RFR: 8252523: Add ASN1 Formatter to work with HexPrinter [v2]
Weijun Wang
weijun at openjdk.java.net
Mon Sep 21 14:07:48 UTC 2020
On Sun, 20 Sep 2020 14:14:51 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
>> # JDK-8252523: Add ASN.1 Formatter to work with test utility HexPrinter
>>
>> Debugging functions that utilize ASN.1, DER, and BER encoded streams is
>> difficult without test utilities to show the contents.
>> The ASN.1 formatter reads a stream and produces annotated output of the
>> tags, values, and structures.
>> When used with the test library jdk.test.lib.hexdump.HexPrinter the annotations are synchronized
>> with the hex formatted output.
>>
>> Small changes to HexPrinter are included to improve the output readability.
>>
>>
>> Example decoding of a .pem certificate:
>> SEQUENCE [910]
>> SEQUENCE [630]
>> CONTEXT cons 0 [3]
>> BYTE 2,
>> BYTE 3,
>> SEQUENCE [13]
>> OBJECT ID [9] 1.2.840.113549.1.1.11 (SHA256withRSA)
>> NULL
>> SEQUENCE [76]
>> SET [11]
>> SEQUENCE [9]
>> OBJECT ID [3] 2.5.4.6 (CountryName)
>> 'IN'
>> ...
>> SET [16]
>> SEQUENCE [14]
>> OBJECT ID [3] 2.5.4.3 (CommonName)
>> Client1
>> SEQUENCE [30]
>> UTCTIME [13] '150526221718Z'
>> UTCTIME [13] '250523221718Z'
>> ...
>> SEQUENCE [290]
>> SEQUENCE [13]
>> OBJECT ID [9] 1.2.840.113549.1.1.1 (RSA)
>> NULL
>> BIT STRING [271]
>> CONTEXT cons 3 [123]
>> SEQUENCE [121]
>> SEQUENCE [9]
>> OBJECT ID [3] 2.5.29.19 (BasicConstraints)
>> OCTET STRING [2] <Unprintable>
>> SEQUENCE [44]
>> OBJECT ID [9] 2.16.840.1.113730.1.13
>> OCTET STRING [31] '..OpenSSL Generated Certificate'
>> SEQUENCE [29]
>> OBJECT ID [3] 2.5.29.14 (SubjectKeyID)
>> OCTET STRING [22] <Unprintable>
>> SEQUENCE [31]
>> OBJECT ID [3] 2.5.29.35 (AuthorityKeyID)
>> OCTET STRING [24] <Unprintable>
>> SEQUENCE [13]
>> OBJECT ID [9] 1.2.840.113549.1.1.11 (SHA256withRSA)
>> NULL
>> BIT STRING [257]
>> When used with the HexPrinter test utility, the formatting of the
>> hexadecimal values is selected with the parameters to HexPrinter.
>>
>> 0000: 30 82 03 8e ; SEQUENCE [910]
>> 0004: 30 82 02 76 ; SEQUENCE [630]
>> 0008: a0 03 ; CONTEXT cons 0 [3]
>> 000a: 02 01 02 ; BYTE 2,
>> 000d: 02 01 03 ; BYTE 3,
>> 0010: 30 0d ; SEQUENCE [13]
>> 0012: 06 09 2a 86 48 86 f7 0d 01 01 0b ; OBJECT ID [9] 1.2.840.113549.1.1.11 (SHA256withRSA)
>> 001d: 05 00 ; NULL
>> 001f: 30 ; SEQUENCE [76]
>> 0020: 4c ;
>> 0021: 31 0b ; SET [11]
>> 0023: 30 09 ; SEQUENCE [9]
>> 0025: 06 03 55 04 06 ; OBJECT ID [3] 2.5.4.6 (CountryName)
>> 002a: 13 02 49 4e ; 'IN'
>>
>> ... ...
>>
>> 005b: 31 10 ; SET [16]
>> 005d: 30 0e ; SEQUENCE [14]
>> 005f: 06 ; OBJECT ID [3] 2.5.4.3 (CommonName)
>> 0060: 03 55 04 03 ;
>> 0064: 0c 07 43 6c 69 65 6e 74 31 ; Client1
>> 006d: 30 1e ; SEQUENCE [30]
>> 006f: 17 ; UTCTIME [13] '150526221718Z'
>> 0070: 0d 31 35 30 35 32 36 32 32 31 37 31 38 5a ;
>> 007e: 17 0d ; UTCTIME [13] '250523221718Z'
>> 0080: 32 35 30 35 32 33 32 32 31 37 31 38 5a ;
>>
>> ... ...
