{"diffoscope-json-version": 1, "source1": "/srv/reproducible-results/rbuild-debian/r-b-build.QBurKPbI/b1/canl-java_2.6.0-2_i386.changes", "source2": "/srv/reproducible-results/rbuild-debian/r-b-build.QBurKPbI/b2/canl-java_2.6.0-2_i386.changes", "unified_diff": null, "details": [{"source1": "Files", "source2": "Files", "unified_diff": "@@ -1,3 +1,3 @@\n \n- 5e1ceb58cfd0d54e614c14ea3935300f 458620 doc optional libcanl-java-doc_2.6.0-2_all.deb\n+ db332f65be343768668b031622521446 458680 doc optional libcanl-java-doc_2.6.0-2_all.deb\n 9e8c0d6ea3023073cc421a71b647d08d 337620 java optional libcanl-java_2.6.0-2_all.deb\n"}, {"source1": "libcanl-java-doc_2.6.0-2_all.deb", "source2": "libcanl-java-doc_2.6.0-2_all.deb", "unified_diff": null, "details": [{"source1": "file list", "source2": "file list", "unified_diff": "@@ -1,3 +1,3 @@\n -rw-r--r-- 0 0 0 4 2020-06-22 12:18:05.000000 debian-binary\n--rw-r--r-- 0 0 0 10700 2020-06-22 12:18:05.000000 control.tar.xz\n--rw-r--r-- 0 0 0 447728 2020-06-22 12:18:05.000000 data.tar.xz\n+-rw-r--r-- 0 0 0 10696 2020-06-22 12:18:05.000000 control.tar.xz\n+-rw-r--r-- 0 0 0 447792 2020-06-22 12:18:05.000000 data.tar.xz\n"}, {"source1": "control.tar.xz", "source2": "control.tar.xz", "unified_diff": null, "details": [{"source1": "control.tar", "source2": "control.tar", "unified_diff": null, "details": [{"source1": "./md5sums", "source2": "./md5sums", "unified_diff": null, "details": [{"source1": "./md5sums", "source2": "./md5sums", "comments": ["Files differ"], "unified_diff": null}]}]}]}, {"source1": "data.tar.xz", "source2": "data.tar.xz", "unified_diff": null, "details": [{"source1": "data.tar", "source2": "data.tar", "unified_diff": null, "details": [{"source1": "file list", "source2": "file list", "unified_diff": "@@ -1,18 +1,18 @@\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/\n--rw-r--r-- 0 root (0) root (0) 65583 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/allclasses-index.html\n+-rw-r--r-- 0 root (0) root (0) 65604 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/allclasses-index.html\n -rw-r--r-- 0 root (0) root (0) 25963 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/allclasses.html\n -rw-r--r-- 0 root (0) root (0) 9245 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/allpackages-index.html\n -rw-r--r-- 0 root (0) root (0) 38809 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/constant-values.html\n--rw-r--r-- 0 root (0) root (0) 8438 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/deprecated-list.html\n+-rw-r--r-- 0 root (0) root (0) 8459 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/deprecated-list.html\n -rw-r--r-- 0 root (0) root (0) 500 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/element-list\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/authn/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/authn/x509/\n -rw-r--r-- 0 root (0) root (0) 13170 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/authn/x509/CommonX509TrustManager.html\n@@ -380,15 +380,15 @@\n -rw-r--r-- 0 root (0) root (0) 9721 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/authn/x509/proxy/class-use/ProxyRequestOptions.html\n -rw-r--r-- 0 root (0) root (0) 12407 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/authn/x509/proxy/class-use/ProxyType.html\n -rw-r--r-- 0 root (0) root (0) 5454 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/authn/x509/proxy/class-use/ProxyUtils.html\n -rw-r--r-- 0 root (0) root (0) 10630 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/authn/x509/proxy/package-summary.html\n -rw-r--r-- 0 root (0) root (0) 8839 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/authn/x509/proxy/package-tree.html\n -rw-r--r-- 0 root (0) root (0) 12523 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/eu/emi/security/authn/x509/proxy/package-use.html\n -rw-r--r-- 0 root (0) root (0) 10157 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/help-doc.html\n--rw-r--r-- 0 root (0) root (0) 597481 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/index-all.html\n+-rw-r--r-- 0 root (0) root (0) 597544 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/index-all.html\n -rw-r--r-- 0 root (0) root (0) 9518 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/index.html\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/jquery/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/jquery/external/\n drwxr-xr-x 0 root (0) root (0) 0 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/jquery/external/jquery/\n -rw-r--r-- 0 root (0) root (0) 287630 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/jquery/external/jquery/jquery.js\n -rw-r--r-- 0 root (0) root (0) 89664 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/jquery/jquery-3.6.1.min.js\n -rw-r--r-- 0 root (0) root (0) 1842 2020-06-22 12:18:05.000000 ./usr/share/doc/libcanl-java-doc/apidocs/jquery/jquery-ui.min.css\n"}, {"source1": "./usr/share/doc/libcanl-java-doc/apidocs/allclasses-index.html", "source2": "./usr/share/doc/libcanl-java-doc/apidocs/allclasses-index.html", "unified_diff": "@@ -135,15 +135,15 @@\n \n
Globus EACL policy store common code.
\n \n \n \n AbstractHostnameToCertificateChecker\n Deprecated.\n-
Use connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback) \n+
Use SocketFactoryCreator.connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback) \n instead.
\n \n \n \n AbstractNamespacesStore\n \n
Policy store common code.
