All Classes and Interfaces
Class
Description
A plain certattr set used by pkcs10 to parse an unknown attribute.
This class identifies DSS/DSA Algorithm variants, which are distinguished
by using different algorithm parameters P, Q, G.
Represents a cryptographic algorithm.
This class identifies algorithms, such as cryptographic transforms, each
of which may be associated with parameters.
This exception is thrown if an initialization operation
is attempted on something that is already initialized.
Represents an ASN.1
ANY value.A class for decoding
ANY values from BER.Maps a ASN.1 character string type to a charset encoder and decoder.
The portion of a BER encoding that precedes the contents octets.
An interface for decoding ASN1Values from their BER encodings.
A value that can be decoded from BER and encoded to DER.
C-style assertions in Java.
Assertion exceptions are thrown when assertion code is invoked
and fails to operate properly.
An attribute, as identified by some attribute ID, has some particular values.
An Attribute, which has the following ASN.1
definition (roughly):
An Attribute, which has the following ASN.1
definition (roughly):
A Template for decoding an Attribute.
A Template for decoding an Attribute.
An AuthenticatedSafes, which is a
SEQUENCE of
SafeContents.A Template class for decoding an AuthenticatedSafes from its
BER encoding.
This represents the authority information access extension
as defined in RFC2459.
This class represents the Authority Key Identifier Extension.
X.500 Attribute-Value-Assertion (AVA): an attribute, as identified by
some attribute ID, has some particular value.
An AttributeValueAssertion, which has the following ASN.1
definition (roughly):
A Template for decoding an AVA.
Interface for classes that convert a attribute value string to a
DER encoded ASN.1 value and vice versa.
BadAuthHandler interface enables arbitrary certificate authentication
from a NSS cert auth hook.
Deprecated.
Use javax.crypto.BadPaddingException.
Reads in base-64 encoded input and spits out the raw binary decoding.
An output stream filter that takes arbitrary bytes and outputs their
base64 encoding.
This class represents the Basic Constraints Extension.
A low-overhead arbitrary-precision unsigned integer.
An ASN.1
BIT STRING, which is an ordered sequence of bits.A class for decoding a
BIT_STRING from its BER encoding.A packed array of booleans.
The ASN.1 type BMPString.
CMC BodyPartReference:
A Template for decoding a BodyPartReference.
The type of BodyPartReference.
An ASN.1
BOOLEAN value.A Class for decoding
BOOLEAN values from their BER
encodings.Compare two byte arrays in lexicographical order.
Generate a pair of keys, and provide access to them.
This interface defines the methods required of a certificate attribute.
CertAuthHandler interface enables arbitrary certificate authentication
from a NSS cert auth hook.
A PKCS #12 cert bag.
A Template class for decoding CertBags from their BER encoding.
This exception is thrown if the certificate database does not exist,
or if an error occurs while opening it.
CertException indicates one of a variety of certificate problems.
CRMF CertId.
A Template for decoding a
CertId.An X.509 signed certificate.
This class defines the AlgorithmId for the Certificate.
This class defines the Extensions attribute for the Certificate.
A TBSCertificate (to-be-signed certificate), the actual information in
a certificate apart from the signature.
Template class for decoding a CertificateInfo.
An X.509 Certificate version.
Represent the CRL Certificate Issuer Extension.
This class defines the X500Name attribute for the Certificate.
This class defines the subject/issuer unique identity attribute
for the Certificate.
This class defines the Certificate Policies Extension.
Represent the CertificatePolicyId ASN.1 object.
Represent the CertificatePolicyInformation ASN.1 object.
Represent the CertificatePolicyMap ASN.1 object.
This class defines the certificate policy set ASN.1 object.
