Details

    • Type: New Feature New Feature
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.6.0
    • Component/s: client, master, monitor, tserver
    • Labels:
      None

      Description

      Need to support encryption between ACCUMULO clients and servers. Also need to encrypt communications between server and servers.

      Basically need to make it possible for users to enable SSL+thrift.

      1. ACCUMULO-1009_thriftSsl.patch
        168 kB
        Michael Berman
      2. ACCUMULO-1009_thriftSsl-2013-10-4.patch
        179 kB
        Michael Berman
      3. ACCUMULO-1009.patch
        220 kB
        Eric Newton

        Issue Links

          Activity

          Keith Turner created issue -
          Keith Turner made changes -
          Field Original Value New Value
          Description Need to support encryption between ACCUMULO clients and servers. Also need to encrypt communications between server and servers.

          Basically need to enable SSL+thrift.

          Need to support encryption between ACCUMULO clients and servers. Also need to encrypt communications between server and servers.

          Basically need to make it possible for users to enable SSL+thrift.

          Keith Turner made changes -
          Fix Version/s 1.6.0 [ 12322468 ]
          Michael Berman made changes -
          Assignee Michael Berman [ mberman ]
          Hide
          Michael Berman added a comment -

          Starting progress on thrift over SSL

          Show
          Michael Berman added a comment - Starting progress on thrift over SSL
          John Vines made changes -
          Link This issue is duplicated by ACCUMULO-793 [ ACCUMULO-793 ]
          Hide
          Michael Berman added a comment -

          Attaching first draft of SSL patch for comment. To generate keys, in $ACCUMULO_HOME, mkdir conf/ssl and run:

          bin/accumulo org.apache.accumulo.server.security.ssl.CertUtils generate-all --local-keystore conf/ssl/keystore.jks --root-keystore conf/ssl/root.jks --root-truststore conf/ssl/truststore.jks
          

          then you can turn it on with instance.ssl.enabled=true in your site config. Keystore locations and passwords are all configurable, but the defaults should work without any additional config (private keys protected with instance secret, and the public root cert is in a separate passwordless truststore).

          To create an SSL connection from a client, you can use the new ZKInstance constructor that takes an additional boolean ssl parameter, or just echo instance.ssl.enabled=true >> ~/.accumulo/config to SSL all of your client connections. If you're running your client on the same machine where you generated certs, the default path will still work for you. Otherwise, echo ssl.client.truststore.path=/path/to/truststore.jks >> ~/.accumulo/config. I'm imagining the common usage scenario will be to have your truststore path in local client config, but leave whether or not SSL is enabled up to each individual client application.

          I added a couple SSL-enabled integration tests that cover a range of connection scenarios (plain instance connectors, mapreduce jobs, admin commands), and you can also run all the ITs with SSL enabled with mvn verify -DuseSslForIT.

          A few tasks I know I still have remaining:

          • Fail fast if client and server SSL switch is mismatched based on flag in ZK
          • Interactive cert generation process more like `bin/accumulo init`, rather than running CertUtils with a big pile of switches
          • SSL support on the client side of the proxy
          • Docs

          One known risk is that the Thrift SSL transport only supports blocking connections. This means that when SSL is enabled, we have to switch to a TThreadPoolServer instead of a THsHaServer. In theory the performance impact of this change can be mitigated by cranking up the thread pool size, but I haven't done any scale testing to see what the practical impact of this constraint actually is. At the moment, as long as we use Thrift for transport, I don't think we have much choice.

          I would love comments, suggestions, questions, etc.

          Show
          Michael Berman added a comment - Attaching first draft of SSL patch for comment. To generate keys, in $ACCUMULO_HOME, mkdir conf/ssl and run: bin/accumulo org.apache.accumulo.server.security.ssl.CertUtils generate-all --local-keystore conf/ssl/keystore.jks --root-keystore conf/ssl/root.jks --root-truststore conf/ssl/truststore.jks then you can turn it on with instance.ssl.enabled=true in your site config. Keystore locations and passwords are all configurable, but the defaults should work without any additional config (private keys protected with instance secret, and the public root cert is in a separate passwordless truststore). To create an SSL connection from a client, you can use the new ZKInstance constructor that takes an additional boolean ssl parameter, or just echo instance.ssl.enabled=true >> ~/.accumulo/config to SSL all of your client connections. If you're running your client on the same machine where you generated certs, the default path will still work for you. Otherwise, echo ssl.client.truststore.path=/path/to/truststore.jks >> ~/.accumulo/config . I'm imagining the common usage scenario will be to have your truststore path in local client config, but leave whether or not SSL is enabled up to each individual client application. I added a couple SSL-enabled integration tests that cover a range of connection scenarios (plain instance connectors, mapreduce jobs, admin commands), and you can also run all the ITs with SSL enabled with mvn verify -DuseSslForIT . A few tasks I know I still have remaining: Fail fast if client and server SSL switch is mismatched based on flag in ZK Interactive cert generation process more like `bin/accumulo init`, rather than running CertUtils with a big pile of switches SSL support on the client side of the proxy Docs One known risk is that the Thrift SSL transport only supports blocking connections. This means that when SSL is enabled, we have to switch to a TThreadPoolServer instead of a THsHaServer. In theory the performance impact of this change can be mitigated by cranking up the thread pool size, but I haven't done any scale testing to see what the practical impact of this constraint actually is. At the moment, as long as we use Thrift for transport, I don't think we have much choice. I would love comments, suggestions, questions, etc.
          Michael Berman made changes -
          Attachment ACCUMULO-1009_thriftSsl.patch [ 12597804 ]
          Hide
          Michael Berman added a comment -

          Another outstanding issue is that the mechanism by which mapreduce jobs are distributed to tasktrackers is a man-in-the-middle-able vector. I'm not sure how to address that besides making the location the client looks for truststores completely unconfigurable from the job config. At the moment, you can't inject novel trust along the wire, but if you have write access anywhere on the tasktracker node, you could point the tasks to a local truststore of your choosing. What do people think? Would keeping the trusted roots on HDFS be any better? Should you be able to configure where truststores are allowed to be loaded from? (although not through job config, of course) Better ideas?

          Show
          Michael Berman added a comment - Another outstanding issue is that the mechanism by which mapreduce jobs are distributed to tasktrackers is a man-in-the-middle-able vector. I'm not sure how to address that besides making the location the client looks for truststores completely unconfigurable from the job config. At the moment, you can't inject novel trust along the wire, but if you have write access anywhere on the tasktracker node, you could point the tasks to a local truststore of your choosing. What do people think? Would keeping the trusted roots on HDFS be any better? Should you be able to configure where truststores are allowed to be loaded from? (although not through job config, of course) Better ideas?
          Hide
          Keith Turner added a comment -

          Took a quick look at the patch. The patch adds a lot of constructors to ZooKeeperInstance. I'm thinking of just adding the following constructor :

           /**
            * @param config provides all information needed to connect to an Accumulo instance.   @see ClientConfiguration 
            */
           public ZooKeeperInstance(AccumuloConfiguration config){}
          

          This would allow us maximum flexibility in the future w/o clutering the API as new features are added. The zookeepers, instance name, wether or not use ssl, etc. would be obtained from the config. This constructor would be the way to enable ssl.

          There is some code that pushes the client address and port across threads so its shows up in list scans, do you know if this is still working with the changes you made?

          Show
          Keith Turner added a comment - Took a quick look at the patch. The patch adds a lot of constructors to ZooKeeperInstance. I'm thinking of just adding the following constructor : /** * @param config provides all information needed to connect to an Accumulo instance. @see ClientConfiguration */ public ZooKeeperInstance(AccumuloConfiguration config){} This would allow us maximum flexibility in the future w/o clutering the API as new features are added. The zookeepers, instance name, wether or not use ssl, etc. would be obtained from the config. This constructor would be the way to enable ssl. There is some code that pushes the client address and port across threads so its shows up in list scans, do you know if this is still working with the changes you made?
          Hide
          Michael Berman added a comment -

          I also felt a little weird about the constructor bloat. Just having a single config constructor makes sense, but currently it'll be pretty awkward to use. Maybe I should also add a ClientConfigBuilder with some fluent methods for setting common config switches?

          I'll take a look at the client address listing code. Can you point me to a relevant entrypoint?

          Show
          Michael Berman added a comment - I also felt a little weird about the constructor bloat. Just having a single config constructor makes sense, but currently it'll be pretty awkward to use. Maybe I should also add a ClientConfigBuilder with some fluent methods for setting common config switches? I'll take a look at the client address listing code. Can you point me to a relevant entrypoint?
          Hide
          Keith Turner added a comment -

          Maybe I should also add a ClientConfigBuilder with some fluent methods for setting common config switches?

          To me that seems like a good way to go. It makes programmatically setting lots of optional configurations easier. The client side config objects constructor could possibly take the required options (or a file that must contain the required options). All the optional stull could be fluent methods are you suggested.

          I'll take a look at the client address listing code. Can you point me to a relevant entrypoint?

          Its possible that org.apache.accumulo.server.util.TServerUtils.ClientInfoProcessorFactory may be setting this up. It sets the thread local clientAddress with the client info. The thread pool server has not been used in a while, so I am just curious if this still works.

          Show
          Keith Turner added a comment - Maybe I should also add a ClientConfigBuilder with some fluent methods for setting common config switches? To me that seems like a good way to go. It makes programmatically setting lots of optional configurations easier. The client side config objects constructor could possibly take the required options (or a file that must contain the required options). All the optional stull could be fluent methods are you suggested. I'll take a look at the client address listing code. Can you point me to a relevant entrypoint? Its possible that org.apache.accumulo.server.util.TServerUtils.ClientInfoProcessorFactory may be setting this up. It sets the thread local clientAddress with the client info. The thread pool server has not been used in a while, so I am just curious if this still works.
          Hide
          Christopher Tubbs added a comment -

          A couple of (JSSE-related) things:

          1. I'm strongly opposed to the client configuration extending AccumuloConfiguration, because AccumuloConfiguration is almost exclusively server-side. A simple Properties-based configuration would be preferred... perhaps a commons-configuration object instead? However, I don't see much need for configuration at all, except to carry the JSSE properties and maybe a boolean to enable the use of them (unless you wanted to add logic to say, "use SSL if any javax.net.ssl.*" is defined).
          2. I'd prefer JSSE system properties rather than creating additional Accumulo-specific properties on the client side that mirror these. In fact, the javadocs for TSSLTransportFactory explicitly describe the ability to set JSSE system properties, so this should be trivial to implement.
          3. Additionally, the way this is written limits the use of any other store provider other than the built-in one that uses JKS. Everything is very "keystore file"-specific. What if I want to use a gnome-keyring provider? Normally this could be specified in the JSSE system properties, so using those should release this restriction, while simplifying the code.
          Show
          Christopher Tubbs added a comment - A couple of (JSSE-related) things: I'm strongly opposed to the client configuration extending AccumuloConfiguration, because AccumuloConfiguration is almost exclusively server-side. A simple Properties-based configuration would be preferred... perhaps a commons-configuration object instead? However, I don't see much need for configuration at all, except to carry the JSSE properties and maybe a boolean to enable the use of them (unless you wanted to add logic to say, "use SSL if any javax.net.ssl.*" is defined). I'd prefer JSSE system properties rather than creating additional Accumulo-specific properties on the client side that mirror these. In fact, the javadocs for TSSLTransportFactory explicitly describe the ability to set JSSE system properties, so this should be trivial to implement. Additionally, the way this is written limits the use of any other store provider other than the built-in one that uses JKS. Everything is very "keystore file"-specific. What if I want to use a gnome-keyring provider? Normally this could be specified in the JSSE system properties, so using those should release this restriction, while simplifying the code.
          Hide
          Ben Popp added a comment -

          FYI, Michael Berman is offline for a week and will be able to read your comments when he returns.

          Show
          Ben Popp added a comment - FYI, Michael Berman is offline for a week and will be able to read your comments when he returns.
          Hide
          Michael Berman added a comment -

          WRT JSSE config, I wouldn't feel great about making the JSSE system properties be the only way to configure the accumulo client's SSL settings. It's JVM global, and accumulo clients may well make connections to multiple services or provide their own SSL server. Especially since I'm imagining the most common deployment will involve private roots, it seems overly restrictive to require the accumulo SSL config to be identical to the SSL config used across the entire client app. However, I do think it makes sense to optionally tell accumulo to use the JSSE config. I'll add that option.

          I'm working on separating AccumuloConfiguration from ClientConfiguration now, but they will have to cross paths at some point in the codebase, since accumulo services need to be able to make thrift connections to other accumulo services, and they will ultimately get their config from AccumuloConfiguration. Do you think it would make sense to have AccumuloConfiguration.getClientConfig()? Then, if we're in a context that does have an AccumuloConfiguration, we can access common code for creating connections, while contexts like ZooKeeperInstance need not know anything about it.

          Show
          Michael Berman added a comment - WRT JSSE config, I wouldn't feel great about making the JSSE system properties be the only way to configure the accumulo client's SSL settings. It's JVM global, and accumulo clients may well make connections to multiple services or provide their own SSL server. Especially since I'm imagining the most common deployment will involve private roots, it seems overly restrictive to require the accumulo SSL config to be identical to the SSL config used across the entire client app. However, I do think it makes sense to optionally tell accumulo to use the JSSE config. I'll add that option. I'm working on separating AccumuloConfiguration from ClientConfiguration now, but they will have to cross paths at some point in the codebase, since accumulo services need to be able to make thrift connections to other accumulo services, and they will ultimately get their config from AccumuloConfiguration. Do you think it would make sense to have AccumuloConfiguration.getClientConfig()? Then, if we're in a context that does have an AccumuloConfiguration, we can access common code for creating connections, while contexts like ZooKeeperInstance need not know anything about it.
          Hide
          Christopher Tubbs added a comment -

          I won't argue that the JSSE properties must come from the system properties, but you're shooting yourself in the foot if you're rewriting custom socket code to accept them anywhere else, and somebody's going to have to maintain that additional code.

          At the very least, I still think using the JSSE properties are essential... I just won't argue they have to be set as system properties (which are global). They could just as well come from a client config file. What I wouldn't want to see is custom config key names that users have to relearn, but essentially map to the same functionality as the JSSE ones they're already familiar with. At that point, it'd be like adding new words to a dictionary, whose definitions are "see some_other_word".

          As for the client configuration, I don't mind them crossing paths at this point... but, if we're going to do the additional effort in the future to better scope configuration to the objects they configure at some point (and I hope we are), I don't want to be stuck with the paths being crossed in the API. For that reason, I would not put the static method on AccumuloConfiguration. I'd keep it a completely separate thing (in fact, I'd probably keep it a simple commons-configuration Configuration object). If we need reuse, I'd tie it underneath, so when we do the effort of better scoping configuration in the future, it won't disrupt the API, where users interact.

          Show
          Christopher Tubbs added a comment - I won't argue that the JSSE properties must come from the system properties, but you're shooting yourself in the foot if you're rewriting custom socket code to accept them anywhere else, and somebody's going to have to maintain that additional code. At the very least, I still think using the JSSE properties are essential... I just won't argue they have to be set as system properties (which are global). They could just as well come from a client config file. What I wouldn't want to see is custom config key names that users have to relearn, but essentially map to the same functionality as the JSSE ones they're already familiar with. At that point, it'd be like adding new words to a dictionary, whose definitions are "see some_other_word". As for the client configuration, I don't mind them crossing paths at this point... but, if we're going to do the additional effort in the future to better scope configuration to the objects they configure at some point (and I hope we are), I don't want to be stuck with the paths being crossed in the API. For that reason, I would not put the static method on AccumuloConfiguration. I'd keep it a completely separate thing (in fact, I'd probably keep it a simple commons-configuration Configuration object). If we need reuse, I'd tie it underneath, so when we do the effort of better scoping configuration in the future, it won't disrupt the API, where users interact.
          Hide
          Michael Berman added a comment -

          I'm not rewriting any custom socket code...all the socket code is deep inside thrift. There's no way the JSSE properties can be respected automatically, since the thrift stack looks pretty different for an SSL server, so we will end up examining and branching based on the properties no matter how we do it.

          So are you ok with properties like javax.net.ssl.keyStore being defined in accumulo-site.xml and the Property enum? This is not a client-side setting; the tservers themselves need to know where to find the keyStore.

          I've also noticed there is already monitor.ssl.keyStore (and associated properties) used for configuring SSL for the monitor's webpage. This has different requirements from the thrift SSL settings, since there is only one monitor, but it would be good for it to be signed by a root that browsers are likely to recognize. This means that probably you want the monitor to have a cert cut from a "real" CA, but enforcing that requirement for every tserver will be unwieldy and not necessary for most deployments.

          Is there any particular reason that it's ok for the monitor to have custom SSL properties, but not the RPC connections? Or, if the monitor should use JSSE properties, how should we resolve the different requirements between it and the RPC connections?

          Or do you think we should only be using JSSE properties for clients, and use our own settings for servers? In which case, which side do the thrift clients created by accumulo services fall on?

          Show
          Michael Berman added a comment - I'm not rewriting any custom socket code...all the socket code is deep inside thrift. There's no way the JSSE properties can be respected automatically, since the thrift stack looks pretty different for an SSL server, so we will end up examining and branching based on the properties no matter how we do it. So are you ok with properties like javax.net.ssl.keyStore being defined in accumulo-site.xml and the Property enum? This is not a client-side setting; the tservers themselves need to know where to find the keyStore. I've also noticed there is already monitor.ssl.keyStore (and associated properties) used for configuring SSL for the monitor's webpage. This has different requirements from the thrift SSL settings, since there is only one monitor, but it would be good for it to be signed by a root that browsers are likely to recognize. This means that probably you want the monitor to have a cert cut from a "real" CA, but enforcing that requirement for every tserver will be unwieldy and not necessary for most deployments. Is there any particular reason that it's ok for the monitor to have custom SSL properties, but not the RPC connections? Or, if the monitor should use JSSE properties, how should we resolve the different requirements between it and the RPC connections? Or do you think we should only be using JSSE properties for clients, and use our own settings for servers? In which case, which side do the thrift clients created by accumulo services fall on?
          Hide
          Eric Newton added a comment -

          I've attempted to apply the patch to give it a try. The unit tests are failing with:

          {{

          { Tests in error: testPerTableClasspath(org.apache.accumulo.minicluster.MiniAccumuloClusterTest): Unable to load client config from /tmp/junit8216417786686969359/conf/client.conf test(org.apache.accumulo.minicluster.MiniAccumuloClusterTest): Unable to load client config from /tmp/junit8216417786686969359/conf/client.conf }

          }}

          Can you update the patch against master and ensure that the unit tests run? I'm sure I just missed something trying to get the existing patch to work.

          Show
          Eric Newton added a comment - I've attempted to apply the patch to give it a try. The unit tests are failing with: {{ { Tests in error: testPerTableClasspath(org.apache.accumulo.minicluster.MiniAccumuloClusterTest): Unable to load client config from /tmp/junit8216417786686969359/conf/client.conf test(org.apache.accumulo.minicluster.MiniAccumuloClusterTest): Unable to load client config from /tmp/junit8216417786686969359/conf/client.conf } }} Can you update the patch against master and ensure that the unit tests run? I'm sure I just missed something trying to get the existing patch to work.
          Hide
          Eric Newton added a comment -

          Also, I thought I would save others the aggravation: bcprov-jdk15on-1.49.jar seems to be corrupt on maven central. I had to go get the jar from bouncycastle manually.

          Show
          Eric Newton added a comment - Also, I thought I would save others the aggravation: bcprov-jdk15on-1.49.jar seems to be corrupt on maven central. I had to go get the jar from bouncycastle manually.
          Hide
          Michael Berman added a comment -

          Oh weird... My local tree is currently in an intermediate state, but I'll get a fresh patch up against the latest master in the next day or two. Sorry about that.

          Wrt to the BC jar, I'm pretty sure I just got it from maven central, so I wonder if it was your download specifically that got corrupted.

          Show
          Michael Berman added a comment - Oh weird... My local tree is currently in an intermediate state, but I'll get a fresh patch up against the latest master in the next day or two. Sorry about that. Wrt to the BC jar, I'm pretty sure I just got it from maven central, so I wonder if it was your download specifically that got corrupted.
          Hide
          Eric Newton added a comment -

          I ran unzip against the jar, and it got a checksum error. I removed the jar so it would pull again, and it was still corrupt.

          Show
          Eric Newton added a comment - I ran unzip against the jar, and it got a checksum error. I removed the jar so it would pull again, and it was still corrupt.
          Hide
          Michael Berman added a comment -

          Huh...I wonder what's going on. Sorry I'm fixated on this; I would just really rather not check in a dependency that requires manual intervention to get working, so I'd like to get to the bottom of this before merging into master.