\n", "details": [{"source1": "html2text {}", "source2": "html2text {}", "unified_diff": "@@ -18,464 +18,316 @@\n * All\u00a0Classes\n * SEARCH: [search ] [reset]\n \n JavaScript is disabled on your browser.\n \u00a0\n \n ****** All\u00a0Classes ******\n- * All Classes\u00a0Interface_Summary\u00a0Class_Summary\u00a0Enum_Summary\u00a0Exception_Summary\u00a0\n+ * All Classes\u00a0Interface_Summary\u00a0Class_Summary\u00a0Enum_Summary\u00a0Exception_Summary\u00a0\n Class Description\n- Common code for\n- AbstractCRLStoreSPI LazyOpensslCRLStoreSpi and\n+ AbstractCRLStoreSPI Common code for LazyOpensslCRLStoreSpi and\n PlainCRLStoreSpi.\n- Abstract base for credential\n- AbstractDelegatingX509Credential implementations which delegate\n- to another one.\n- AbstractEuGridPmaNamespacesStore EuGridPMA policy store common\n- code.\n- AbstractGlobusNamespacesStore Globus EACL policy store\n- common code.\n+ AbstractDelegatingX509Credential Abstract base for credential implementations\n+ which delegate to another one.\n+ AbstractEuGridPmaNamespacesStore EuGridPMA policy store common code.\n+ AbstractGlobusNamespacesStore Globus EACL policy store common code.\n Deprecated.\n- Use\n- AbstractHostnameToCertificateChecker connectWithHostnameChecking\n- (SSLSocket,\n- HostnameMismatchCallback)\n- instead.\n+ AbstractHostnameToCertificateChecker Use\n+ SocketFactoryCreator.connectWithHostnameChecking\n+ (SSLSocket,_HostnameMismatchCallback) instead.\n AbstractNamespacesStore Policy store common code.\n- AbstractTrustAnchorStore Base implementation of Trust\n- Anchor stores.\n- AbstractValidator Base implementation of\n- X509CertChainValidator.\n- Base class with a shared code\n- AbstractX509Credential for X509Credential\n+ AbstractTrustAnchorStore Base implementation of Trust Anchor stores.\n+ AbstractValidator Base implementation of X509CertChainValidator.\n+ AbstractX509Credential Base class with a shared code for X509Credential\n implementations.\n- Generic proxy creation\n- BaseProxyCertificateOptions parameters useful for all\n+ BaseProxyCertificateOptions Generic proxy creation parameters useful for all\n scenarios.\n- Low-level certificate\n- validator based on the BC\n- BCCertPathValidator PKIXCertPathReviewer with\n- additional support for proxy\n- certificates.\n- BCErrorMapper Maps PKIXCertPathReviewer\n- errors to ValidationError.\n- A simplistic\n- X509CertChainValidator\n- BinaryCertChainValidator implementation which always\n- fails or accepts certificates,\n- basing on the constructor\n+ Low-level certificate validator based on the BC\n+ BCCertPathValidator PKIXCertPathReviewer with additional support for\n+ proxy certificates.\n+ BCErrorMapper Maps PKIXCertPathReviewer errors to\n+ ValidationError.\n+ A simplistic X509CertChainValidator\n+ BinaryCertChainValidator implementation which always fails or accepts\n+ certificates, basing on the constructor\n argument.\n BoundedSizeLruMap \u00a0\n- Cached element is a container\n- CachedElement of an arbitrary object,\n- enriched with a creation\n- timestamp.\n- This class extends the\n- CachedPEMReader PEMParser class from the BC\n- library.\n- Stores DER form of a\n- CertificateExtension certificate extension along\n- with its OID and flag if the\n- extension is critical.\n- Utility methods for\n- CertificateHelpers certificates handling and\n+ CachedElement Cached element is a container of an arbitrary\n+ object, enriched with a creation timestamp.\n+ CachedPEMReader This class extends the PEMParser class from the\n+ BC library.\n+ Stores DER form of a certificate extension along\n+ CertificateExtension with its OID and flag if the extension is\n+ critical.\n+ CertificateHelpers Utility methods for certificates handling and\n reading/writing PEM files.\n CertificateHelpers.PEMContentsType \u00a0\n- Utility class with methods\n- CertificateUtils simplifying typical\n- certificate related\n- operations.\n- Definition of the encoding\n- CertificateUtils.Encoding that can be used for reading\n- or writing certificates or\n- keys.\n- Exposes otherwise hidden\n- methods from\n- CertPathValidatorUtilitiesCanl CertPathValidatorUtilitiesCanl\n- plus in some cases fixes bugs\n- plus produces errors in the\n+ CertificateUtils Utility class with methods simplifying typical\n+ certificate related operations.\n+ CertificateUtils.Encoding Definition of the encoding that can be used for\n+ reading or writing certificates or keys.\n+ Exposes otherwise hidden methods from\n+ CertPathValidatorUtilitiesCanl CertPathValidatorUtilitiesCanl plus in some\n+ cases fixes bugs plus produces errors in the\n desired format.\n- Trivial implementation of\n- CharArrayPasswordFinder PasswordSupplier which uses a\n- password provided to the\n- constructor.\n- This class wraps\n- CommonX509TrustManager X509CertChainValidator so it\n- can be easily used in the\n- standard Java SSL API.\n- Simple KeyManager\n- implementation which always\n- CredentialX509KeyManager returns the only key and\n- certificate which is available\n- in the configured\n- X509Credential object.\n- CrlCheckingMode Defines Certificate Revocation\n- List verification mode.\n- Manages configuration of CRL\n- CRLParameters sources, used in non-openssl\n- truststores.