This represents the CertificateRenewalWindow extension
as defined in draft-thayes-cert-renewal-00
CertificateRenewalWindow ::= SEQUENCE {
beginTime GeneralizedTime,
endTime GeneralizedTime OPTIONAL }
This represents the CertificateScopeOfUse extension
as defined in draft-thayes-cert-scope-00
CertificateScopeEntry ::= SEQUENCE {
name GeneralName, -- pattern, as for NameConstraints
portNumber INTEGER OPTIONAL
}
CertificateScopeOfUse ::= SEQUENCE OF CertificateScopeEntry
This represents the CertificateScopeOfUse extension
as defined in draft-thayes-cert-scope-00
CertificateScopeEntry ::= SEQUENCE {
name GeneralName, -- pattern, as for NameConstraints
portNumber INTEGER OPTIONAL
}
CertificateScopeOfUse ::= SEQUENCE OF CertificateScopeEntry
This class defines the SerialNumber attribute for the Certificate.
This class defines the X500Name attribute for the Certificate.
This class defines the subject/issuer unique identity attribute
for the Certificate.
CertificateUsage options for validation
This class defines the interval for which the certificate is valid.
This class defines the version of the X509 Certificate.
This class defines the X509Key attribute for the Certificate.
A pkcs10 signed CertificationRequest.
A TBSCertificationRequest (to-be-signed CertificationRequest),
the actual information in
a CertificationRequest apart from the signature.
Template class for decoding a CertificationRequestInfo.
Extends X509CertInfo class so that minimal fields are initialized at
creation time so an object of this type is always serializable.
CertException indicates one of a variety of certificate problems.
This class will display the certificate content in predefined
format.
A CMMF CertRepContent.
This class models a CRMF CertReqMsg structure.
A class for decoding CertReqMsg structures from a BER encoding.
A PKIX CertRequest.
A Template class for constructing CertRequests from their
BER encoding.
This class models a CRMF CertTemplate structure.
A class for decoding CertTemplates.
Class for handling the decoding of a SCEP Challenge Password
object.
An exception thrown when challenge response pop is requested.
An abstract base class for all character string types in ASN.1.
Objects of this class are generated by CHOICE.Template.decode().
A Template for decoding ASN.1
CHOICEsAn element in a CHOICE template, consisting of a nested template
and, optionally, an implicit tag for that template.
Netmask that is the number of significant bits.
A context for performing symmetric encryption and decryption.
CKAClass is an instance of a PKCS#11 CK_ATTRIBUTE with type = CKA_CLASS.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_CLASS and value
CKO_CERTIFICATE.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_CLASS and value
CKO_DATA.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_CLASS and value
CKO_DOMAIN_PARAMETERS.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_CLASS and value
CKO_HW_FEATURE.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_CLASS and value
CKO_MECHANISM.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_CLASS and value
CKO_PRIVATE_KEY.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_CLASS and value
CKO_PUBLIC_KEY.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_CLASS and value
CKO_SECRET_KEY.
CKA_KEY_TYPE is an instance of a PKCS#11 CK_ATTRIBUTE with
type = CKA_KEY_TYPE.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_AES.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_BATON.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_BLOWFISH.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_CAMELLIA.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_CAST.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_CAST128.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_CAST3.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_CAST5.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_CDMF.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_DES.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_DES2.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_DES3.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_DH.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_DSA.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_EC.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_ECDSA.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_GENERIC_SECRET.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_IDEA.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_JUNIPER.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_KEA.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_RC2.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_RC4.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_RC5.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_RSA.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_SEED.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_SKIPJACK.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_TWOFISH.
Representation of a PKCS#11 CK_ATTRIBUTE with type CKA_KEY_TYPE and
value CKK_X9_42_DH.
A CKAttribute is an instance of PKCS#11 CK_ATTRIBUTE.
CKAUsage is a collection of PKCS#11 CK_ATTRIBUTES which have common value
(CK_TRUE).
CKADecrypt is an instance of PKCS#11 CK_ATTRIBUTE with
type = CKA_DECRYPT and value CK_TRUE.
CKADerive is an instance of PKCS#11 CK_ATTRIBUTE with
type = CKA_DERIVE and value CK_TRUE.
CKAEncrypt is an instance of PKCS#11 CK_ATTRIBUTE with
type = CKA_ENCRYPT and value CK_TRUE.
CKASign is an instance of PKCS#11 CK_ATTRIBUTE with
type = CKA_SIGN and value CK_TRUE.
CKASignRecover is an instance of PKCS#11 CK_ATTRIBUTE with
type = CKA_SIGN_RECOVER and value CK_TRUE.