          [mberman dev]$ wget -O bcprov-jdk15on-1.49.jar http://search.maven.org/remotecontent?filepath=org/bouncycastle/bcprov-jdk15on/1.49/bcprov-jdk15on-1.49.jar
          --2013-09-12 13:53:10--  http://search.maven.org/remotecontent?filepath=org/bouncycastle/bcprov-jdk15on/1.49/bcprov-jdk15on-1.49.jar
          Resolving search.maven.org... 207.223.241.72
          Connecting to search.maven.org|207.223.241.72|:80... connected.
          HTTP request sent, awaiting response... 200 OK
          Length: 2476362 (2.4M) [application/java-archive]
          Saving to: ‘bcprov-jdk15on-1.49.jar’
          
          100%[===============================================================================================>] 2,476,362   1.22MB/s   in 1.9s   
          
          2013-09-12 13:53:12 (1.22 MB/s) - ‘bcprov-jdk15on-1.49.jar’ saved [2476362/2476362]
          
          [mberman dev]$ jar tf bcprov-jdk15on-1.49.jar 
          META-INF/MANIFEST.MF
          META-INF/BCKEY.SF
          META-INF/BCKEY.DSA
          org/
          org/bouncycastle/
          org/bouncycastle/LICENSE.class
          org/bouncycastle/asn1/
          org/bouncycastle/asn1/ASN1ApplicationSpecificParser.class
          org/bouncycastle/asn1/ASN1Boolean.class
          org/bouncycastle/asn1/ASN1Choice.class
          org/bouncycastle/asn1/ASN1Encodable.class
          org/bouncycastle/asn1/ASN1EncodableVector.class
          org/bouncycastle/asn1/ASN1Encoding.class
          org/bouncycastle/asn1/ASN1Enumerated.class
          org/bouncycastle/asn1/ASN1Exception.class
          org/bouncycastle/asn1/ASN1GeneralizedTime.class
          org/bouncycastle/asn1/ASN1Generator.class
          org/bouncycastle/asn1/ASN1InputStream.class
          org/bouncycastle/asn1/ASN1Integer.class
          org/bouncycastle/asn1/ASN1Null.class
          org/bouncycastle/asn1/ASN1Object.class
          org/bouncycastle/asn1/ASN1ObjectIdentifier.class
          org/bouncycastle/asn1/ASN1OctetString.class
          org/bouncycastle/asn1/ASN1OctetStringParser.class
          org/bouncycastle/asn1/ASN1OutputStream$ImplicitOutputStream.class
          org/bouncycastle/asn1/ASN1OutputStream.class
          org/bouncycastle/asn1/ASN1ParsingException.class
          org/bouncycastle/asn1/ASN1Primitive.class
          org/bouncycastle/asn1/ASN1Sequence$1.class
          org/bouncycastle/asn1/ASN1Sequence.class
          org/bouncycastle/asn1/ASN1SequenceParser.class
          org/bouncycastle/asn1/ASN1Set$1.class
          org/bouncycastle/asn1/ASN1Set.class
          org/bouncycastle/asn1/ASN1SetParser.class
          org/bouncycastle/asn1/ASN1StreamParser.class
          org/bouncycastle/asn1/ASN1String.class
          org/bouncycastle/asn1/ASN1TaggedObject.class
          org/bouncycastle/asn1/ASN1TaggedObjectParser.class
          org/bouncycastle/asn1/ASN1UTCTime.class
          org/bouncycastle/asn1/BERApplicationSpecific.class
          org/bouncycastle/asn1/BERApplicationSpecificParser.class
          org/bouncycastle/asn1/BERConstructedOctetString.class
          org/bouncycastle/asn1/BERFactory.class
          org/bouncycastle/asn1/BERGenerator.class
          org/bouncycastle/asn1/BEROctetString$1.class
          org/bouncycastle/asn1/BEROctetString.class
          org/bouncycastle/asn1/BEROctetStringGenerator$BufferedBEROctetStream.class
          org/bouncycastle/asn1/BEROctetStringGenerator.class
          org/bouncycastle/asn1/BEROctetStringParser.class
          org/bouncycastle/asn1/BEROutputStream.class
          org/bouncycastle/asn1/BERSequence.class
          org/bouncycastle/asn1/BERSequenceGenerator.class
          org/bouncycastle/asn1/BERSequenceParser.class
          org/bouncycastle/asn1/BERSet.class
          org/bouncycastle/asn1/BERSetParser.class
          org/bouncycastle/asn1/BERTaggedObject.class
          org/bouncycastle/asn1/BERTaggedObjectParser.class
          org/bouncycastle/asn1/BERTags.class
          org/bouncycastle/asn1/ConstructedOctetStream.class
          org/bouncycastle/asn1/DERApplicationSpecific.class
          org/bouncycastle/asn1/DERBMPString.class
          org/bouncycastle/asn1/DERBitString.class
          org/bouncycastle/asn1/DERBoolean.class
          org/bouncycastle/asn1/DEREncodableVector.class
          org/bouncycastle/asn1/DEREnumerated.class
          org/bouncycastle/asn1/DERExternal.class
          org/bouncycastle/asn1/DERExternalParser.class
          org/bouncycastle/asn1/DERFactory.class
          org/bouncycastle/asn1/DERGeneralString.class
          org/bouncycastle/asn1/DERGeneralizedTime.class
          org/bouncycastle/asn1/DERGenerator.class
          org/bouncycastle/asn1/DERIA5String.class
          org/bouncycastle/asn1/DERInteger.class
          org/bouncycastle/asn1/DERNull.class
          org/bouncycastle/asn1/DERNumericString.class
          org/bouncycastle/asn1/DERObjectIdentifier.class
          org/bouncycastle/asn1/DEROctetString.class
          org/bouncycastle/asn1/DEROctetStringParser.class
          org/bouncycastle/asn1/DEROutputStream.class
          org/bouncycastle/asn1/DERPrintableString.class
          org/bouncycastle/asn1/DERSequence.class
          org/bouncycastle/asn1/DERSequenceGenerator.class
          org/bouncycastle/asn1/DERSequenceParser.class
          org/bouncycastle/asn1/DERSet.class
          org/bouncycastle/asn1/DERSetParser.class
          org/bouncycastle/asn1/DERT61String.class
          org/bouncycastle/asn1/DERT61UTF8String.class
          org/bouncycastle/asn1/DERTaggedObject.class
          org/bouncycastle/asn1/DERTags.class
          org/bouncycastle/asn1/DERUTCTime.class
          org/bouncycastle/asn1/DERUTF8String.class
          org/bouncycastle/asn1/DERUniversalString.class
          org/bouncycastle/asn1/DERVisibleString.class
          org/bouncycastle/asn1/DLOutputStream.class
          org/bouncycastle/asn1/DLSequence.class
          org/bouncycastle/asn1/DLSet.class
          org/bouncycastle/asn1/DLTaggedObject.class
          org/bouncycastle/asn1/DefiniteLengthInputStream.class
          org/bouncycastle/asn1/InMemoryRepresentable.class
          org/bouncycastle/asn1/IndefiniteLengthInputStream.class
          org/bouncycastle/asn1/LazyConstructionEnumeration.class
          org/bouncycastle/asn1/LazyEncodedSequence.class
          org/bouncycastle/asn1/LimitedInputStream.class
          org/bouncycastle/asn1/OIDTokenizer.class
          org/bouncycastle/asn1/StreamUtil.class
          org/bouncycastle/asn1/bc/
          org/bouncycastle/asn1/bc/BCObjectIdentifiers.class
          org/bouncycastle/asn1/cmp/
          org/bouncycastle/asn1/cmp/CAKeyUpdAnnContent.class
          org/bouncycastle/asn1/cmp/CMPCertificate.class
          org/bouncycastle/asn1/cmp/CMPObjectIdentifiers.class
          org/bouncycastle/asn1/cmp/CRLAnnContent.class
          org/bouncycastle/asn1/cmp/CertConfirmContent.class
          org/bouncycastle/asn1/cmp/CertOrEncCert.class
          org/bouncycastle/asn1/cmp/CertRepMessage.class
          org/bouncycastle/asn1/cmp/CertResponse.class
          org/bouncycastle/asn1/cmp/CertStatus.class
          org/bouncycastle/asn1/cmp/CertifiedKeyPair.class
          org/bouncycastle/asn1/cmp/Challenge.class
          org/bouncycastle/asn1/cmp/ErrorMsgContent.class
          org/bouncycastle/asn1/cmp/GenMsgContent.class
          org/bouncycastle/asn1/cmp/GenRepContent.class
          org/bouncycastle/asn1/cmp/InfoTypeAndValue.class
          org/bouncycastle/asn1/cmp/KeyRecRepContent.class
          org/bouncycastle/asn1/cmp/OOBCertHash.class
          org/bouncycastle/asn1/cmp/PBMParameter.class
          org/bouncycastle/asn1/cmp/PKIBody.class
          org/bouncycastle/asn1/cmp/PKIConfirmContent.class
          org/bouncycastle/asn1/cmp/PKIFailureInfo.class
          org/bouncycastle/asn1/cmp/PKIFreeText.class
          org/bouncycastle/asn1/cmp/PKIHeader.class
          org/bouncycastle/asn1/cmp/PKIHeaderBuilder.class
          org/bouncycastle/asn1/cmp/PKIMessage.class
          org/bouncycastle/asn1/cmp/PKIMessages.class
          org/bouncycastle/asn1/cmp/PKIStatus.class
          org/bouncycastle/asn1/cmp/PKIStatusInfo.class
          org/bouncycastle/asn1/cmp/POPODecKeyChallContent.class
          org/bouncycastle/asn1/cmp/POPODecKeyRespContent.class
          org/bouncycastle/asn1/cmp/PollRepContent.class
          org/bouncycastle/asn1/cmp/PollReqContent.class
          org/bouncycastle/asn1/cmp/ProtectedPart.class
          org/bouncycastle/asn1/cmp/RevAnnContent.class
          org/bouncycastle/asn1/cmp/RevDetails.class
          org/bouncycastle/asn1/cmp/RevRepContent.class
          org/bouncycastle/asn1/cmp/RevRepContentBuilder.class
          org/bouncycastle/asn1/cmp/RevReqContent.class
          org/bouncycastle/asn1/cms/
          org/bouncycastle/asn1/cms/Attribute.class
          org/bouncycastle/asn1/cms/AttributeTable.class
          org/bouncycastle/asn1/cms/Attributes.class
          org/bouncycastle/asn1/cms/AuthEnvelopedData.class
          org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.class
          org/bouncycastle/asn1/cms/AuthenticatedData.class
          org/bouncycastle/asn1/cms/AuthenticatedDataParser.class
          org/bouncycastle/asn1/cms/CMSAttributes.class
          org/bouncycastle/asn1/cms/CMSObjectIdentifiers.class
          org/bouncycastle/asn1/cms/CompressedData.class
          org/bouncycastle/asn1/cms/CompressedDataParser.class
          org/bouncycastle/asn1/cms/ContentInfo.class
          org/bouncycastle/asn1/cms/ContentInfoParser.class
          org/bouncycastle/asn1/cms/DigestedData.class
          org/bouncycastle/asn1/cms/EncryptedContentInfo.class
          org/bouncycastle/asn1/cms/EncryptedContentInfoParser.class
          org/bouncycastle/asn1/cms/EncryptedData.class
          org/bouncycastle/asn1/cms/EnvelopedData.class
          org/bouncycastle/asn1/cms/EnvelopedDataParser.class
          org/bouncycastle/asn1/cms/Evidence.class
          org/bouncycastle/asn1/cms/IssuerAndSerialNumber.class
          org/bouncycastle/asn1/cms/KEKIdentifier.class
          org/bouncycastle/asn1/cms/KEKRecipientInfo.class
          org/bouncycastle/asn1/cms/KeyAgreeRecipientIdentifier.class
          org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.class
          org/bouncycastle/asn1/cms/KeyTransRecipientInfo.class
          org/bouncycastle/asn1/cms/MetaData.class
          org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.class
          org/bouncycastle/asn1/cms/OriginatorInfo.class
          org/bouncycastle/asn1/cms/OriginatorPublicKey.class
          org/bouncycastle/asn1/cms/OtherKeyAttribute.class
          org/bouncycastle/asn1/cms/OtherRecipientInfo.class
          org/bouncycastle/asn1/cms/OtherRevocationInfoFormat.class
          org/bouncycastle/asn1/cms/PasswordRecipientInfo.class
          org/bouncycastle/asn1/cms/RecipientEncryptedKey.class
          org/bouncycastle/asn1/cms/RecipientIdentifier.class
          org/bouncycastle/asn1/cms/RecipientInfo.class
          org/bouncycastle/asn1/cms/RecipientKeyIdentifier.class
          org/bouncycastle/asn1/cms/SCVPReqRes.class
          org/bouncycastle/asn1/cms/SignedData.class
          org/bouncycastle/asn1/cms/SignedDataParser.class
          org/bouncycastle/asn1/cms/SignerIdentifier.class
          org/bouncycastle/asn1/cms/SignerInfo.class
          org/bouncycastle/asn1/cms/Time.class
          org/bouncycastle/asn1/cms/TimeStampAndCRL.class
          org/bouncycastle/asn1/cms/TimeStampTokenEvidence.class
          org/bouncycastle/asn1/cms/TimeStampedData.class
          org/bouncycastle/asn1/cms/TimeStampedDataParser.class
          org/bouncycastle/asn1/cms/ecc/
          org/bouncycastle/asn1/cms/ecc/MQVuserKeyingMaterial.class
          org/bouncycastle/asn1/crmf/
          org/bouncycastle/asn1/crmf/AttributeTypeAndValue.class
          org/bouncycastle/asn1/crmf/CRMFObjectIdentifiers.class
          org/bouncycastle/asn1/crmf/CertId.class
          org/bouncycastle/asn1/crmf/CertReqMessages.class
          org/bouncycastle/asn1/crmf/CertReqMsg.class
          org/bouncycastle/asn1/crmf/CertRequest.class
          org/bouncycastle/asn1/crmf/CertTemplate.class
          org/bouncycastle/asn1/crmf/CertTemplateBuilder.class
          org/bouncycastle/asn1/crmf/Controls.class
          org/bouncycastle/asn1/crmf/EncKeyWithID.class
          org/bouncycastle/asn1/crmf/EncryptedKey.class
          org/bouncycastle/asn1/crmf/EncryptedValue.class
          org/bouncycastle/asn1/crmf/OptionalValidity.class
          org/bouncycastle/asn1/crmf/PKIArchiveOptions.class
          org/bouncycastle/asn1/crmf/PKIPublicationInfo.class
          org/bouncycastle/asn1/crmf/PKMACValue.class
          org/bouncycastle/asn1/crmf/POPOPrivKey.class
          org/bouncycastle/asn1/crmf/POPOSigningKey.class
          org/bouncycastle/asn1/crmf/POPOSigningKeyInput.class
          org/bouncycastle/asn1/crmf/ProofOfPossession.class
          org/bouncycastle/asn1/crmf/SinglePubInfo.class
          org/bouncycastle/asn1/crmf/SubsequentMessage.class
          org/bouncycastle/asn1/cryptopro/
          org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.class
          org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.class
          org/bouncycastle/asn1/cryptopro/ECGOST3410ParamSetParameters.class
          org/bouncycastle/asn1/cryptopro/GOST28147Parameters.class
          org/bouncycastle/asn1/cryptopro/GOST3410NamedParameters.class
          org/bouncycastle/asn1/cryptopro/GOST3410ParamSetParameters.class
          org/bouncycastle/asn1/cryptopro/GOST3410PublicKeyAlgParameters.class
          org/bouncycastle/asn1/dvcs/
          org/bouncycastle/asn1/dvcs/CertEtcToken.class
          org/bouncycastle/asn1/dvcs/DVCSCertInfo.class
          org/bouncycastle/asn1/dvcs/DVCSCertInfoBuilder.class
          org/bouncycastle/asn1/dvcs/DVCSErrorNotice.class
          org/bouncycastle/asn1/dvcs/DVCSObjectIdentifiers.class
          org/bouncycastle/asn1/dvcs/DVCSRequest.class
          org/bouncycastle/asn1/dvcs/DVCSRequestInformation.class
          org/bouncycastle/asn1/dvcs/DVCSRequestInformationBuilder.class
          org/bouncycastle/asn1/dvcs/DVCSResponse.class
          org/bouncycastle/asn1/dvcs/DVCSTime.class
          org/bouncycastle/asn1/dvcs/Data.class
          org/bouncycastle/asn1/dvcs/PathProcInput.class
          org/bouncycastle/asn1/dvcs/ServiceType.class
          org/bouncycastle/asn1/dvcs/TargetEtcChain.class
          org/bouncycastle/asn1/eac/
          org/bouncycastle/asn1/eac/BidirectionalMap.class
          org/bouncycastle/asn1/eac/CVCertificate.class
          org/bouncycastle/asn1/eac/CVCertificateRequest.class
          org/bouncycastle/asn1/eac/CertificateBody.class
          org/bouncycastle/asn1/eac/CertificateHolderAuthorization.class
          org/bouncycastle/asn1/eac/CertificateHolderReference.class
          org/bouncycastle/asn1/eac/CertificationAuthorityReference.class
          org/bouncycastle/asn1/eac/EACObjectIdentifiers.class
          org/bouncycastle/asn1/eac/EACTags.class
          org/bouncycastle/asn1/eac/ECDSAPublicKey.class
          org/bouncycastle/asn1/eac/Flags$StringJoiner.class
          org/bouncycastle/asn1/eac/Flags.class
          org/bouncycastle/asn1/eac/PackedDate.class
          org/bouncycastle/asn1/eac/PublicKeyDataObject.class
          org/bouncycastle/asn1/eac/RSAPublicKey.class
          org/bouncycastle/asn1/eac/UnsignedInteger.class
          org/bouncycastle/asn1/esf/
          org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.class
          org/bouncycastle/asn1/esf/CommitmentTypeIndication.class
          org/bouncycastle/asn1/esf/CommitmentTypeQualifier.class
          org/bouncycastle/asn1/esf/CompleteRevocationRefs.class
          org/bouncycastle/asn1/esf/CrlIdentifier.class
          org/bouncycastle/asn1/esf/CrlListID.class
          org/bouncycastle/asn1/esf/CrlOcspRef.class
          org/bouncycastle/asn1/esf/CrlValidatedID.class
          org/bouncycastle/asn1/esf/ESFAttributes.class
          org/bouncycastle/asn1/esf/OcspIdentifier.class
          org/bouncycastle/asn1/esf/OcspListID.class
          org/bouncycastle/asn1/esf/OcspResponsesID.class
          org/bouncycastle/asn1/esf/OtherHash.class
          org/bouncycastle/asn1/esf/OtherHashAlgAndValue.class
          org/bouncycastle/asn1/esf/OtherRevRefs.class
          org/bouncycastle/asn1/esf/OtherRevVals.class
          org/bouncycastle/asn1/esf/RevocationValues.class
          org/bouncycastle/asn1/esf/SPUserNotice.class
          org/bouncycastle/asn1/esf/SPuri.class
          org/bouncycastle/asn1/esf/SigPolicyQualifierInfo.class
          org/bouncycastle/asn1/esf/SigPolicyQualifiers.class
          org/bouncycastle/asn1/esf/SignaturePolicyId.class
          org/bouncycastle/asn1/esf/SignaturePolicyIdentifier.class
          org/bouncycastle/asn1/esf/SignerAttribute.class
          org/bouncycastle/asn1/esf/SignerLocation.class
          org/bouncycastle/asn1/ess/
          org/bouncycastle/asn1/ess/ContentHints.class
          org/bouncycastle/asn1/ess/ContentIdentifier.class
          org/bouncycastle/asn1/ess/ESSCertID.class
          org/bouncycastle/asn1/ess/ESSCertIDv2.class
          org/bouncycastle/asn1/ess/OtherCertID.class
          org/bouncycastle/asn1/ess/OtherSigningCertificate.class
          org/bouncycastle/asn1/ess/SigningCertificate.class
          org/bouncycastle/asn1/ess/SigningCertificateV2.class
          org/bouncycastle/asn1/gnu/
          org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.class
          org/bouncycastle/asn1/iana/
          org/bouncycastle/asn1/iana/IANAObjectIdentifiers.class
          org/bouncycastle/asn1/icao/
          org/bouncycastle/asn1/icao/CscaMasterList.class
          org/bouncycastle/asn1/icao/DataGroupHash.class
          org/bouncycastle/asn1/icao/ICAOObjectIdentifiers.class
          org/bouncycastle/asn1/icao/LDSSecurityObject.class
          org/bouncycastle/asn1/icao/LDSVersionInfo.class
          org/bouncycastle/asn1/isismtt/
          org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.class
          org/bouncycastle/asn1/isismtt/ocsp/
          org/bouncycastle/asn1/isismtt/ocsp/CertHash.class
          org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.class
          org/bouncycastle/asn1/isismtt/x509/
          org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.class
          org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.class
          org/bouncycastle/asn1/isismtt/x509/Admissions.class
          org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.class
          org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.class
          org/bouncycastle/asn1/isismtt/x509/NamingAuthority.class
          org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.class
          org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.class
          org/bouncycastle/asn1/isismtt/x509/Restriction.class
          org/bouncycastle/asn1/kisa/
          org/bouncycastle/asn1/kisa/KISAObjectIdentifiers.class
          org/bouncycastle/asn1/microsoft/
          org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.class
          org/bouncycastle/asn1/misc/
          org/bouncycastle/asn1/misc/CAST5CBCParameters.class
          org/bouncycastle/asn1/misc/MiscObjectIdentifiers.class
          org/bouncycastle/asn1/misc/NetscapeCertType.class
          org/bouncycastle/asn1/misc/NetscapeRevocationURL.class
          org/bouncycastle/asn1/misc/VerisignCzagExtension.class
          org/bouncycastle/asn1/mozilla/
          org/bouncycastle/asn1/mozilla/PublicKeyAndChallenge.class
          org/bouncycastle/asn1/nist/
          org/bouncycastle/asn1/nist/NISTNamedCurves.class
          org/bouncycastle/asn1/nist/NISTObjectIdentifiers.class
          org/bouncycastle/asn1/ntt/
          org/bouncycastle/asn1/ntt/NTTObjectIdentifiers.class
          org/bouncycastle/asn1/ocsp/
          org/bouncycastle/asn1/ocsp/BasicOCSPResponse.class
          org/bouncycastle/asn1/ocsp/CertID.class
          org/bouncycastle/asn1/ocsp/CertStatus.class
          org/bouncycastle/asn1/ocsp/CrlID.class
          org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.class
          org/bouncycastle/asn1/ocsp/OCSPRequest.class
          org/bouncycastle/asn1/ocsp/OCSPResponse.class
          org/bouncycastle/asn1/ocsp/OCSPResponseStatus.class
          org/bouncycastle/asn1/ocsp/Request.class
          org/bouncycastle/asn1/ocsp/ResponderID.class
          org/bouncycastle/asn1/ocsp/ResponseBytes.class
          org/bouncycastle/asn1/ocsp/ResponseData.class
          org/bouncycastle/asn1/ocsp/RevokedInfo.class
          org/bouncycastle/asn1/ocsp/ServiceLocator.class
          org/bouncycastle/asn1/ocsp/Signature.class
          org/bouncycastle/asn1/ocsp/SingleResponse.class
          org/bouncycastle/asn1/ocsp/TBSRequest.class
          org/bouncycastle/asn1/oiw/
          org/bouncycastle/asn1/oiw/ElGamalParameter.class
          org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.class
          org/bouncycastle/asn1/pkcs/
          org/bouncycastle/asn1/pkcs/Attribute.class
          org/bouncycastle/asn1/pkcs/AuthenticatedSafe.class
          org/bouncycastle/asn1/pkcs/CRLBag.class
          org/bouncycastle/asn1/pkcs/CertBag.class
          org/bouncycastle/asn1/pkcs/CertificationRequest.class
          org/bouncycastle/asn1/pkcs/CertificationRequestInfo.class
          org/bouncycastle/asn1/pkcs/ContentInfo.class
          org/bouncycastle/asn1/pkcs/DHParameter.class
          org/bouncycastle/asn1/pkcs/EncryptedData.class
          org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.class
          org/bouncycastle/asn1/pkcs/EncryptionScheme.class
          org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.class
          org/bouncycastle/asn1/pkcs/KeyDerivationFunc.class
          org/bouncycastle/asn1/pkcs/MacData.class
          org/bouncycastle/asn1/pkcs/PBEParameter.class
          org/bouncycastle/asn1/pkcs/PBES2Algorithms.class
          org/bouncycastle/asn1/pkcs/PBES2Parameters.class
          org/bouncycastle/asn1/pkcs/PBKDF2Params.class
          org/bouncycastle/asn1/pkcs/PKCS12PBEParams.class
          org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.class
          org/bouncycastle/asn1/pkcs/Pfx.class
          org/bouncycastle/asn1/pkcs/PrivateKeyInfo.class
          org/bouncycastle/asn1/pkcs/RC2CBCParameter.class
          org/bouncycastle/asn1/pkcs/RSAESOAEPparams.class
          org/bouncycastle/asn1/pkcs/RSAPrivateKey.class
          org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.class
          org/bouncycastle/asn1/pkcs/RSAPublicKey.class
          org/bouncycastle/asn1/pkcs/RSASSAPSSparams.class
          org/bouncycastle/asn1/pkcs/SafeBag.class
          org/bouncycastle/asn1/pkcs/SignedData.class
          org/bouncycastle/asn1/pkcs/SignerInfo.class
          org/bouncycastle/asn1/sec/
          org/bouncycastle/asn1/sec/ECPrivateKey.class
          org/bouncycastle/asn1/sec/ECPrivateKeyStructure.class
          org/bouncycastle/asn1/sec/SECNamedCurves$1.class
          org/bouncycastle/asn1/sec/SECNamedCurves$10.class
          org/bouncycastle/asn1/sec/SECNamedCurves$11.class
          org/bouncycastle/asn1/sec/SECNamedCurves$12.class
          org/bouncycastle/asn1/sec/SECNamedCurves$13.class
          org/bouncycastle/asn1/sec/SECNamedCurves$14.class
          org/bouncycastle/asn1/sec/SECNamedCurves$15.class
          org/bouncycastle/asn1/sec/SECNamedCurves$16.class
          org/bouncycastle/asn1/sec/SECNamedCurves$17.class
          org/bouncycastle/asn1/sec/SECNamedCurves$18.class
          org/bouncycastle/asn1/sec/SECNamedCurves$19.class
          org/bouncycastle/asn1/sec/SECNamedCurves$2.class
          org/bouncycastle/asn1/sec/SECNamedCurves$20.class
          org/bouncycastle/asn1/sec/SECNamedCurves$21.class
          org/bouncycastle/asn1/sec/SECNamedCurves$22.class
          org/bouncycastle/asn1/sec/SECNamedCurves$23.class
          org/bouncycastle/asn1/sec/SECNamedCurves$24.class
          org/bouncycastle/asn1/sec/SECNamedCurves$25.class
          org/bouncycastle/asn1/sec/SECNamedCurves$26.class
          org/bouncycastle/asn1/sec/SECNamedCurves$27.class
          org/bouncycastle/asn1/sec/SECNamedCurves$28.class
          org/bouncycastle/asn1/sec/SECNamedCurves$29.class
          org/bouncycastle/asn1/sec/SECNamedCurves$3.class
          org/bouncycastle/asn1/sec/SECNamedCurves$30.class
          org/bouncycastle/asn1/sec/SECNamedCurves$31.class
          org/bouncycastle/asn1/sec/SECNamedCurves$32.class
          org/bouncycastle/asn1/sec/SECNamedCurves$33.class
          org/bouncycastle/asn1/sec/SECNamedCurves$4.class
          org/bouncycastle/asn1/sec/SECNamedCurves$5.class
          org/bouncycastle/asn1/sec/SECNamedCurves$6.class
          org/bouncycastle/asn1/sec/SECNamedCurves$7.class
          org/bouncycastle/asn1/sec/SECNamedCurves$8.class
          org/bouncycastle/asn1/sec/SECNamedCurves$9.class
          org/bouncycastle/asn1/sec/SECNamedCurves.class
          org/bouncycastle/asn1/sec/SECObjectIdentifiers.class
          org/bouncycastle/asn1/smime/
          org/bouncycastle/asn1/smime/SMIMEAttributes.class
          org/bouncycastle/asn1/smime/SMIMECapabilities.class
          org/bouncycastle/asn1/smime/SMIMECapabilitiesAttribute.class
          org/bouncycastle/asn1/smime/SMIMECapability.class
          org/bouncycastle/asn1/smime/SMIMECapabilityVector.class
          org/bouncycastle/asn1/smime/SMIMEEncryptionKeyPreferenceAttribute.class
          org/bouncycastle/asn1/teletrust/
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$1.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$10.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$11.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$12.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$13.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$14.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$2.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$3.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$4.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$5.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$6.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$7.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$8.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$9.class
