Package com.google.crypto.tink.subtle

Class Validators

  • public final class Validators
extends java.lang.Object
    Validation helper methods.
    Since:
    1.0.0

    • Method Detail

      • validateTypeUrl

        public static void validateTypeUrl​(java.lang.String typeUrl)
                            throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException - if typeUrl is in invalid format.

      • validateAesKeySize

        public static void validateAesKeySize​(int sizeInBytes)
                               throws java.security.InvalidAlgorithmParameterException
        Throws:
        java.security.InvalidAlgorithmParameterException - if sizeInBytes is not supported.

      • validateVersion

        public static void validateVersion​(int candidate,
                                   int maxExpected)
                            throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException - if candidate is negative or larger than maxExpected.

      • validateSignatureHash

        public static void validateSignatureHash​(Enums.HashType hash)
                                  throws java.security.GeneralSecurityException
        Validates whether hash is safe to use for digital signature.
        Throws:
        java.security.GeneralSecurityException - if hash is invalid or is not safe to use for digital signature.

      • validateRsaModulusSize

        public static void validateRsaModulusSize​(int modulusSize)
                                   throws java.security.GeneralSecurityException
        Validates whether modulusSize is at least 2048-bit.

        To reach 128-bit security strength, RSA's modulus must be at least 3072-bit while 2048-bit RSA key only has 112-bit security. Nevertheless, a 2048-bit RSA key is considered safe by NIST until 2030 (see https://www.keylength.com/en/4/).

        Throws:
        java.security.GeneralSecurityException - if modulusSize is less than 2048-bit or if the modulus violates FIPS restrictions if they have been enabled.

      • validateRsaPublicExponent

        public static void validateRsaPublicExponent​(java.math.BigInteger publicExponent)
                                      throws java.security.GeneralSecurityException
        Validates whether publicExponent is odd and greater than 65536.

        The primes p and q are chosen such that (p-1)(q-1) is relatively prime to the public exponent. Therefore, the public exponent must be odd. Furthermore, choosing a public exponent which is not greater than 65536 can lead to weak instantiations of RSA. A public exponent which is odd and greater than 65536 conforms to the requirements set by NIST FIPS 186-4 (Appendix B.3.1).

        Throws:
        java.security.GeneralSecurityException - if publicExponent is even or not greater than 65536.

      • validateNotExists

        public static void validateNotExists​(java.io.File f)
                              throws java.io.IOException
        Throws:
        java.io.IOException - if f exists.

      • validateExists

        public static void validateExists​(java.io.File f)
                           throws java.io.IOException
        Throws:
        java.io.IOException - if f does not exists.

      • validateKmsKeyUriAndRemovePrefix

        public static java.lang.String validateKmsKeyUriAndRemovePrefix​(java.lang.String expectedPrefix,
                                                                java.lang.String kmsKeyUri)
        Validates that kmsKeyUri starts with expectedPrefix, and removes the prefix.
        Throws:
        java.lang.IllegalArgumentException - if kmsKeyUri is invalid.

      • validateCryptoKeyUri

        public static void validateCryptoKeyUri​(java.lang.String kmsKeyUri)
                                 throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException - if kmsKeyUri is not a valid URI of a CryptoKey in Google Cloud KMS.