CKAUnwrap is an instance of PKCS#11 CK_ATTRIBUTE with
type = CKA_UNWRAP and value CK_TRUE.
CKAVerify is an instance of PKCS#11 CK_ATTRIBUTE with
type = CKA_VERIFY and value CK_TRUE.
CKAVerifyRecover is an instance of PKCS#11 CK_ATTRIBUTE with
type = CKA_VERIFY_RECOVER and value CK_TRUE.
CKAWrap is an instance of PKCS#11 CK_ATTRIBUTE with
type = CKA_WRAP and value CK_TRUE.
CKAClass is an instance of a PKCS#11 CK_ATTRIBUTE with type = CKA_CLASS.
Algorithms for performing CMACs.
CMC CMCCertId.
A Template for decoding a
CMCCertId.CMC CMCStatusInfo:
CMCStatusInfoV2 replaces CMCStatusInfo in rfc 5272
CMC CMCStatusInfoV2:
The CMS Security Provider.
A password callback that obtains its password from the console.
A ContentInfo type, as defined in PKCS#7.
A PKCS #7 ContentInfo structure.
A PKCS #7 ContentInfo structure.
A template for decoding a ContentInfo blob
A template for decoding a ContentInfo blob
A CRMF
Control.A template class for decoding a Control from a BER stream.
This class keeps track of the number of bytes that have been read from
a stream.
Represent the CPSuri Qualifier.
DistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
reasons [1] ReasonFlags OPTIONAL,
cRLIssuer [2] GeneralNames OPTIONAL }
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
ReasonFlags ::= BIT STRING {
unused (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6) }
Template for decoding CRLDistributionPoint.
An extension that tells applications where to find the CRL for
this certificate.
Represents a reason that a cert may be revoked.
This class defines the CRL Extensions.
Thrown if a CRL cannot be imported
Represent the CRL Number Extension.
This class will display the certificate content in predefined
format.
Represent the CRLReason Extension of CRL entry.
This class is the starting poing for the crypto package.
note: this is obsolete in NSS
CertUsage options for validation
This is an interface for a permanent repository of cryptographic objects,
such as keys, certs, and passwords.
A CryptoToken performs cryptographic operations and stores
cryptographic items, such as keys and certs.
A class for closing databases.
CMC DecryptedPOP:
A Template for decoding BER-encoded DecryptedPOP items.
Decrypts data with the SecretDecoderRing.
Represent the Delta CRL Indicator Extension.
Interface to an object that knows how to write its own DER
encoding to an output stream.
DER input buffer ...
A DER input stream, used for parsing ASN.1 DER-encoded data such as
that found in X.509 certificates.
Output stream marshaling DER-encoded data.
Represents a single DER-encoded value.
A Template for decoding BER-encoded DigestData items.
A Template for decoding BER-encoded DigestData items.
A class for decoding the BER encoding of a DigestInfo.
A class for decoding the BER encoding of a DigestInfo.
An X.500 DirectoryString.
A Template for decoding DirectoryStrings from their BER encoding.
A DirStrConverter converts a string to a DerValue of ASN.1 Directory String,
which is a CHOICE of Printable (subset of ASCII), T.61 (Teletex) or
Universal String (UCS-4), and vice versa.
Represent the DisplayText.
This class implements the DNSName as required by the GeneralNames
ASN.1 object.
This class implements the DSA key factory of the Sun provider.
This class implements the parameter set used by the
Digital Signature Algorithm as specified in the FIPS 186
standard.
A PKCS#8 private key for the Digital Signature Algorithm.
An X.509 public key for the Digital Signature Algorithm.
Database of common, public elliptic curves.
This class defines the EDIPartyName of the GeneralName choice.
A CMS EncapsulatedContentInfo structure.
A template for decoding a EncapsulatedContentInfo blob
An ASN.1 class for encoding the SecretDecoderRing result.
An ASN.1 class for decoding the SecretDecoderRing result.
The PKCS #7 type EncryptedContentInfo, which encapsulates
encrypted data.
The PKCS #7 type EncryptedContentInfo, which encapsulates
encrypted data.