          org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.class
          org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.class
          org/bouncycastle/asn1/tsp/
          org/bouncycastle/asn1/tsp/Accuracy.class
          org/bouncycastle/asn1/tsp/MessageImprint.class
          org/bouncycastle/asn1/tsp/TSTInfo.class
          org/bouncycastle/asn1/tsp/TimeStampReq.class
          org/bouncycastle/asn1/tsp/TimeStampResp.class
          org/bouncycastle/asn1/ua/
          org/bouncycastle/asn1/ua/DSTU4145BinaryField.class
          org/bouncycastle/asn1/ua/DSTU4145ECBinary.class
          org/bouncycastle/asn1/ua/DSTU4145NamedCurves.class
          org/bouncycastle/asn1/ua/DSTU4145Params.class
          org/bouncycastle/asn1/ua/DSTU4145PointEncoder.class
          org/bouncycastle/asn1/ua/DSTU4145PublicKey.class
          org/bouncycastle/asn1/ua/UAObjectIdentifiers.class
          org/bouncycastle/asn1/util/
          org/bouncycastle/asn1/util/ASN1Dump.class
          org/bouncycastle/asn1/util/DERDump.class
          org/bouncycastle/asn1/util/Dump.class
          org/bouncycastle/asn1/x500/
          org/bouncycastle/asn1/x500/AttributeTypeAndValue.class
          org/bouncycastle/asn1/x500/DirectoryString.class
          org/bouncycastle/asn1/x500/RDN.class
          org/bouncycastle/asn1/x500/X500Name.class
          org/bouncycastle/asn1/x500/X500NameBuilder.class
          org/bouncycastle/asn1/x500/X500NameStyle.class
          org/bouncycastle/asn1/x500/style/
          org/bouncycastle/asn1/x500/style/BCStrictStyle.class
          org/bouncycastle/asn1/x500/style/BCStyle.class
          org/bouncycastle/asn1/x500/style/IETFUtils.class
          org/bouncycastle/asn1/x500/style/RFC4519Style.class
          org/bouncycastle/asn1/x500/style/X500NameTokenizer.class
          org/bouncycastle/asn1/x509/
          org/bouncycastle/asn1/x509/AccessDescription.class
          org/bouncycastle/asn1/x509/AlgorithmIdentifier.class
          org/bouncycastle/asn1/x509/AttCertIssuer.class
          org/bouncycastle/asn1/x509/AttCertValidityPeriod.class
          org/bouncycastle/asn1/x509/Attribute.class
          org/bouncycastle/asn1/x509/AttributeCertificate.class
          org/bouncycastle/asn1/x509/AttributeCertificateInfo.class
          org/bouncycastle/asn1/x509/AuthorityInformationAccess.class
          org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.class
          org/bouncycastle/asn1/x509/BasicConstraints.class
          org/bouncycastle/asn1/x509/CRLDistPoint.class
          org/bouncycastle/asn1/x509/CRLNumber.class
          org/bouncycastle/asn1/x509/CRLReason.class
          org/bouncycastle/asn1/x509/CertPolicyId.class
          org/bouncycastle/asn1/x509/Certificate.class
          org/bouncycastle/asn1/x509/CertificateList.class
          org/bouncycastle/asn1/x509/CertificatePair.class
          org/bouncycastle/asn1/x509/CertificatePolicies.class
          org/bouncycastle/asn1/x509/DSAParameter.class
          org/bouncycastle/asn1/x509/DigestInfo.class
          org/bouncycastle/asn1/x509/DisplayText.class
          org/bouncycastle/asn1/x509/DistributionPoint.class
          org/bouncycastle/asn1/x509/DistributionPointName.class
          org/bouncycastle/asn1/x509/ExtendedKeyUsage.class
          org/bouncycastle/asn1/x509/Extension.class
          org/bouncycastle/asn1/x509/Extensions.class
          org/bouncycastle/asn1/x509/ExtensionsGenerator.class
          org/bouncycastle/asn1/x509/GeneralName.class
          org/bouncycastle/asn1/x509/GeneralNames.class
          org/bouncycastle/asn1/x509/GeneralNamesBuilder.class
          org/bouncycastle/asn1/x509/GeneralSubtree.class
          org/bouncycastle/asn1/x509/Holder.class
          org/bouncycastle/asn1/x509/IetfAttrSyntax.class
          org/bouncycastle/asn1/x509/IssuerSerial.class
          org/bouncycastle/asn1/x509/IssuingDistributionPoint.class
          org/bouncycastle/asn1/x509/KeyPurposeId.class
          org/bouncycastle/asn1/x509/KeyUsage.class
          org/bouncycastle/asn1/x509/NameConstraints.class
          org/bouncycastle/asn1/x509/NoticeReference.class
          org/bouncycastle/asn1/x509/ObjectDigestInfo.class
          org/bouncycastle/asn1/x509/PolicyInformation.class
          org/bouncycastle/asn1/x509/PolicyMappings.class
          org/bouncycastle/asn1/x509/PolicyQualifierId.class
          org/bouncycastle/asn1/x509/PolicyQualifierInfo.class
          org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.class
          org/bouncycastle/asn1/x509/RSAPublicKeyStructure.class
          org/bouncycastle/asn1/x509/ReasonFlags.class
          org/bouncycastle/asn1/x509/RoleSyntax.class
          org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.class
          org/bouncycastle/asn1/x509/SubjectKeyIdentifier.class
          org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.class
          org/bouncycastle/asn1/x509/TBSCertList$1.class
          org/bouncycastle/asn1/x509/TBSCertList$CRLEntry.class
          org/bouncycastle/asn1/x509/TBSCertList$EmptyEnumeration.class
          org/bouncycastle/asn1/x509/TBSCertList$RevokedCertificatesEnumeration.class
          org/bouncycastle/asn1/x509/TBSCertList.class
          org/bouncycastle/asn1/x509/TBSCertificate.class
          org/bouncycastle/asn1/x509/TBSCertificateStructure.class
          org/bouncycastle/asn1/x509/Target.class
          org/bouncycastle/asn1/x509/TargetInformation.class
          org/bouncycastle/asn1/x509/Targets.class
          org/bouncycastle/asn1/x509/Time.class
          org/bouncycastle/asn1/x509/UserNotice.class
          org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.class
          org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.class
          org/bouncycastle/asn1/x509/V2Form.class
          org/bouncycastle/asn1/x509/V2TBSCertListGenerator.class
          org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.class
          org/bouncycastle/asn1/x509/X509AttributeIdentifiers.class
          org/bouncycastle/asn1/x509/X509CertificateStructure.class
          org/bouncycastle/asn1/x509/X509DefaultEntryConverter.class
          org/bouncycastle/asn1/x509/X509Extension.class
          org/bouncycastle/asn1/x509/X509Extensions.class
          org/bouncycastle/asn1/x509/X509ExtensionsGenerator.class
          org/bouncycastle/asn1/x509/X509Name.class
          org/bouncycastle/asn1/x509/X509NameEntryConverter.class
          org/bouncycastle/asn1/x509/X509NameTokenizer.class
          org/bouncycastle/asn1/x509/X509ObjectIdentifiers.class
          org/bouncycastle/asn1/x509/qualified/
          org/bouncycastle/asn1/x509/qualified/BiometricData.class
          org/bouncycastle/asn1/x509/qualified/ETSIQCObjectIdentifiers.class
          org/bouncycastle/asn1/x509/qualified/Iso4217CurrencyCode.class
          org/bouncycastle/asn1/x509/qualified/MonetaryValue.class
          org/bouncycastle/asn1/x509/qualified/QCStatement.class
          org/bouncycastle/asn1/x509/qualified/RFC3739QCObjectIdentifiers.class
          org/bouncycastle/asn1/x509/qualified/SemanticsInformation.class
          org/bouncycastle/asn1/x509/qualified/TypeOfBiometricData.class
          org/bouncycastle/asn1/x509/sigi/
          org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.class
          org/bouncycastle/asn1/x509/sigi/PersonalData.class
          org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.class
          org/bouncycastle/asn1/x9/
          org/bouncycastle/asn1/x9/DHDomainParameters.class
          org/bouncycastle/asn1/x9/DHPublicKey.class
          org/bouncycastle/asn1/x9/DHValidationParms.class
          org/bouncycastle/asn1/x9/ECNamedCurveTable.class
          org/bouncycastle/asn1/x9/KeySpecificInfo.class
          org/bouncycastle/asn1/x9/OtherInfo.class
          org/bouncycastle/asn1/x9/X962NamedCurves$1.class
          org/bouncycastle/asn1/x9/X962NamedCurves$10.class
          org/bouncycastle/asn1/x9/X962NamedCurves$11.class
          org/bouncycastle/asn1/x9/X962NamedCurves$12.class
          org/bouncycastle/asn1/x9/X962NamedCurves$13.class
          org/bouncycastle/asn1/x9/X962NamedCurves$14.class
          org/bouncycastle/asn1/x9/X962NamedCurves$15.class
          org/bouncycastle/asn1/x9/X962NamedCurves$16.class
          org/bouncycastle/asn1/x9/X962NamedCurves$17.class
          org/bouncycastle/asn1/x9/X962NamedCurves$18.class
          org/bouncycastle/asn1/x9/X962NamedCurves$19.class
          org/bouncycastle/asn1/x9/X962NamedCurves$2.class
          org/bouncycastle/asn1/x9/X962NamedCurves$20.class
          org/bouncycastle/asn1/x9/X962NamedCurves$21.class
          org/bouncycastle/asn1/x9/X962NamedCurves$22.class
          org/bouncycastle/asn1/x9/X962NamedCurves$23.class
          org/bouncycastle/asn1/x9/X962NamedCurves$3.class
          org/bouncycastle/asn1/x9/X962NamedCurves$4.class
          org/bouncycastle/asn1/x9/X962NamedCurves$5.class
          org/bouncycastle/asn1/x9/X962NamedCurves$6.class
          org/bouncycastle/asn1/x9/X962NamedCurves$7.class
          org/bouncycastle/asn1/x9/X962NamedCurves$8.class
          org/bouncycastle/asn1/x9/X962NamedCurves$9.class
          org/bouncycastle/asn1/x9/X962NamedCurves.class
          org/bouncycastle/asn1/x9/X962Parameters.class
          org/bouncycastle/asn1/x9/X9Curve.class
          org/bouncycastle/asn1/x9/X9ECParameters.class
          org/bouncycastle/asn1/x9/X9ECParametersHolder.class
          org/bouncycastle/asn1/x9/X9ECPoint.class
          org/bouncycastle/asn1/x9/X9FieldElement.class
          org/bouncycastle/asn1/x9/X9FieldID.class
          org/bouncycastle/asn1/x9/X9IntegerConverter.class
          org/bouncycastle/asn1/x9/X9ObjectIdentifiers.class
          org/bouncycastle/crypto/
          org/bouncycastle/crypto/AsymmetricBlockCipher.class
          org/bouncycastle/crypto/AsymmetricCipherKeyPair.class
          org/bouncycastle/crypto/AsymmetricCipherKeyPairGenerator.class
          org/bouncycastle/crypto/BasicAgreement.class
          org/bouncycastle/crypto/BlockCipher.class
          org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.class
          org/bouncycastle/crypto/BufferedBlockCipher.class
          org/bouncycastle/crypto/CipherKeyGenerator.class
          org/bouncycastle/crypto/CipherParameters.class
          org/bouncycastle/crypto/Commitment.class
          org/bouncycastle/crypto/Committer.class
          org/bouncycastle/crypto/CryptoException.class
          org/bouncycastle/crypto/DSA.class
          org/bouncycastle/crypto/DataLengthException.class
          org/bouncycastle/crypto/DerivationFunction.class
          org/bouncycastle/crypto/DerivationParameters.class
          org/bouncycastle/crypto/Digest.class
          org/bouncycastle/crypto/EphemeralKeyPair.class
          org/bouncycastle/crypto/ExtendedDigest.class
          org/bouncycastle/crypto/InvalidCipherTextException.class
          org/bouncycastle/crypto/KeyEncapsulation.class
          org/bouncycastle/crypto/KeyEncoder.class
          org/bouncycastle/crypto/KeyGenerationParameters.class
          org/bouncycastle/crypto/KeyParser.class
          org/bouncycastle/crypto/Mac.class
          org/bouncycastle/crypto/MaxBytesExceededException.class
          org/bouncycastle/crypto/OutputLengthException.class
          org/bouncycastle/crypto/PBEParametersGenerator.class
          org/bouncycastle/crypto/RuntimeCryptoException.class
          org/bouncycastle/crypto/Signer.class
          org/bouncycastle/crypto/SignerWithRecovery.class
          org/bouncycastle/crypto/StreamBlockCipher.class
          org/bouncycastle/crypto/StreamCipher.class
          org/bouncycastle/crypto/Wrapper.class
          org/bouncycastle/crypto/agreement/
          org/bouncycastle/crypto/agreement/DHAgreement.class
          org/bouncycastle/crypto/agreement/DHBasicAgreement.class
          org/bouncycastle/crypto/agreement/DHStandardGroups.class
          org/bouncycastle/crypto/agreement/ECDHBasicAgreement.class
          org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.class
          org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.class
          org/bouncycastle/crypto/agreement/jpake/
          org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.class
          org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.class
          org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.class
          org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.class
          org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.class
          org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.class
          org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.class
          org/bouncycastle/crypto/agreement/kdf/
          org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.class
          org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.class
          org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.class
          org/bouncycastle/crypto/agreement/srp/
          org/bouncycastle/crypto/agreement/srp/SRP6Client.class
          org/bouncycastle/crypto/agreement/srp/SRP6Server.class
          org/bouncycastle/crypto/agreement/srp/SRP6Util.class
          org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.class
          org/bouncycastle/crypto/commitments/
          org/bouncycastle/crypto/commitments/HashCommitter.class
          org/bouncycastle/crypto/digests/
          org/bouncycastle/crypto/digests/GOST3411Digest.class
          org/bouncycastle/crypto/digests/GeneralDigest.class
          org/bouncycastle/crypto/digests/LongDigest.class
          org/bouncycastle/crypto/digests/MD2Digest.class
          org/bouncycastle/crypto/digests/MD4Digest.class
          org/bouncycastle/crypto/digests/MD5Digest.class
          org/bouncycastle/crypto/digests/NonMemoableDigest.class
          org/bouncycastle/crypto/digests/NullDigest.class
          org/bouncycastle/crypto/digests/RIPEMD128Digest.class
          org/bouncycastle/crypto/digests/RIPEMD160Digest.class
          org/bouncycastle/crypto/digests/RIPEMD256Digest.class
          org/bouncycastle/crypto/digests/RIPEMD320Digest.class
          org/bouncycastle/crypto/digests/SHA1Digest.class
          org/bouncycastle/crypto/digests/SHA224Digest.class
          org/bouncycastle/crypto/digests/SHA256Digest.class
          org/bouncycastle/crypto/digests/SHA384Digest.class
          org/bouncycastle/crypto/digests/SHA3Digest.class
          org/bouncycastle/crypto/digests/SHA512Digest.class
          org/bouncycastle/crypto/digests/SHA512tDigest.class
          org/bouncycastle/crypto/digests/ShortenedDigest.class
          org/bouncycastle/crypto/digests/TigerDigest.class
          org/bouncycastle/crypto/digests/WhirlpoolDigest.class
          org/bouncycastle/crypto/ec/
          org/bouncycastle/crypto/ec/ECDecryptor.class
          org/bouncycastle/crypto/ec/ECElGamalDecryptor.class
          org/bouncycastle/crypto/ec/ECElGamalEncryptor.class
          org/bouncycastle/crypto/ec/ECEncryptor.class
          org/bouncycastle/crypto/ec/ECNewPublicKeyTransform.class
          org/bouncycastle/crypto/ec/ECNewRandomnessTransform.class
          org/bouncycastle/crypto/ec/ECPair.class
          org/bouncycastle/crypto/ec/ECPairTransform.class
          org/bouncycastle/crypto/ec/ECUtil.class
          org/bouncycastle/crypto/encodings/
          org/bouncycastle/crypto/encodings/ISO9796d1Encoding.class
          org/bouncycastle/crypto/encodings/OAEPEncoding.class
          org/bouncycastle/crypto/encodings/PKCS1Encoding$1.class
          org/bouncycastle/crypto/encodings/PKCS1Encoding.class
          org/bouncycastle/crypto/engines/
          org/bouncycastle/crypto/engines/AESEngine.class
          org/bouncycastle/crypto/engines/AESFastEngine.class
          org/bouncycastle/crypto/engines/AESLightEngine.class
          org/bouncycastle/crypto/engines/AESWrapEngine.class
          org/bouncycastle/crypto/engines/BlowfishEngine.class
          org/bouncycastle/crypto/engines/CAST5Engine.class
          org/bouncycastle/crypto/engines/CAST6Engine.class
          org/bouncycastle/crypto/engines/CamelliaEngine.class
          org/bouncycastle/crypto/engines/CamelliaLightEngine.class
          org/bouncycastle/crypto/engines/CamelliaWrapEngine.class
          org/bouncycastle/crypto/engines/DESEngine.class
          org/bouncycastle/crypto/engines/DESedeEngine.class
          org/bouncycastle/crypto/engines/DESedeWrapEngine.class
          org/bouncycastle/crypto/engines/ElGamalEngine.class
          org/bouncycastle/crypto/engines/GOST28147Engine.class
          org/bouncycastle/crypto/engines/Grain128Engine.class
          org/bouncycastle/crypto/engines/Grainv1Engine.class
          org/bouncycastle/crypto/engines/HC128Engine.class
          org/bouncycastle/crypto/engines/HC256Engine.class
          org/bouncycastle/crypto/engines/IESEngine.class
          org/bouncycastle/crypto/engines/ISAACEngine.class
          org/bouncycastle/crypto/engines/NaccacheSternEngine.class
          org/bouncycastle/crypto/engines/NoekeonEngine.class
          org/bouncycastle/crypto/engines/NullEngine.class
          org/bouncycastle/crypto/engines/RC2Engine.class
          org/bouncycastle/crypto/engines/RC2WrapEngine.class
          org/bouncycastle/crypto/engines/RC4Engine.class
          org/bouncycastle/crypto/engines/RC532Engine.class
          org/bouncycastle/crypto/engines/RC564Engine.class
          org/bouncycastle/crypto/engines/RC6Engine.class
          org/bouncycastle/crypto/engines/RFC3211WrapEngine.class
          org/bouncycastle/crypto/engines/RFC3394WrapEngine.class
          org/bouncycastle/crypto/engines/RSABlindedEngine.class
          org/bouncycastle/crypto/engines/RSABlindingEngine.class
          org/bouncycastle/crypto/engines/RSACoreEngine.class
          org/bouncycastle/crypto/engines/RSAEngine.class
          org/bouncycastle/crypto/engines/RijndaelEngine.class
          org/bouncycastle/crypto/engines/SEEDEngine.class
          org/bouncycastle/crypto/engines/SEEDWrapEngine.class
          org/bouncycastle/crypto/engines/Salsa20Engine.class
          org/bouncycastle/crypto/engines/SerpentEngine.class
          org/bouncycastle/crypto/engines/SkipjackEngine.class
          org/bouncycastle/crypto/engines/TEAEngine.class
          org/bouncycastle/crypto/engines/TwofishEngine.class
          org/bouncycastle/crypto/engines/VMPCEngine.class
          org/bouncycastle/crypto/engines/VMPCKSA3Engine.class
          org/bouncycastle/crypto/engines/XTEAEngine.class
          org/bouncycastle/crypto/examples/
          org/bouncycastle/crypto/examples/DESExample.class
          org/bouncycastle/crypto/examples/JPAKEExample.class
          org/bouncycastle/crypto/generators/
          org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.class
          org/bouncycastle/crypto/generators/DESKeyGenerator.class
          org/bouncycastle/crypto/generators/DESedeKeyGenerator.class
          org/bouncycastle/crypto/generators/DHBasicKeyPairGenerator.class
          org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.class
          org/bouncycastle/crypto/generators/DHKeyPairGenerator.class
          org/bouncycastle/crypto/generators/DHParametersGenerator.class
          org/bouncycastle/crypto/generators/DHParametersHelper.class
          org/bouncycastle/crypto/generators/DSAKeyPairGenerator.class
          org/bouncycastle/crypto/generators/DSAParametersGenerator.class
          org/bouncycastle/crypto/generators/DSTU4145KeyPairGenerator.class
          org/bouncycastle/crypto/generators/ECKeyPairGenerator.class
          org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.class
          org/bouncycastle/crypto/generators/ElGamalParametersGenerator.class
          org/bouncycastle/crypto/generators/EphemeralKeyPairGenerator.class
          org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.class
          org/bouncycastle/crypto/generators/GOST3410ParametersGenerator.class
          org/bouncycastle/crypto/generators/HKDFBytesGenerator.class
          org/bouncycastle/crypto/generators/KDF1BytesGenerator.class
          org/bouncycastle/crypto/generators/KDF2BytesGenerator.class
          org/bouncycastle/crypto/generators/MGF1BytesGenerator.class
          org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.class
          org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.class
          org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.class
          org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.class
          org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.class
          org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.class
          org/bouncycastle/crypto/generators/RSAKeyPairGenerator.class
          org/bouncycastle/crypto/generators/SCrypt.class
          org/bouncycastle/crypto/io/
          org/bouncycastle/crypto/io/CipherInputStream.class
          org/bouncycastle/crypto/io/CipherOutputStream.class
          org/bouncycastle/crypto/io/DigestInputStream.class
          org/bouncycastle/crypto/io/DigestOutputStream.class
          org/bouncycastle/crypto/io/MacInputStream.class
          org/bouncycastle/crypto/io/MacOutputStream.class
          org/bouncycastle/crypto/io/SignerInputStream.class
          org/bouncycastle/crypto/io/SignerOutputStream.class
          org/bouncycastle/crypto/kems/
          org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.class
          org/bouncycastle/crypto/kems/RSAKeyEncapsulation.class
          org/bouncycastle/crypto/macs/
          org/bouncycastle/crypto/macs/BlockCipherMac.class
          org/bouncycastle/crypto/macs/CBCBlockCipherMac.class
          org/bouncycastle/crypto/macs/CFBBlockCipherMac.class
          org/bouncycastle/crypto/macs/CMac.class
          org/bouncycastle/crypto/macs/GMac.class
          org/bouncycastle/crypto/macs/GOST28147Mac.class
          org/bouncycastle/crypto/macs/HMac.class
          org/bouncycastle/crypto/macs/ISO9797Alg3Mac.class
          org/bouncycastle/crypto/macs/MacCFBBlockCipher.class
          org/bouncycastle/crypto/macs/OldHMac.class
          org/bouncycastle/crypto/macs/SipHash.class
          org/bouncycastle/crypto/macs/VMPCMac.class
          org/bouncycastle/crypto/modes/
          org/bouncycastle/crypto/modes/AEADBlockCipher.class
          org/bouncycastle/crypto/modes/CBCBlockCipher.class
          org/bouncycastle/crypto/modes/CCMBlockCipher.class
          org/bouncycastle/crypto/modes/CFBBlockCipher.class
          org/bouncycastle/crypto/modes/CTSBlockCipher.class
          org/bouncycastle/crypto/modes/EAXBlockCipher.class
          org/bouncycastle/crypto/modes/GCMBlockCipher.class
          org/bouncycastle/crypto/modes/GOFBBlockCipher.class
          org/bouncycastle/crypto/modes/OCBBlockCipher.class
          org/bouncycastle/crypto/modes/OFBBlockCipher.class
          org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.class
          org/bouncycastle/crypto/modes/PGPCFBBlockCipher.class
          org/bouncycastle/crypto/modes/PaddedBlockCipher.class
          org/bouncycastle/crypto/modes/SICBlockCipher.class
          org/bouncycastle/crypto/modes/gcm/
          org/bouncycastle/crypto/modes/gcm/BasicGCMExponentiator.class
          org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.class
          org/bouncycastle/crypto/modes/gcm/GCMExponentiator.class
          org/bouncycastle/crypto/modes/gcm/GCMMultiplier.class
          org/bouncycastle/crypto/modes/gcm/GCMUtil.class
          org/bouncycastle/crypto/modes/gcm/Tables1kGCMExponentiator.class
          org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.class
          org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.class
          org/bouncycastle/crypto/paddings/
          org/bouncycastle/crypto/paddings/BlockCipherPadding.class
          org/bouncycastle/crypto/paddings/ISO10126d2Padding.class
          org/bouncycastle/crypto/paddings/ISO7816d4Padding.class
          org/bouncycastle/crypto/paddings/PKCS7Padding.class
          org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.class
          org/bouncycastle/crypto/paddings/TBCPadding.class
          org/bouncycastle/crypto/paddings/X923Padding.class
          org/bouncycastle/crypto/paddings/ZeroBytePadding.class
          org/bouncycastle/crypto/params/
          org/bouncycastle/crypto/params/AEADParameters.class
          org/bouncycastle/crypto/params/AsymmetricKeyParameter.class
          org/bouncycastle/crypto/params/CCMParameters.class
          org/bouncycastle/crypto/params/DESParameters.class
          org/bouncycastle/crypto/params/DESedeParameters.class
          org/bouncycastle/crypto/params/DHKeyGenerationParameters.class
          org/bouncycastle/crypto/params/DHKeyParameters.class
          org/bouncycastle/crypto/params/DHParameters.class
          org/bouncycastle/crypto/params/DHPrivateKeyParameters.class
          org/bouncycastle/crypto/params/DHPublicKeyParameters.class
          org/bouncycastle/crypto/params/DHValidationParameters.class
          org/bouncycastle/crypto/params/DSAKeyGenerationParameters.class
          org/bouncycastle/crypto/params/DSAKeyParameters.class
          org/bouncycastle/crypto/params/DSAParameterGenerationParameters.class
          org/bouncycastle/crypto/params/DSAParameters.class
          org/bouncycastle/crypto/params/DSAPrivateKeyParameters.class
          org/bouncycastle/crypto/params/DSAPublicKeyParameters.class
          org/bouncycastle/crypto/params/DSAValidationParameters.class
          org/bouncycastle/crypto/params/ECDomainParameters.class
          org/bouncycastle/crypto/params/ECKeyGenerationParameters.class
          org/bouncycastle/crypto/params/ECKeyParameters.class
