Package org.conscrypt
package org.conscrypt
-
ClassDescriptionAbstract base class for all Conscrypt
SSLEngine
classes.Abstract base class for all ConscryptSSLSocket
classes.Supports SSL session caches.A session that is dedicated a single connection and operates directly on the underlyingSSL
.Utilities to check whether IP addresses meet some criteria.A buffer that was allocated by aBufferAllocator
.Server-side selector for the ALPN protocol.An adapter to bridge between the native code and theApplicationProtocolSelector
API.Compatibility utility for Arrays.An object responsible for allocation of buffers.Byte array wrapper for hashtable use.A set of certificates that are blacklisted from trust.Comparator
for prioritizing certificates in path building.Interface for classes that implement certificate pinning for use inTrustManagerImpl
.Analyzes the cryptographic strength of a chain of X.509 certificates.Caches client sessions.Core API for creating and configuring all Conscrypt types.A certificate store that supports additional operations that are used in TrustManagerImpl.Implements theSSLEngine
API using OpenSSL's non-blocking interfaces.Implements crypto handling by delegating toConscryptEngine
.Implementation of the class OpenSSLSocketImpl based on OpenSSL.This interface is used to implement hostname verification in Conscrypt.BoringSSL-based implementation of server sockets.Extends the default interface forSSLSession
to provide additional properties exposed by Conscrypt.Provides a place where NativeCrypto can call back up to do Java language calls to work on delegated key types from native code.Support class for this package.An implementation ofSecretKeyFactory
for use with DESEDE keys.Deprecated.This abstraction is deprecated because it does not work with TLS 1.3.AlgorithmParameters implementation for elliptic curves.Utility class to convert between BoringSSL- and JCE-style message digest identifiers.Indicates a public API that can change at any time, and has no guarantee of API stability and backward-compatibility.An externalized view of the underlyingSSLSession
used within a socket/engine.The provider of the current delegate session.File-based cache implementation.A file containing a piece of cached data.This cache creates one file per SSL session using "host.port" for the file name.GCM parameters used during an ciphering operation withOpenSSLCipher
.Similar in concept toHandshakeCompletedListener
, but used for listening directly to the engine.Utilities for interacting with properties of the host being run on.Enumeration of architectures.Enumeration of operating systems.Annotates a program element (class, method, package etc) which is internal to Conscrypt, not part of the public API, and should not be used by users of Conscrypt.An implementation ofAlgorithmParameters
that contains only an IV.This is an adapter that wraps the active session withExtendedSSLSession
, if running on Java 7+.A version of ConscryptEngineSocket that includes the new Java 9 (and potentially later patches of 8)setHandshakeApplicationProtocolSelector
API (which requires Java 8 for compilation, due to the use ofBiFunction
).A wrapper aroundConscryptEngine
that adapts to the new Java 9 (and potentially later patches of 8)setHandshakeApplicationProtocolSelector
API (which requires Java 8 for compilation, due to the use ofBiFunction
).This is an adapter that wraps the active session withExtendedSSLSession
, if running on Java 8+.A version of ConscryptFileDescriptorSocket that includes the new Java 9 (and potentially later patches of 8)setHandshakeApplicationProtocolSelector
API (which requires Java 8 for compilation, due to the use ofBiFunction
).Utility methods supported on Java 8+.Utility methods supported on Java 9+.An implementation ofKeyGenerator
suitable for use with other Conscrypt algorithms.KeyManagerFactory implementation.KeyManager implementation.Provides the Java side of our JNI glue for OpenSSL.A collection of callbacks from the native OpenSSL code that are related to the SSL handshake initiated by SSL_do_handshake.Helper to initialize the JNI libraries.Sorts the errors in a list in descending order of value.Helper class to load JNI resources.A result of a single attempt to load a library.A Utility to Call theSystem.load(String)
orSystem.loadLibrary(String)
.Used to hold onto native OpenSSL references and run finalization on those objects.A utility wrapper that abstracts operations on the underlying native SSL instance.A utility wrapper that abstracts operations on the underlying native SSL_SESSION instance.The session wrapper implementation.AlgorithmParameters implementation for OAEP.Data about OIDs.A HostnameVerifier consistent with RFC 2818.Provides an interface to OpenSSL's BIO system directly from a Java InputStream.Wraps a BoringSSL BIO to act as a place to write out data.Wrapped by a BoringSSL BIO to act as a source of bytes.An implementation ofCipher