A template file for decoding a EnvelopedData blob
A template file for decoding a EnvelopedData blob
The PKCS #7 structure EncryptedData.
The PKCS #7 structure EncryptedData.
A Template for decoding EncryptedData items.
A Template for decoding EncryptedData items.
A Template for decoding BER-encoded EncryptedKeys.
The type of EncryptedKey.
CMC EncryptedPOP:
A Template for decoding BER-encoded EncryptedPOP items.
PKCS #8 EncryptedPrivateKeyInfo.
A template class for decoding EncryptedPrivateKeyInfos from BER.
The CRMF structure EncryptedValue for storing the encrypted
key to be archived.
A Template class for decoding BER-encoded EncryptedValues.
An algorithm for performing symmetric encryption.
Encrypts data with the SecretDecoderRing.
Represents an ASN.1
ENUMERATED value.A template for decoding ENUMERATED values from their BER encodings.
A template file for decoding a EnvelopedData blob
A template file for decoding a EnvelopedData blob
An explicit tag.
A template for decoding an object wrapped in an EXPLICIT tag.
ExtendedFailInfo per rfc 5272
It is to be used in CMCStatusInfoV2 as a CHOICE of otherInfo
A Template for decoding an ExtendedFailInfo.
This represents the extended key usage extension.
Represent a X509 Extension Attribute.
This class defines the Extensions attribute for the Certificate.
This class will display the certificate content in predefined
format.
An exception thrown when an optional field is not present.
An enumerated type representing the forms of an ASN.1 value.
An extension that tells applications where to find
the latest (freshest) delta CRL for this certificate
or full CRL.
Represents a reason that a cert may be revoked.
The ASN.1 type
GeneralizedTimeA class for decoding
GeneralizedTimes.This class implements the ASN.1 GeneralName object class.
This interface specifies the abstract methods which have to be
implemented by all the members of the GeneralNames ASN.1 object.
This object class represents the GeneralNames type required in
X509 certificates.
Generic General Names Exception.
Represent the GeneralSubtree ASN.1 object, whose syntax is:
Represent the GeneralSubtrees ASN.1 object.
Represent the AsnInteger Extension.
A GenericValueConverter converts a string that is not associated with
a particular attribute to a DER encoded ASN.1 character string type.
CMC GetCert.
A Template for decoding a
GetCert.CMMF GetCRL.
A Template for decoding a
GetCRL.Algorithms for performing HMACs.
Represent the CRL Hold Instruction Code Extension.
Converts bytes in ASN.1 IA5String character set to IA5String characters.
Converts characters in ASN.1 IA5String character set to IA5String bytes.
A AVAValueConverter that converts a IA5String attribute to a DerValue
and vice versa.
CMC IdentityProofV2:
per rfc 5272
A Template for decoding BER-encoded IdentityProofV2 items.
RFC3280:
id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
InhibitAnyPolicy ::= SkipCerts
SkipCerts ::= INTEGER (0..MAX)
The various options that can be used to initialize CryptoManager.
This class enumerates the possible modes for FIPS compliance.
The ASN.1 type
INTEGER.Certificates residing in the internal database.
An exception thrown when BER decoding fails.
This exception is thrown when we encounter a bogus DER blob.
Represent the CRL Invalidity Date Extension.
An exception of this type is thrown if an encoded private key
cannot be decoded.
This class implements the IPAddressName as required by the GeneralNames
ASN.1 object.
Deprecated, for removal: This API element is subject to removal in a future version.
Use org.dogtagpki.jss.tomcat.PasswordStore instead.
This represents the Issuer Alternative Name Extension.
An issuer name and serial number, used to uniquely identify a certificate.
An issuer name and serial number, used to uniquely identify a certificate.
A template for decoding an IssuerAndSerialNumber from its BER encoding.
A template for decoding an IssuerAndSerialNumber from its BER encoding.
CMMF IssuerAndSubject.