          org/bouncycastle/crypto/params/ECPrivateKeyParameters.class
          org/bouncycastle/crypto/params/ECPublicKeyParameters.class
          org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.class
          org/bouncycastle/crypto/params/ElGamalKeyParameters.class
          org/bouncycastle/crypto/params/ElGamalParameters.class
          org/bouncycastle/crypto/params/ElGamalPrivateKeyParameters.class
          org/bouncycastle/crypto/params/ElGamalPublicKeyParameters.class
          org/bouncycastle/crypto/params/GOST3410KeyGenerationParameters.class
          org/bouncycastle/crypto/params/GOST3410KeyParameters.class
          org/bouncycastle/crypto/params/GOST3410Parameters.class
          org/bouncycastle/crypto/params/GOST3410PrivateKeyParameters.class
          org/bouncycastle/crypto/params/GOST3410PublicKeyParameters.class
          org/bouncycastle/crypto/params/GOST3410ValidationParameters.class
          org/bouncycastle/crypto/params/HKDFParameters.class
          org/bouncycastle/crypto/params/IESParameters.class
          org/bouncycastle/crypto/params/IESWithCipherParameters.class
          org/bouncycastle/crypto/params/ISO18033KDFParameters.class
          org/bouncycastle/crypto/params/KDFParameters.class
          org/bouncycastle/crypto/params/KeyParameter.class
          org/bouncycastle/crypto/params/MGFParameters.class
          org/bouncycastle/crypto/params/MQVPrivateParameters.class
          org/bouncycastle/crypto/params/MQVPublicParameters.class
          org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.class
          org/bouncycastle/crypto/params/NaccacheSternKeyParameters.class
          org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.class
          org/bouncycastle/crypto/params/ParametersWithIV.class
          org/bouncycastle/crypto/params/ParametersWithRandom.class
          org/bouncycastle/crypto/params/ParametersWithSBox.class
          org/bouncycastle/crypto/params/ParametersWithSalt.class
          org/bouncycastle/crypto/params/RC2Parameters.class
          org/bouncycastle/crypto/params/RC5Parameters.class
          org/bouncycastle/crypto/params/RSABlindingParameters.class
          org/bouncycastle/crypto/params/RSAKeyGenerationParameters.class
          org/bouncycastle/crypto/params/RSAKeyParameters.class
          org/bouncycastle/crypto/params/RSAPrivateCrtKeyParameters.class
          org/bouncycastle/crypto/parsers/
          org/bouncycastle/crypto/parsers/DHIESPublicKeyParser.class
          org/bouncycastle/crypto/parsers/ECIESPublicKeyParser.class
          org/bouncycastle/crypto/prng/
          org/bouncycastle/crypto/prng/BasicEntropySourceProvider$1.class
          org/bouncycastle/crypto/prng/BasicEntropySourceProvider.class
          org/bouncycastle/crypto/prng/DRBGProvider.class
          org/bouncycastle/crypto/prng/DigestRandomGenerator.class
          org/bouncycastle/crypto/prng/EntropySource.class
          org/bouncycastle/crypto/prng/EntropySourceProvider.class
          org/bouncycastle/crypto/prng/FixedSecureRandom.class
          org/bouncycastle/crypto/prng/RandomGenerator.class
          org/bouncycastle/crypto/prng/ReversedWindowGenerator.class
          org/bouncycastle/crypto/prng/SP800SecureRandom.class
          org/bouncycastle/crypto/prng/SP800SecureRandomBuilder$CTRDRBGProvider.class
          org/bouncycastle/crypto/prng/SP800SecureRandomBuilder$DualECDRBGProvider.class
          org/bouncycastle/crypto/prng/SP800SecureRandomBuilder$HMacDRBGProvider.class
          org/bouncycastle/crypto/prng/SP800SecureRandomBuilder$HashDRBGProvider.class
          org/bouncycastle/crypto/prng/SP800SecureRandomBuilder.class
          org/bouncycastle/crypto/prng/ThreadedSeedGenerator$1.class
          org/bouncycastle/crypto/prng/ThreadedSeedGenerator$SeedGenerator.class
          org/bouncycastle/crypto/prng/ThreadedSeedGenerator.class
          org/bouncycastle/crypto/prng/VMPCRandomGenerator.class
          org/bouncycastle/crypto/prng/drbg/
          org/bouncycastle/crypto/prng/drbg/CTRSP800DRBG.class
          org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.class
          org/bouncycastle/crypto/prng/drbg/HMacSP800DRBG.class
          org/bouncycastle/crypto/prng/drbg/HashSP800DRBG.class
          org/bouncycastle/crypto/prng/drbg/SP80090DRBG.class
          org/bouncycastle/crypto/prng/drbg/Utils.class
          org/bouncycastle/crypto/signers/
          org/bouncycastle/crypto/signers/DSADigestSigner.class
          org/bouncycastle/crypto/signers/DSASigner.class
          org/bouncycastle/crypto/signers/DSTU4145Signer.class
          org/bouncycastle/crypto/signers/ECDSASigner.class
          org/bouncycastle/crypto/signers/ECGOST3410Signer.class
          org/bouncycastle/crypto/signers/ECNRSigner.class
          org/bouncycastle/crypto/signers/GOST3410Signer.class
          org/bouncycastle/crypto/signers/GenericSigner.class
          org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.class
          org/bouncycastle/crypto/signers/ISO9796d2Signer.class
          org/bouncycastle/crypto/signers/PSSSigner.class
          org/bouncycastle/crypto/signers/RSADigestSigner.class
          org/bouncycastle/crypto/tls/
          org/bouncycastle/crypto/tls/AbstractTlsCipherFactory.class
          org/bouncycastle/crypto/tls/AbstractTlsClient.class
          org/bouncycastle/crypto/tls/AbstractTlsContext.class
          org/bouncycastle/crypto/tls/AbstractTlsKeyExchange.class
          org/bouncycastle/crypto/tls/AbstractTlsPeer.class
          org/bouncycastle/crypto/tls/AbstractTlsServer.class
          org/bouncycastle/crypto/tls/AbstractTlsSigner.class
          org/bouncycastle/crypto/tls/AlertDescription.class
          org/bouncycastle/crypto/tls/AlertLevel.class
          org/bouncycastle/crypto/tls/AlwaysValidVerifyer.class
          org/bouncycastle/crypto/tls/BulkCipherAlgorithm.class
          org/bouncycastle/crypto/tls/ByteQueue.class
          org/bouncycastle/crypto/tls/Certificate.class
          org/bouncycastle/crypto/tls/CertificateRequest.class
          org/bouncycastle/crypto/tls/CertificateVerifyer.class
          org/bouncycastle/crypto/tls/CipherSuite.class
          org/bouncycastle/crypto/tls/CipherType.class
          org/bouncycastle/crypto/tls/ClientAuthenticationType.class
          org/bouncycastle/crypto/tls/ClientCertificateType.class
          org/bouncycastle/crypto/tls/CombinedHash.class
          org/bouncycastle/crypto/tls/CompressionMethod.class
          org/bouncycastle/crypto/tls/ConnectionEnd.class
          org/bouncycastle/crypto/tls/ContentType.class
          org/bouncycastle/crypto/tls/DTLSClientProtocol$ClientHandshakeState.class
          org/bouncycastle/crypto/tls/DTLSClientProtocol.class
          org/bouncycastle/crypto/tls/DTLSEpoch.class
          org/bouncycastle/crypto/tls/DTLSHandshakeRetransmit.class
          org/bouncycastle/crypto/tls/DTLSProtocol.class
          org/bouncycastle/crypto/tls/DTLSReassembler$Range.class
          org/bouncycastle/crypto/tls/DTLSReassembler.class
          org/bouncycastle/crypto/tls/DTLSRecordLayer.class
          org/bouncycastle/crypto/tls/DTLSReliableHandshake$1.class
          org/bouncycastle/crypto/tls/DTLSReliableHandshake$Message.class
          org/bouncycastle/crypto/tls/DTLSReliableHandshake.class
          org/bouncycastle/crypto/tls/DTLSReplayWindow.class
          org/bouncycastle/crypto/tls/DTLSServerProtocol$ServerHandshakeState.class
          org/bouncycastle/crypto/tls/DTLSServerProtocol.class
          org/bouncycastle/crypto/tls/DTLSTransport.class
          org/bouncycastle/crypto/tls/DatagramTransport.class
          org/bouncycastle/crypto/tls/DefaultTlsAgreementCredentials.class
          org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.class
          org/bouncycastle/crypto/tls/DefaultTlsClient.class
          org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.class
          org/bouncycastle/crypto/tls/DefaultTlsServer.class
          org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.class
          org/bouncycastle/crypto/tls/DeferredHash.class
          org/bouncycastle/crypto/tls/DigestAlgorithm.class
          org/bouncycastle/crypto/tls/ECBasisType.class
          org/bouncycastle/crypto/tls/ECCurveType.class
          org/bouncycastle/crypto/tls/ECPointFormat.class
          org/bouncycastle/crypto/tls/EncryptionAlgorithm.class
          org/bouncycastle/crypto/tls/ExporterLabel.class
          org/bouncycastle/crypto/tls/ExtensionType.class
          org/bouncycastle/crypto/tls/HandshakeType.class
          org/bouncycastle/crypto/tls/HashAlgorithm.class
          org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.class
          org/bouncycastle/crypto/tls/LegacyTlsAuthentication.class
          org/bouncycastle/crypto/tls/LegacyTlsClient.class
          org/bouncycastle/crypto/tls/MACAlgorithm.class
          org/bouncycastle/crypto/tls/NamedCurve.class
          org/bouncycastle/crypto/tls/NewSessionTicket.class
          org/bouncycastle/crypto/tls/PRFAlgorithm.class
          org/bouncycastle/crypto/tls/PSKTlsClient.class
          org/bouncycastle/crypto/tls/ProtocolVersion.class
          org/bouncycastle/crypto/tls/RecordStream.class
          org/bouncycastle/crypto/tls/SRPTlsClient.class
          org/bouncycastle/crypto/tls/SRTPProtectionProfile.class
          org/bouncycastle/crypto/tls/SSL3Mac.class
          org/bouncycastle/crypto/tls/SecurityParameters.class
          org/bouncycastle/crypto/tls/ServerOnlyTlsAuthentication.class
          org/bouncycastle/crypto/tls/SignatureAlgorithm.class
          org/bouncycastle/crypto/tls/SignatureAndHashAlgorithm.class
          org/bouncycastle/crypto/tls/SupplementalDataEntry.class
          org/bouncycastle/crypto/tls/SupplementalDataType.class
          org/bouncycastle/crypto/tls/TlsAEADCipher.class
          org/bouncycastle/crypto/tls/TlsAgreementCredentials.class
          org/bouncycastle/crypto/tls/TlsAuthentication.class
          org/bouncycastle/crypto/tls/TlsBlockCipher.class
          org/bouncycastle/crypto/tls/TlsCipher.class
          org/bouncycastle/crypto/tls/TlsCipherFactory.class
          org/bouncycastle/crypto/tls/TlsClient.class
          org/bouncycastle/crypto/tls/TlsClientContext.class
          org/bouncycastle/crypto/tls/TlsClientContextImpl.class
          org/bouncycastle/crypto/tls/TlsClientProtocol.class
          org/bouncycastle/crypto/tls/TlsCompression.class
          org/bouncycastle/crypto/tls/TlsContext.class
          org/bouncycastle/crypto/tls/TlsCredentials.class
          org/bouncycastle/crypto/tls/TlsDHEKeyExchange.class
          org/bouncycastle/crypto/tls/TlsDHKeyExchange.class
          org/bouncycastle/crypto/tls/TlsDHUtils.class
          org/bouncycastle/crypto/tls/TlsDSASigner.class
          org/bouncycastle/crypto/tls/TlsDSSSigner.class
          org/bouncycastle/crypto/tls/TlsECCUtils.class
          org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.class
          org/bouncycastle/crypto/tls/TlsECDHKeyExchange.class
          org/bouncycastle/crypto/tls/TlsECDSASigner.class
          org/bouncycastle/crypto/tls/TlsEncryptionCredentials.class
          org/bouncycastle/crypto/tls/TlsFatalAlert.class
          org/bouncycastle/crypto/tls/TlsHandshakeHash.class
          org/bouncycastle/crypto/tls/TlsInputStream.class
          org/bouncycastle/crypto/tls/TlsKeyExchange.class
          org/bouncycastle/crypto/tls/TlsMac.class
          org/bouncycastle/crypto/tls/TlsNullCipher.class
          org/bouncycastle/crypto/tls/TlsNullCompression.class
          org/bouncycastle/crypto/tls/TlsOutputStream.class
          org/bouncycastle/crypto/tls/TlsPSKIdentity.class
          org/bouncycastle/crypto/tls/TlsPSKKeyExchange.class
          org/bouncycastle/crypto/tls/TlsPeer.class
          org/bouncycastle/crypto/tls/TlsProtocol.class
          org/bouncycastle/crypto/tls/TlsProtocolHandler.class
          org/bouncycastle/crypto/tls/TlsRSAKeyExchange.class
          org/bouncycastle/crypto/tls/TlsRSASigner.class
          org/bouncycastle/crypto/tls/TlsRSAUtils.class
          org/bouncycastle/crypto/tls/TlsRuntimeException.class
          org/bouncycastle/crypto/tls/TlsSRPKeyExchange.class
          org/bouncycastle/crypto/tls/TlsSRTPUtils.class
          org/bouncycastle/crypto/tls/TlsServer.class
          org/bouncycastle/crypto/tls/TlsServerContext.class
          org/bouncycastle/crypto/tls/TlsServerContextImpl.class
          org/bouncycastle/crypto/tls/TlsServerProtocol.class
          org/bouncycastle/crypto/tls/TlsSigner.class
          org/bouncycastle/crypto/tls/TlsSignerCredentials.class
          org/bouncycastle/crypto/tls/TlsStreamCipher.class
          org/bouncycastle/crypto/tls/TlsUtils.class
          org/bouncycastle/crypto/tls/UDPTransport.class
          org/bouncycastle/crypto/tls/UseSRTPData.class
          org/bouncycastle/crypto/tls/UserMappingType.class
          org/bouncycastle/crypto/util/
          org/bouncycastle/crypto/util/Pack.class
          org/bouncycastle/crypto/util/PrivateKeyFactory.class
          org/bouncycastle/crypto/util/PrivateKeyInfoFactory.class
          org/bouncycastle/crypto/util/PublicKeyFactory.class
          org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.class
          org/bouncycastle/i18n/
          org/bouncycastle/i18n/ErrorBundle.class
          org/bouncycastle/i18n/LocaleString.class
          org/bouncycastle/i18n/LocalizedException.class
          org/bouncycastle/i18n/LocalizedMessage$FilteredArguments.class
          org/bouncycastle/i18n/LocalizedMessage.class
          org/bouncycastle/i18n/MessageBundle.class
          org/bouncycastle/i18n/MissingEntryException.class
          org/bouncycastle/i18n/TextBundle.class
          org/bouncycastle/i18n/filter/
          org/bouncycastle/i18n/filter/Filter.class
          org/bouncycastle/i18n/filter/HTMLFilter.class
          org/bouncycastle/i18n/filter/SQLFilter.class
          org/bouncycastle/i18n/filter/TrustedInput.class
          org/bouncycastle/i18n/filter/UntrustedInput.class
          org/bouncycastle/i18n/filter/UntrustedUrlInput.class
          org/bouncycastle/jcajce/
          org/bouncycastle/jcajce/DefaultJcaJceHelper.class
          org/bouncycastle/jcajce/JcaJceHelper.class
          org/bouncycastle/jcajce/NamedJcaJceHelper.class
          org/bouncycastle/jcajce/ProviderJcaJceHelper.class
          org/bouncycastle/jcajce/io/
          org/bouncycastle/jcajce/io/MacOutputStream.class
          org/bouncycastle/jcajce/provider/
          org/bouncycastle/jcajce/provider/asymmetric/
          org/bouncycastle/jcajce/provider/asymmetric/DH$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/DH.class
          org/bouncycastle/jcajce/provider/asymmetric/DSA$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/DSA.class
          org/bouncycastle/jcajce/provider/asymmetric/DSTU4145$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/DSTU4145.class
          org/bouncycastle/jcajce/provider/asymmetric/EC$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/EC.class
          org/bouncycastle/jcajce/provider/asymmetric/ECGOST$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/ECGOST.class
          org/bouncycastle/jcajce/provider/asymmetric/ElGamal$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/ElGamal.class
          org/bouncycastle/jcajce/provider/asymmetric/GOST$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/GOST.class
          org/bouncycastle/jcajce/provider/asymmetric/IES$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/IES.class
          org/bouncycastle/jcajce/provider/asymmetric/RSA$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/RSA.class
          org/bouncycastle/jcajce/provider/asymmetric/X509$Mappings.class
          org/bouncycastle/jcajce/provider/asymmetric/X509.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/
          org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParametersSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPrivateKey.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPublicKey.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher$1.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher$IES.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher$IESwithAES.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher$IESwithDESede.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/KeyFactorySpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/
          org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPrivateKey.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPublicKey.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$dsa224.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$dsa256.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$dsa384.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$dsa512.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$noneDSA.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$stdDSA.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyFactorySpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dstu/
          org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.class
          org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.class
          org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyFactorySpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyPairGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpiLe.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/
          org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher$1.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher$ECIES.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher$ECIESwithAES.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher$ECIESwithDESede.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$DH.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$DHC.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$DHwithSHA1KDF.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$MQV.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$MQVwithSHA1KDF.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$EC.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECDH.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECDHC.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECDSA.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECGOST3410.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECMQV.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$EC.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$ECDH.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$ECDHC.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$ECDSA.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$ECMQV.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$1.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$CVCDSAEncoder.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$StdDSAEncoder.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA224.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA256.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA384.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA512.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA224.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA256.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA384.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA512.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSARipeMD160.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSAnone.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR224.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR256.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR384.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR512.class
          org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/ecgost/
          org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.class
          org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.class
          org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyFactorySpi.class
          org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyPairGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/ecgost/SignatureSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParameterGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParametersSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPrivateKey.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPublicKey.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi$NoPadding.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi$PKCS1v1_5Padding.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/ElGamalUtil.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyFactorySpi.class
          org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyPairGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/gost/
          org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParameterGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParametersSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PrivateKey.class
          org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PublicKey.class
          org/bouncycastle/jcajce/provider/asymmetric/gost/KeyFactorySpi.class
          org/bouncycastle/jcajce/provider/asymmetric/gost/KeyPairGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/gost/SignatureSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/ies/
          org/bouncycastle/jcajce/provider/asymmetric/ies/AlgorithmParametersSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi$IES.class
          org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/
          org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi$OAEP.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi$PSS.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$ISO9796d1Padding.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$NoPadding.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$OAEPPadding.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$PKCS1v1_5Padding.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$PKCS1v1_5Padding_PrivateOnly.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$PKCS1v1_5Padding_PublicOnly.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$MD2.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$MD4.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$MD5.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$RIPEMD128.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$RIPEMD160.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$RIPEMD256.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA1.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA224.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA256.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA384.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA512.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$noneRSA.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi$MD5WithRSAEncryption.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi$RIPEMD160WithRSAEncryption.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi$SHA1WithRSAEncryption.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$NullPssDigest.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$PSSwithRSA.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA1withRSA.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA224withRSA.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA256withRSA.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA384withRSA.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA512withRSA.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$nonePSS.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/rsa/RSAUtil.class
          org/bouncycastle/jcajce/provider/asymmetric/util/
          org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.class
          org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.class
          org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.class
          org/bouncycastle/jcajce/provider/asymmetric/util/DSABase.class
          org/bouncycastle/jcajce/provider/asymmetric/util/DSAEncoder.class
          org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.class
          org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.class
          org/bouncycastle/jcajce/provider/asymmetric/util/ExtendedInvalidKeySpecException.class
          org/bouncycastle/jcajce/provider/asymmetric/util/GOST3410Util.class
          org/bouncycastle/jcajce/provider/asymmetric/util/IESUtil.class
          org/bouncycastle/jcajce/provider/asymmetric/util/KeyUtil.class
          org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/
          org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory$ExCertificateException.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/KeyFactory.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.class
          org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.class
          org/bouncycastle/jcajce/provider/config/
          org/bouncycastle/jcajce/provider/config/ConfigurableProvider.class
          org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.class
          org/bouncycastle/jcajce/provider/config/ProviderConfiguration.class
          org/bouncycastle/jcajce/provider/config/ProviderConfigurationPermission.class
          org/bouncycastle/jcajce/provider/digest/
          org/bouncycastle/jcajce/provider/digest/BCMessageDigest.class
          org/bouncycastle/jcajce/provider/digest/DigestAlgorithmProvider.class
          org/bouncycastle/jcajce/provider/digest/GOST3411$Digest.class
          org/bouncycastle/jcajce/provider/digest/GOST3411$HashMac.class
          org/bouncycastle/jcajce/provider/digest/GOST3411$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/GOST3411$Mappings.class
          org/bouncycastle/jcajce/provider/digest/GOST3411.class
          org/bouncycastle/jcajce/provider/digest/MD2$Digest.class
          org/bouncycastle/jcajce/provider/digest/MD2$HashMac.class
          org/bouncycastle/jcajce/provider/digest/MD2$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/MD2$Mappings.class