>>
>> 00db: 30 82 01 22 ; SEQUENCE [290]
>> 00df: 30 ; SEQUENCE [13]
>> 00e0: 0d ;
>> 00e1: 06 09 2a 86 48 86 f7 0d 01 01 01 ; OBJECT ID [9] 1.2.840.113549.1.1.1 (RSA)
>> 00ec: 05 00 ; NULL
>> 00ee: 03 82 ; BIT STRING [271]
>> 00f0: 01 0f 00 30 82 01 0a 02 82 01 01 00 d8 70 03 54 ;
>>
>> ...
>>
>> 01f0: 0a 2d f5 de 59 3e d9 5e 74 93 d2 45 02 03 01 00 ;
>> 0200: 01 ;
>> 0201: a3 7b ; CONTEXT cons 3 [123]
>> 0203: 30 79 ; SEQUENCE [121]
>> 0205: 30 09 ; SEQUENCE [9]
>> 0207: 06 03 55 1d 13 ; OBJECT ID [3] 2.5.29.19 (BasicConstraints)
>> 020c: 04 02 30 00 ; OCTET STRING [2] <Unprintable>
>> 0210: 30 2c ; SEQUENCE [44]
>> 0212: 06 09 60 86 48 01 86 f8 42 01 0d ; OBJECT ID [9] 2.16.840.1.113730.1.13
>> 021d: 04 1f 16 ; OCTET STRING [31] '..OpenSSL Generated
>> Certificate' 0220: 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 72 61 74 ;
>> 0230: 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ;
>> 023e: 30 1d ; SEQUENCE [29]
>> 0240: 06 03 55 1d 0e ; OBJECT ID [3] 2.5.29.14 (SubjectKeyID)
>> 0245: 04 16 04 14 87 13 66 bc 7a 4d 8e ; OCTET STRING [22] <Unprintable>
>> 0250: 98 e7 97 fb cc 56 41 27 c8 5e 4c b2 4d ;
>> 025d: 30 1f ; SEQUENCE [31]
>> 025f: 06 ; OBJECT ID [3] 2.5.29.35 (AuthorityKeyID)
>> 0260: 03 55 1d 23 ;
>> 0264: 04 18 30 16 80 14 1f 21 4f db 10 31 ; OCTET STRING [24] <Unprintable>
>> 0270: d0 67 83 09 03 d3 cd fc 46 ec cf 1d 8b b4 ;
>> 027e: 30 0d ; SEQUENCE [13]
>> 0280: 06 09 2a 86 48 86 f7 0d 01 01 0b ; OBJECT ID [9] 1.2.840.113549.1.1.11 (SHA256withRSA)
>> 028b: 05 00 ; NULL
>> 028d: 03 82 01 ; BIT STRING [257]
>> 0290: 01 00 3e 2b 5f 32 aa f0 f7 52 2b ba f3 bb 07 ee ;
>>
>> ...
>>
>> 0390: 6d 94 ;
>
> Roger Riggs has updated the pull request incrementally with one additional commit since the last revision:
>
> Small cleanups to javadoc and code
Just some comments based on the output example.
test/lib/jdk/test/lib/hexdump/ASN1Formatter.java line 228:
> 226: break;
> 227:
> 228: case TAG_OctetString:
I'd rather print nothing for OCTET STRING. My understanding of it is opaque octets and not meant to be printable.
test/lib/jdk/test/lib/hexdump/ASN1Formatter.java line 362:
> 360: switch (tag & 0xc0) {
> 361: case TAG_APPLICATION:
> 362: return "APPLICATION " + cons + (tag & 0x1f);
I am not sure how important it is to print out "cons". Also, the tag here is usually shown as "[1]" in ASN.1
definition. Of course, if you choose this style, you might want to avoid using brackets for length.
test/lib/jdk/test/lib/hexdump/ASN1Formatter.java line 355:
> 353: String cons = isConstructed(tag) ? "cons " : "";
> 354: if (tag > 0 && tag < tagNames.length)
> 355: return tagNames[tag] + " " + cons;
Extra space when cons is "".
-------------
PR: https://git.openjdk.java.net/jdk/pull/268
More information about the core-libs-dev
mailing list