All Classes and Interfaces

Class
Description
Base interface for extra methods required for handling associated data in AEAD ciphers.
General finder for converting OIDs and AlgorithmIdentifiers into strings.
Exception thrown if an Archive TimeStamp according to RFC4998 fails to containsHashValue.
 
 
The Holder object.
Carrying class for an attribute certificate issuer.
Carrier for an authenticator control.
Reader for Base64 armored objects which converts them into binary data.
 
 
 
OCSP RFC 2560, RFC 6960
Generator for basic OCSP response objects.
 
 
 
 
 
 
 
Lightweight CRMFOutputEncryptor builder.
 
 
 
 
 
 
 
 
 
 
 
Lightweight convenience class for EncryptedValueBuilder
An encrypted value padder that uses MGF1 as the basis of the padding.
 
 
 
 
 
 
 
 
 
 
 
 
the RecipientInfo class for a recipient who has been sent a message encrypted using a password.
 
 
 
Extension of the PKCS#10 builder to support AsymmetricKey objects.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
JCA helper class to allow BC lightweight objects to be used in the construction of a Version 1 certificate.
JCA helper class to allow BC lightweight objects to be used in the construction of a Version 3 certificate.
Calculator based on the use of a left weighted binary Merkle tree created on top of the partial hash tree objects provided.
 
A class that explicitly buffers the data to be signed, sending it in one block when ready for signing.
Holder class for a SimplePKIResponse containing the details making up /cacerts response.
 
Builder of CCPD requests (Certify Claim of Possession of Data).
Data piece of DVCRequest for CCPD service (Certify Claim of Possession of Data).
General checked Exception thrown in the cert package and its sub-packages.
Carrier class for a CertConfirmContent message.
Builder class for a CertConfirmContent message.
 
 
 
 
Builder for a CertificateRepMessage.
 
 
Carrier for a CRMF CertReqMsg.
Builder for high-level objects built on CertReqMsg.
High level wrapper for the CertResponse CRMF structure.
Builder for CertificateResponse objects (the CertResponse CRMF equivalent).
 
 
 
General IOException thrown in the cert package and its sub-packages.
 
 
 
 
 
 
 
Channel Binding Provider provides a method of extracting the ChannelBinding that can be customised specifically for the provider.
 
 
 
a class representing null or absent content.
 
 
Note: The SIGNATURE parameter is only available when generating unsigned attributes.
containing class for an CMS Authenticated Data object
General class for generating a CMS authenticated-data message.
Parsing class for an CMS Authenticated Data object from an input stream.
General class for generating a CMS authenticated-data message stream.
 
containing class for an CMS AuthEnveloped Data object
 
 
 
General class for generating a CMS enveloped-data message.
containing class for an CMS Compressed Data object
General class for generating a compressed CMS message.
Class for reading a CMS Compressed Data stream.
General class for generating a compressed CMS message stream.
 
 
containing class for an CMS Digested Data object
 
General class for generating a CMS encrypted-data message.
General class for generating a CMS encrypted-data message.
containing class for an CMS Enveloped Data object
General class for generating a CMS enveloped-data message.
Parsing class for an CMS Enveloped Data object from an input stream.
General class for generating a CMS enveloped-data message stream.
General class for generating a CMS enveloped-data message.
 
Toolkit methods for dealing with common errors in CMS classes.
Use CMSTypedData instead of this.
a holding class for a byte array of data to be processed.
Carrier class for a CMPCertificate over CMS.
a holding class for a file of data to be processed.
 
 
Finder which is used to look up the algorithm identifiers representing the encryption algorithms that are associated with a particular signature algorithm.
general class for handling a pkcs7-signature message.
general class for generating a pkcs7-signature message.
Parsing class for an CMS Signed Data object from an input stream.
General class for generating a pkcs7-signature message stream.
 
 
 
 
 
 
 
 
 
 
 
General interface for an operator that is able to create a signature from a stream of output.
General interface for an operator that is able to verify a signature based on data in a stream of output.
General interface for providers of ContentVerifier objects.
Generic interface for a CertificateRequestMessage control value.
Builder of DVCSRequests to CPD service (Certify Possession of Data).
Data piece of DVCRequest for CPD service (Certify Possession of Data).
 
 
 
Wrapper class around a CsrAttrs structure.
Holder class for a response containing the details making up /csrattrs response.
 
