Source code

001/*
002 * nimbus-jose-jwt
003 *
004 * Copyright 2012-2016, Connect2id Ltd and contributors.
005 *
006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
007 * this file except in compliance with the License. You may obtain a copy of the
008 * License at
009 *
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software distributed
013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
015 * specific language governing permissions and limitations under the License.
016 */
017
018package com.nimbusds.jose.crypto.impl;
019
020
021import java.security.PrivateKey;
022import java.security.interfaces.RSAPrivateKey;
023
024import com.nimbusds.jose.JOSEException;
025import com.nimbusds.jose.jwk.RSAKey;
026
027
028/**
029 * RSA JWK conversion utility.
030 */
031public class RSAKeyUtils {
032        
033        
034        /**
035         * Returns the private RSA key of the specified RSA JWK. Supports
036         * PKCS#11 keys stores.
037         *
038         * @param rsaJWK The RSA JWK. Must not be {@code null}.
039         *
040         * @return The private RSA key.
041         *
042         * @throws JOSEException If the RSA JWK doesn't contain a private part.
043         */
044        public static PrivateKey toRSAPrivateKey(final RSAKey rsaJWK)
045                throws JOSEException {
046                
047                if (! rsaJWK.isPrivate()) {
048                        throw new JOSEException("The RSA JWK doesn't contain a private part");
049                }
050                
051                return rsaJWK.toPrivateKey();
052        }
053        
054        
055        /**
056         * Returns the length in bits of the specified RSA private key.
057         *
058         * @param privateKey The RSA private key. Must not be {@code null}.
059         *
060         * @return The key length in bits, -1 if the length couldn't be
061         *         determined, e.g. for a PKCS#11 backed key which doesn't
062         *         expose an RSAPrivateKey interface or support the
063         *         {@code getModulus()} method.
064         */
065        public static int keyBitLength(final PrivateKey privateKey) {
066                
067                if (! (privateKey instanceof RSAPrivateKey)) {
068                        return -1; // May be an PKCS#11 backed key
069                }
070                
071                RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
072                
073                try {
074                        return rsaPrivateKey.getModulus().bitLength();
075                } catch (Exception e) {
076                        // Some PKCS#11 backed keys still have the
077                        // RSAPrivateKey interface, but will throw an exception
078                        // here
079                        return -1;
080                }
081        }
082}