\n- Implementation of\n- CRLRevocationChecker RevocationChecker using CRLs,\n- the\n- RFC3280CertPathUtilitiesCanl.\n- DERCredential Wraps certificate and private\n- key stored in DER format.\n- The certificate validator\n- DirectoryCertChainValidator which uses a flexible set of\n- certificates and CRL\n- locations.\n- Retrieves CA certificates from\n- DirectoryTrustAnchorStore locations given as local paths\n- with wildcards or URLs.\n- Helpers for checking text\n- DNComparator representations of DNs for\n- equality.\n- DraftRFCProxyCertInfoExtension Proxy cert info extension\n- class.\n- Parses a single EUGridPMA\n- EuGridPmaNamespacesParser namespaces file and returns\n- NamespacePolicy object.\n- EuGridPmaNamespacesStore Provides an in-memory store of\n- NamespacePolicy objects.\n+ CharArrayPasswordFinder Trivial implementation of PasswordSupplier which\n+ uses a password provided to the constructor.\n+ CommonX509TrustManager This class wraps X509CertChainValidator so it\n+ can be easily used in the standard Java SSL API.\n+ Simple KeyManager implementation which always\n+ CredentialX509KeyManager returns the only key and certificate which is\n+ available in the configured X509Credential\n+ object.\n+ CrlCheckingMode Defines Certificate Revocation List verification\n+ mode.\n+ CRLParameters Manages configuration of CRL sources, used in\n+ non-openssl truststores.\n+ CRLRevocationChecker Implementation of RevocationChecker using CRLs,\n+ the RFC3280CertPathUtilitiesCanl.\n+ DERCredential Wraps certificate and private key stored in DER\n+ format.\n+ DirectoryCertChainValidator The certificate validator which uses a flexible\n+ set of certificates and CRL locations.\n+ DirectoryTrustAnchorStore Retrieves CA certificates from locations given\n+ as local paths with wildcards or URLs.\n+ DNComparator Helpers for checking text representations of DNs\n+ for equality.\n+ DraftRFCProxyCertInfoExtension Proxy cert info extension class.\n+ EuGridPmaNamespacesParser Parses a single EUGridPMA namespaces file and\n+ returns NamespacePolicy object.\n+ EuGridPmaNamespacesStore Provides an in-memory store of NamespacePolicy\n+ objects.\n ExtendedProxyType \u00a0\n- Extended PKIX parameters with\n- additional settings related to\n- ExtPKIXParameters2 the library features:\n- different CRL modes and proxy\n- support.\n+ Extended PKIX parameters with additional\n+ ExtPKIXParameters2 settings related to the library features:\n+ different CRL modes and proxy support.\n ExtPKIXParameters2.Builder \u00a0\n- PKIXCertPathReviewer\n- FixedBCPKIXCertPathReviewer Validation of X.509\n- Certificate Paths.\n- Extends BC's PEMParser class\n- so it can read correctly also\n- FlexiblePEMReader PEM files with a garbage at\n- the beginning and minor syntax\n- violations which occur more\n- then often in the wild.\n+ FixedBCPKIXCertPathReviewer PKIXCertPathReviewer\n+ Validation of X.509 Certificate Paths.\n+ Extends BC's PEMParser class so it can read\n+ FlexiblePEMReader correctly also PEM files with a garbage at the\n+ beginning and minor syntax violations which\n+ occur more then often in the wild.\n FormatMode String output mode.\n- Parses a single\n- GlobusNamespacesParser .signing_policy file and\n- returns NamespacePolicy\n- object.\n+ GlobusNamespacesParser Parses a single .signing_policy file and returns\n+ NamespacePolicy object.\n GlobusNamespacesParser.InvalidPolicyFilenameException \u00a0\n GlobusNamespacesParser.PolicySyntaxException \u00a0\n- GlobusNamespacesStore Provides an in-memory store of\n- NamespacePolicy objects.\n- Implementation should react to\n- HostnameMismatchCallback the event when remote SSL\n- peer's certificate is not\n- matching its hostname.\n- Verifies if a peer's host name\n- HostnameToCertificateChecker matches a DN of its\n- certificate.\n+ GlobusNamespacesStore Provides an in-memory store of NamespacePolicy\n+ objects.\n+ Implementation should react to the event when\n+ HostnameMismatchCallback remote SSL peer's certificate is not matching\n+ its hostname.\n+ HostnameToCertificateChecker Verifies if a peer's host name matches a DN of\n+ its certificate.\n HostnameToCertificateChecker.ResultWrapper \u00a0\n- The certificate validator\n- InMemoryKeystoreCertChainValidator which uses Java KeyStore as a\n- truststore.\n- IPAddressHelper Helpers for IP addresses\n- comparison.\n- Extends BCStyle with\n- additional recognized\n- attribute names, to make it\n- JavaAndBCStyle fully compatible with what the\n- internal OpenJDK\n- implementation supports when\n- parsing string RFC 2253 DNs.\n- Implementation of the\n- JDKFSTrustAnchorStore TrustAnchorStore which load\n- JDK's KeyStore from a file.\n- Implementation of the\n- JDKInMemoryTrustAnchorStore TrustAnchorStore which uses\n- JDK's KeyStore as a in-memory\n- storage.\n- Wraps a PrivateKey and\n- KeyAndCertCredential X509Certificate chain as a\n- X509Credential.\n- The certificate validator\n- KeystoreCertChainValidator which uses Java KeyStore as a\n- truststore.\n- KeystoreCredential Wraps a Java KeyStore in form\n- suitable for use in JSSE.\n+ InMemoryKeystoreCertChainValidator The certificate validator which uses Java\n+ KeyStore as a truststore.\n+ IPAddressHelper Helpers for IP addresses comparison.