A single shot fetcher for a certificate which will only request the specific DNS record if the DANEEntryFetcher used on construction supports it.
Carrier class for a DANE entry.
Factory class for creating DANEEntry objects.
 
Factories for DANEEntryFetcher objects should implement this.
 
Factory for creating selector objects to use with the DANECertificateStore.
Class storing DANEEntry objects.
Builder for the DANECertificateStore.
General checked Exception thrown in the DANE package.
 
Default authenticated attributes generator.
 
 
 
 
 
 
Class for return signature names from OIDs or AlgorithmIdentifiers
Default signed attributes generator.
 
The delta certificate request attribute defined in: https://datatracker.ietf.org/doc/draft-bonnell-lamps-chameleon-certs/
 
General tool for handling the extension described in: https://datatracker.ietf.org/doc/draft-bonnell-lamps-chameleon-certs/
 
General interface for an operator that is able to calculate a digest from a stream of output.
The base interface for a provider of DigestCalculator implementations.
Exception thrown when failed to initialize some DVCS-related staff.
General DVCSException.
 
DVCS parsing exception - thrown when failed to parse DVCS message.
DVCRequest is general request to DVCS (RFC 3029).
Common base class for client DVCRequest builders.
Data piece of DVCRequest object (DVCS Data structure).
Information piece of DVCS requests.
DVCResponse is general response to DVCS (RFC 3029).
 
 
 
General checked Exception thrown in the cert package and its sub-packages.
General IOException thrown in the cert package and its sub-packages.
 
 
 
Builder for EncryptedValue structures.
An encrypted value padder is used to make sure that prior to a value been encrypted the data is padded to a standard length.
Parser for EncryptedValue structures.
 
Holder class for a response containing the details making up a /simpleenroll response.
 
 
RFC 4998 ArchiveTimeStamp.
Generator for RFC 4998 Archive Time Stamps.
Generic class for holding byte[] data for RFC 4998 ERS.
An ERSData object that caches hash calculations.
General interface for an ERSData data group object.
Representation of data groups with more than 1 members according to the description provided in RFC4998.
Representation of a data group based on a directory.
RFC 4998 Evidence Record.
 
 
 
Exception thrown if an Archive TimeStamp according to RFC4998 fails to containsHashValue.
Generic class for holding a File of data for RFC 4998 ERS.
Generic class for processing an InputStream of data RFC 4998 ERS.
Base interface for an implementation that calculates the root hash contained in the time-stamp from the Merkle tree based on the partial hash-tree nodes.
Base interface for an object with adds HTTP Auth attributes to an ESTRequest
ESTClient implement connection to the server.
A client provider is responsible for creating an ESTClient instance.
ESTClientSourceProvider, implementations of this are expected to return a source.
Exception emitted by EST classes.
ESTHijacker can take control of the source after the initial http request has been sent and a response received.
Implements a basic http request.
Builder for basic EST requests
A basic http response.
ESTService provides unified access to an EST server which is defined as implementing RFC7030.
Build an RFC7030 (EST) service.
ESTSourceConnectionListener is called when the source is is connected to the remote end point but no application data has been sent.
 
 
 
 
 
 
 
 
 
 
 
General wrapper for a generic PKIMessage
 
 
 
HTML Filter
Provides stock implementations for basic auth and digest auth.
 
Base interface for an input consuming AEAD Decryptor supporting associated text.
General interface for an operator that is able to produce an InputStream that will decrypt a stream of encrypted data.
 
General interface for an operator that is able to produce an InputStream that will produce uncompressed data.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
X509Certificate aware extension of CertificateRepMessageBuilder.
 
 
Class for storing Certificates for later lookup.
Builder to create a CertStore from certificate and CRL stores.
 
 
Class for storing CRLs for later lookup.
 
 
 
JCA convenience class for EncryptedValueBuilder
 
 
Builder for HttpAuth operator that handles digest auth using a JCA provider.
 
 
 
 
 
 
 
 
General utility methods for building common objects for supporting the JCA/JCE/JSSE.
PEM generator for the original set of PEM objects used in Open SSL.
 
General purpose writer for OpenSSL PEM objects based on JCA/JCE classes.
 
Extension of the PKCS#10 builder to support PublicKey and X500Principal objects.
 