A Template for decoding an
IssuerAndSubject.
issuingDistributionPoint ::= SEQUENCE {
distributionPoint [0] DistributionPointName OPTIONAL,
onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
onlySomeReasons [3] ReasonFlags OPTIONAL,
indirectCRL [4] BOOLEAN DEFAULT FALSE }
DistributionPointName ::= CHOICE {
fullName [0] GeneralNames,
nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
ReasonFlags ::= BIT STRING {
unused (0),
keyCompromise (1),
cACompromise (2),
affiliationChanged (3),
superseded (4),
cessationOfOperation (5),
certificateHold (6) }
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] OtherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER}
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
RelativeDistinguishedName ::=
SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
A critical CRL extension that identifies the CRL distribution point
for a particular CRL
This class is only intended to be used to implement
CipherSpi.getAlgorithmParameters().
An algorithm parameter that consists of an initialization vector (IV).
JSS's SSLEngine base class for alternative implementations.
The reference JSSEngine implementation.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated, for removal: This API element is subject to removal in a future version.
All JSSKeyManagers are X509KeyManagers that return PK11Cert
instances.
The JSS implementation of the JCA KeyStore SPI.
The JSS Loader facilitates loading JSS via the Provider interface directly,
including from a static java.security configuration file.
Deprecated, for removal: This API element is subject to removal in a future version.
A class for performing message digesting (hashing) and MAC operations.
Deprecated, for removal: This API element is subject to removal in a future version.
JSSNativeTrustManager is a JSSEngine TrustManager utilizing existing native
certificate checking functionality of NSS and JSS, compatible with the old
SSLSocket checks.
This class is utilized by JSS to implement OAEP support.
JSSParameters is an implementation of SSLParameters to interoperate
with NSS.
Deprecated, for removal: This API element is subject to removal in a future version.
Since 5.0.1.
Deprecated, for removal: This API element is subject to removal in a future version.
Since 5.0.1.
Deprecated, for removal: This API element is subject to removal in a future version.
Since 5.0.1.
Deprecated, for removal: This API element is subject to removal in a future version.
Since 5.0.1.
Deprecated, for removal: This API element is subject to removal in a future version.
Since 5.0.1.
Implementation of a secure socket channel
An interface for secure random numbers.
SSL-enabled server socket following the javax.net.ssl.SSLServerSocket
interface.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated, for removal: This API element is subject to removal in a future version.
SSL-enabled socket following the javax.net.ssl.SSLSocket interface.
SSL-enabled SocketChannel following the javax.net.ssl.SSLSocket interface.
A KBKDF Byte Array Parameter is a type of KBKDF Data Parameter that
contains a single byte array that gets passed to the KBKDF to be inserted
into the PRF input stream.
A KBKDF Data Parameter is a structure of type CK_PRF_DATA_PARAM, with
three members: a type, a pointer to its data, and the size of the data
field.
Class for supporting additional derived keys from PKCS#11 v3.0's
SP800-108 KBKDF implementation.
A KBKDF Optional Counter Parameter is a type of KBKDF Data Parameter that
describes the optional counter variable for Feedback and Pipeline KBKDFs.
A KBKDF Iteration Variable Parameter is a type of KBKDF Data Parameter that
either references the counter variable or otherwise is a pointer to the
output of the previous PRF invocation.
A KBKDF Optional Counter Parameter is a type of KBKDF Data Parameter that
describes the optional counter variable for Feedback and Pipeline KBKDFs.
This represents a KerberosName as defined in
RFC 1510.
This exception is thrown if the user tries to import a
key which is already in the specified token
This exception is thrown if the key database does not exist, or if
an error occurs while opening it.
Algorithms that can be used for generating symmetric keys.
Generates symmetric keys for encryption and decryption.
An interface for converting a password of Java characters into an array
of bytes.
Represent the Key Identifier ASN.1 object.
Creates, finds, and deletes keys for SecretDecoderRing.
Algorithms that can be used for keypair generation.
Generates RSA and DSA key pairs.
In PKCS #11, each keypair can be marked with the operations it will
be used to perform.
PKCS #11 Key Types
These are the possible types for keys in the
wrapper library.
Represent the Key Usage Extension.
Abstract class that converts a Ldap DN String to an X500Name, RDN or AVA
and vice versa, except the string is a java string in unicode.
A converter that converts Ldap v3 DN strings as specified in
draft-ietf-asid-ldapv3-dn-03.txt to a X500Name, RDN or AVA and
vice versa.