\n+ Extends BCStyle with additional recognized\n+ JavaAndBCStyle attribute names, to make it fully compatible\n+ with what the internal OpenJDK implementation\n+ supports when parsing string RFC 2253 DNs.\n+ JDKFSTrustAnchorStore Implementation of the TrustAnchorStore which\n+ load JDK's KeyStore from a file.\n+ JDKInMemoryTrustAnchorStore Implementation of the TrustAnchorStore which\n+ uses JDK's KeyStore as a in-memory storage.\n+ KeyAndCertCredential Wraps a PrivateKey and X509Certificate chain as\n+ a X509Credential.\n+ KeystoreCertChainValidator The certificate validator which uses Java\n+ KeyStore as a truststore.\n+ KeystoreCredential Wraps a Java KeyStore in form suitable for use\n+ in JSSE.\n KeyStoreHelper KeyStore class utility helpers\n- EuGridPMA namespace policies\n- LazyEuGridPmaNamespacesStore are loaded on demand by this\n- store and are cached in\n- memory.\n- Globus EACL policies are\n- LazyGlobusNamespacesStore loaded on demand by this store\n- and are cached in memory.\n- LazyOpensslCRLStoreSpi Handles an Openssl-like CRL\n- store.\n- Implementation of the\n- LazyOpensslTrustAnchorStoreImpl truststore which uses CA\n- certificates from a single\n- directory in OpenSSL format.\n- NamespaceChecker Implements namespace policy\n- checking.\n- NamespaceCheckingMode Used to define the CA\n- namespace checking mode.\n- NamespacePolicy Represents a namespace policy,\n- i.e.\n- NamespacesParser Implemented by namespace\n- parsers.\n- NamespacesStore Store of NamespacePolicy\n- objects.\n- This class is a modified copy\n- NonValidatingCertPathBuilder of BC's\n+ LazyEuGridPmaNamespacesStore EuGridPMA namespace policies are loaded on\n+ demand by this store and are cached in memory.\n+ LazyGlobusNamespacesStore Globus EACL policies are loaded on demand by\n+ this store and are cached in memory.\n+ LazyOpensslCRLStoreSpi Handles an Openssl-like CRL store.\n+ Implementation of the truststore which uses CA\n+ LazyOpensslTrustAnchorStoreImpl certificates from a single directory in OpenSSL\n+ format.\n+ NamespaceChecker Implements namespace policy checking.\n+ NamespaceCheckingMode Used to define the CA namespace checking mode.\n+ NamespacePolicy Represents a namespace policy, i.e.\n+ NamespacesParser Implemented by namespace parsers.\n+ NamespacesStore Store of NamespacePolicy objects.\n+ NonValidatingCertPathBuilder This class is a modified copy of BC's\n PKIXCertPathBuilderSpi.\n- Thread safe class maintaining\n- ObserversHandler a collection of\n+ ObserversHandler Thread safe class maintaining a collection of\n StoreUpdateListeners.\n- Common base class for\n- OCSPCacheBase responses and responders\n+ OCSPCacheBase Common base class for responses and responders\n caches.\n- OCSP client which adds a cache\n- OCSPCachingClient layer on top of\n+ OCSPCachingClient OCSP client which adds a cache layer on top of\n OCSPClientImpl.\n- OCSPCheckingMode Defines On-line Certificate\n- Status Protocol usage mode.\n- OCSP client is responsible for\n- OCSPClientImpl the network related activity\n- of the OCSP invocation\n+ OCSPCheckingMode Defines On-line Certificate Status Protocol\n+ usage mode.\n+ OCSP client is responsible for the network\n+ OCSPClientImpl related activity of the OCSP invocation\n pipeline.\n- OCSPParametes Manages configuration of OCSP\n- support for all truststores.\n- OCSPResponder Configuration of a local\n- responder.\n- OCSP failing responses cache:\n- OCSPRespondersCache in memory with disk\n+ OCSPParametes Manages configuration of OCSP support for all\n+ truststores.\n+ OCSPResponder Configuration of a local responder.\n+ OCSPRespondersCache OCSP failing responses cache: in memory with\n+ disk persistence.\n+ OCSPResponsesCache OCSP responses cache: in memory with disk\n persistence.\n- OCSPResponsesCache OCSP responses cache: in\n- memory with disk persistence.\n- Holds OCSP response (parsed)\n- OCSPResponseStructure and some additional metadata,\n- e.g.\n+ OCSPResponseStructure Holds OCSP response (parsed) and some additional\n+ metadata, e.g.\n OCSPResult \u00a0\n OCSPResult.Status \u00a0\n- Implementation of\n- OCSPRevocationChecker RevocationChecker using CRLs,\n+ OCSPRevocationChecker Implementation of RevocationChecker using CRLs,\n the OCSPVerifier\n- OCSP checker - uses provided\n- OCSPParametes to perform OCSP\n- OCSPVerifier calls using OCSPCachingClient\n- and returns the final\n- response.\n- OidAndValue certificate attribute value\n- with its OID.\n- The certificate validator\n- OpensslCertChainValidator which uses OpenSSL directory\n- as a truststore.\n- Implementation of the CRL\n- OpensslCRLStoreSpi store which uses CRLs from a\n- single directory in OpenSSL\n+ OCSP checker - uses provided OCSPParametes to\n+ OCSPVerifier perform OCSP calls using OCSPCachingClient and\n+ returns the final response.\n+ OidAndValue with its OID.\n+ OpensslCertChainValidator The certificate validator which uses OpenSSL\n+ directory as a truststore.\n+ OpensslCRLStoreSpi Implementation of the CRL store which uses CRLs\n+ from a single directory in OpenSSL format.\n+ OpensslNamespacePolicyImpl Represents a namespace policy, i.e.\n+ OpensslNameUtils This class provides support for the legacy\n+ Openssl format of DN encoding.