public final class Validators extends Object
| Modifier and Type | Method and Description |
|---|---|
static void |
validateAesKeySize(int sizeInBytes) |
static void |
validateCryptoKeyUri(String kmsKeyUri) |
static void |
validateExists(File f) |
static String |
validateKmsKeyUriAndRemovePrefix(String expectedPrefix,
String kmsKeyUri)
Validates that
kmsKeyUri starts with expectedPrefix, and removes the prefix. |
static void |
validateNotExists(File f) |
static void |
validateRsaModulusSize(int modulusSize)
Validates whether
modulusSize is at least 2048-bit. |
static void |
validateRsaPublicExponent(BigInteger publicExponent)
Validates whether
publicExponent is odd and greater than 65536. |
static void |
validateSignatureHash(Enums.HashType hash)
Validates whether
hash is safe to use for digital signature. |
static void |
validateTypeUrl(String typeUrl) |
static void |
validateVersion(int candidate,
int maxExpected) |
public static void validateTypeUrl(String typeUrl) throws GeneralSecurityException
GeneralSecurityException - if typeUrl is in invalid format.public static void validateAesKeySize(int sizeInBytes)
throws InvalidAlgorithmParameterException
InvalidAlgorithmParameterException - if sizeInBytes is not supported.public static void validateVersion(int candidate,
int maxExpected)
throws GeneralSecurityException
GeneralSecurityException - if candidate is negative or larger than maxExpected.public static void validateSignatureHash(Enums.HashType hash) throws GeneralSecurityException
hash is safe to use for digital signature.GeneralSecurityException - if hash is invalid or is not safe to use for digital
signature.public static void validateRsaModulusSize(int modulusSize)
throws GeneralSecurityException
modulusSize is at least 2048-bit.
To reach 128-bit security strength, RSA's modulus must be at least 3072-bit while 2048-bit RSA key only has 112-bit security. Nevertheless, a 2048-bit RSA key is considered safe by NIST until 2030 (see https://www.keylength.com/en/4/).
GeneralSecurityException - if modulusSize is less than 2048-bit or if the modulus
violates FIPS restrictions if they have been enabled.public static void validateRsaPublicExponent(BigInteger publicExponent) throws GeneralSecurityException
publicExponent is odd and greater than 65536.
The primes p and q are chosen such that (p-1)(q-1) is relatively prime to the public exponent. Therefore, the public exponent must be odd. Furthermore, choosing a public exponent which is not greater than 65536 can lead to weak instantiations of RSA. A public exponent which is odd and greater than 65536 conforms to the requirements set by NIST FIPS 186-4 (Appendix B.3.1).
GeneralSecurityException - if publicExponent is even or not greater than 65536.public static void validateNotExists(File f) throws IOException
IOExceptionpublic static void validateExists(File f) throws IOException
IOException - if f does not exists.public static String validateKmsKeyUriAndRemovePrefix(String expectedPrefix, String kmsKeyUri)
kmsKeyUri starts with expectedPrefix, and removes the prefix.IllegalArgumentException - if kmsKeyUri is invalid.public static void validateCryptoKeyUri(String kmsKeyUri) throws GeneralSecurityException
GeneralSecurityException - if kmsKeyUri is not a valid URI of a CryptoKey in
Google Cloud KMS.