          org/bouncycastle/jcajce/provider/digest/MD2.class
          org/bouncycastle/jcajce/provider/digest/MD4$Digest.class
          org/bouncycastle/jcajce/provider/digest/MD4$HashMac.class
          org/bouncycastle/jcajce/provider/digest/MD4$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/MD4$Mappings.class
          org/bouncycastle/jcajce/provider/digest/MD4.class
          org/bouncycastle/jcajce/provider/digest/MD5$Digest.class
          org/bouncycastle/jcajce/provider/digest/MD5$HashMac.class
          org/bouncycastle/jcajce/provider/digest/MD5$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/MD5$Mappings.class
          org/bouncycastle/jcajce/provider/digest/MD5.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD128$Digest.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD128$HashMac.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD128$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD128$Mappings.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD128.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD160$Digest.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD160$HashMac.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD160$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD160$Mappings.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD160$PBEWithHmac.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD160$PBEWithHmacKeyFactory.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD160.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD256$Digest.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD256$HashMac.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD256$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD256$Mappings.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD256.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD320$Digest.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD320$HashMac.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD320$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD320$Mappings.class
          org/bouncycastle/jcajce/provider/digest/RIPEMD320.class
          org/bouncycastle/jcajce/provider/digest/SHA1$BasePBKDF2WithHmacSHA1.class
          org/bouncycastle/jcajce/provider/digest/SHA1$Digest.class
          org/bouncycastle/jcajce/provider/digest/SHA1$HashMac.class
          org/bouncycastle/jcajce/provider/digest/SHA1$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/SHA1$Mappings.class
          org/bouncycastle/jcajce/provider/digest/SHA1$PBEWithMacKeyFactory.class
          org/bouncycastle/jcajce/provider/digest/SHA1$PBKDF2WithHmacSHA18BIT.class
          org/bouncycastle/jcajce/provider/digest/SHA1$PBKDF2WithHmacSHA1UTF8.class
          org/bouncycastle/jcajce/provider/digest/SHA1$SHA1Mac.class
          org/bouncycastle/jcajce/provider/digest/SHA1.class
          org/bouncycastle/jcajce/provider/digest/SHA224$Digest.class
          org/bouncycastle/jcajce/provider/digest/SHA224$HashMac.class
          org/bouncycastle/jcajce/provider/digest/SHA224$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/SHA224$Mappings.class
          org/bouncycastle/jcajce/provider/digest/SHA224.class
          org/bouncycastle/jcajce/provider/digest/SHA256$Digest.class
          org/bouncycastle/jcajce/provider/digest/SHA256$HashMac.class
          org/bouncycastle/jcajce/provider/digest/SHA256$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/SHA256$Mappings.class
          org/bouncycastle/jcajce/provider/digest/SHA256$PBEWithMacKeyFactory.class
          org/bouncycastle/jcajce/provider/digest/SHA256.class
          org/bouncycastle/jcajce/provider/digest/SHA3$Digest224.class
          org/bouncycastle/jcajce/provider/digest/SHA3$Digest256.class
          org/bouncycastle/jcajce/provider/digest/SHA3$Digest384.class
          org/bouncycastle/jcajce/provider/digest/SHA3$Digest512.class
          org/bouncycastle/jcajce/provider/digest/SHA3$DigestSHA3.class
          org/bouncycastle/jcajce/provider/digest/SHA3$HashMac224.class
          org/bouncycastle/jcajce/provider/digest/SHA3$HashMac256.class
          org/bouncycastle/jcajce/provider/digest/SHA3$HashMac384.class
          org/bouncycastle/jcajce/provider/digest/SHA3$HashMac512.class
          org/bouncycastle/jcajce/provider/digest/SHA3$KeyGenerator224.class
          org/bouncycastle/jcajce/provider/digest/SHA3$KeyGenerator256.class
          org/bouncycastle/jcajce/provider/digest/SHA3$KeyGenerator384.class
          org/bouncycastle/jcajce/provider/digest/SHA3$KeyGenerator512.class
          org/bouncycastle/jcajce/provider/digest/SHA3$Mappings.class
          org/bouncycastle/jcajce/provider/digest/SHA3.class
          org/bouncycastle/jcajce/provider/digest/SHA384$Digest.class
          org/bouncycastle/jcajce/provider/digest/SHA384$HashMac.class
          org/bouncycastle/jcajce/provider/digest/SHA384$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/SHA384$Mappings.class
          org/bouncycastle/jcajce/provider/digest/SHA384$OldSHA384.class
          org/bouncycastle/jcajce/provider/digest/SHA384.class
          org/bouncycastle/jcajce/provider/digest/SHA512$Digest.class
          org/bouncycastle/jcajce/provider/digest/SHA512$DigestT.class
          org/bouncycastle/jcajce/provider/digest/SHA512$DigestT224.class
          org/bouncycastle/jcajce/provider/digest/SHA512$DigestT256.class
          org/bouncycastle/jcajce/provider/digest/SHA512$HashMac.class
          org/bouncycastle/jcajce/provider/digest/SHA512$HashMacT224.class
          org/bouncycastle/jcajce/provider/digest/SHA512$HashMacT256.class
          org/bouncycastle/jcajce/provider/digest/SHA512$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/SHA512$KeyGeneratorT224.class
          org/bouncycastle/jcajce/provider/digest/SHA512$KeyGeneratorT256.class
          org/bouncycastle/jcajce/provider/digest/SHA512$Mappings.class
          org/bouncycastle/jcajce/provider/digest/SHA512$OldSHA512.class
          org/bouncycastle/jcajce/provider/digest/SHA512.class
          org/bouncycastle/jcajce/provider/digest/Tiger$Digest.class
          org/bouncycastle/jcajce/provider/digest/Tiger$HashMac.class
          org/bouncycastle/jcajce/provider/digest/Tiger$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/Tiger$Mappings.class
          org/bouncycastle/jcajce/provider/digest/Tiger$PBEWithHashMac.class
          org/bouncycastle/jcajce/provider/digest/Tiger$PBEWithMacKeyFactory.class
          org/bouncycastle/jcajce/provider/digest/Tiger$TigerHmac.class
          org/bouncycastle/jcajce/provider/digest/Tiger.class
          org/bouncycastle/jcajce/provider/digest/Whirlpool$Digest.class
          org/bouncycastle/jcajce/provider/digest/Whirlpool$HashMac.class
          org/bouncycastle/jcajce/provider/digest/Whirlpool$KeyGenerator.class
          org/bouncycastle/jcajce/provider/digest/Whirlpool$Mappings.class
          org/bouncycastle/jcajce/provider/digest/Whirlpool.class
          org/bouncycastle/jcajce/provider/keystore/
          org/bouncycastle/jcajce/provider/keystore/BC$Mappings.class
          org/bouncycastle/jcajce/provider/keystore/BC.class
          org/bouncycastle/jcajce/provider/keystore/PKCS12$Mappings.class
          org/bouncycastle/jcajce/provider/keystore/PKCS12.class
          org/bouncycastle/jcajce/provider/keystore/bc/
          org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi$BouncyCastleStore.class
          org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi$Std.class
          org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi$StoreEntry.class
          org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi$Version1.class
          org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.class
          org/bouncycastle/jcajce/provider/keystore/pkcs12/
          org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$1.class
          org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$BCPKCS12KeyStore.class
          org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES.class
          org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$CertId.class
          org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$DefPKCS12KeyStore.class
          org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES.class
          org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$IgnoresCaseHashtable.class
          org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.class
          org/bouncycastle/jcajce/provider/symmetric/
          org/bouncycastle/jcajce/provider/symmetric/AES$AESCMAC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$AESGMAC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/AES$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/AES$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$CFB.class
          org/bouncycastle/jcajce/provider/symmetric/AES$ECB$1.class
          org/bouncycastle/jcajce/provider/symmetric/AES$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/AES$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/AES$KeyGen128.class
          org/bouncycastle/jcajce/provider/symmetric/AES$KeyGen192.class
          org/bouncycastle/jcajce/provider/symmetric/AES$KeyGen256.class
          org/bouncycastle/jcajce/provider/symmetric/AES$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/AES$OFB.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithAESCBC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithMD5And128BitAESCBCOpenSSL.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithMD5And192BitAESCBCOpenSSL.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithMD5And256BitAESCBCOpenSSL.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHA256And128BitAESBC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHA256And192BitAESBC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHA256And256BitAESBC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHAAnd128BitAESBC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHAAnd192BitAESBC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHAAnd256BitAESBC.class
          org/bouncycastle/jcajce/provider/symmetric/AES$RFC3211Wrap.class
          org/bouncycastle/jcajce/provider/symmetric/AES$Wrap.class
          org/bouncycastle/jcajce/provider/symmetric/AES.class
          org/bouncycastle/jcajce/provider/symmetric/ARC4$Base.class
          org/bouncycastle/jcajce/provider/symmetric/ARC4$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/ARC4$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/ARC4$PBEWithSHAAnd128Bit.class
          org/bouncycastle/jcajce/provider/symmetric/ARC4$PBEWithSHAAnd128BitKeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/ARC4$PBEWithSHAAnd40Bit.class
          org/bouncycastle/jcajce/provider/symmetric/ARC4$PBEWithSHAAnd40BitKeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/ARC4.class
          org/bouncycastle/jcajce/provider/symmetric/Blowfish$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/Blowfish$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/Blowfish$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/Blowfish$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Blowfish$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Blowfish.class
          org/bouncycastle/jcajce/provider/symmetric/CAST5$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/CAST5$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/CAST5$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/CAST5$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/CAST5$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/CAST5$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/CAST5.class
          org/bouncycastle/jcajce/provider/symmetric/CAST6$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/CAST6$GMAC.class
          org/bouncycastle/jcajce/provider/symmetric/CAST6$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/CAST6$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/CAST6.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$ECB$1.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$GMAC.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$KeyGen128.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$KeyGen192.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$KeyGen256.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$RFC3211Wrap.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia$Wrap.class
          org/bouncycastle/jcajce/provider/symmetric/Camellia.class
          org/bouncycastle/jcajce/provider/symmetric/DES$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/DES$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/DES$CBCMAC.class
          org/bouncycastle/jcajce/provider/symmetric/DES$CMAC.class
          org/bouncycastle/jcajce/provider/symmetric/DES$DES64.class
          org/bouncycastle/jcajce/provider/symmetric/DES$DES64with7816d4.class
          org/bouncycastle/jcajce/provider/symmetric/DES$DES9797Alg3.class
          org/bouncycastle/jcajce/provider/symmetric/DES$DES9797Alg3with7816d4.class
          org/bouncycastle/jcajce/provider/symmetric/DES$DESCFB8.class
          org/bouncycastle/jcajce/provider/symmetric/DES$DESPBEKeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/DES$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/DES$KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/DES$KeyGenerator.class
          org/bouncycastle/jcajce/provider/symmetric/DES$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithMD2.class
          org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithMD2KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithMD5.class
          org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithMD5KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithSHA1.class
          org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithSHA1KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/DES$RFC3211.class
          org/bouncycastle/jcajce/provider/symmetric/DES.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$CBCMAC.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$CMAC.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$DESede64.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$DESede64with7816d4.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$DESedeCFB8.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$KeyGenerator.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$KeyGenerator3.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$PBEWithSHAAndDES2Key.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$PBEWithSHAAndDES2KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$PBEWithSHAAndDES3Key.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$PBEWithSHAAndDES3KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$RFC3211.class
          org/bouncycastle/jcajce/provider/symmetric/DESede$Wrap.class
          org/bouncycastle/jcajce/provider/symmetric/DESede.class
          org/bouncycastle/jcajce/provider/symmetric/GOST28147$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/GOST28147$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/GOST28147$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/GOST28147$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/GOST28147$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/GOST28147$Mac.class
          org/bouncycastle/jcajce/provider/symmetric/GOST28147$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/GOST28147.class
          org/bouncycastle/jcajce/provider/symmetric/Grain128$Base.class
          org/bouncycastle/jcajce/provider/symmetric/Grain128$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Grain128$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Grain128.class
          org/bouncycastle/jcajce/provider/symmetric/Grainv1$Base.class
          org/bouncycastle/jcajce/provider/symmetric/Grainv1$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Grainv1$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Grainv1.class
          org/bouncycastle/jcajce/provider/symmetric/HC128$Base.class
          org/bouncycastle/jcajce/provider/symmetric/HC128$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/HC128$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/HC128.class
          org/bouncycastle/jcajce/provider/symmetric/HC256$Base.class
          org/bouncycastle/jcajce/provider/symmetric/HC256$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/HC256$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/HC256.class
          org/bouncycastle/jcajce/provider/symmetric/Noekeon$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/Noekeon$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/Noekeon$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/Noekeon$GMAC.class
          org/bouncycastle/jcajce/provider/symmetric/Noekeon$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Noekeon$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Noekeon.class
          org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.class
          org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$CBCMAC.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$CFB8MAC.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$KeyGenerator.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithMD2KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithMD5AndRC2.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithMD5KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHA1AndRC2.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHA1KeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHAAnd128BitKeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHAAnd128BitRC2.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHAAnd40BitKeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHAAnd40BitRC2.class
          org/bouncycastle/jcajce/provider/symmetric/RC2$Wrap.class
          org/bouncycastle/jcajce/provider/symmetric/RC2.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$CBC32.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$CFB8Mac32.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$ECB32.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$ECB64.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$KeyGen32.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$KeyGen64.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$Mac32.class
          org/bouncycastle/jcajce/provider/symmetric/RC5$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/RC5.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$CFB.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$ECB$1.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$GMAC.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/RC6$OFB.class
          org/bouncycastle/jcajce/provider/symmetric/RC6.class
          org/bouncycastle/jcajce/provider/symmetric/Rijndael$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/Rijndael$ECB$1.class
          org/bouncycastle/jcajce/provider/symmetric/Rijndael$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/Rijndael$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Rijndael$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Rijndael.class
          org/bouncycastle/jcajce/provider/symmetric/SEED$AlgParamGen.class
          org/bouncycastle/jcajce/provider/symmetric/SEED$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/SEED$CBC.class
          org/bouncycastle/jcajce/provider/symmetric/SEED$ECB$1.class
          org/bouncycastle/jcajce/provider/symmetric/SEED$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/SEED$GMAC.class
          org/bouncycastle/jcajce/provider/symmetric/SEED$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/SEED$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/SEED$Wrap.class
          org/bouncycastle/jcajce/provider/symmetric/SEED.class
          org/bouncycastle/jcajce/provider/symmetric/Salsa20$Base.class
          org/bouncycastle/jcajce/provider/symmetric/Salsa20$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Salsa20$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Salsa20.class
          org/bouncycastle/jcajce/provider/symmetric/Serpent$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/Serpent$ECB$1.class
          org/bouncycastle/jcajce/provider/symmetric/Serpent$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/Serpent$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Serpent$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Serpent$SerpentGMAC.class
          org/bouncycastle/jcajce/provider/symmetric/Serpent.class
          org/bouncycastle/jcajce/provider/symmetric/SipHash$Mac.class
          org/bouncycastle/jcajce/provider/symmetric/SipHash$Mac48.class
          org/bouncycastle/jcajce/provider/symmetric/SipHash$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/SipHash.class
          org/bouncycastle/jcajce/provider/symmetric/Skipjack$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/Skipjack$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/Skipjack$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Skipjack$Mac.class
          org/bouncycastle/jcajce/provider/symmetric/Skipjack$MacCFB8.class
          org/bouncycastle/jcajce/provider/symmetric/Skipjack$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Skipjack.class
          org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.class
          org/bouncycastle/jcajce/provider/symmetric/TEA$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/TEA$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/TEA$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/TEA$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/TEA.class
          org/bouncycastle/jcajce/provider/symmetric/Twofish$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/Twofish$ECB$1.class
          org/bouncycastle/jcajce/provider/symmetric/Twofish$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/Twofish$GMAC.class
          org/bouncycastle/jcajce/provider/symmetric/Twofish$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/Twofish$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/Twofish$PBEWithSHA.class
          org/bouncycastle/jcajce/provider/symmetric/Twofish$PBEWithSHAKeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/Twofish.class
          org/bouncycastle/jcajce/provider/symmetric/VMPC$Base.class
          org/bouncycastle/jcajce/provider/symmetric/VMPC$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/VMPC$Mac.class
          org/bouncycastle/jcajce/provider/symmetric/VMPC$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/VMPC.class
          org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3$Base.class
          org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3.class
          org/bouncycastle/jcajce/provider/symmetric/XTEA$AlgParams.class
          org/bouncycastle/jcajce/provider/symmetric/XTEA$ECB.class
          org/bouncycastle/jcajce/provider/symmetric/XTEA$KeyGen.class
          org/bouncycastle/jcajce/provider/symmetric/XTEA$Mappings.class
          org/bouncycastle/jcajce/provider/symmetric/XTEA.class
          org/bouncycastle/jcajce/provider/symmetric/util/
          org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher$AEADGenericBlockCipher.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher$BufferedGenericBlockCipher.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher$GenericBlockCipher.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.class
          org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.class
          org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.class
          org/bouncycastle/jcajce/provider/symmetric/util/IvAlgorithmParameters.class
          org/bouncycastle/jcajce/provider/symmetric/util/PBE$Util.class
          org/bouncycastle/jcajce/provider/symmetric/util/PBE.class
          org/bouncycastle/jcajce/provider/symmetric/util/PBESecretKeyFactory.class
          org/bouncycastle/jcajce/provider/util/
          org/bouncycastle/jcajce/provider/util/AlgorithmProvider.class
          org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.class
          org/bouncycastle/jcajce/provider/util/AsymmetricKeyInfoConverter.class
          org/bouncycastle/jcajce/provider/util/DigestFactory.class
          org/bouncycastle/jcajce/provider/util/SecretKeyUtil.class
          org/bouncycastle/jce/
          org/bouncycastle/jce/ECGOST3410NamedCurveTable.class
          org/bouncycastle/jce/ECKeyUtil$UnexpectedException.class
          org/bouncycastle/jce/ECKeyUtil.class
          org/bouncycastle/jce/ECNamedCurveTable.class
          org/bouncycastle/jce/ECPointUtil.class
          org/bouncycastle/jce/MultiCertStoreParameters.class
          org/bouncycastle/jce/PKCS10CertificationRequest.class
          org/bouncycastle/jce/PKCS12Util.class
          org/bouncycastle/jce/PrincipalUtil.class
          org/bouncycastle/jce/X509KeyUsage.class
          org/bouncycastle/jce/X509LDAPCertStoreParameters$1.class
          org/bouncycastle/jce/X509LDAPCertStoreParameters$Builder.class
          org/bouncycastle/jce/X509LDAPCertStoreParameters.class
          org/bouncycastle/jce/X509Principal.class
          org/bouncycastle/jce/examples/
          org/bouncycastle/jce/examples/PKCS12Example.class
          org/bouncycastle/jce/exception/
          org/bouncycastle/jce/exception/ExtCertPathBuilderException.class
          org/bouncycastle/jce/exception/ExtCertPathValidatorException.class
          org/bouncycastle/jce/exception/ExtCertificateEncodingException.class
          org/bouncycastle/jce/exception/ExtException.class
          org/bouncycastle/jce/exception/ExtIOException.class
          org/bouncycastle/jce/interfaces/
          org/bouncycastle/jce/interfaces/BCKeyStore.class
          org/bouncycastle/jce/interfaces/ECKey.class
          org/bouncycastle/jce/interfaces/ECPointEncoder.class
          org/bouncycastle/jce/interfaces/ECPrivateKey.class
          org/bouncycastle/jce/interfaces/ECPublicKey.class
          org/bouncycastle/jce/interfaces/ElGamalKey.class
          org/bouncycastle/jce/interfaces/ElGamalPrivateKey.class
          org/bouncycastle/jce/interfaces/ElGamalPublicKey.class