using BoringSSL as the backing library.Modes that a block cipher may support.Paddings that a block cipher may support.Implementation of the ChaCha20 stream cipher.OpenSSL-backed SSLContext service provider interface.Public to allow construction via the provider framework.Public to allow construction via the provider framework.Public to allow construction via the provider framework.Public to allow construction via the provider framework.Elliptic Curve Diffie-Hellman key agreement backed by the OpenSSL engine.Represents a BoringSSL EC_GROUP object.An implementation of aKeyFactorySpi
for EC keys based on BoringSSL.An implementation ofKeyPairGenerator
for EC keys which uses BoringSSL to perform all the operations.An implementation of aPrivateKey
for EC keys based on BoringSSL.An implementation of aPublicKey
for EC keys based on BoringSSL.Represents a BoringSSLEVP_PKEY
.Marker interface for classes that hold anOpenSSLKey
.An implementation ofMac
which uses BoringSSL to perform all the operations.Implements the JDK MessageDigest interface using OpenSSL's EVP API.Provider that uses BoringSSL to perform the actual cryptographic operations.ImplementsSecureRandom
using BoringSSL's RAND interface.An implementation ofKeyFactory
which uses BoringSSL to perform all the operations.An implementation ofKeyPairGenerator
which uses BoringSSL to perform all the operations.An implementation ofPrivateKey
for RSA keys which uses BoringSSL to perform all the operations.An implementation ofPrivateKey
for RSA keys which uses BoringSSL to perform all the operations.An implementation ofPublicKey
for RSA keys which uses BoringSSL to perform all the operations.An implementation ofSSLServerSocketFactory
using BoringSSL.Implements the subset of the JDK Signature interface needed for signature verification using OpenSSL.Base class forRSASSA-PKCS1-v1_5
signatures.Base class forRSASSA-PSS
signatures.Implements the JDK Signature interface needed for RAW ECDSA signature generation and verification using BoringSSL.Implements the JDK Signature interface needed for RAW RSA signature generation and verification using BoringSSL.An implementation ofSSLSocketFactory
based on BoringSSL.Public shim allowing us to stay backward-compatible with legacy applications which were using Conscrypt's extended socket API before the introduction of theConscrypt
class.An implementation ofX509Certificate
based on BoringSSL.An implementation ofCertificateFactory
based on BoringSSL.The code for X509 Certificates and CRL is pretty much the same.An implementation ofCertPath
based on BoringSSL.Supported encoding types for CerthPath.An implementation ofX509CRL
based on BoringSSL.An implementation ofX509CRLEntry
based on BoringSSL.A provider for the peer host and port information.Platform-specific methods for OpenJDK.Static convenience methods that help a method or constructor check whether it was invoked correctly (that is, whether its preconditions were met).Deprecated.This abstraction is deprecated because it does not work with TLS 1.3.AlgorithmParameters implementation for PSS.Caches server sessions.A snapshot of the content of anotherConscryptSession
.This class basically does the same thing the ShortBufferException class does except not filling in stack trace in the exception to save CPU-time for it in an environment where this can be thrown many times.A persistentSSLSession
cache used bySSLSessionContext
to share client-side SSL sessions across processes.This is returned in the place of aSSLSession
when no TLS connection could be negotiated, but one was requested from a method that can't throw an exception such asSSLSocket.getSession()
beforeSSLSocket.startHandshake()
is called.The instances of this class encapsulate all the info about enabled cipher suites and protocols, as well as the information about client/server mode of ssl socket, whether it require/want client authentication or not, and controls whether new SSL sessions may be established by this socket or not.For abstracting the X509KeyManager calls betweenX509KeyManager.chooseClientAlias(String[], java.security.Principal[], java.net.Socket)
andX509ExtendedKeyManager.chooseEngineClientAlias(String[], java.security.Principal[], javax.net.ssl.SSLEngine)
For abstracting thePSKKeyManager
calls between those taking anSSLSocket
and those taking anSSLEngine
.A persistentSSLSession
cache used bySSLSessionContext
to share server-side SSL sessions across processes.Utility methods for SSL packet processing.States for SSL engines.IndexesTrustAnchor
instances so they can be found in O(1) time instead of O(N).TrustManagerFactory service provider interface implementation.TrustManager implementation.If an EKU extension is present in the end-entity certificate, it MUST contain an appropriate key usage.Comparator for sortingTrustAnchor
s using aCertificatePriorityComparator
.A simple but useless key class that holds X.509 public key information when the appropriate KeyFactory for the key algorithm is not available.