Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2025, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.crypto.opts;
019
020
021import com.nimbusds.jose.JWSSignerOption;
022import com.nimbusds.jose.Option;
023import com.nimbusds.jose.crypto.impl.RSAKeyUtils;
024
025import java.security.PrivateKey;
026import java.util.Set;
027
028import static com.nimbusds.jose.jwk.gen.RSAKeyGenerator.MIN_KEY_SIZE_BITS;
029
030
031/**
032 * Utilities for processing JOSE options.
033 *
034 * @author Vladimir Dzhuvinov
035 * @version 2025-07-17
036 */
037public class OptionUtils {
038        
039        
040        /**
041         * Returns {@code true} if the specified set of options contains an
042         * instance of a class implementing {@link JWSSignerOption}.
043         *
044         * @param opts   The options set, may be {@code null}.
045         * @param tClass The class. Must not be {@code null}.
046         *
047         * @return {@code true} if an option is present, else {@code false}.
048         */
049        @Deprecated
050        public static <T extends Option> boolean optionIsPresent(final Set<? extends Option> opts, final Class<T> tClass) {
051                
052                if (opts == null || opts.isEmpty()) {
053                        return false;
054                }
055                
056                for (Option o: opts) {
057                        if (o.getClass().isAssignableFrom(tClass)) {
058                                return true;
059                        }
060                }
061                
062                return false;
063        }
064
065
066        /**
067         * Throws an {@link IllegalArgumentException} if the size of the
068         * specified RSA private key shorter than the minimum required.
069         *
070         * @param privateKey The RSA private key. Must not be {@code null}.
071         * @param opts       The options. Must not be {@code null}.
072         */
073        public static void ensureMinRSAPrivateKeySize(final PrivateKey privateKey, final Set<? extends Option> opts) {
074
075                if (! opts.contains(AllowWeakRSAKey.getInstance())) {
076
077                        int keyBitLength = RSAKeyUtils.keyBitLength(privateKey);
078
079                        if (keyBitLength > 0 && keyBitLength < MIN_KEY_SIZE_BITS) {
080                                throw new IllegalArgumentException("The RSA key size must be at least " + MIN_KEY_SIZE_BITS + " bits");
081                        }
082                }
083        }
084}