          org/bouncycastle/jce/interfaces/GOST3410Key.class
          org/bouncycastle/jce/interfaces/GOST3410Params.class
          org/bouncycastle/jce/interfaces/GOST3410PrivateKey.class
          org/bouncycastle/jce/interfaces/GOST3410PublicKey.class
          org/bouncycastle/jce/interfaces/IESKey.class
          org/bouncycastle/jce/interfaces/MQVPrivateKey.class
          org/bouncycastle/jce/interfaces/MQVPublicKey.class
          org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.class
          org/bouncycastle/jce/netscape/
          org/bouncycastle/jce/netscape/NetscapeCertRequest.class
          org/bouncycastle/jce/provider/
          org/bouncycastle/jce/provider/AnnotatedException.class
          org/bouncycastle/jce/provider/BouncyCastleProvider$1.class
          org/bouncycastle/jce/provider/BouncyCastleProvider.class
          org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.class
          org/bouncycastle/jce/provider/BrokenJCEBlockCipher$BrokePBEWithMD5AndDES.class
          org/bouncycastle/jce/provider/BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES.class
          org/bouncycastle/jce/provider/BrokenJCEBlockCipher$BrokePBEWithSHAAndDES2Key.class
          org/bouncycastle/jce/provider/BrokenJCEBlockCipher$BrokePBEWithSHAAndDES3Key.class
          org/bouncycastle/jce/provider/BrokenJCEBlockCipher$OldPBEWithSHAAndDES3Key.class
          org/bouncycastle/jce/provider/BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish.class
          org/bouncycastle/jce/provider/BrokenJCEBlockCipher.class
          org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.class
          org/bouncycastle/jce/provider/BrokenPBE$Util.class
          org/bouncycastle/jce/provider/BrokenPBE.class
          org/bouncycastle/jce/provider/CertPathValidatorUtilities.class
          org/bouncycastle/jce/provider/CertStatus.class
          org/bouncycastle/jce/provider/CertStoreCollectionSpi.class
          org/bouncycastle/jce/provider/DHUtil.class
          org/bouncycastle/jce/provider/ExtCRLException.class
          org/bouncycastle/jce/provider/JCEDHPrivateKey.class
          org/bouncycastle/jce/provider/JCEDHPublicKey.class
          org/bouncycastle/jce/provider/JCEECPrivateKey.class
          org/bouncycastle/jce/provider/JCEECPublicKey.class
          org/bouncycastle/jce/provider/JCEElGamalPrivateKey.class
          org/bouncycastle/jce/provider/JCEElGamalPublicKey.class
          org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.class
          org/bouncycastle/jce/provider/JCERSAPrivateKey.class
          org/bouncycastle/jce/provider/JCERSAPublicKey.class
          org/bouncycastle/jce/provider/JCEStreamCipher$Blowfish_CFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher$Blowfish_OFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher$DES_CFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher$DES_OFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher$DESede_CFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher$DESede_OFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher$Skipjack_CFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher$Skipjack_OFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher$Twofish_CFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher$Twofish_OFB8.class
          org/bouncycastle/jce/provider/JCEStreamCipher.class
          org/bouncycastle/jce/provider/JDKDSAPrivateKey.class
          org/bouncycastle/jce/provider/JDKDSAPublicKey.class
          org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.class
          org/bouncycastle/jce/provider/MultiCertStoreSpi.class
          org/bouncycastle/jce/provider/OldPKCS12ParametersGenerator.class
          org/bouncycastle/jce/provider/PEMUtil.class
          org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.class
          org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.class
          org/bouncycastle/jce/provider/PKIXCRLUtil.class
          org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.class
          org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.class
          org/bouncycastle/jce/provider/PKIXNameConstraintValidator.class
          org/bouncycastle/jce/provider/PKIXNameConstraintValidatorException.class
          org/bouncycastle/jce/provider/PKIXPolicyNode.class
          org/bouncycastle/jce/provider/RFC3280CertPathUtilities.class
          org/bouncycastle/jce/provider/RFC3281CertPathUtilities.class
          org/bouncycastle/jce/provider/ReasonsMask.class
          org/bouncycastle/jce/provider/X509AttrCertParser.class
          org/bouncycastle/jce/provider/X509CRLEntryObject.class
          org/bouncycastle/jce/provider/X509CRLObject.class
          org/bouncycastle/jce/provider/X509CRLParser.class
          org/bouncycastle/jce/provider/X509CertPairParser.class
          org/bouncycastle/jce/provider/X509CertParser.class
          org/bouncycastle/jce/provider/X509CertificateObject.class
          org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.class
          org/bouncycastle/jce/provider/X509SignatureUtil.class
          org/bouncycastle/jce/provider/X509StoreAttrCertCollection.class
          org/bouncycastle/jce/provider/X509StoreCRLCollection.class
          org/bouncycastle/jce/provider/X509StoreCertCollection.class
          org/bouncycastle/jce/provider/X509StoreCertPairCollection.class
          org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.class
          org/bouncycastle/jce/provider/X509StoreLDAPCRLs.class
          org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.class
          org/bouncycastle/jce/provider/X509StoreLDAPCerts.class
          org/bouncycastle/jce/spec/
          org/bouncycastle/jce/spec/ECKeySpec.class
          org/bouncycastle/jce/spec/ECNamedCurveGenParameterSpec.class
          org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.class
          org/bouncycastle/jce/spec/ECNamedCurveSpec.class
          org/bouncycastle/jce/spec/ECParameterSpec.class
          org/bouncycastle/jce/spec/ECPrivateKeySpec.class
          org/bouncycastle/jce/spec/ECPublicKeySpec.class
          org/bouncycastle/jce/spec/ElGamalGenParameterSpec.class
          org/bouncycastle/jce/spec/ElGamalKeySpec.class
          org/bouncycastle/jce/spec/ElGamalParameterSpec.class
          org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.class
          org/bouncycastle/jce/spec/ElGamalPublicKeySpec.class
          org/bouncycastle/jce/spec/GOST28147ParameterSpec.class
          org/bouncycastle/jce/spec/GOST3410ParameterSpec.class
          org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.class
          org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.class
          org/bouncycastle/jce/spec/GOST3410PublicKeySpec.class
          org/bouncycastle/jce/spec/IEKeySpec.class
          org/bouncycastle/jce/spec/IESParameterSpec.class
          org/bouncycastle/jce/spec/MQVPrivateKeySpec.class
          org/bouncycastle/jce/spec/MQVPublicKeySpec.class
          org/bouncycastle/jce/spec/RepeatedSecretKeySpec.class
          org/bouncycastle/math/
          org/bouncycastle/math/ec/
          org/bouncycastle/math/ec/ECAlgorithms.class
          org/bouncycastle/math/ec/ECConstants.class
          org/bouncycastle/math/ec/ECCurve$F2m.class
          org/bouncycastle/math/ec/ECCurve$Fp.class
          org/bouncycastle/math/ec/ECCurve.class
          org/bouncycastle/math/ec/ECFieldElement$F2m.class
          org/bouncycastle/math/ec/ECFieldElement$Fp.class
          org/bouncycastle/math/ec/ECFieldElement.class
          org/bouncycastle/math/ec/ECMultiplier.class
          org/bouncycastle/math/ec/ECPoint$F2m.class
          org/bouncycastle/math/ec/ECPoint$Fp.class
          org/bouncycastle/math/ec/ECPoint.class
          org/bouncycastle/math/ec/FpNafMultiplier.class
          org/bouncycastle/math/ec/IntArray.class
          org/bouncycastle/math/ec/PreCompInfo.class
          org/bouncycastle/math/ec/ReferenceMultiplier.class
          org/bouncycastle/math/ec/SimpleBigDecimal.class
          org/bouncycastle/math/ec/Tnaf.class
          org/bouncycastle/math/ec/WNafMultiplier.class
          org/bouncycastle/math/ec/WNafPreCompInfo.class
          org/bouncycastle/math/ec/WTauNafMultiplier.class
          org/bouncycastle/math/ec/WTauNafPreCompInfo.class
          org/bouncycastle/math/ec/ZTauElement.class
          org/bouncycastle/ocsp/
          org/bouncycastle/ocsp/BasicOCSPResp.class
          org/bouncycastle/ocsp/BasicOCSPRespGenerator$ResponseObject.class
          org/bouncycastle/ocsp/BasicOCSPRespGenerator.class
          org/bouncycastle/ocsp/CertificateID.class
          org/bouncycastle/ocsp/CertificateStatus.class
          org/bouncycastle/ocsp/OCSPException.class
          org/bouncycastle/ocsp/OCSPReq.class
          org/bouncycastle/ocsp/OCSPReqGenerator$RequestObject.class
          org/bouncycastle/ocsp/OCSPReqGenerator.class
          org/bouncycastle/ocsp/OCSPResp.class
          org/bouncycastle/ocsp/OCSPRespGenerator.class
          org/bouncycastle/ocsp/OCSPRespStatus.class
          org/bouncycastle/ocsp/OCSPUtil.class
          org/bouncycastle/ocsp/Req.class
          org/bouncycastle/ocsp/RespData.class
          org/bouncycastle/ocsp/RespID.class
          org/bouncycastle/ocsp/RevokedStatus.class
          org/bouncycastle/ocsp/SingleResp.class
          org/bouncycastle/ocsp/UnknownStatus.class
          org/bouncycastle/pqc/
          org/bouncycastle/pqc/asn1/
          org/bouncycastle/pqc/asn1/GMSSPrivateKey.class
          org/bouncycastle/pqc/asn1/GMSSPublicKey.class
          org/bouncycastle/pqc/asn1/McElieceCCA2PrivateKey.class
          org/bouncycastle/pqc/asn1/McElieceCCA2PublicKey.class
          org/bouncycastle/pqc/asn1/McEliecePrivateKey.class
          org/bouncycastle/pqc/asn1/McEliecePublicKey.class
          org/bouncycastle/pqc/asn1/PQCObjectIdentifiers.class
          org/bouncycastle/pqc/asn1/ParSet.class
          org/bouncycastle/pqc/asn1/RainbowPrivateKey.class
          org/bouncycastle/pqc/asn1/RainbowPublicKey.class
          org/bouncycastle/pqc/crypto/
          org/bouncycastle/pqc/crypto/DigestingMessageSigner.class
          org/bouncycastle/pqc/crypto/MessageEncryptor.class
          org/bouncycastle/pqc/crypto/MessageSigner.class
          org/bouncycastle/pqc/crypto/gmss/
          org/bouncycastle/pqc/crypto/gmss/GMSSDigestProvider.class
          org/bouncycastle/pqc/crypto/gmss/GMSSKeyGenerationParameters.class
          org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.class
          org/bouncycastle/pqc/crypto/gmss/GMSSKeyParameters.class
          org/bouncycastle/pqc/crypto/gmss/GMSSLeaf.class
          org/bouncycastle/pqc/crypto/gmss/GMSSParameters.class
          org/bouncycastle/pqc/crypto/gmss/GMSSPrivateKeyParameters.class
          org/bouncycastle/pqc/crypto/gmss/GMSSPublicKeyParameters.class
          org/bouncycastle/pqc/crypto/gmss/GMSSRootCalc.class
          org/bouncycastle/pqc/crypto/gmss/GMSSRootSig.class
          org/bouncycastle/pqc/crypto/gmss/GMSSSigner.class
          org/bouncycastle/pqc/crypto/gmss/GMSSUtils.class
          org/bouncycastle/pqc/crypto/gmss/Treehash.class
          org/bouncycastle/pqc/crypto/gmss/util/
          org/bouncycastle/pqc/crypto/gmss/util/GMSSRandom.class
          org/bouncycastle/pqc/crypto/gmss/util/GMSSUtil.class
          org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.class
          org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.class
          org/bouncycastle/pqc/crypto/mceliece/
          org/bouncycastle/pqc/crypto/mceliece/Conversions.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2KeyGenerationParameters.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2KeyPairGenerator.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2KeyParameters.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2Parameters.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2Primitives.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2PrivateKeyParameters.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2PublicKeyParameters.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceFujisakiCipher.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceFujisakiDigestCipher.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceKeyGenerationParameters.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceKeyPairGenerator.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceKeyParameters.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceKobaraImaiCipher.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceKobaraImaiDigestCipher.class
          org/bouncycastle/pqc/crypto/mceliece/McEliecePKCSCipher.class
          org/bouncycastle/pqc/crypto/mceliece/McEliecePKCSDigestCipher.class
          org/bouncycastle/pqc/crypto/mceliece/McElieceParameters.class
          org/bouncycastle/pqc/crypto/mceliece/McEliecePointchevalCipher.class
          org/bouncycastle/pqc/crypto/mceliece/McEliecePointchevalDigestCipher.class
          org/bouncycastle/pqc/crypto/mceliece/McEliecePrivateKeyParameters.class
          org/bouncycastle/pqc/crypto/mceliece/McEliecePublicKeyParameters.class
          org/bouncycastle/pqc/crypto/rainbow/
          org/bouncycastle/pqc/crypto/rainbow/Layer.class
          org/bouncycastle/pqc/crypto/rainbow/RainbowKeyGenerationParameters.class
          org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.class
          org/bouncycastle/pqc/crypto/rainbow/RainbowKeyParameters.class
          org/bouncycastle/pqc/crypto/rainbow/RainbowParameters.class
          org/bouncycastle/pqc/crypto/rainbow/RainbowPrivateKeyParameters.class
          org/bouncycastle/pqc/crypto/rainbow/RainbowPublicKeyParameters.class
          org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.class
          org/bouncycastle/pqc/crypto/rainbow/util/
          org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.class
          org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.class
          org/bouncycastle/pqc/crypto/rainbow/util/RainbowUtil.class
          org/bouncycastle/pqc/jcajce/
          org/bouncycastle/pqc/jcajce/provider/
          org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider$1.class
          org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.class
          org/bouncycastle/pqc/jcajce/provider/McEliece$Mappings.class
          org/bouncycastle/pqc/jcajce/provider/McEliece.class
          org/bouncycastle/pqc/jcajce/provider/Rainbow$Mappings.class
          org/bouncycastle/pqc/jcajce/provider/Rainbow.class
          org/bouncycastle/pqc/jcajce/provider/gmss/
          org/bouncycastle/pqc/jcajce/provider/gmss/BCGMSSPublicKey.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/
          org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PrivateKey.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PublicKey.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePrivateKey.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePublicKey.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeyFactorySpi.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeysToParams.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2Primitives.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki224.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki256.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki384.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki512.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyFactorySpi.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyPairGeneratorSpi$McEliece.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyPairGeneratorSpi$McElieceCCA2.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyPairGeneratorSpi.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeysToParams.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai224.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai256.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai384.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai512.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS224.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS256.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS384.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS512.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval224.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval256.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval384.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval512.class
          org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/
          org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPrivateKey.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPublicKey.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyFactorySpi.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyPairGeneratorSpi.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeysToParams.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi$withSha224.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi$withSha256.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi$withSha384.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi$withSha512.class
          org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi.class
          org/bouncycastle/pqc/jcajce/provider/util/
          org/bouncycastle/pqc/jcajce/provider/util/AsymmetricBlockCipher.class
          org/bouncycastle/pqc/jcajce/provider/util/AsymmetricHybridCipher.class
          org/bouncycastle/pqc/jcajce/provider/util/CipherSpiExt.class
          org/bouncycastle/pqc/jcajce/provider/util/KeyUtil.class
          org/bouncycastle/pqc/jcajce/spec/
          org/bouncycastle/pqc/jcajce/spec/ECCKeyGenParameterSpec.class
          org/bouncycastle/pqc/jcajce/spec/GMSSKeySpec.class
          org/bouncycastle/pqc/jcajce/spec/GMSSPrivateKeySpec.class
          org/bouncycastle/pqc/jcajce/spec/GMSSPublicKeySpec.class
          org/bouncycastle/pqc/jcajce/spec/McElieceCCA2ParameterSpec.class
          org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PrivateKeySpec.class
          org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PublicKeySpec.class
          org/bouncycastle/pqc/jcajce/spec/McEliecePrivateKeySpec.class
          org/bouncycastle/pqc/jcajce/spec/McEliecePublicKeySpec.class
          org/bouncycastle/pqc/jcajce/spec/RainbowParameterSpec.class
          org/bouncycastle/pqc/jcajce/spec/RainbowPrivateKeySpec.class
          org/bouncycastle/pqc/jcajce/spec/RainbowPublicKeySpec.class
          org/bouncycastle/pqc/math/
          org/bouncycastle/pqc/math/linearalgebra/
          org/bouncycastle/pqc/math/linearalgebra/BigEndianConversions.class
          org/bouncycastle/pqc/math/linearalgebra/BigIntUtils.class
          org/bouncycastle/pqc/math/linearalgebra/ByteUtils.class
          org/bouncycastle/pqc/math/linearalgebra/CharUtils.class
          org/bouncycastle/pqc/math/linearalgebra/GF2Matrix.class
          org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.class
          org/bouncycastle/pqc/math/linearalgebra/GF2Vector.class
          org/bouncycastle/pqc/math/linearalgebra/GF2mField.class
          org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.class
          org/bouncycastle/pqc/math/linearalgebra/GF2mVector.class
          org/bouncycastle/pqc/math/linearalgebra/GF2nElement.class
          org/bouncycastle/pqc/math/linearalgebra/GF2nField.class
          org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.class
          org/bouncycastle/pqc/math/linearalgebra/GF2nONBField.class
          org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomial.class
          org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomialElement.class
          org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomialField.class
          org/bouncycastle/pqc/math/linearalgebra/GFElement.class
          org/bouncycastle/pqc/math/linearalgebra/GoppaCode$MaMaPe.class
          org/bouncycastle/pqc/math/linearalgebra/GoppaCode$MatrixSet.class
          org/bouncycastle/pqc/math/linearalgebra/GoppaCode.class
          org/bouncycastle/pqc/math/linearalgebra/IntUtils.class
          org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.class
          org/bouncycastle/pqc/math/linearalgebra/LittleEndianConversions.class
          org/bouncycastle/pqc/math/linearalgebra/Matrix.class
          org/bouncycastle/pqc/math/linearalgebra/Permutation.class
          org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.class
          org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.class
          org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.class
          org/bouncycastle/pqc/math/linearalgebra/RandUtils.class
          org/bouncycastle/pqc/math/linearalgebra/Vector.class
          org/bouncycastle/util/
          org/bouncycastle/util/Arrays.class
          org/bouncycastle/util/BigIntegers.class
          org/bouncycastle/util/CollectionStore.class
          org/bouncycastle/util/IPAddress.class
          org/bouncycastle/util/Integers.class
          org/bouncycastle/util/Memoable.class
          org/bouncycastle/util/MemoableResetException.class
          org/bouncycastle/util/Selector.class
          org/bouncycastle/util/Store.class
          org/bouncycastle/util/StoreException.class
          org/bouncycastle/util/StreamParser.class
          org/bouncycastle/util/StreamParsingException.class
          org/bouncycastle/util/Strings.class
          org/bouncycastle/util/encoders/
          org/bouncycastle/util/encoders/Base64.class
          org/bouncycastle/util/encoders/Base64Encoder.class
          org/bouncycastle/util/encoders/BufferedDecoder.class
          org/bouncycastle/util/encoders/BufferedEncoder.class
          org/bouncycastle/util/encoders/DecoderException.class
          org/bouncycastle/util/encoders/Encoder.class
          org/bouncycastle/util/encoders/EncoderException.class
          org/bouncycastle/util/encoders/Hex.class
          org/bouncycastle/util/encoders/HexEncoder.class
          org/bouncycastle/util/encoders/HexTranslator.class
          org/bouncycastle/util/encoders/Translator.class
          org/bouncycastle/util/encoders/UrlBase64.class
          org/bouncycastle/util/encoders/UrlBase64Encoder.class
          org/bouncycastle/util/io/
          org/bouncycastle/util/io/StreamOverflowException.class
          org/bouncycastle/util/io/Streams.class
          org/bouncycastle/util/io/TeeInputStream.class
          org/bouncycastle/util/io/TeeOutputStream.class
          org/bouncycastle/util/io/pem/
          org/bouncycastle/util/io/pem/PemGenerationException.class
          org/bouncycastle/util/io/pem/PemHeader.class
          org/bouncycastle/util/io/pem/PemObject.class
          org/bouncycastle/util/io/pem/PemObjectGenerator.class
          org/bouncycastle/util/io/pem/PemObjectParser.class
          org/bouncycastle/util/io/pem/PemReader.class
          org/bouncycastle/util/io/pem/PemWriter.class
          org/bouncycastle/util/test/
          org/bouncycastle/util/test/FixedSecureRandom.class
          org/bouncycastle/util/test/NumberParsing.class
          org/bouncycastle/util/test/SimpleTest.class
          org/bouncycastle/util/test/SimpleTestResult.class
          org/bouncycastle/util/test/Test.class
          org/bouncycastle/util/test/TestFailedException.class
          org/bouncycastle/util/test/TestResult.class
          org/bouncycastle/util/test/UncloseableOutputStream.class
          org/bouncycastle/x509/
          org/bouncycastle/x509/AttributeCertificateHolder.class
          org/bouncycastle/x509/AttributeCertificateIssuer.class
          org/bouncycastle/x509/CertPathReviewerException.class
          org/bouncycastle/x509/CertPathReviewerMessages.properties
          org/bouncycastle/x509/CertPathReviewerMessages_de.properties
          org/bouncycastle/x509/ExtCertificateEncodingException.class
          org/bouncycastle/x509/ExtendedPKIXBuilderParameters.class
          org/bouncycastle/x509/ExtendedPKIXParameters.class
          org/bouncycastle/x509/NoSuchParserException.class
          org/bouncycastle/x509/NoSuchStoreException.class
          org/bouncycastle/x509/PKIXAttrCertChecker.class
          org/bouncycastle/x509/PKIXCertPathReviewer.class
          org/bouncycastle/x509/X509Attribute.class
          org/bouncycastle/x509/X509AttributeCertStoreSelector.class
          org/bouncycastle/x509/X509AttributeCertificate.class
          org/bouncycastle/x509/X509CRLStoreSelector.class
          org/bouncycastle/x509/X509CertPairStoreSelector.class
          org/bouncycastle/x509/X509CertStoreSelector.class
          org/bouncycastle/x509/X509CertificatePair.class
          org/bouncycastle/x509/X509CollectionStoreParameters.class
          org/bouncycastle/x509/X509Store.class
          org/bouncycastle/x509/X509StoreParameters.class
          org/bouncycastle/x509/X509StoreSpi.class
          org/bouncycastle/x509/X509StreamParser.class
          org/bouncycastle/x509/X509StreamParserSpi.class
          org/bouncycastle/x509/X509Util$Implementation.class
          org/bouncycastle/x509/X509Util.class
          org/bouncycastle/x509/X509V1CertificateGenerator.class
          org/bouncycastle/x509/X509V2AttributeCertificate.class
          org/bouncycastle/x509/X509V2AttributeCertificateGenerator.class
          org/bouncycastle/x509/X509V2CRLGenerator$ExtCRLException.class
          org/bouncycastle/x509/X509V2CRLGenerator.class
          org/bouncycastle/x509/X509V3CertificateGenerator.class
          org/bouncycastle/x509/examples/
          org/bouncycastle/x509/examples/AttrCertExample.class
          org/bouncycastle/x509/extension/
          org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.class
          org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.class
          org/bouncycastle/x509/extension/X509ExtensionUtil.class
          org/bouncycastle/x509/util/
          org/bouncycastle/x509/util/LDAPStoreHelper.class
          org/bouncycastle/x509/util/StreamParser.class
          org/bouncycastle/x509/util/StreamParsingException.class
          

