Checks the algorithms in the given certificate.
Checks the algorithms in the given certificate. Note that this implementation skips signature checking in a root certificate, as a trusted root cert by definition is in the trust store and doesn't need to be signed.
Checks for key algorithms in the certificate and throws CertPathValidatorException if matched.
Checks for signature algorithms in the certificate and throws CertPathValidatorException if matched.
Useful way to get certificate info without getting spammed with data.
Logs an info or warning message to sunset a SHA-1 certificate, based on Google's recommendations.
Logs an info or warning message to sunset a SHA-1 certificate, based on Google's recommendations.
Looks for disabled algorithms in the certificate. This is because some certificates are signed with forgable hashes such as MD2 or MD5, so we can't be certain of their authenticity.
This class is needed because the JDK 1.6 Algorithm checker doesn't give us any way to customize the list of disabled algorithms, and we need to be able to support that.
Also note that we need to check the trust anchor for disabled key sizes, and the CertPath explicitly removes the trust anchor from the chain of certificates. This means we need to check the trust anchor explicitly in the through the CompositeTrustManager.