CMC LraPopWitness:
A Template for decoding a MacData from its BER encoding.
An X.500 Name.
This class defines the Name Constraints Extension.
Classes extending NativeEnclsoure wrap a single NativeProxy instance,
allowing it to be accessed from the JNI layer but be allocated and scoped
from the Java layer.
An enumeration of all error codes from NSS and NSPR.
NativeProxy, a superclass for Java classes that mirror C data structures.
Thrown if a cryptographic item does not exist on the token it is
trying to be used on.
This class is a stub for javax.crypto.NoSuchPaddingException until we
move to JDK 1.2.
Thrown if a token cannot be found.
Represent the NoticeReference.
This exception is thrown whenever something isn't implemented.
This class defines the NSCCommentExtension
NSCertTypeExtension
Represents Netscape Certificate Type Extension
A PasswordCallback that immediately gives up.
Represent an ISO Object Identifier.
This exception is thrown whenever something isn't implemented.
This represents the OCSPNoCheck extension.
This class defines the mapping from OID and name to classes and vice
versa.
This class implements the OIDName as required by the GeneralNames
ASN.1 object.
CMCStatusInfoV2 OtherInfo:
A Template for decoding a OtherInfo.
The type of OtherInfo.
CMC OtherMsg.
A Template for decoding a
OtherMsg.This class implements the OtherName as required by the GeneralNames
ASN.1 object.
CMC OtherReqMsg.
A Template for decoding a
OtherReqMsg.Stores a password.
Represents a password callback, which is called to login to the key
database and to PKCS #11 tokens.
This exception is thrown if the
PasswordCallback
wants to stop guessing passwords.An object of this class is passed to a PasswordCallback to give it
information about the token that is being logged into.
Converts password chars to bytes.
Algorithms that can be used for generating symmetric keys from passwords.
PKCS #5 PBEParameter, and PKCS #12 pkcs-12PbeParams.
A template class for decoding a PBEParameter.
PKCS #5 PBES2Parameter
A template class for decoding a PBES2Params.
PKCS #5 PBKDF2-Params.
A template class for decoding a PBKDF2Params.
CMC PendInfo:
A template for decoding an PendInfo from its BER encoding.
The top level ASN.1 structure for a PKCS #12 blob.
A Template for decoding a BER-encoded PFX.
A class that implements Principal with a String.
This is a generic PKCS #11 exception.
A Key Pair Generator implemented using PKCS #11.
The ECCurve_Code enum defines a code for each EC
curve based on the position of the curve in the enum.
Message Digesting with PKCS #11.
A random number generator for PKCS #11.
A PKCS #11 token.
Thrown if the operation requires that the token be logged in, and it
isn't.
PKCS #10 certificate requests are created and sent to Certificate
Authorities, which then create X.509 certificates and return them to
the entity which created the certificate request.
Represent a PKCS Attribute.
This class defines the PKCS10 attributes for the request.
This object is used for carrying key info around.
PKCS7 as defined in RSA Laboratories PKCS7 Technical Note.
Holds a PKCS#8 key, for example a private key
Class supporting any PKCS9 attribute except
ExtendedCertificateAttribute.
A set of attributes of class PKCS9Attribute.
A template for decoding PKIArchiveOptions.
A type of PKIArchiveOption.
A PKIData for CMC full enrollment request.
A template for decoding an PKIData from its BER encoding.
CRMF PKIPublicationInfo:
A Template for decoding a PKIPublicationInfo.
Lists all the object identifiers of the X509 extensions of the PKIX profile.
This class helps JSS callers align with local system cryptographic policy.
This class defines the PolicyConstraint ASN.1 object.
This class defines the certificate extension which specifies the
Policy constraints.
Represent the Policy Mappings Extension.
Represent the PolicyQualifierInfo.
Represent the PolicyQualifiers.
CMC PopLinkWitnessV2:
per rfc 5272
A Template for decoding BER-encoded PopLinkWitnessV2 items.
CRMF POPOPrivKey:
A Template for decoding a POPOPrivKey.
The type of POPOPrivKey.
CRMF POPOSigningKey:
A Template for decoding POPOSigningKey.
