com.typesafe.sslconfig.ssl

AlgorithmChecker

class AlgorithmChecker extends PKIXCertPathChecker

Looks for disabled algorithms in the certificate. This is because some certificates are signed with forgable hashes such as MD2 or MD5, so we can't be certain of their authenticity.

This class is needed because the JDK 1.6 Algorithm checker doesn't give us any way to customize the list of disabled algorithms, and we need to be able to support that.

Also note that we need to check the trust anchor for disabled key sizes, and the CertPath explicitly removes the trust anchor from the chain of certificates. This means we need to check the trust anchor explicitly in the through the CompositeTrustManager.

Linear Supertypes
PKIXCertPathChecker, Cloneable, CertPathChecker, AnyRef, Any
Ordering
  1. Alphabetic
  2. By inheritance
Inherited
  1. AlgorithmChecker
  2. PKIXCertPathChecker
  3. Cloneable
  4. CertPathChecker
  5. AnyRef
  6. Any
  1. Hide All
  2. Show all
Learn more about member selection
Visibility
  1. Public
  2. All

Instance Constructors

  1. new AlgorithmChecker(mkLogger: LoggerFactory, signatureConstraints: Set[AlgorithmConstraint], keyConstraints: Set[AlgorithmConstraint])

Value Members

  1. final def !=(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef

  2. final def !=(arg0: Any): Boolean

    Definition Classes
    Any

  3. final def ##(): Int

    Definition Classes
    AnyRef → Any

  4. final def ==(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef

  5. final def ==(arg0: Any): Boolean

    Definition Classes
    Any

  6. final def asInstanceOf[T0]: T0

    Definition Classes
    Any

  7. def check(cert: Certificate, unresolvedCritExts: Collection[String]): Unit

    Checks the algorithms in the given certificate.

    Checks the algorithms in the given certificate. Note that this implementation skips signature checking in a root certificate, as a trusted root cert by definition is in the trust store and doesn't need to be signed.

    Definition Classes
    AlgorithmChecker → PKIXCertPathChecker

  8. def check(arg0: Certificate): Unit

    Definition Classes
    PKIXCertPathChecker → CertPathChecker
    Annotations
    @throws( ... )

  9. def checkKeyAlgorithms(x509Cert: X509Certificate): Unit

    Checks for key algorithms in the certificate and throws CertPathValidatorException if matched.

    Checks for key algorithms in the certificate and throws CertPathValidatorException if matched.

    x509Cert

  10. def checkSignatureAlgorithms(x509Cert: X509Certificate): Unit

    Checks for signature algorithms in the certificate and throws CertPathValidatorException if matched.

    Checks for signature algorithms in the certificate and throws CertPathValidatorException if matched.

    x509Cert

  11. def clone(): AnyRef

    Definition Classes
    PKIXCertPathChecker → AnyRef

  12. final def eq(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef

  13. def equals(arg0: Any): Boolean

    Definition Classes
    AnyRef → Any

  14. def finalize(): Unit

    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )

  15. def findKeyConstraint(algorithm: String): Option[AlgorithmConstraint]

  16. def findSignatureConstraint(algorithm: String): Option[AlgorithmConstraint]

  17. final def getClass(): Class[_]

    Definition Classes
    AnyRef → Any

  18. def getCommonName(cert: X509Certificate): String

    Useful way to get certificate info without getting spammed with data.

  19. def getSupportedExtensions(): Set[String]

    Definition Classes
    AlgorithmChecker → PKIXCertPathChecker

  20. def hashCode(): Int

    Definition Classes
    AnyRef → Any

  21. def infoOnSunset(x509Cert: X509Certificate, expirationDate: GregorianCalendar): Unit

  22. def init(forward: Boolean): Unit

    Definition Classes
    AlgorithmChecker → PKIXCertPathChecker → CertPathChecker

  23. def isForwardCheckingSupported(): Boolean

    Definition Classes
    AlgorithmChecker → PKIXCertPathChecker → CertPathChecker

  24. final def isInstanceOf[T0]: Boolean

    Definition Classes
    Any

  25. val keyConstraints: Set[AlgorithmConstraint]

  26. final def ne(arg0: AnyRef): Boolean

    Definition Classes
    AnyRef

  27. final def notify(): Unit

    Definition Classes
    AnyRef

  28. final def notifyAll(): Unit

    Definition Classes
    AnyRef

  29. val signatureConstraints: Set[AlgorithmConstraint]

  30. def sunsetSHA1SignatureAlgorithm(x509Cert: X509Certificate): Unit

    Logs an info or warning message to sunset a SHA-1 certificate, based on Google's recommendations.

    Logs an info or warning message to sunset a SHA-1 certificate, based on Google's recommendations.

    x509Cert

  31. final def synchronized[T0](arg0: ⇒ T0): T0

    Definition Classes
    AnyRef

  32. def toString(): String

    Definition Classes
    AnyRef → Any

  33. final def wait(): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  34. final def wait(arg0: Long, arg1: Int): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  35. final def wait(arg0: Long): Unit

    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  36. def warnOnSunset(x509Cert: X509Certificate, expirationDate: GregorianCalendar): Unit

Inherited from PKIXCertPathChecker

Inherited from Cloneable

Inherited from CertPathChecker

Inherited from AnyRef

Inherited from Any

Ungrouped