\n+ Implementations of this interface are used by\n+ OpensslTrustAnchorStore OpensslCertChainValidator to get access to the\n+ trust anchor store.\n+ Implementation of the truststore which uses CA\n+ OpensslTrustAnchorStoreImpl certificates from a single directory in OpenSSL\n format.\n- OpensslNamespacePolicyImpl Represents a namespace policy,\n- i.e.\n- This class provides support\n- OpensslNameUtils for the legacy Openssl format\n- of DN encoding.\n- Implementations of this\n- interface are used by\n- OpensslTrustAnchorStore OpensslCertChainValidator to\n- get access to the trust anchor\n- store.\n- Implementation of the\n- OpensslTrustAnchorStoreImpl truststore which uses CA\n- certificates from a single\n- directory in OpenSSL format.\n- Several static methods helping\n- OpensslTruststoreHelper to mangle truststore file\n- paths in openssl style.\n- ParserUtils Common helpers for namespace\n- file parsers.\n+ OpensslTruststoreHelper Several static methods helping to mangle\n+ truststore file paths in openssl style.\n+ ParserUtils Common helpers for namespace file parsers.\n PasswordSupplier Provides password on demand.\n- PEMCredential Wraps certificate and private\n- key stored in PEM format.\n- This class extends the\n- PKCS8DERReader PEMParser class from the BC\n- library.\n+ PEMCredential Wraps certificate and private key stored in PEM\n+ format.\n+ PKCS8DERReader This class extends the PEMParser class from the\n+ BC library.\n PKIXPolicyNode \u00a0\n- Checker which handles proxy\n- PKIXProxyCertificateChecker certificate extensions so BC\n- won't report them as unknown.\n- PlainCRLStoreSpi Handles an in-memory CRL\n- store.\n- An abstract validator which\n- PlainCRLValidator provides a CRL support common\n- for validators using\n+ PKIXProxyCertificateChecker Checker which handles proxy certificate\n+ extensions so BC won't report them as unknown.\n+ PlainCRLStoreSpi Handles an in-memory CRL store.\n+ An abstract validator which provides a CRL\n+ PlainCRLValidator support common for validators using\n PlainCRLStoreSpi.\n- Class for CA or CRL stores\n- PlainStoreUtils with utility methods for\n- handling list of locations as\n- wildcards or URLs.\n- A class for handling the VOMS\n- ProxyACExtension AC extension in certificates\n- (OID:\n- 1.3.6.1.4.1.8005.100.100.5)\n- An utility class for defining\n- ProxyAddressRestrictionData the allowed address space,\n- used both to define the source\n+ Class for CA or CRL stores with utility methods\n+ PlainStoreUtils for handling list of locations as wildcards or\n+ URLs.\n+ ProxyACExtension A class for handling the VOMS AC extension in\n+ certificates (OID: 1.3.6.1.4.1.8005.100.100.5)\n+ An utility class for defining the allowed\n+ ProxyAddressRestrictionData address space, used both to define the source\n and target restrictions.\n- Wraps information about a new\n- ProxyCertificate proxy which was generated by\n- the ProxyGenerator.\n- ProxyCertificateImpl Default implementation of the\n- ProxyCertificate interface.\n- Holds parameters which are\n- ProxyCertificateOptions used to create a proxy\n- certificate using only a\n- certificate chain.\n- ProxyCertInfoExtension Proxy cert info extension\n- class.\n- A class to get an information\n- ProxyChainInfo from a proxy certificate\n+ ProxyCertificate Wraps information about a new proxy which was\n+ generated by the ProxyGenerator.\n+ ProxyCertificateImpl Default implementation of the ProxyCertificate\n+ interface.\n+ Holds parameters which are used to create a\n+ ProxyCertificateOptions proxy certificate using only a certificate\n chain.\n- ProxyChainType Specifies the type of the\n- proxy chain.\n- Wraps information about a new\n- ProxyCSR proxy certificate signing\n- request which was generated by\n- the ProxyCSRGenerator.\n- ProxyCSRGenerator Generates a proxy certificate\n- signing request.\n+ ProxyCertInfoExtension Proxy cert info extension class.\n+ ProxyChainInfo A class to get an information from a proxy\n+ certificate chain.\n+ ProxyChainType Specifies the type of the proxy chain.\n+ Wraps information about a new proxy certificate\n+ ProxyCSR signing request which was generated by the\n+ ProxyCSRGenerator.\n+ ProxyCSRGenerator Generates a proxy certificate signing request.\n ProxyCSRImpl ProxyCSR implementation.\n- A class to get the information\n- ProxyCSRInfo from the proxy certificate\n- request.\n- ProxyGenerator Utilities to create proxy\n- certificates.\n- ProxyGeneratorHelper Actual implementation of the\n- Proxy generation.\n- ProxyHelper Various helpers for handling\n- proxy certificates\n+ ProxyCSRInfo A class to get the information from the proxy\n+ certificate request.\n+ ProxyGenerator Utilities to create proxy certificates.\n+ ProxyGeneratorHelper Actual implementation of the Proxy generation.\n+ ProxyHelper Various helpers for handling proxy certificates\n ProxyPolicy Proxy policy ASN1 class.\n- Holds parameters which are\n- used to issue a proxy\n- ProxyRequestOptions certificate using a provided\n- Certificate Signing Request\n- and a local certificate chain.\n- ProxySAMLExtension A class for handling the SAML\n- extension in the Certificate.\n- ProxySupport Defines proxy support mode for\n- validators.\n- A class for generating and\n- ProxyTracingExtension parsing the proxy tracing\n- extensions.