PQG parameters for DSA key generation, along with the seed, counter,
and H values for verification.
This class provides static access to raw NSPS calls with the PR prefix,
and handles the usage of NativeProxy objects.
This class provides access to useful NSPR errors, getting their values from
a JNI call.
This class will display the certificate content in predefined
format.
Resource Boundle for the Pretty Print
Converts bytes in ASN.1 PrintableString character set to PrintableString
characters.
Converts characters in ASN.1 PrintableString character set to PrintableString
bytes.
A AVAValueConverter that converts a Printable String attribute to a DerValue
and vice versa.
Private Keys used by JSS.
A template class for decoding PrivateKeyInfos from BER.
This class defines the Private Key Usage Extension.
CRMF ProofOfPossession:
A Template for decoding a ProofOfPossession.
The type of ProofOfPossesion.
This class will display the certificate content in predefined
format.
Represent the Qualifier.
This class is only intended to be used to implement
CipherSpi.getAlgorithmParameters().
RDNs are a set of {attribute = value} assertions.
A RelativeDistinguishedName, whose ASN.1 is:
Represent the CRL Reason Flags.
A template file for decoding a RecipientInfo blob
A template file for decoding a RecipientInfo blob
A ResponseBody for CMC full enrollment request.
A template for decoding an ResponseBody from its BER encoding.
Represent the enumerated type used in CRLReason Extension of CRL entry.
Abstract class for a revoked certificate in a CRL (Certificate Revocation List).
Abstract class for a revoked certificate in a CRL.
CMC RevokeRequest.
A Template class for decoding a
RevokeRequest.CMMF RevRepContent.
A Template for decoding a
RevRepContent.CMMF RevRequest.
A Template class for decoding a
RevRequest.Converts a RFC 1779 string to a X500Name, RDN or AVA object and vice versa.
This class implements the RFC822Name as required by the GeneralNames
ASN.1 object.
Deprecated, for removal: This API element is subject to removal in a future version.
This class has been deprecated in favour of the one provided java
RSAKeyGenParameterSpec.A RSAPSSAlgorithmParameter implements the trandcoding between a
PSSAlgorithmSpec instance and the DER-encoded form.
An X.509 public key for the RSA Algorithm.
A PKCS #12 SafeBag structure.
A template for decoding SafeBags.
This class provides access to useful NSS errors, getting their values from
a JNI call.
A Template class for decoding SecretBags from BER.
This is a special-purpose interface for NSS.
The fields in a SecurityStatusResult indicate whether a given SSL-enabled
PRFileDesc has completed its handshake and the resulting handshake-specific
information.
An ASN.1 SEQUENCE.
A Template for decoding SEQUENCE OF values.
A class for constructing a
SEQUENCE from its BER encoding.An element of a SEQUENCE template.
This class defines the SerialNumber class used by certificates.
This object contains the OS independent interfaces.
An ASN.1 SET, which is an unordered collection of ASN.1 values.
An element of a SET
A Template for decoding SET OF values.
SET.Template
This class is used for decoding DER-encoded SETs.
An element of a SET template.
This class is a placeholder for javax.crypto.ShortBufferException until
we move to JDK 1.2.
A class for producing and verifying digital signatures.
Algorithms that can be used for signing.
You don't need to use this unless you are hacking JSS.
A Template class for decoding BER-encoded SignedAndEnvelopedData items.
A Template class for decoding BER-encoded SignedAndEnvelopedData items.
A PKCS #7 SignedData structure.
A CMS SignedData structure.
A template file for decoding a SignedData blob
A template file for decoding a SignedData blob
CMS SignerIdentifier:
A Template for decoding a SignerIdentifier.
The type of SignerIdentifier.
A SignerInfo, as defined in PKCS#7's signedData type.
A PKCS #7 SignerInfo.
A CMS SignerInfo.
A template for decoding a SignerInfo blob
A template for decoding a SignerInfo blob
This interface is what you should implement if you want to
be able to decide whether or not you want to approve the peer's cert,
instead of having NSS do that.
This class holds details about the errors for each cert in
the chain that the server presented
To use this class, getReasons(), then iterate over the enumeration
Class representing the SSLChannelInfo struct from NSS's sslt.h.