 
 
 
Holder class for public/private key based identity information.
Builder for a private/public identity object representing a "user"
 
 
 
 
This is designed to parse the SignedPublicKeyAndChallenge created by the KEYGEN tag included by Mozilla based browsers.
 
 
 
Use this class if you are using a provider that has all the facilities you need.
 
 
Converter for producing X509Certificate objects tied to a specific provider from X509CertificateHolder objects.
JCA helper class for converting an X509Certificate into a X509CertificateHolder object.
 
 
 
 
Class for converting an X509CRLHolder into a corresponding X509CRL object tied to a particular JCA provider.
JCA helper class for converting an X509CRL into a X509CRLHolder object.
 
JCA helper class to allow JCA objects to be used in the construction of a Version 1 certificate.
 
JCA helper class to allow JCA objects to be used in the construction of a Version 3 certificate.
 
 
 
 
Builder for the content encryptor in EnvelopedData - used to encrypt the actual transmitted content.
 
 
 
 
 
 
 
A generic decryptor provider for IETF style algorithms.
 
 
the KeyTransRecipientInformation class for a recipient who has been sent a secret key encrypted using their public key that needs to be used to extract the message.
 
 
 
 
 
 
 
 
 
 
 
 
the KeyTransRecipientInformation class for a recipient who has been sent a secret key encrypted using their public key that needs to be used to extract the message.
 
 
 
 
 
the KeyTransRecipient class for a recipient who has been sent secret key material encrypted using their public key that needs to be used to derive a key and authenticate a message.
the KeyTransRecipient class for a recipient who has been sent secret key material encrypted using their public key that needs to be used to derive a key and extract a message.
 
 
 
 
DecryptorProviderBuilder for producing DecryptorProvider for use with PKCS8EncryptedPrivateKeyInfo.
 
 
 
the RecipientInfo class for a recipient who has been sent a message encrypted using a password.
 
A builder for RFC 8018 PBE based MAC calculators.
 
 
 
 
 
 
 
 
 
 
A DANE entry fetcher implemented using JNDI.
A typical hostname authorizer for verifying a hostname against the available certificates.
Build an RFC7030 (EST) service based on the JSSE.
Verify the host name is as expected after the SSL Handshake has been completed.
 
 
 
the RecipientInfo class for a recipient who has been sent a message encrypted using a secret key known to the other side.
 
 
 
 
 
 
 
 
the RecipientInfo class for a recipient who has been sent a message encrypted using key agreement.
 
 
 
the KeyTransRecipientInformation class for a recipient who has been sent a secret key encrypted using their public key that needs to be used to extract the message.
 
 
 
Interface for a Source which can only produce up to a certain number of bytes.
 
Base class for all Exceptions with localized messages.
 
 
 
General interface for a key initialized operator that is able to calculate a MAC from a stream of output.
 
A generic class for capturing the mac data at the end of a encrypted data stream.
 
 
 
 
General IOException thrown in the mime package and its sub-packages.
 
Base interface for a MIME parser.
Base interface for a MIME parser context.
Base interface for a MIME parser listener.
 
 
PEM generator for the original set of PEM objects used in Open SSL.
 
 
OCSPRequest ::= SEQUENCE { tbsRequest TBSRequest, optionalSignature [0] EXPLICIT Signature OPTIONAL } TBSRequest ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, requestorName [1] EXPLICIT GeneralName OPTIONAL, requestList SEQUENCE OF Request, requestExtensions [2] EXPLICIT Extensions OPTIONAL } Signature ::= SEQUENCE { signatureAlgorithm AlgorithmIdentifier, signature BIT STRING, certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL} Version ::= INTEGER { v1(0) } Request ::= SEQUENCE { reqCert CertID, singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } CertID ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, issuerNameHash OCTET STRING, -- Hash of Issuer's DN issuerKeyHash OCTET STRING, -- Hash of Issuers public key serialNumber CertificateSerialNumber }
 
 
base generator for an OCSP response - at the moment this only supports the generation of responses containing BasicOCSP responses.
 
 
 
 
 
 
General interface for an operator that is able to produce an OutputStream that will output compressed data.
General interface for an operator that is able to produce an OutputStream that will output encrypted data.
 
 
 
Deprecated.
no longer used.
 
 
 
 
the RecipientInfo class for a recipient who has been sent a message encrypted using a password.
 
