AlgorithmChecker

Looks for disabled algorithms in the certificate. This is because some certificates are signed with forgable hashes such as MD2 or MD5, so we can't be certain of their authenticity.

This class is needed because the JDK 1.6 Algorithm checker doesn't give us any way to customize the list of disabled algorithms, and we need to be able to support that.

Also note that we need to check the trust anchor for disabled key sizes, and the CertPath explicitly removes the trust anchor from the chain of certificates. This means we need to check the trust anchor explicitly in the through the CompositeTrustManager.

Source: AlgorithmChecker.scala

Linear Supertypes

PKIXCertPathChecker, Cloneable, AnyRef, Any

Instance Constructors

new AlgorithmChecker(signatureConstraints: Set[AlgorithmConstraint], keyConstraints: Set[AlgorithmConstraint])

Value Members

final def !=(arg0: AnyRef): Boolean

Definition Classes
AnyRef
final def !=(arg0: Any): Boolean

Definition Classes
Any
final def ##(): Int

Definition Classes
AnyRef → Any
final def ==(arg0: AnyRef): Boolean

Definition Classes
AnyRef
final def ==(arg0: Any): Boolean

Definition Classes
Any
final def asInstanceOf[T0]: T0

Definition Classes
Any
def check(cert: Certificate, unresolvedCritExts: Collection[String]): Unit

Checks the algorithms in the given certificate.
Checks the algorithms in the given certificate. Note that this implementation skips signature checking in a root certificate, as a trusted root cert by definition is in the trust store and doesn't need to be signed.

Definition Classes
AlgorithmChecker → PKIXCertPathChecker
def checkKeyAlgorithms(x509Cert: X509Certificate): Unit

Checks for key algorithms in the certificate and throws CertPathValidatorException if matched.
Checks for key algorithms in the certificate and throws CertPathValidatorException if matched.
x509Cert
def checkSignatureAlgorithms(x509Cert: X509Certificate): Unit

Checks for signature algorithms in the certificate and throws CertPathValidatorException if matched.
Checks for signature algorithms in the certificate and throws CertPathValidatorException if matched.
x509Cert
def clone(): AnyRef

Definition Classes
PKIXCertPathChecker → AnyRef
final def eq(arg0: AnyRef): Boolean

Definition Classes
AnyRef
def equals(arg0: Any): Boolean

Definition Classes
AnyRef → Any
def finalize(): Unit

Attributes
protected[java.lang]
Definition Classes
AnyRef
Annotations
@throws( classOf[java.lang.Throwable] )
def findKeyConstraint(algorithm: String): Option[AlgorithmConstraint]
def findSignatureConstraint(algorithm: String): Option[AlgorithmConstraint]
final def getClass(): Class[_]

Definition Classes
AnyRef → Any
def getCommonName(cert: X509Certificate): String

Useful way to get certificate info without getting spammed with data.
def getSupportedExtensions(): Set[String]

Definition Classes
AlgorithmChecker → PKIXCertPathChecker
def hashCode(): Int

Definition Classes
AnyRef → Any
def init(forward: Boolean): Unit

Definition Classes
AlgorithmChecker → PKIXCertPathChecker
def isForwardCheckingSupported(): Boolean

Definition Classes
AlgorithmChecker → PKIXCertPathChecker
final def isInstanceOf[T0]: Boolean

Definition Classes
Any
val keyConstraints: Set[AlgorithmConstraint]
final def ne(arg0: AnyRef): Boolean

Definition Classes
AnyRef
final def notify(): Unit

Definition Classes
AnyRef
final def notifyAll(): Unit

Definition Classes
AnyRef
val signatureConstraints: Set[AlgorithmConstraint]
final def synchronized[T0](arg0: ⇒ T0): T0

Definition Classes
AnyRef
def toString(): String

Definition Classes
AnyRef → Any
final def wait(): Unit

Definition Classes
AnyRef
Annotations
@throws( ... )
final def wait(arg0: Long, arg1: Int): Unit

Definition Classes
AnyRef
Annotations
@throws( ... )
final def wait(arg0: Long): Unit

Definition Classes
AnyRef
Annotations
@throws( ... )

class AlgorithmChecker extends PKIXCertPathChecker

Instance Constructors

new AlgorithmChecker(signatureConstraints: Set[AlgorithmConstraint], keyConstraints: Set[AlgorithmConstraint])

Value Members

final def !=(arg0: AnyRef): Boolean

final def !=(arg0: Any): Boolean

final def ##(): Int

final def ==(arg0: AnyRef): Boolean

final def ==(arg0: Any): Boolean

final def asInstanceOf[T0]: T0

def check(cert: Certificate, unresolvedCritExts: Collection[String]): Unit

def checkKeyAlgorithms(x509Cert: X509Certificate): Unit

def checkSignatureAlgorithms(x509Cert: X509Certificate): Unit

def clone(): AnyRef

final def eq(arg0: AnyRef): Boolean

def equals(arg0: Any): Boolean

def finalize(): Unit

def findKeyConstraint(algorithm: String): Option[AlgorithmConstraint]

def findSignatureConstraint(algorithm: String): Option[AlgorithmConstraint]

final def getClass(): Class[_]

def getCommonName(cert: X509Certificate): String

def getSupportedExtensions(): Set[String]

def hashCode(): Int

def init(forward: Boolean): Unit

def isForwardCheckingSupported(): Boolean

final def isInstanceOf[T0]: Boolean

val keyConstraints: Set[AlgorithmConstraint]

final def ne(arg0: AnyRef): Boolean

final def notify(): Unit

final def notifyAll(): Unit

val signatureConstraints: Set[AlgorithmConstraint]

final def synchronized[T0](arg0: ⇒ T0): T0

def toString(): String

final def wait(): Unit

final def wait(arg0: Long, arg1: Int): Unit

final def wait(arg0: Long): Unit

Inherited from PKIXCertPathChecker

Inherited from Cloneable

Inherited from AnyRef

Inherited from Any

Ungrouped