Package org.conscrypt
package org.conscrypt
-
ClassDescriptionAbstract base class for all Conscrypt
SSLEngineclasses.Abstract base class for all ConscryptSSLSocketclasses.Supports SSL session caches.A session that is dedicated a single connection and operates directly on the underlyingSSL.Utilities to check whether IP addresses meet some criteria.A buffer that was allocated by aBufferAllocator.Server-side selector for the ALPN protocol.An adapter to bridge between the native code and theApplicationProtocolSelectorAPI.Compatibility utility for Arrays.An object responsible for allocation of buffers.Byte array wrapper for hashtable use.A set of certificates that are blacklisted from trust.Comparatorfor prioritizing certificates in path building.Interface for classes that implement certificate pinning for use inTrustManagerImpl.Analyzes the cryptographic strength of a chain of X.509 certificates.Caches client sessions.Core API for creating and configuring all Conscrypt types.A certificate store that supports additional operations that are used in TrustManagerImpl.Implements theSSLEngineAPI using OpenSSL's non-blocking interfaces.Implements crypto handling by delegating toConscryptEngine.Implementation of the class OpenSSLSocketImpl based on OpenSSL.This interface is used to implement hostname verification in Conscrypt.BoringSSL-based implementation of server sockets.Extends the default interface forSSLSessionto provide additional properties exposed by Conscrypt.Provides a place where NativeCrypto can call back up to do Java language calls to work on delegated key types from native code.Support class for this package.An implementation ofSecretKeyFactoryfor use with DESEDE keys.Deprecated.This abstraction is deprecated because it does not work with TLS 1.3.AlgorithmParameters implementation for elliptic curves.Utility class to convert between BoringSSL- and JCE-style message digest identifiers.Indicates a public API that can change at any time, and has no guarantee of API stability and backward-compatibility.An externalized view of the underlyingSSLSessionused within a socket/engine.The provider of the current delegate session.File-based cache implementation.A file containing a piece of cached data.This cache creates one file per SSL session using "host.port" for the file name.GCM parameters used during an ciphering operation withOpenSSLCipher.Similar in concept toHandshakeCompletedListener, but used for listening directly to the engine.Utilities for interacting with properties of the host being run on.Enumeration of architectures.Enumeration of operating systems.Annotates a program element (class, method, package etc) which is internal to Conscrypt, not part of the public API, and should not be used by users of Conscrypt.An implementation ofAlgorithmParametersthat contains only an IV.This is an adapter that wraps the active session withExtendedSSLSession, if running on Java 7+.A version of ConscryptEngineSocket that includes the new Java 9 (and potentially later patches of 8)setHandshakeApplicationProtocolSelectorAPI (which requires Java 8 for compilation, due to the use ofBiFunction).A wrapper aroundConscryptEnginethat adapts to the new Java 9 (and potentially later patches of 8)setHandshakeApplicationProtocolSelectorAPI (which requires Java 8 for compilation, due to the use ofBiFunction).This is an adapter that wraps the active session withExtendedSSLSession, if running on Java 8+.A version of ConscryptFileDescriptorSocket that includes the new Java 9 (and potentially later patches of 8)setHandshakeApplicationProtocolSelectorAPI (which requires Java 8 for compilation, due to the use ofBiFunction).Utility methods supported on Java 8+.Utility methods supported on Java 9+.An implementation ofKeyGeneratorsuitable for use with other Conscrypt algorithms.KeyManagerFactory implementation.KeyManager implementation.Provides the Java side of our JNI glue for OpenSSL.A collection of callbacks from the native OpenSSL code that are related to the SSL handshake initiated by SSL_do_handshake.Helper to initialize the JNI libraries.Sorts the errors in a list in descending order of value.Helper class to load JNI resources.A result of a single attempt to load a library.A Utility to Call theSystem.load(String)orSystem.loadLibrary(String).Used to hold onto native OpenSSL references and run finalization on those objects.A utility wrapper that abstracts operations on the underlying native SSL instance.A utility wrapper that abstracts operations on the underlying native SSL_SESSION instance.The session wrapper implementation.AlgorithmParameters implementation for OAEP.Data about OIDs.A HostnameVerifier consistent with RFC 2818.Provides an interface to OpenSSL's BIO system directly from a Java InputStream.Wraps a BoringSSL BIO to act as a place to write out data.Wrapped by a BoringSSL BIO to act as a source of bytes.An implementation ofCipherusing BoringSSL as the