Base interface for decryption operations.
 
 
 
 
 
Class for parsing OpenSSL PEM encoded streams containing X509 certificates, PKCS8 encoded keys and PKCS7 objects.
Deprecated.
use JcaPEMWriter
Holding class for a PKCS#10 certification request.
A class for creating PKCS#10 Certification requests.
 
 
A holding class for the PKCS12 Pfx structure.
A builder for the PKCS#12 Pfx key and certificate store.
 
 
 
 
 
Holding class for a PKCS#8 EncryptedPrivateKeyInfo structure.
A class for creating EncryptedPrivateKeyInfo structures.
 
General checked Exception thrown in the cert package and its sub-packages.
General IOException thrown in the cert package and its sub-packages.
Carrier for a PKIArchiveOptions structure.
Builder for a PKIArchiveControl structure.
PKIXCertPathReviewer
Validation of X.509 Certificate Paths.
Holder class for public/private key based identity information.
 
 
 
 
 
 
 
Wrapper for a PKIMessage with protection attached to it.
Builder for creating a protected PKI message.
Input stream that processes quoted-printable data, converting it into what was originally intended.
Interface for ContentVerifiers that also support raw signatures that can be verified using the digest of the calculated data.
 
 
 
 
 
 
Carrier for a registration token control.
 
OCSP RFC 2560, RFC 6960
Carrier for a ResponderID.
 
 
wrapper for the RevokedInfo object
 
 
 
 
This is designed to parse the SignedPublicKeyAndChallenge created by the KEYGEN tag included by Mozilla based browsers.
a basic index for a signer.
 
Builder for SignerInfo generator objects.
an expanded SignerInfo block from a CMS Signed message
 
 
 
Basic generator that just returns a preconstructed attribute table
Carrier for a Simple PKI Response.
 
Writer for SMIME Enveloped objects.
 
 
 
 
 
Writer for SMIME Signed objects.
 
A sorting list - byte[] are sorted in ascending order.
A sorting list - byte[] are sorted in ascending order.
Used to Wrap a socket and to provide access to the underlying session.
Filter for strings to store in a SQL table.
Implementations provide SSL socket factories.
A checker for vetting subject public keys based on the direct checking of the ASN.1
 
 
 
 
Base class for an RFC 3161 Time Stamp Request.
Generator for RFC 3161 Time Stamp Request objects.
Base class for an RFC 3161 Time Stamp Response object.
Generator for RFC 3161 Time Stamp Responses.
Carrier class for a TimeStampToken.
Currently the class supports ESSCertID by if a digest calculator based on SHA1 is passed in, otherwise it uses ESSCertIDv2.
 
TLSUniqueProvider implementation of this can provide the TLS unique value.
A calculator which produces a truncated digest from a regular one, with the truncation achieved by dropping off the right most octets.
 
Recognised hash algorithms for the time stamp protocol.
 
 
 
Exception thrown if a TSP request or response fails to validate.
wrapper for the UnknownInfo object
Wrapper class to mark untrusted input.
Wrapper class to mark an untrusted Url
 
Representation of the authorization information (VO, server address and list of Fully Qualified Attribute Names, or FQANs) contained in a VOMS attribute certificate.
Inner class providing a container of the group,role,capability information triplet in an FQAN.
Builder of DVC requests to VPKC service (Verify Public Key Certificates).
Data piece of DVCS request to VPKC service (Verify Public Key Certificates).
Builder of DVCS requests to VSD service (Verify Signed Document).
Data piece of DVCS request to VSD service (Verify Signed Document).
Holding class for an X.509 AttributeCertificate structure.
This class is an Selector like implementation to select attribute certificates from a given set of criteria.
This class builds selectors according to the set criteria.
A general class for X.509 certificate "pretty printing".
Holding class for an X.509 Certificate structure.
a basic index for a X509CertificateHolder class
 
Holding class for an X.509 CRL Entry structure.
Holding class for an X.509 CRL structure.
General utility class for creating calculated extensions using the standard methods.
X.509 Certificate Revocation Checker - still lacks OCSP support and support for delta CRLs.
 
Holder for an OpenSSL trusted certificate block.
class to produce an X.509 Version 1 certificate.
class to produce an X.509 Version 2 AttributeCertificate.
class to produce an X.509 Version 2 CRL.
class to produce an X.509 Version 3 certificate.