All Classes and Interfaces
Class
Description
Common code for
LazyOpensslCRLStoreSpi and PlainCRLStoreSpi.Abstract base for credential implementations which delegate to
another one.
EuGridPMA policy store common code.
Globus EACL policy store common code.
Deprecated.
Policy store common code.
Base implementation of Trust Anchor stores.
Base implementation of
X509CertChainValidator.Base class with a shared code for
X509Credential implementations.Generic proxy creation parameters useful for all scenarios.
Low-level certificate validator based on the BC
PKIXCertPathReviewer
with additional support for proxy certificates.Maps
PKIXCertPathReviewer errors to
ValidationError.A simplistic
X509CertChainValidator implementation which always fails or accepts certificates,
basing on the constructor argument.Cached element is a container of an arbitrary object,
enriched with a creation timestamp.
This class extends the
PEMParser class from the BC library.Stores DER form of a certificate extension along with its OID and
flag if the extension is critical.
Utility methods for certificates handling and reading/writing PEM files.
Utility class with methods simplifying typical certificate related operations.
Definition of the encoding that can be used for reading or writing
certificates or keys.
Exposes otherwise hidden methods from
CertPathValidatorUtilitiesCanl plus in some
cases fixes bugs plus produces errors in the desired format.Trivial implementation of
PasswordSupplier which uses a password
provided to the constructor.This class wraps X509CertChainValidator so it can be easily used in
the standard Java SSL API.
Simple
KeyManager implementation which always returns the only key and certificate
which is available in the configured X509Credential object.Defines Certificate Revocation List verification mode.
Manages configuration of CRL sources, used in non-openssl truststores.
Implementation of
RevocationChecker using CRLs, the RFC3280CertPathUtilitiesCanl.Wraps certificate and private key stored in DER format.
The certificate validator which uses a flexible set of certificates and CRL locations.
Retrieves CA certificates from locations given as local paths with wildcards
or URLs.
Helpers for checking text representations of DNs for equality.
Proxy cert info extension class.
Parses a single EUGridPMA namespaces file and returns
NamespacePolicy object.Provides an in-memory store of
NamespacePolicy objects.Extended PKIX parameters with additional settings related to
the library features: different CRL modes and proxy support.
PKIXCertPathReviewer
Validation of X.509 Certificate Paths.
Validation of X.509 Certificate Paths.
Extends BC's
PEMParser class so it can read correctly also
PEM files with a garbage at the beginning
and minor syntax violations which occur more then often in the wild.String output mode.
Parses a single .signing_policy file and returns
NamespacePolicy object.Provides an in-memory store of
NamespacePolicy objects.Deprecated.
use
HostnameMismatchCallback2 and the related classesImplementation should react to the event when remote SSL peer's certificate is not matching its hostname.
Verifies if a peer's host name matches a DN of its certificate.
The certificate validator which uses Java
KeyStore as a truststore.Helpers for IP addresses comparison.
Extends
BCStyle with additional recognized attribute names, to make
it fully compatible with what the internal OpenJDK implementation supports
when parsing string RFC 2253 DNs.Implementation of the
TrustAnchorStore which load JDK's KeyStore
from a file.Implementation of the
TrustAnchorStore which uses JDK's KeyStore
as a in-memory storage.The certificate validator which uses Java
KeyStore as a truststore.Wraps a Java KeyStore in form suitable for use in JSSE.
KeyStore class utility helpersEuGridPMA namespace policies are loaded on demand by this store and are cached in memory.
Globus EACL policies are loaded on demand by this store and are cached in memory.
Handles an Openssl-like CRL store.
Implementation of the truststore which uses CA certificates from a single directory
in OpenSSL format.
Implements namespace policy checking.
Used to define the CA namespace checking mode.
Represents a namespace policy, i.e.
Implemented by namespace parsers.
Store of
NamespacePolicy objects.This class is a modified copy of BC's
PKIXCertPathBuilderSpi.Thread safe class maintaining a collection of
StoreUpdateListeners.Common base class for responses and responders caches.
OCSP client which adds a cache layer on top of
OCSPClientImpl.Defines On-line Certificate Status Protocol usage mode.
OCSP client is responsible for the network related activity of the OCSP invocation pipeline.
Manages configuration of OCSP support for all truststores.
Configuration of a local responder.
OCSP failing responses cache: in memory with disk persistence.
OCSP responses cache: in memory with disk persistence.
Holds OCSP response (parsed) and some additional metadata, e.g.