backing library.Modes that a block cipher may support.Paddings that a block cipher may support.Implementation of the ChaCha20 stream cipher.OpenSSL-backed SSLContext service provider interface.Public to allow construction via the provider framework.Public to allow construction via the provider framework.Public to allow construction via the provider framework.Public to allow construction via the provider framework.Elliptic Curve Diffie-Hellman key agreement backed by the OpenSSL engine.Represents a BoringSSL EC_GROUP object.An implementation of aKeyFactorySpifor EC keys based on BoringSSL.An implementation ofKeyPairGeneratorfor EC keys which uses BoringSSL to perform all the operations.An implementation of aPrivateKeyfor EC keys based on BoringSSL.An implementation of aPublicKeyfor EC keys based on BoringSSL.Represents a BoringSSLEVP_PKEY.Marker interface for classes that hold anOpenSSLKey.An implementation ofMacwhich uses BoringSSL to perform all the operations.Implements the JDK MessageDigest interface using OpenSSL's EVP API.Provider that uses BoringSSL to perform the actual cryptographic operations.ImplementsSecureRandomusing BoringSSL's RAND interface.An implementation ofKeyFactorywhich uses BoringSSL to perform all the operations.An implementation ofKeyPairGeneratorwhich uses BoringSSL to perform all the operations.An implementation ofPrivateKeyfor RSA keys which uses BoringSSL to perform all the operations.An implementation ofPrivateKeyfor RSA keys which uses BoringSSL to perform all the operations.An implementation ofPublicKeyfor RSA keys which uses BoringSSL to perform all the operations.An implementation ofSSLServerSocketFactoryusing BoringSSL.Implements the subset of the JDK Signature interface needed for signature verification using OpenSSL.Base class forRSASSA-PKCS1-v1_5signatures.Base class forRSASSA-PSSsignatures.Implements the JDK Signature interface needed for RAW ECDSA signature generation and verification using BoringSSL.Implements the JDK Signature interface needed for RAW RSA signature generation and verification using BoringSSL.An implementation ofSSLSocketFactorybased on BoringSSL.Public shim allowing us to stay backward-compatible with legacy applications which were using Conscrypt's extended socket API before the introduction of theConscryptclass.An implementation ofX509Certificatebased on BoringSSL.An implementation ofCertificateFactorybased on BoringSSL.The code for X509 Certificates and CRL is pretty much the same.An implementation ofCertPathbased on BoringSSL.Supported encoding types for CerthPath.An implementation ofX509CRLbased on BoringSSL.An implementation ofX509CRLEntrybased on BoringSSL.A provider for the peer host and port information.Platform-specific methods for OpenJDK.Static convenience methods that help a method or constructor check whether it was invoked correctly (that is, whether its preconditions were met).Deprecated.This abstraction is deprecated because it does not work with TLS 1.3.AlgorithmParameters implementation for PSS.Caches server sessions.A snapshot of the content of anotherConscryptSession.This class basically does the same thing the ShortBufferException class does except not filling in stack trace in the exception to save CPU-time for it in an environment where this can be thrown many times.A persistentSSLSessioncache used bySSLSessionContextto share client-side SSL sessions across processes.This is returned in the place of aSSLSessionwhen no TLS connection could be negotiated, but one was requested from a method that can't throw an exception such asSSLSocket.getSession()beforeSSLSocket.startHandshake()is called.The instances of this class encapsulate all the info about enabled cipher suites and protocols, as well as the information about client/server mode of ssl socket, whether it require/want client authentication or not, and controls whether new SSL sessions may be established by this socket or not.For abstracting the X509KeyManager calls betweenX509KeyManager.chooseClientAlias(String[], java.security.Principal[], java.net.Socket)andX509ExtendedKeyManager.chooseEngineClientAlias(String[], java.security.Principal[], javax.net.ssl.SSLEngine)For abstracting thePSKKeyManagercalls between those taking anSSLSocketand those taking anSSLEngine.A persistentSSLSessioncache used bySSLSessionContextto share server-side SSL sessions across processes.Utility methods for SSL packet processing.States for SSL engines.IndexesTrustAnchorinstances so they can be found in O(1) time instead of O(N).TrustManagerFactory service provider interface implementation.TrustManager implementation.If an EKU extension is present in the end-entity certificate, it MUST contain an appropriate key usage.Comparator for sortingTrustAnchors using aCertificatePriorityComparator.A simple but useless key class that holds X.509 public key information when the appropriate KeyFactory for the key algorithm is not available.