All Classes and Interfaces
Class
Description
Abstract base class for all Conscrypt
SSLEngine classes.Abstract base class for all Conscrypt
SSLSocket classes.Supports SSL session caches.
A session that is dedicated a single connection and operates directly on the underlying
SSL.Utilities to check whether IP addresses meet some criteria.
A buffer that was allocated by a
BufferAllocator.Server-side selector for the ALPN protocol.
An adapter to bridge between the native code and the
ApplicationProtocolSelector API.Compatibility utility for Arrays.
An object responsible for allocation of buffers.
Byte array wrapper for hashtable use.
A set of certificates that are blacklisted from trust.
CertificateEntry structure.
Comparator for prioritizing certificates in path building.Interface for classes that implement certificate pinning for use in
TrustManagerImpl.Analyzes the cryptographic strength of a chain of X.509 certificates.
Caches client sessions.
Core API for creating and configuring all Conscrypt types.
A certificate store that supports additional operations that are used in
TrustManagerImpl.
Implements the
SSLEngine API using OpenSSL's non-blocking interfaces.Implements crypto handling by delegating to
ConscryptEngine.Implementation of the class OpenSSLSocketImpl based on OpenSSL.
This interface is used to implement hostname verification in Conscrypt.
BoringSSL-based implementation of server sockets.
Extends the default interface for
SSLSession to provide additional properties exposed
by Conscrypt.Provides a place where NativeCrypto can call back up to do Java language
calls to work on delegated key types from native code.
Properties about a Certificate Transparency Log.
Support class for this package.
An implementation of
SecretKeyFactory for use with DESEDE keys.DigitallySigned structure, as defined by RFC5246 Section 4.7.
Deprecated.
This abstraction is deprecated because it does not work with TLS 1.3.
AlgorithmParameters implementation for elliptic curves.
Utility class to convert between BoringSSL- and JCE-style message digest identifiers.
Indicates a public API that can change at any time, and has no guarantee of API stability and
backward-compatibility.
An externalized view of the underlying
SSLSession used within a
socket/engine.The provider of the current delegate session.
File-based cache implementation.
A file containing a piece of cached data.
This cache creates one file per SSL session using "host.port" for
the file name.
GCM parameters used during an ciphering operation with
OpenSSLCipher.Similar in concept to
HandshakeCompletedListener, but used for listening directly
to the engine.Utilities for interacting with properties of the host being run on.
Enumeration of architectures.
Enumeration of operating systems.
Annotates a program element (class, method, package etc) which is internal to Conscrypt, not part
of
the public API, and should not be used by users of Conscrypt.
An implementation of
AlgorithmParameters that contains only an IV.This is an adapter that wraps the active session with
ExtendedSSLSession, if running
on Java 7+.A version of ConscryptEngineSocket that includes the new Java 9 (and potentially later
patches of 8)
setHandshakeApplicationProtocolSelector API (which requires Java 8 for
compilation, due to the use of BiFunction).A wrapper around
ConscryptEngine that adapts to the new Java 9 (and potentially later
patches of 8) setHandshakeApplicationProtocolSelector API (which requires Java 8 for
compilation, due to the use of BiFunction).This is an adapter that wraps the active session with
ExtendedSSLSession, if running
on Java 8+.A version of ConscryptFileDescriptorSocket that includes the new Java 9 (and potentially later
patches of 8)
setHandshakeApplicationProtocolSelector API (which requires Java 8 for
compilation, due to the use of BiFunction).Utility methods supported on Java 8+.
Utility methods supported on Java 9+.
An implementation of
KeyGenerator suitable for use with other Conscrypt
algorithms.KeyManagerFactory implementation.
KeyManager implementation.
Provides the Java side of our JNI glue for OpenSSL.
A collection of callbacks from the native OpenSSL code that are
related to the SSL handshake initiated by SSL_do_handshake.
Helper to initialize the JNI libraries.
Sorts the errors in a list in descending order of value.
Helper class to load JNI resources.
A result of a single attempt to load a library.
A Utility to Call the
System.load(String) or System.loadLibrary(String).Used to hold onto native OpenSSL references and run finalization on those
objects.
A utility wrapper that abstracts operations on the underlying native SSL instance.
A utility wrapper that abstracts operations on the underlying native SSL_SESSION instance.
The session wrapper implementation.
AlgorithmParameters implementation for OAEP.
Data about OIDs.
A HostnameVerifier consistent with RFC 2818.
Provides an interface to OpenSSL's BIO system directly from a Java
InputStream.
Wraps a BoringSSL BIO to act as a place to write out data.
Wrapped by a BoringSSL BIO to act as a source of bytes.
An implementation of
Cipher using BoringSSL as the backing library.Modes that a block cipher may support.