Implementation of
RevocationChecker using CRLs, the OCSPVerifierOCSP checker - uses provided
OCSPParametes to perform OCSP calls using
OCSPCachingClient and returns the final response.OidAndValue<T extends org.bouncycastle.asn1.ASN1Encodable>
Stores DER form of a certificate attribute value with its OID.
The certificate validator which uses OpenSSL directory as a truststore.
Implementation of the CRL store which uses CRLs from a single directory
in OpenSSL format.
Represents a namespace policy, i.e.
This class provides support for the legacy Openssl format of DN encoding.
Implementations of this interface are used by
OpensslCertChainValidator to get access to
the trust anchor store.Implementation of the truststore which uses CA certificates from a single directory
in OpenSSL format.
Several static methods helping to mangle truststore file paths in openssl style.
Common helpers for namespace file parsers.
Provides password on demand.
Wraps certificate and private key stored in PEM format.
This class extends the
PEMParser class from the BC library.Checker which handles proxy certificate extensions so BC won't report them as unknown.
Handles an in-memory CRL store.
An abstract validator which provides a CRL support common for validators
using
PlainCRLStoreSpi.Class for CA or CRL stores with utility methods for handling list
of locations as wildcards or URLs.
A class for handling the VOMS AC extension in certificates (OID: 1.3.6.1.4.1.8005.100.100.5)
An utility class for defining the allowed address space, used both to define
the source and target restrictions.
Wraps information about a new proxy which was generated by the
ProxyGenerator.Default implementation of the
ProxyCertificate interface.Holds parameters which are used to create a proxy certificate using
only a certificate chain.
Proxy cert info extension class.
A class to get an information from a proxy certificate chain.
Specifies the type of the proxy chain.
Wraps information about a new proxy certificate signing request which was generated by the
ProxyCSRGenerator.Generates a proxy certificate signing request.
ProxyCSR implementation.
A class to get the information from the proxy certificate request.
Utilities to create proxy certificates.
Actual implementation of the Proxy generation.
Various helpers for handling proxy certificates
Proxy policy ASN1 class.
Holds parameters which are used to issue a proxy certificate
using a provided Certificate Signing Request and a local certificate chain.
A class for handling the SAML extension in the Certificate.
Defines proxy support mode for validators.
A class for generating and parsing the proxy tracing extensions.
Specifies the type of the proxy.
Utility methods for checking properties of proxy certificates.
InputStream implementation that reads a character stream from a Reader
and transforms it to a byte stream using a specified charset encoding.Used to check revocation using a single revocation checking mechanism.
Wraps the information required to control how certificates revocation is checked.
Manages configuration of revocation settings, used in non-openssl truststores.
Covers possible generic revocation checking outcomes, in case when certificate being checked is not revoked.
This class exposes the BC's JCA implementation of the
RFC3280CertPathUtilities.Proxy cert info extension class.
Provider-less implementation of the CertStore.
Contains one problem code with optional arguments.
Deprecated.
Use
SocketFactoryCreator2 instead, which handles hostname verification in a safer way.Utility allowing programmers to quickly create SSL socket factories using configuration abstractions
of this library.
Implementation of
TrustManager which uses a configured X509CertChainValidator
to validate certificates.Wires CANL abstractions: credentials and verificators into Java SSL socket factory.
Implementations receive information about updates of certificate, CRL stores or OCSP errors.
Base implementation of Trust Anchor stores which load all certificates into memory.
Implementations provide trust store material: a list of trusted CA certificates.
Holds information about a single validation problem with a reference to
the certificate chain.
This enumeration contains general classes of errors that can be signaled
during certificate path validation.
This enumeration contains codes of errors that can be signaled
during certificate path validation.
Wraps a list of
ValidationErrorInvoked when there is an error found during certificate chain validation.
Wraps a validation result, error messages and unresolved
certificate extension oids (if any).
Contains parameters common for all
X509CertChainValidator implementations.Contains parameters common for all
X509CertChainValidator implementations
which use RevocationParametersExtThis class holds a partner of the TimerTask reference as weak one.
Contains utility static methods which are helpful in manipulating X.500 Distinguished
Names, especially encoded in String form using RFC 2253.
Implementations are used to perform a manual certificate chain validation.
Extends the main
X509CertChainValidator interface with some additional methods
which are commonly provided by the most validator implementations, but are not
strictly required for the sole validation.Implementations are used to wrap credentials (private key and certificate)
in various formats.
Utility allowing for converting certificates to various text representations.
Class to produce an X.509 Version 3 certificate.
SocketFactoryCreator.connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback)instead.