com.google.crypto.tink.subtle

Class Validators

java.lang.Object

com.google.crypto.tink.subtle.Validators

public final class Validators
extends Object

Validation helper methods.

Since:

1.0.0

Method Summary

Modifier and Type	Method and Description
static void	validateAesKeySize(int sizeInBytes)
static void	validateCryptoKeyUri(String kmsKeyUri)
static void	validateExists(File f)
static String	validateKmsKeyUriAndRemovePrefix(String expectedPrefix, String kmsKeyUri) Validates that kmsKeyUri starts with expectedPrefix, and removes the prefix.
static void	validateNotExists(File f)
static void	validateRsaModulusSize(int modulusSize) Validates whether modulusSize is at least 2048-bit.
static void	validateSignatureHash(Enums.HashType hash) Validates whether hash is safe to use for digital signature.
static void	validateTypeUrl(String typeUrl)
static void	validateVersion(int candidate, int maxExpected)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

validateTypeUrl

public static void validateTypeUrl(String typeUrl)
                            throws GeneralSecurityException

Throws:

GeneralSecurityException - if typeUrl is in invalid format.

validateAesKeySize

public static void validateAesKeySize(int sizeInBytes)
                               throws InvalidAlgorithmParameterException

Throws:

InvalidAlgorithmParameterException - if sizeInBytes is not supported.

validateVersion

public static void validateVersion(int candidate,
                                   int maxExpected)
                            throws GeneralSecurityException

Throws:

GeneralSecurityException - if candidate is negative or larger than maxExpected.

validateSignatureHash

public static void validateSignatureHash(Enums.HashType hash)
                                  throws GeneralSecurityException

Validates whether hash is safe to use for digital signature.

Throws:

GeneralSecurityException - if hash is invalid or is not safe to use for digital signature.

validateRsaModulusSize

public static void validateRsaModulusSize(int modulusSize)
                                   throws GeneralSecurityException

Validates whether modulusSize is at least 2048-bit.

To reach 128-bit security strength, RSA's modulus must be at least 3072-bit while 2048-bit RSA key only has 112-bit security. Nevertheless, a 2048-bit RSA key is considered safe by NIST until 2030 (see https://www.keylength.com/en/4/).

Throws:

GeneralSecurityException - if modulusSize is less than 2048-bit.

validateNotExists

public static void validateNotExists(File f)
                              throws IOException

Throws:

IOException

validateExists

public static void validateExists(File f)
                           throws IOException

Throws:

IOException - if f does not exists.

validateKmsKeyUriAndRemovePrefix

public static String validateKmsKeyUriAndRemovePrefix(String expectedPrefix,
                                                      String kmsKeyUri)

Validates that kmsKeyUri starts with expectedPrefix, and removes the prefix.

Throws:

IllegalArgumentException - if kmsKeyUri is invalid.

validateCryptoKeyUri

public static void validateCryptoKeyUri(String kmsKeyUri)
                                 throws GeneralSecurityException

Throws:

GeneralSecurityException - if kmsKeyUri is not a valid URI of a CryptoKey in Google Cloud KMS.