          unzip and jar xf also both worked fine for me

          Show
          Michael Berman added a comment - Huh...I wonder what's going on. Sorry I'm fixated on this; I would just really rather not check in a dependency that requires manual intervention to get working, so I'd like to get to the bottom of this before merging into master. [mberman dev]$ wget -O bcprov-jdk15on-1.49.jar http: //search.maven.org/remotecontent?filepath=org/bouncycastle/bcprov-jdk15on/1.49/bcprov-jdk15on-1.49.jar --2013-09-12 13:53:10-- http: //search.maven.org/remotecontent?filepath=org/bouncycastle/bcprov-jdk15on/1.49/bcprov-jdk15on-1.49.jar Resolving search.maven.org... 207.223.241.72 Connecting to search.maven.org|207.223.241.72|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 2476362 (2.4M) [application/java-archive] Saving to: ‘bcprov-jdk15on-1.49.jar’ 100%[===============================================================================================>] 2,476,362 1.22MB/s in 1.9s 2013-09-12 13:53:12 (1.22 MB/s) - ‘bcprov-jdk15on-1.49.jar’ saved [2476362/2476362] [mberman dev]$ jar tf bcprov-jdk15on-1.49.jar META-INF/MANIFEST.MF META-INF/BCKEY.SF META-INF/BCKEY.DSA org/ org/bouncycastle/ org/bouncycastle/LICENSE.class org/bouncycastle/asn1/ org/bouncycastle/asn1/ASN1ApplicationSpecificParser.class org/bouncycastle/asn1/ASN1Boolean.class org/bouncycastle/asn1/ASN1Choice.class org/bouncycastle/asn1/ASN1Encodable.class org/bouncycastle/asn1/ASN1EncodableVector.class org/bouncycastle/asn1/ASN1Encoding.class org/bouncycastle/asn1/ASN1Enumerated.class org/bouncycastle/asn1/ASN1Exception.class org/bouncycastle/asn1/ASN1GeneralizedTime.class org/bouncycastle/asn1/ASN1Generator.class org/bouncycastle/asn1/ASN1InputStream.class org/bouncycastle/asn1/ASN1Integer.class org/bouncycastle/asn1/ASN1Null.class org/bouncycastle/asn1/ASN1Object.class org/bouncycastle/asn1/ASN1ObjectIdentifier.class org/bouncycastle/asn1/ASN1OctetString.class org/bouncycastle/asn1/ASN1OctetStringParser.class org/bouncycastle/asn1/ASN1OutputStream$ImplicitOutputStream.class org/bouncycastle/asn1/ASN1OutputStream.class org/bouncycastle/asn1/ASN1ParsingException.class org/bouncycastle/asn1/ASN1Primitive.class org/bouncycastle/asn1/ASN1Sequence$1.class org/bouncycastle/asn1/ASN1Sequence.class org/bouncycastle/asn1/ASN1SequenceParser.class org/bouncycastle/asn1/ASN1Set$1.class org/bouncycastle/asn1/ASN1Set.class org/bouncycastle/asn1/ASN1SetParser.class org/bouncycastle/asn1/ASN1StreamParser.class org/bouncycastle/asn1/ASN1String.class org/bouncycastle/asn1/ASN1TaggedObject.class org/bouncycastle/asn1/ASN1TaggedObjectParser.class org/bouncycastle/asn1/ASN1UTCTime.class org/bouncycastle/asn1/BERApplicationSpecific.class org/bouncycastle/asn1/BERApplicationSpecificParser.class org/bouncycastle/asn1/BERConstructedOctetString.class org/bouncycastle/asn1/BERFactory.class org/bouncycastle/asn1/BERGenerator.class org/bouncycastle/asn1/BEROctetString$1.class org/bouncycastle/asn1/BEROctetString.class org/bouncycastle/asn1/BEROctetStringGenerator$BufferedBEROctetStream.class org/bouncycastle/asn1/BEROctetStringGenerator.class org/bouncycastle/asn1/BEROctetStringParser.class org/bouncycastle/asn1/BEROutputStream.class org/bouncycastle/asn1/BERSequence.class org/bouncycastle/asn1/BERSequenceGenerator.class org/bouncycastle/asn1/BERSequenceParser.class org/bouncycastle/asn1/BERSet.class org/bouncycastle/asn1/BERSetParser.class org/bouncycastle/asn1/BERTaggedObject.class org/bouncycastle/asn1/BERTaggedObjectParser.class org/bouncycastle/asn1/BERTags.class org/bouncycastle/asn1/ConstructedOctetStream.class org/bouncycastle/asn1/DERApplicationSpecific.class org/bouncycastle/asn1/DERBMPString.class org/bouncycastle/asn1/DERBitString.class org/bouncycastle/asn1/DERBoolean.class org/bouncycastle/asn1/DEREncodableVector.class org/bouncycastle/asn1/DEREnumerated.class org/bouncycastle/asn1/DERExternal.class org/bouncycastle/asn1/DERExternalParser.class org/bouncycastle/asn1/DERFactory.class org/bouncycastle/asn1/DERGeneralString.class org/bouncycastle/asn1/DERGeneralizedTime.class org/bouncycastle/asn1/DERGenerator.class org/bouncycastle/asn1/DERIA5String.class org/bouncycastle/asn1/DERInteger.class org/bouncycastle/asn1/DERNull.class org/bouncycastle/asn1/DERNumericString.class org/bouncycastle/asn1/DERObjectIdentifier.class org/bouncycastle/asn1/DEROctetString.class org/bouncycastle/asn1/DEROctetStringParser.class org/bouncycastle/asn1/DEROutputStream.class org/bouncycastle/asn1/DERPrintableString.class org/bouncycastle/asn1/DERSequence.class org/bouncycastle/asn1/DERSequenceGenerator.class org/bouncycastle/asn1/DERSequenceParser.class org/bouncycastle/asn1/DERSet.class org/bouncycastle/asn1/DERSetParser.class org/bouncycastle/asn1/DERT61String.class org/bouncycastle/asn1/DERT61UTF8String.class org/bouncycastle/asn1/DERTaggedObject.class org/bouncycastle/asn1/DERTags.class org/bouncycastle/asn1/DERUTCTime.class org/bouncycastle/asn1/DERUTF8String.class org/bouncycastle/asn1/DERUniversalString.class org/bouncycastle/asn1/DERVisibleString.class org/bouncycastle/asn1/DLOutputStream.class org/bouncycastle/asn1/DLSequence.class org/bouncycastle/asn1/DLSet.class org/bouncycastle/asn1/DLTaggedObject.class org/bouncycastle/asn1/DefiniteLengthInputStream.class org/bouncycastle/asn1/InMemoryRepresentable.class org/bouncycastle/asn1/IndefiniteLengthInputStream.class org/bouncycastle/asn1/LazyConstructionEnumeration.class org/bouncycastle/asn1/LazyEncodedSequence.class org/bouncycastle/asn1/LimitedInputStream.class org/bouncycastle/asn1/OIDTokenizer.class org/bouncycastle/asn1/StreamUtil.class org/bouncycastle/asn1/bc/ org/bouncycastle/asn1/bc/BCObjectIdentifiers.class org/bouncycastle/asn1/cmp/ org/bouncycastle/asn1/cmp/CAKeyUpdAnnContent.class org/bouncycastle/asn1/cmp/CMPCertificate.class org/bouncycastle/asn1/cmp/CMPObjectIdentifiers.class org/bouncycastle/asn1/cmp/CRLAnnContent.class org/bouncycastle/asn1/cmp/CertConfirmContent.class org/bouncycastle/asn1/cmp/CertOrEncCert.class org/bouncycastle/asn1/cmp/CertRepMessage.class org/bouncycastle/asn1/cmp/CertResponse.class org/bouncycastle/asn1/cmp/CertStatus.class org/bouncycastle/asn1/cmp/CertifiedKeyPair.class org/bouncycastle/asn1/cmp/Challenge.class org/bouncycastle/asn1/cmp/ErrorMsgContent.class org/bouncycastle/asn1/cmp/GenMsgContent.class org/bouncycastle/asn1/cmp/GenRepContent.class org/bouncycastle/asn1/cmp/InfoTypeAndValue.class org/bouncycastle/asn1/cmp/KeyRecRepContent.class org/bouncycastle/asn1/cmp/OOBCertHash.class org/bouncycastle/asn1/cmp/PBMParameter.class org/bouncycastle/asn1/cmp/PKIBody.class org/bouncycastle/asn1/cmp/PKIConfirmContent.class org/bouncycastle/asn1/cmp/PKIFailureInfo.class org/bouncycastle/asn1/cmp/PKIFreeText.class org/bouncycastle/asn1/cmp/PKIHeader.class org/bouncycastle/asn1/cmp/PKIHeaderBuilder.class org/bouncycastle/asn1/cmp/PKIMessage.class org/bouncycastle/asn1/cmp/PKIMessages.class org/bouncycastle/asn1/cmp/PKIStatus.class org/bouncycastle/asn1/cmp/PKIStatusInfo.class org/bouncycastle/asn1/cmp/POPODecKeyChallContent.class org/bouncycastle/asn1/cmp/POPODecKeyRespContent.class org/bouncycastle/asn1/cmp/PollRepContent.class org/bouncycastle/asn1/cmp/PollReqContent.class org/bouncycastle/asn1/cmp/ProtectedPart.class org/bouncycastle/asn1/cmp/RevAnnContent.class org/bouncycastle/asn1/cmp/RevDetails.class org/bouncycastle/asn1/cmp/RevRepContent.class org/bouncycastle/asn1/cmp/RevRepContentBuilder.class org/bouncycastle/asn1/cmp/RevReqContent.class org/bouncycastle/asn1/cms/ org/bouncycastle/asn1/cms/Attribute.class org/bouncycastle/asn1/cms/AttributeTable.class org/bouncycastle/asn1/cms/Attributes.class org/bouncycastle/asn1/cms/AuthEnvelopedData.class org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.class org/bouncycastle/asn1/cms/AuthenticatedData.class org/bouncycastle/asn1/cms/AuthenticatedDataParser.class org/bouncycastle/asn1/cms/CMSAttributes.class org/bouncycastle/asn1/cms/CMSObjectIdentifiers.class org/bouncycastle/asn1/cms/CompressedData.class org/bouncycastle/asn1/cms/CompressedDataParser.class org/bouncycastle/asn1/cms/ContentInfo.class org/bouncycastle/asn1/cms/ContentInfoParser.class org/bouncycastle/asn1/cms/DigestedData.class org/bouncycastle/asn1/cms/EncryptedContentInfo.class org/bouncycastle/asn1/cms/EncryptedContentInfoParser.class org/bouncycastle/asn1/cms/EncryptedData.class org/bouncycastle/asn1/cms/EnvelopedData.class org/bouncycastle/asn1/cms/EnvelopedDataParser.class org/bouncycastle/asn1/cms/Evidence.class org/bouncycastle/asn1/cms/IssuerAndSerialNumber.class org/bouncycastle/asn1/cms/KEKIdentifier.class org/bouncycastle/asn1/cms/KEKRecipientInfo.class org/bouncycastle/asn1/cms/KeyAgreeRecipientIdentifier.class org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.class org/bouncycastle/asn1/cms/KeyTransRecipientInfo.class org/bouncycastle/asn1/cms/MetaData.class org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.class org/bouncycastle/asn1/cms/OriginatorInfo.class org/bouncycastle/asn1/cms/OriginatorPublicKey.class org/bouncycastle/asn1/cms/OtherKeyAttribute.class org/bouncycastle/asn1/cms/OtherRecipientInfo.class org/bouncycastle/asn1/cms/OtherRevocationInfoFormat.class org/bouncycastle/asn1/cms/PasswordRecipientInfo.class org/bouncycastle/asn1/cms/RecipientEncryptedKey.class org/bouncycastle/asn1/cms/RecipientIdentifier.class org/bouncycastle/asn1/cms/RecipientInfo.class org/bouncycastle/asn1/cms/RecipientKeyIdentifier.class org/bouncycastle/asn1/cms/SCVPReqRes.class org/bouncycastle/asn1/cms/SignedData.class org/bouncycastle/asn1/cms/SignedDataParser.class org/bouncycastle/asn1/cms/SignerIdentifier.class org/bouncycastle/asn1/cms/SignerInfo.class org/bouncycastle/asn1/cms/Time.class org/bouncycastle/asn1/cms/TimeStampAndCRL.class org/bouncycastle/asn1/cms/TimeStampTokenEvidence.class org/bouncycastle/asn1/cms/TimeStampedData.class org/bouncycastle/asn1/cms/TimeStampedDataParser.class org/bouncycastle/asn1/cms/ecc/ org/bouncycastle/asn1/cms/ecc/MQVuserKeyingMaterial.class org/bouncycastle/asn1/crmf/ org/bouncycastle/asn1/crmf/AttributeTypeAndValue.class org/bouncycastle/asn1/crmf/CRMFObjectIdentifiers.class org/bouncycastle/asn1/crmf/CertId.class org/bouncycastle/asn1/crmf/CertReqMessages.class org/bouncycastle/asn1/crmf/CertReqMsg.class org/bouncycastle/asn1/crmf/CertRequest.class org/bouncycastle/asn1/crmf/CertTemplate.class org/bouncycastle/asn1/crmf/CertTemplateBuilder.class org/bouncycastle/asn1/crmf/Controls.class org/bouncycastle/asn1/crmf/EncKeyWithID.class org/bouncycastle/asn1/crmf/EncryptedKey.class org/bouncycastle/asn1/crmf/EncryptedValue.class org/bouncycastle/asn1/crmf/OptionalValidity.class org/bouncycastle/asn1/crmf/PKIArchiveOptions.class org/bouncycastle/asn1/crmf/PKIPublicationInfo.class org/bouncycastle/asn1/crmf/PKMACValue.class org/bouncycastle/asn1/crmf/POPOPrivKey.class org/bouncycastle/asn1/crmf/POPOSigningKey.class org/bouncycastle/asn1/crmf/POPOSigningKeyInput.class org/bouncycastle/asn1/crmf/ProofOfPossession.class org/bouncycastle/asn1/crmf/SinglePubInfo.class org/bouncycastle/asn1/crmf/SubsequentMessage.class org/bouncycastle/asn1/cryptopro/ org/bouncycastle/asn1/cryptopro/CryptoProObjectIdentifiers.class org/bouncycastle/asn1/cryptopro/ECGOST3410NamedCurves.class org/bouncycastle/asn1/cryptopro/ECGOST3410ParamSetParameters.class org/bouncycastle/asn1/cryptopro/GOST28147Parameters.class org/bouncycastle/asn1/cryptopro/GOST3410NamedParameters.class org/bouncycastle/asn1/cryptopro/GOST3410ParamSetParameters.class org/bouncycastle/asn1/cryptopro/GOST3410PublicKeyAlgParameters.class org/bouncycastle/asn1/dvcs/ org/bouncycastle/asn1/dvcs/CertEtcToken.class org/bouncycastle/asn1/dvcs/DVCSCertInfo.class org/bouncycastle/asn1/dvcs/DVCSCertInfoBuilder.class org/bouncycastle/asn1/dvcs/DVCSErrorNotice.class org/bouncycastle/asn1/dvcs/DVCSObjectIdentifiers.class org/bouncycastle/asn1/dvcs/DVCSRequest.class org/bouncycastle/asn1/dvcs/DVCSRequestInformation.class org/bouncycastle/asn1/dvcs/DVCSRequestInformationBuilder.class org/bouncycastle/asn1/dvcs/DVCSResponse.class org/bouncycastle/asn1/dvcs/DVCSTime.class org/bouncycastle/asn1/dvcs/Data.class org/bouncycastle/asn1/dvcs/PathProcInput.class org/bouncycastle/asn1/dvcs/ServiceType.class org/bouncycastle/asn1/dvcs/TargetEtcChain.class org/bouncycastle/asn1/eac/ org/bouncycastle/asn1/eac/BidirectionalMap.class org/bouncycastle/asn1/eac/CVCertificate.class org/bouncycastle/asn1/eac/CVCertificateRequest.class org/bouncycastle/asn1/eac/CertificateBody.class org/bouncycastle/asn1/eac/CertificateHolderAuthorization.class org/bouncycastle/asn1/eac/CertificateHolderReference.class org/bouncycastle/asn1/eac/CertificationAuthorityReference.class org/bouncycastle/asn1/eac/EACObjectIdentifiers.class org/bouncycastle/asn1/eac/EACTags.class org/bouncycastle/asn1/eac/ECDSAPublicKey.class org/bouncycastle/asn1/eac/Flags$StringJoiner.class org/bouncycastle/asn1/eac/Flags.class org/bouncycastle/asn1/eac/PackedDate.class org/bouncycastle/asn1/eac/PublicKeyDataObject.class org/bouncycastle/asn1/eac/RSAPublicKey.class org/bouncycastle/asn1/eac/UnsignedInteger.class org/bouncycastle/asn1/esf/ org/bouncycastle/asn1/esf/CommitmentTypeIdentifier.class org/bouncycastle/asn1/esf/CommitmentTypeIndication.class org/bouncycastle/asn1/esf/CommitmentTypeQualifier.class org/bouncycastle/asn1/esf/CompleteRevocationRefs.class org/bouncycastle/asn1/esf/CrlIdentifier.class org/bouncycastle/asn1/esf/CrlListID.class org/bouncycastle/asn1/esf/CrlOcspRef.class org/bouncycastle/asn1/esf/CrlValidatedID.class org/bouncycastle/asn1/esf/ESFAttributes.class org/bouncycastle/asn1/esf/OcspIdentifier.class org/bouncycastle/asn1/esf/OcspListID.class org/bouncycastle/asn1/esf/OcspResponsesID.class org/bouncycastle/asn1/esf/OtherHash.class org/bouncycastle/asn1/esf/OtherHashAlgAndValue.class org/bouncycastle/asn1/esf/OtherRevRefs.class org/bouncycastle/asn1/esf/OtherRevVals.class org/bouncycastle/asn1/esf/RevocationValues.class org/bouncycastle/asn1/esf/SPUserNotice.class org/bouncycastle/asn1/esf/SPuri.class org/bouncycastle/asn1/esf/SigPolicyQualifierInfo.class org/bouncycastle/asn1/esf/SigPolicyQualifiers.class org/bouncycastle/asn1/esf/SignaturePolicyId.class org/bouncycastle/asn1/esf/SignaturePolicyIdentifier.class org/bouncycastle/asn1/esf/SignerAttribute.class org/bouncycastle/asn1/esf/SignerLocation.class org/bouncycastle/asn1/ess/ org/bouncycastle/asn1/ess/ContentHints.class org/bouncycastle/asn1/ess/ContentIdentifier.class org/bouncycastle/asn1/ess/ESSCertID.class org/bouncycastle/asn1/ess/ESSCertIDv2.class org/bouncycastle/asn1/ess/OtherCertID.class org/bouncycastle/asn1/ess/OtherSigningCertificate.class org/bouncycastle/asn1/ess/SigningCertificate.class org/bouncycastle/asn1/ess/SigningCertificateV2.class org/bouncycastle/asn1/gnu/ org/bouncycastle/asn1/gnu/GNUObjectIdentifiers.class org/bouncycastle/asn1/iana/ org/bouncycastle/asn1/iana/IANAObjectIdentifiers.class org/bouncycastle/asn1/icao/ org/bouncycastle/asn1/icao/CscaMasterList.class org/bouncycastle/asn1/icao/DataGroupHash.class org/bouncycastle/asn1/icao/ICAOObjectIdentifiers.class org/bouncycastle/asn1/icao/LDSSecurityObject.class org/bouncycastle/asn1/icao/LDSVersionInfo.class org/bouncycastle/asn1/isismtt/ org/bouncycastle/asn1/isismtt/ISISMTTObjectIdentifiers.class org/bouncycastle/asn1/isismtt/ocsp/ org/bouncycastle/asn1/isismtt/ocsp/CertHash.class org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.class org/bouncycastle/asn1/isismtt/x509/ org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.class org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.class org/bouncycastle/asn1/isismtt/x509/Admissions.class org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.class org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.class org/bouncycastle/asn1/isismtt/x509/NamingAuthority.class org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.class