Paddings that a block cipher may support.
Implementation of the ChaCha20 stream cipher.
OpenSSL-backed SSLContext service provider interface.
Public to allow construction via the provider framework.
Public to allow construction via the provider framework.
Public to allow construction via the provider framework.
Public to allow construction via the provider framework.
Elliptic Curve Diffie-Hellman key agreement backed by the OpenSSL engine.
Represents a BoringSSL EC_GROUP object.
An implementation of a
KeyFactorySpi for EC keys based on BoringSSL.An implementation of
KeyPairGenerator for EC keys which uses BoringSSL to perform all the
operations.An implementation of a
PrivateKey for EC keys based on BoringSSL.An implementation of a
PublicKey for EC keys based on BoringSSL.Represents a BoringSSL
EVP_PKEY.Marker interface for classes that hold an
OpenSSLKey.An implementation of
Mac which uses BoringSSL to perform all the operations.Implements the JDK MessageDigest interface using OpenSSL's EVP API.
Provider that uses BoringSSL to perform the actual cryptographic operations.
Implements
SecureRandom using BoringSSL's RAND interface.An implementation of
KeyFactory which uses BoringSSL to perform all the
operations.An implementation of
KeyPairGenerator which uses BoringSSL to perform all
the operations.An implementation of
PrivateKey for RSA keys which uses BoringSSL to
perform all the operations.An implementation of
PrivateKey for RSA keys which uses BoringSSL to
perform all the operations.An implementation of
PublicKey for RSA keys which uses BoringSSL to
perform all the operations.An implementation of
SSLServerSocketFactory using BoringSSL.Implements the subset of the JDK Signature interface needed for
signature verification using OpenSSL.
Base class for
RSASSA-PKCS1-v1_5 signatures.Base class for
RSASSA-PSS signatures.Implements the JDK Signature interface needed for RAW ECDSA signature
generation and verification using BoringSSL.
Implements the JDK Signature interface needed for RAW RSA signature
generation and verification using BoringSSL.
An implementation of
SSLSocketFactory based on BoringSSL.Public shim allowing us to stay backward-compatible with legacy applications which were using
Conscrypt's extended socket API before the introduction of the
Conscrypt class.An implementation of
X509Certificate based on BoringSSL.An implementation of
CertificateFactory based on BoringSSL.The code for X509 Certificates and CRL is pretty much the same.
An implementation of
CertPath based on BoringSSL.Supported encoding types for CerthPath.
An implementation of
X509CRL based on BoringSSL.An implementation of
X509CRLEntry based on BoringSSL.A provider for the peer host and port information.
Platform-specific methods for OpenJDK.
Static convenience methods that help a method or constructor check whether it was invoked
correctly (that is, whether its preconditions were met).
Deprecated.
This abstraction is deprecated because it does not work with TLS 1.3.
AlgorithmParameters implementation for PSS.
Caches server sessions.
A snapshot of the content of another
ConscryptSession.This class basically does the same thing the ShortBufferException class does
except not filling in stack trace in the exception to save CPU-time for it
in an environment where this can be thrown many times.
SignedCertificateTimestamp structure, as defined by RFC6962 Section 3.2.
A persistent
SSLSession cache used by
SSLSessionContext to share client-side SSL sessions
across processes.This is returned in the place of a
SSLSession when no TLS connection could be negotiated,
but one was requested from a method that can't throw an exception such as SSLSocket.getSession() before SSLSocket.startHandshake() is
called.The instances of this class encapsulate all the info
about enabled cipher suites and protocols,
as well as the information about client/server mode of
ssl socket, whether it require/want client authentication or not,
and controls whether new SSL sessions may be established by this
socket or not.
For abstracting the X509KeyManager calls between
X509KeyManager.chooseClientAlias(String[], java.security.Principal[], java.net.Socket)
and
X509ExtendedKeyManager.chooseEngineClientAlias(String[], java.security.Principal[], javax.net.ssl.SSLEngine)For abstracting the
PSKKeyManager calls between those taking an SSLSocket and
those taking an SSLEngine.A persistent
SSLSession cache used by
SSLSessionContext to share server-side SSL sessions
across processes.Utility methods for SSL packet processing.
States for SSL engines.
Indexes
TrustAnchor instances so they can be found in O(1)
time instead of O(N).TrustManagerFactory service provider interface implementation.
TrustManager implementation.
If an EKU extension is present in the end-entity certificate,
it MUST contain an appropriate key usage.
Comparator for sorting
TrustAnchors using a CertificatePriorityComparator.Verification result for a single SCT.
A simple but useless key class that holds X.509 public key information when
the appropriate KeyFactory for the key algorithm is not available.