\n- ProxyType Specifies the type of the\n- proxy.\n- Utility methods for checking\n- ProxyUtils properties of proxy\n+ Holds parameters which are used to issue a proxy\n+ ProxyRequestOptions certificate using a provided Certificate Signing\n+ Request and a local certificate chain.\n+ ProxySAMLExtension A class for handling the SAML extension in the\n+ Certificate.\n+ ProxySupport Defines proxy support mode for validators.\n+ ProxyTracingExtension A class for generating and parsing the proxy\n+ tracing extensions.\n+ ProxyType Specifies the type of the proxy.\n+ ProxyUtils Utility methods for checking properties of proxy\n certificates.\n- InputStream implementation\n- that reads a character stream\n- ReaderInputStream from a Reader and transforms\n- it to a byte stream using a\n- specified charset encoding.\n- Used to check revocation using\n- RevocationChecker a single revocation checking\n- mechanism.\n- Wraps the information required\n- RevocationParameters to control how certificates\n- revocation is checked.\n+ InputStream implementation that reads a\n+ ReaderInputStream character stream from a Reader and transforms it\n+ to a byte stream using a specified charset\n+ encoding.\n+ RevocationChecker Used to check revocation using a single\n+ revocation checking mechanism.\n+ RevocationParameters Wraps the information required to control how\n+ certificates revocation is checked.\n RevocationParameters.RevocationCheckingOrder \u00a0\n- Manages configuration of\n- RevocationParametersExt revocation settings, used in\n- non-openssl truststores.\n- Covers possible generic\n- RevocationStatus revocation checking outcomes,\n- in case when certificate being\n- checked is not revoked.\n- This class exposes the BC's\n- RFC3280CertPathUtilitiesCanl JCA implementation of the\n- RFC3280CertPathUtilities.\n- RFCProxyCertInfoExtension Proxy cert info extension\n- class.\n- SimpleCRLStore Provider-less implementation\n- of the CertStore.\n- SimpleValidationErrorException Contains one problem code with\n- optional arguments.\n- Simple utility allowing\n- SocketFactoryCreator programmers to quickly create\n- SSL socket factories using\n+ RevocationParametersExt Manages configuration of revocation settings,\n+ used in non-openssl truststores.\n+ Covers possible generic revocation checking\n+ RevocationStatus outcomes, in case when certificate being checked\n+ is not revoked.\n+ RFC3280CertPathUtilitiesCanl This class exposes the BC's JCA implementation\n+ of the RFC3280CertPathUtilities.\n+ RFCProxyCertInfoExtension Proxy cert info extension class.\n+ SimpleCRLStore Provider-less implementation of the CertStore.\n+ SimpleValidationErrorException Contains one problem code with optional\n+ arguments.\n+ Simple utility allowing programmers to quickly\n+ SocketFactoryCreator create SSL socket factories using\n X509CertChainValidator.\n- Implementation of TrustManager\n- SSLTrustManager which uses a configured\n- X509CertChainValidator to\n- validate certificates.\n- Implementations receive\n- StoreUpdateListener information about updates of\n- certificate, CRL stores or\n- OCSP errors.\n+ Implementation of TrustManager which uses a\n+ SSLTrustManager configured X509CertChainValidator to validate\n+ certificates.\n+ Implementations receive information about\n+ StoreUpdateListener updates of certificate, CRL stores or OCSP\n+ errors.\n StoreUpdateListener.Severity \u00a0\n- Base implementation of Trust\n- TimedTrustAnchorStoreBase Anchor stores which load all\n- certificates into memory.\n+ TimedTrustAnchorStoreBase Base implementation of Trust Anchor stores which\n+ load all certificates into memory.\n TrustAnchorExt \u00a0\n- Implementations provide trust\n- TrustAnchorStore store material: a list of\n- trusted CA certificates.\n- Holds information about a\n- ValidationError single validation problem with\n- a reference to the certificate\n+ TrustAnchorStore Implementations provide trust store material: a\n+ list of trusted CA certificates.\n+ Holds information about a single validation\n+ ValidationError problem with a reference to the certificate\n chain.\n- This enumeration contains\n- ValidationErrorCategory general classes of errors that\n- can be signaled during\n- certificate path validation.\n- This enumeration contains\n- ValidationErrorCode codes of errors that can be\n- signaled during certificate\n+ This enumeration contains general classes of\n+ ValidationErrorCategory errors that can be signaled during certificate\n path validation.\n- ValidationErrorException Wraps a list of\n- ValidationError\n- Invoked when there is an error\n- ValidationErrorListener found during certificate chain\n+ This enumeration contains codes of errors that\n+ ValidationErrorCode can be signaled during certificate path\n validation.\n- Wraps a validation result,\n- ValidationResult error messages and unresolved\n- certificate extension oids (if\n- any).\n- Contains parameters common for\n- ValidatorParams all X509CertChainValidator\n- implementations.\n- Contains parameters common for\n- ValidatorParamsExt all X509CertChainValidator\n- implementations which use\n+ ValidationErrorException Wraps a list of ValidationError\n+ ValidationErrorListener Invoked when there is an error found during\n+ certificate chain validation.