SSL cipher.
Parameters supported by this socket test:
filename file to be read from https server (default: /index.html)
port port to connect to (default: 443)
ipaddr address to connect to (overrides hostname, no default)
hostname host to connect to (no default)
clientauth do client-auth or not (default: no client-auth)
The following parameters are used for regression testing, so
we can print success or failure of the test.
Implement this if you want to specify dynamically which certificate
should be presented for client authentication.
This class provides access to useful NSS/SSL errors, getting their values
from a JNI call.
This class represents the event telling you a handshake
operation is complete.
This interface is used when you want to know that a security
handshake is complete.
Class representing the SSLPreliminaryChannelInfo struct from NSS's sslt.h.
This class represents the known state of an SSL connection: what cipher
is being used, how secure it is, and who's on the other end.
Parameters supported by this socket test:
filename file to be read from https server (default: /index.html)
port port to connect to (default: 443)
clientauth do client-auth or not (default: no client-auth)
The following parameters are used for regression testing, so
we can print success or failure of the test.
SSL server socket.
SSL client socket.
A subclass of java.net.SocketException that contains an error code
from the native (NSS/NSPR) code.
StaticVoidPointer is a Java class that mirror a statically allocated
`void *` pointer in C.
This represents the Subject Alternative Name Extension.
This class represents the Subject Directory Attributes Extension.
This represents the subject information access extension
as defined in RFC3280.
Represent the Subject Key Identifier Extension.
Represent the Subject Key Identifier Extension.
A SubjectPublicKeyInfo, which stores information about a public key.
Defines the SUN provider.
In PKCS #11, each key can be marked with the operations it will
be used to perform.
Represents an ASN.1 Tag.
An enumeration of the ASN.1 tag classes.
A tagged attribute, which has the following ASN.1
definition :
A Template for decoding an Attribute.
CMC TaggedCertificationRequest:
A template for decoding an TaggedCertificationRequest from its BER encoding.
CMC TaggedContentInfo.
A Template for decoding a
TaggedContentInfo.CMC TaggedRequest:
A Template for decoding a ProofOfPossession.
The type of TaggedRequest.
The ASN.1 type TeletexString.
This is a test implementation of the certificate approval callback which
gets invoked when the server presents a certificate which is not
trusted by the client
This interface is what you should implement if you want to
be able to decide whether or not you want to approve the peer's cert,
instead of having NSS do that.
This class just hard-wires the type to be TOKEN so we don't have to mess
with Java constants in native code.
An X509 Certificate that lives on a PKCS #11 token.
This class indicates that an unknown error occurred on a CryptoToken.
This class indicates that an unknown error occurred on a CryptoToken.
An interface that allows providers to access CryptoManager without actually
knowing about CryptoManager.
The org.mozilla.jss.provider package comes before CryptoManager in
the dependency list, so this class is used to allow them to access
CryptoManager sneakily.
This is a private JSS class that allows the pkcs11 package access
to some of the
package methods in the crypto package.
A class to allow friendly functions access to other parts of JSS.
This class defines the UniqueIdentity class used by certificates.
Converts bytes in ASN.1 UniversalString character set to UniversalString
characters.
Converts characters in ASN.1 UniversalString character set to UniversalString
bytes.
A UCS4 string.
A class for converting between Unicode and UCS4.
This class implements the URIName as required by the GeneralNames
ASN.1 object.
Represent the UserNotice Qualifier.
Class for converting between char arrays and byte arrays.
X.500 names are used to identify entities, such as those which are
identified by X.509 certificates.
Maps an attribute name in an X500 AVA to its OID and a
converter for the attribute type.
This class provides a binding between a Signature object and an
authenticated X.500 name (from an X.509 certificate chain), which
is needed in many public key signing applications.
This class is used to parse attribute names like "x509.info.extensions".
Certificates handled by JSS.
The X509CertImpl class represents an X.509 certificate.
The X509CertInfo class represents X.509 certificate information.
An implmentation for X509 CRL (Certificate Revocation List).
X.509 Extension Exception.
Holds an X.509 key, for example a public key found in an X.509
certificate.