetType), ((String) source).getBytes()); 554 } 555 break; 556 case OBJECT_IDENTIFIER: 557 if (source instanceof String) { 558 return toOid((String) source); 559 } 560 break; 561 case SEQUENCE: 562 { 563 Asn1Class containerAnnotation = 564 sourceType.getDeclaredAnnotation(Asn1Class.class); 565 if ((containerAnnotation != null) 566 && (containerAnnotation.type() == Asn1Type.SEQUENCE)) { 567 return toSequence(source); 568 } 569 break; 570 } 571 case CHOICE: 572 { 573 Asn1Class containerAnnotation = 574 sourceType.getDeclaredAnnotation(Asn1Class.class); 575 if ((containerAnnotation != null) 576 && (containerAnnotation.type() == Asn1Type.CHOICE)) { 577 return toChoice(source); 578 } 579 break; 580 } 581 case SET_OF: 582 return toSetOf((Collection<?>) source, targetElementType); 583 case SEQUENCE_OF: 584 return toSequenceOf((Collection<?>) source, targetElementType); 585 default: 586 break; 587 } 588 589 throw new Asn1EncodingException( 590 "Unsupported conversion: " + sourceType.getName() + " to ASN.1 " + targetType); 591 } 592 } 593 /** ASN.1 DER-encoded {@code NULL}. */ 594 public static final Asn1OpaqueObject ASN1_DER_NULL = 595 new Asn1OpaqueObject(new byte[] {BerEncoding.TAG_NUMBER_NULL, 0}); 596 } 597