\n+ ValidationResult Wraps a validation result, error messages and\n+ unresolved certificate extension oids (if any).\n+ ValidatorParams Contains parameters common for all\n+ X509CertChainValidator implementations.\n+ Contains parameters common for all\n+ ValidatorParamsExt X509CertChainValidator implementations which use\n RevocationParametersExt\n- This class holds a partner of\n- WeakTimerTask the TimerTask reference as\n- weak one.\n- Contains utility static\n- methods which are helpful in\n- X500NameUtils manipulating X.500\n- Distinguished Names,\n- especially encoded in String\n- form using RFC 2253.\n- Implementations are used to\n- X509CertChainValidator perform a manual certificate\n- chain validation.\n- Extends the main\n- X509CertChainValidator\n- interface with some additional\n- X509CertChainValidatorExt methods which are commonly\n- provided by the most validator\n- implementations, but are not\n- strictly required for the sole\n- validation.\n- Implementations are used to\n- X509Credential wrap credentials (private key\n- and certificate) in various\n+ WeakTimerTask This class holds a partner of the TimerTask\n+ reference as weak one.\n+ Contains utility static methods which are\n+ X500NameUtils helpful in manipulating X.500 Distinguished\n+ Names, especially encoded in String form using\n+ RFC 2253.\n+ X509CertChainValidator Implementations are used to perform a manual\n+ certificate chain validation.\n+ Extends the main X509CertChainValidator\n+ interface with some additional methods which are\n+ X509CertChainValidatorExt commonly provided by the most validator\n+ implementations, but are not strictly required\n+ for the sole validation.\n+ Implementations are used to wrap credentials\n+ X509Credential (private key and certificate) in various\n formats.\n- Utility allowing for\n- X509Formatter converting certificates to\n+ X509Formatter Utility allowing for converting certificates to\n various text representations.\n- X509v3CertificateBuilder Class to produce an X.509\n- Version 3 certificate.\n+ X509v3CertificateBuilder Class to produce an X.509 Version 3 certificate.\n \n Skip_navigation_links\n * Overview\n * Package\n * Class\n * Use\n * Tree\n"}]}, {"source1": "./usr/share/doc/libcanl-java-doc/apidocs/deprecated-list.html", "source2": "./usr/share/doc/libcanl-java-doc/apidocs/deprecated-list.html", "unified_diff": "@@ -113,15 +113,15 @@\n Class\n Description\n \n \n \n eu.emi.security.authn.x509.impl.AbstractHostnameToCertificateChecker\n \n-
Use connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback) \n+
Use SocketFactoryCreator.connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback) \n instead. This class is not perfect as the HandshakeCompletedListener is invoked (at least in reference JDK)\n in a separate thread, what can easily lead to a situation when the connection is opened and made available,\n before this implementation finishes checking.
\n \n \n \n \n", "details": [{"source1": "html2text {}", "source2": "html2text {}", "unified_diff": "@@ -22,31 +22,25 @@\n \u00a0\n \n ****** Deprecated API ******\n ***** Contents *****\n * Classes\n * Methods\n * Constructors\n- * Classes\u00a0\n+ * Classes\u00a0\n Class Description\n Use\n- connectWithHostnameChecking\n- (SSLSocket,\n- HostnameMismatchCallback)\n- instead. This class is not\n- perfect as the\n- HandshakeCompletedListener\n- eu.emi.security.authn.x509.impl.AbstractHostnameToCertificateChecker is invoked (at least in\n- reference JDK) in a\n- separate thread, what can\n- easily lead to a situation\n- when the connection is\n- opened and made available,\n- before this implementation\n- finishes checking.\n+ SocketFactoryCreator.connectWithHostnameChecking\n+ (SSLSocket,_HostnameMismatchCallback) instead.\n+ This class is not perfect as the\n+ eu.emi.security.authn.x509.impl.AbstractHostnameToCertificateChecker HandshakeCompletedListener is invoked (at least\n+ in reference JDK) in a separate thread, what can\n+ easily lead to a situation when the connection\n+ is opened and made available, before this\n+ implementation finishes checking.\n * Methods\u00a0\n Method Description\n use other\n eu.emi.security.authn.x509.helpers.KeyStoreHelper.getInstance\u200b methods\n (String) from this\n class.\n This method\n"}]}, {"source1": "./usr/share/doc/libcanl-java-doc/apidocs/index-all.html", "source2": "./usr/share/doc/libcanl-java-doc/apidocs/index-all.html", "unified_diff": "@@ -122,15 +122,15 @@\n
Globus EACL policy store common code.
\n \n
AbstractGlobusNamespacesStore(ObserversHandler, boolean) - Constructor for class eu.emi.security.authn.x509.helpers.ns.AbstractGlobusNamespacesStore
\n
 
\n
AbstractHostnameToCertificateChecker - Class in eu.emi.security.authn.x509.impl
\n
\n
Deprecated.\n-
Use connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback) \n+
Use SocketFactoryCreator.connectWithHostnameChecking(SSLSocket, HostnameMismatchCallback) \n instead. This class is not perfect as the HandshakeCompletedListener is invoked (at least in reference JDK)\n in a separate thread, what can easily lead to a situation when the connection is opened and made available,\n before this implementation finishes checking.
\n
\n
\n
AbstractHostnameToCertificateChecker() - Constructor for class eu.emi.security.authn.x509.impl.AbstractHostnameToCertificateChecker
\n
\n@@ -1839,25 +1839,25 @@\n
 
\n
getSerialNumbers() - Method in class eu.emi.security.authn.x509.proxy.ProxyChainInfo
\n
 
\n
getServerAliases(String, Principal[]) - Method in class eu.emi.security.authn.x509.helpers.ssl.CredentialX509KeyManager
\n
 
\n
getServerSocketFactory(X509Credential, X509CertChainValidator) - Static method in class eu.emi.security.authn.x509.impl.SocketFactoryCreator
\n
\n-
Same as getServerSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) \n+
Same as SocketFactoryCreator.getServerSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) \n using SecureRandom implementation as the last argument.
\n
\n
getServerSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) - Static method in class eu.emi.security.authn.x509.impl.SocketFactoryCreator
\n
\n
Returns an SSLServerSocketFactory configured to check\n client certificates with a provided validator.
\n
\n
getSocketFactory(X509Credential, X509CertChainValidator) - Static method in class eu.emi.security.authn.x509.impl.SocketFactoryCreator
\n
\n-
Same as getSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) \n+
Same as SocketFactoryCreator.getSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) \n using SecureRandom implementation as the last argument.
\n
\n
getSocketFactory(X509Credential, X509CertChainValidator, SecureRandom) - Static method in class eu.emi.security.authn.x509.impl.SocketFactoryCreator
\n
\n
Returns an SSLSocketFactory configured to check\n servers' certificates with a provided validator.
\n
\n", "details": [{"source1": "html2text {}", "source2": "html2text {}", "unified_diff": "@@ -47,19 +47,20 @@\n Globus EACL policy store common code.\n AbstractGlobusNamespacesStore(ObserversHandler,_boolean) - Constructor for\n class eu.emi.security.authn.x509.helpers.ns.AbstractGlobusNamespacesStore\n \u00a0\n AbstractHostnameToCertificateChecker - Class in\n eu.emi.security.authn.x509.impl\n Deprecated.\n- Use connectWithHostnameChecking(SSLSocket,_HostnameMismatchCallback)\n- instead. This class is not perfect as the HandshakeCompletedListener is\n- invoked (at least in reference JDK) in a separate thread, what can easily\n- lead to a situation when the connection is opened and made available,\n- before this implementation finishes checking.\n+ Use SocketFactoryCreator.connectWithHostnameChecking(SSLSocket,\n+ HostnameMismatchCallback) instead. This class is not perfect as the\n+ HandshakeCompletedListener is invoked (at least in reference JDK) in a\n+ separate thread, what can easily lead to a situation when the connection\n+ is opened and made available, before this implementation finishes\n+ checking.\n AbstractHostnameToCertificateChecker() - Constructor for class\n eu.emi.security.authn.x509.impl.AbstractHostnameToCertificateChecker\n Deprecated.\n \u00a0\n AbstractNamespacesStore - Class in eu.emi.security.authn.x509.helpers.ns\n Policy store common code.\n AbstractNamespacesStore(ObserversHandler,_boolean) - Constructor for class\n@@ -1759,24 +1760,26 @@\n eu.emi.security.authn.x509.proxy.ProxyChainInfo\n \u00a0\n getServerAliases(String,_Principal[]) - Method in class\n eu.emi.security.authn.x509.helpers.ssl.CredentialX509KeyManager\n \u00a0\n getServerSocketFactory(X509Credential,_X509CertChainValidator) - Static\n method in class eu.emi.security.authn.x509.impl.SocketFactoryCreator\n- Same as getServerSocketFactory(X509Credential,_X509CertChainValidator,\n- SecureRandom) using SecureRandom implementation as the last argument.\n+ Same as SocketFactoryCreator.getServerSocketFactory(X509Credential,\n+ X509CertChainValidator,_SecureRandom) using SecureRandom implementation\n+ as the last argument.\n getServerSocketFactory(X509Credential,_X509CertChainValidator,_SecureRandom)\n - Static method in class eu.emi.security.authn.x509.impl.SocketFactoryCreator\n Returns an SSLServerSocketFactory configured to check client certificates\n with a provided validator.\n getSocketFactory(X509Credential,_X509CertChainValidator) - Static method in\n class eu.emi.security.authn.x509.impl.SocketFactoryCreator\n- Same as getSocketFactory(X509Credential,_X509CertChainValidator,\n- SecureRandom) using SecureRandom implementation as the last argument.\n+ Same as SocketFactoryCreator.getSocketFactory(X509Credential,\n+ X509CertChainValidator,_SecureRandom) using SecureRandom implementation\n+ as the last argument.\n getSocketFactory(X509Credential,_X509CertChainValidator,_SecureRandom) -\n Static method in class eu.emi.security.authn.x509.impl.SocketFactoryCreator\n Returns an SSLSocketFactory configured to check servers' certificates\n with a provided validator.\n getSourceRestrictionExcludedAddresses() - Method in class\n eu.emi.security.authn.x509.proxy.BaseProxyCertificateOptions\n Gets an excluded from source restriction IP addressSpace from the data\n"}]}]}]}]}]}