org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.class org/bouncycastle/asn1/isismtt/x509/Restriction.class org/bouncycastle/asn1/kisa/ org/bouncycastle/asn1/kisa/KISAObjectIdentifiers.class org/bouncycastle/asn1/microsoft/ org/bouncycastle/asn1/microsoft/MicrosoftObjectIdentifiers.class org/bouncycastle/asn1/misc/ org/bouncycastle/asn1/misc/CAST5CBCParameters.class org/bouncycastle/asn1/misc/MiscObjectIdentifiers.class org/bouncycastle/asn1/misc/NetscapeCertType.class org/bouncycastle/asn1/misc/NetscapeRevocationURL.class org/bouncycastle/asn1/misc/VerisignCzagExtension.class org/bouncycastle/asn1/mozilla/ org/bouncycastle/asn1/mozilla/PublicKeyAndChallenge.class org/bouncycastle/asn1/nist/ org/bouncycastle/asn1/nist/NISTNamedCurves.class org/bouncycastle/asn1/nist/NISTObjectIdentifiers.class org/bouncycastle/asn1/ntt/ org/bouncycastle/asn1/ntt/NTTObjectIdentifiers.class org/bouncycastle/asn1/ocsp/ org/bouncycastle/asn1/ocsp/BasicOCSPResponse.class org/bouncycastle/asn1/ocsp/CertID.class org/bouncycastle/asn1/ocsp/CertStatus.class org/bouncycastle/asn1/ocsp/CrlID.class org/bouncycastle/asn1/ocsp/OCSPObjectIdentifiers.class org/bouncycastle/asn1/ocsp/OCSPRequest.class org/bouncycastle/asn1/ocsp/OCSPResponse.class org/bouncycastle/asn1/ocsp/OCSPResponseStatus.class org/bouncycastle/asn1/ocsp/Request.class org/bouncycastle/asn1/ocsp/ResponderID.class org/bouncycastle/asn1/ocsp/ResponseBytes.class org/bouncycastle/asn1/ocsp/ResponseData.class org/bouncycastle/asn1/ocsp/RevokedInfo.class org/bouncycastle/asn1/ocsp/ServiceLocator.class org/bouncycastle/asn1/ocsp/Signature.class org/bouncycastle/asn1/ocsp/SingleResponse.class org/bouncycastle/asn1/ocsp/TBSRequest.class org/bouncycastle/asn1/oiw/ org/bouncycastle/asn1/oiw/ElGamalParameter.class org/bouncycastle/asn1/oiw/OIWObjectIdentifiers.class org/bouncycastle/asn1/pkcs/ org/bouncycastle/asn1/pkcs/Attribute.class org/bouncycastle/asn1/pkcs/AuthenticatedSafe.class org/bouncycastle/asn1/pkcs/CRLBag.class org/bouncycastle/asn1/pkcs/CertBag.class org/bouncycastle/asn1/pkcs/CertificationRequest.class org/bouncycastle/asn1/pkcs/CertificationRequestInfo.class org/bouncycastle/asn1/pkcs/ContentInfo.class org/bouncycastle/asn1/pkcs/DHParameter.class org/bouncycastle/asn1/pkcs/EncryptedData.class org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.class org/bouncycastle/asn1/pkcs/EncryptionScheme.class org/bouncycastle/asn1/pkcs/IssuerAndSerialNumber.class org/bouncycastle/asn1/pkcs/KeyDerivationFunc.class org/bouncycastle/asn1/pkcs/MacData.class org/bouncycastle/asn1/pkcs/PBEParameter.class org/bouncycastle/asn1/pkcs/PBES2Algorithms.class org/bouncycastle/asn1/pkcs/PBES2Parameters.class org/bouncycastle/asn1/pkcs/PBKDF2Params.class org/bouncycastle/asn1/pkcs/PKCS12PBEParams.class org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.class org/bouncycastle/asn1/pkcs/Pfx.class org/bouncycastle/asn1/pkcs/PrivateKeyInfo.class org/bouncycastle/asn1/pkcs/RC2CBCParameter.class org/bouncycastle/asn1/pkcs/RSAESOAEPparams.class org/bouncycastle/asn1/pkcs/RSAPrivateKey.class org/bouncycastle/asn1/pkcs/RSAPrivateKeyStructure.class org/bouncycastle/asn1/pkcs/RSAPublicKey.class org/bouncycastle/asn1/pkcs/RSASSAPSSparams.class org/bouncycastle/asn1/pkcs/SafeBag.class org/bouncycastle/asn1/pkcs/SignedData.class org/bouncycastle/asn1/pkcs/SignerInfo.class org/bouncycastle/asn1/sec/ org/bouncycastle/asn1/sec/ECPrivateKey.class org/bouncycastle/asn1/sec/ECPrivateKeyStructure.class org/bouncycastle/asn1/sec/SECNamedCurves$1.class org/bouncycastle/asn1/sec/SECNamedCurves$10.class org/bouncycastle/asn1/sec/SECNamedCurves$11.class org/bouncycastle/asn1/sec/SECNamedCurves$12.class org/bouncycastle/asn1/sec/SECNamedCurves$13.class org/bouncycastle/asn1/sec/SECNamedCurves$14.class org/bouncycastle/asn1/sec/SECNamedCurves$15.class org/bouncycastle/asn1/sec/SECNamedCurves$16.class org/bouncycastle/asn1/sec/SECNamedCurves$17.class org/bouncycastle/asn1/sec/SECNamedCurves$18.class org/bouncycastle/asn1/sec/SECNamedCurves$19.class org/bouncycastle/asn1/sec/SECNamedCurves$2.class org/bouncycastle/asn1/sec/SECNamedCurves$20.class org/bouncycastle/asn1/sec/SECNamedCurves$21.class org/bouncycastle/asn1/sec/SECNamedCurves$22.class org/bouncycastle/asn1/sec/SECNamedCurves$23.class org/bouncycastle/asn1/sec/SECNamedCurves$24.class org/bouncycastle/asn1/sec/SECNamedCurves$25.class org/bouncycastle/asn1/sec/SECNamedCurves$26.class org/bouncycastle/asn1/sec/SECNamedCurves$27.class org/bouncycastle/asn1/sec/SECNamedCurves$28.class org/bouncycastle/asn1/sec/SECNamedCurves$29.class org/bouncycastle/asn1/sec/SECNamedCurves$3.class org/bouncycastle/asn1/sec/SECNamedCurves$30.class org/bouncycastle/asn1/sec/SECNamedCurves$31.class org/bouncycastle/asn1/sec/SECNamedCurves$32.class org/bouncycastle/asn1/sec/SECNamedCurves$33.class org/bouncycastle/asn1/sec/SECNamedCurves$4.class org/bouncycastle/asn1/sec/SECNamedCurves$5.class org/bouncycastle/asn1/sec/SECNamedCurves$6.class org/bouncycastle/asn1/sec/SECNamedCurves$7.class org/bouncycastle/asn1/sec/SECNamedCurves$8.class org/bouncycastle/asn1/sec/SECNamedCurves$9.class org/bouncycastle/asn1/sec/SECNamedCurves.class org/bouncycastle/asn1/sec/SECObjectIdentifiers.class org/bouncycastle/asn1/smime/ org/bouncycastle/asn1/smime/SMIMEAttributes.class org/bouncycastle/asn1/smime/SMIMECapabilities.class org/bouncycastle/asn1/smime/SMIMECapabilitiesAttribute.class org/bouncycastle/asn1/smime/SMIMECapability.class org/bouncycastle/asn1/smime/SMIMECapabilityVector.class org/bouncycastle/asn1/smime/SMIMEEncryptionKeyPreferenceAttribute.class org/bouncycastle/asn1/teletrust/ org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$1.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$10.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$11.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$12.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$13.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$14.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$2.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$3.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$4.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$5.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$6.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$7.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$8.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves$9.class org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.class org/bouncycastle/asn1/teletrust/TeleTrusTObjectIdentifiers.class org/bouncycastle/asn1/tsp/ org/bouncycastle/asn1/tsp/Accuracy.class org/bouncycastle/asn1/tsp/MessageImprint.class org/bouncycastle/asn1/tsp/TSTInfo.class org/bouncycastle/asn1/tsp/TimeStampReq.class org/bouncycastle/asn1/tsp/TimeStampResp.class org/bouncycastle/asn1/ua/ org/bouncycastle/asn1/ua/DSTU4145BinaryField.class org/bouncycastle/asn1/ua/DSTU4145ECBinary.class org/bouncycastle/asn1/ua/DSTU4145NamedCurves.class org/bouncycastle/asn1/ua/DSTU4145Params.class org/bouncycastle/asn1/ua/DSTU4145PointEncoder.class org/bouncycastle/asn1/ua/DSTU4145PublicKey.class org/bouncycastle/asn1/ua/UAObjectIdentifiers.class org/bouncycastle/asn1/util/ org/bouncycastle/asn1/util/ASN1Dump.class org/bouncycastle/asn1/util/DERDump.class org/bouncycastle/asn1/util/Dump.class org/bouncycastle/asn1/x500/ org/bouncycastle/asn1/x500/AttributeTypeAndValue.class org/bouncycastle/asn1/x500/DirectoryString.class org/bouncycastle/asn1/x500/RDN.class org/bouncycastle/asn1/x500/X500Name.class org/bouncycastle/asn1/x500/X500NameBuilder.class org/bouncycastle/asn1/x500/X500NameStyle.class org/bouncycastle/asn1/x500/style/ org/bouncycastle/asn1/x500/style/BCStrictStyle.class org/bouncycastle/asn1/x500/style/BCStyle.class org/bouncycastle/asn1/x500/style/IETFUtils.class org/bouncycastle/asn1/x500/style/RFC4519Style.class org/bouncycastle/asn1/x500/style/X500NameTokenizer.class org/bouncycastle/asn1/x509/ org/bouncycastle/asn1/x509/AccessDescription.class org/bouncycastle/asn1/x509/AlgorithmIdentifier.class org/bouncycastle/asn1/x509/AttCertIssuer.class org/bouncycastle/asn1/x509/AttCertValidityPeriod.class org/bouncycastle/asn1/x509/Attribute.class org/bouncycastle/asn1/x509/AttributeCertificate.class org/bouncycastle/asn1/x509/AttributeCertificateInfo.class org/bouncycastle/asn1/x509/AuthorityInformationAccess.class org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.class org/bouncycastle/asn1/x509/BasicConstraints.class org/bouncycastle/asn1/x509/CRLDistPoint.class org/bouncycastle/asn1/x509/CRLNumber.class org/bouncycastle/asn1/x509/CRLReason.class org/bouncycastle/asn1/x509/CertPolicyId.class org/bouncycastle/asn1/x509/Certificate.class org/bouncycastle/asn1/x509/CertificateList.class org/bouncycastle/asn1/x509/CertificatePair.class org/bouncycastle/asn1/x509/CertificatePolicies.class org/bouncycastle/asn1/x509/DSAParameter.class org/bouncycastle/asn1/x509/DigestInfo.class org/bouncycastle/asn1/x509/DisplayText.class org/bouncycastle/asn1/x509/DistributionPoint.class org/bouncycastle/asn1/x509/DistributionPointName.class org/bouncycastle/asn1/x509/ExtendedKeyUsage.class org/bouncycastle/asn1/x509/Extension.class org/bouncycastle/asn1/x509/Extensions.class org/bouncycastle/asn1/x509/ExtensionsGenerator.class org/bouncycastle/asn1/x509/GeneralName.class org/bouncycastle/asn1/x509/GeneralNames.class org/bouncycastle/asn1/x509/GeneralNamesBuilder.class org/bouncycastle/asn1/x509/GeneralSubtree.class org/bouncycastle/asn1/x509/Holder.class org/bouncycastle/asn1/x509/IetfAttrSyntax.class org/bouncycastle/asn1/x509/IssuerSerial.class org/bouncycastle/asn1/x509/IssuingDistributionPoint.class org/bouncycastle/asn1/x509/KeyPurposeId.class org/bouncycastle/asn1/x509/KeyUsage.class org/bouncycastle/asn1/x509/NameConstraints.class org/bouncycastle/asn1/x509/NoticeReference.class org/bouncycastle/asn1/x509/ObjectDigestInfo.class org/bouncycastle/asn1/x509/PolicyInformation.class org/bouncycastle/asn1/x509/PolicyMappings.class org/bouncycastle/asn1/x509/PolicyQualifierId.class org/bouncycastle/asn1/x509/PolicyQualifierInfo.class org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.class org/bouncycastle/asn1/x509/RSAPublicKeyStructure.class org/bouncycastle/asn1/x509/ReasonFlags.class org/bouncycastle/asn1/x509/RoleSyntax.class org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.class org/bouncycastle/asn1/x509/SubjectKeyIdentifier.class org/bouncycastle/asn1/x509/SubjectPublicKeyInfo.class org/bouncycastle/asn1/x509/TBSCertList$1.class org/bouncycastle/asn1/x509/TBSCertList$CRLEntry.class org/bouncycastle/asn1/x509/TBSCertList$EmptyEnumeration.class org/bouncycastle/asn1/x509/TBSCertList$RevokedCertificatesEnumeration.class org/bouncycastle/asn1/x509/TBSCertList.class org/bouncycastle/asn1/x509/TBSCertificate.class org/bouncycastle/asn1/x509/TBSCertificateStructure.class org/bouncycastle/asn1/x509/Target.class org/bouncycastle/asn1/x509/TargetInformation.class org/bouncycastle/asn1/x509/Targets.class org/bouncycastle/asn1/x509/Time.class org/bouncycastle/asn1/x509/UserNotice.class org/bouncycastle/asn1/x509/V1TBSCertificateGenerator.class org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.class org/bouncycastle/asn1/x509/V2Form.class org/bouncycastle/asn1/x509/V2TBSCertListGenerator.class org/bouncycastle/asn1/x509/V3TBSCertificateGenerator.class org/bouncycastle/asn1/x509/X509AttributeIdentifiers.class org/bouncycastle/asn1/x509/X509CertificateStructure.class org/bouncycastle/asn1/x509/X509DefaultEntryConverter.class org/bouncycastle/asn1/x509/X509Extension.class org/bouncycastle/asn1/x509/X509Extensions.class org/bouncycastle/asn1/x509/X509ExtensionsGenerator.class org/bouncycastle/asn1/x509/X509Name.class org/bouncycastle/asn1/x509/X509NameEntryConverter.class org/bouncycastle/asn1/x509/X509NameTokenizer.class org/bouncycastle/asn1/x509/X509ObjectIdentifiers.class org/bouncycastle/asn1/x509/qualified/ org/bouncycastle/asn1/x509/qualified/BiometricData.class org/bouncycastle/asn1/x509/qualified/ETSIQCObjectIdentifiers.class org/bouncycastle/asn1/x509/qualified/Iso4217CurrencyCode.class org/bouncycastle/asn1/x509/qualified/MonetaryValue.class org/bouncycastle/asn1/x509/qualified/QCStatement.class org/bouncycastle/asn1/x509/qualified/RFC3739QCObjectIdentifiers.class org/bouncycastle/asn1/x509/qualified/SemanticsInformation.class org/bouncycastle/asn1/x509/qualified/TypeOfBiometricData.class org/bouncycastle/asn1/x509/sigi/ org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.class org/bouncycastle/asn1/x509/sigi/PersonalData.class org/bouncycastle/asn1/x509/sigi/SigIObjectIdentifiers.class org/bouncycastle/asn1/x9/ org/bouncycastle/asn1/x9/DHDomainParameters.class org/bouncycastle/asn1/x9/DHPublicKey.class org/bouncycastle/asn1/x9/DHValidationParms.class org/bouncycastle/asn1/x9/ECNamedCurveTable.class org/bouncycastle/asn1/x9/KeySpecificInfo.class org/bouncycastle/asn1/x9/OtherInfo.class org/bouncycastle/asn1/x9/X962NamedCurves$1.class org/bouncycastle/asn1/x9/X962NamedCurves$10.class org/bouncycastle/asn1/x9/X962NamedCurves$11.class org/bouncycastle/asn1/x9/X962NamedCurves$12.class org/bouncycastle/asn1/x9/X962NamedCurves$13.class org/bouncycastle/asn1/x9/X962NamedCurves$14.class org/bouncycastle/asn1/x9/X962NamedCurves$15.class org/bouncycastle/asn1/x9/X962NamedCurves$16.class org/bouncycastle/asn1/x9/X962NamedCurves$17.class org/bouncycastle/asn1/x9/X962NamedCurves$18.class org/bouncycastle/asn1/x9/X962NamedCurves$19.class org/bouncycastle/asn1/x9/X962NamedCurves$2.class org/bouncycastle/asn1/x9/X962NamedCurves$20.class org/bouncycastle/asn1/x9/X962NamedCurves$21.class org/bouncycastle/asn1/x9/X962NamedCurves$22.class org/bouncycastle/asn1/x9/X962NamedCurves$23.class org/bouncycastle/asn1/x9/X962NamedCurves$3.class org/bouncycastle/asn1/x9/X962NamedCurves$4.class org/bouncycastle/asn1/x9/X962NamedCurves$5.class org/bouncycastle/asn1/x9/X962NamedCurves$6.class org/bouncycastle/asn1/x9/X962NamedCurves$7.class org/bouncycastle/asn1/x9/X962NamedCurves$8.class org/bouncycastle/asn1/x9/X962NamedCurves$9.class org/bouncycastle/asn1/x9/X962NamedCurves.class org/bouncycastle/asn1/x9/X962Parameters.class org/bouncycastle/asn1/x9/X9Curve.class org/bouncycastle/asn1/x9/X9ECParameters.class org/bouncycastle/asn1/x9/X9ECParametersHolder.class org/bouncycastle/asn1/x9/X9ECPoint.class org/bouncycastle/asn1/x9/X9FieldElement.class org/bouncycastle/asn1/x9/X9FieldID.class org/bouncycastle/asn1/x9/X9IntegerConverter.class org/bouncycastle/asn1/x9/X9ObjectIdentifiers.class org/bouncycastle/crypto/ org/bouncycastle/crypto/AsymmetricBlockCipher.class org/bouncycastle/crypto/AsymmetricCipherKeyPair.class org/bouncycastle/crypto/AsymmetricCipherKeyPairGenerator.class org/bouncycastle/crypto/BasicAgreement.class org/bouncycastle/crypto/BlockCipher.class org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.class org/bouncycastle/crypto/BufferedBlockCipher.class org/bouncycastle/crypto/CipherKeyGenerator.class org/bouncycastle/crypto/CipherParameters.class org/bouncycastle/crypto/Commitment.class org/bouncycastle/crypto/Committer.class org/bouncycastle/crypto/CryptoException.class org/bouncycastle/crypto/DSA.class org/bouncycastle/crypto/DataLengthException.class org/bouncycastle/crypto/DerivationFunction.class org/bouncycastle/crypto/DerivationParameters.class org/bouncycastle/crypto/Digest.class org/bouncycastle/crypto/EphemeralKeyPair.class org/bouncycastle/crypto/ExtendedDigest.class org/bouncycastle/crypto/InvalidCipherTextException.class org/bouncycastle/crypto/KeyEncapsulation.class org/bouncycastle/crypto/KeyEncoder.class org/bouncycastle/crypto/KeyGenerationParameters.class org/bouncycastle/crypto/KeyParser.class org/bouncycastle/crypto/Mac.class org/bouncycastle/crypto/MaxBytesExceededException.class org/bouncycastle/crypto/OutputLengthException.class org/bouncycastle/crypto/PBEParametersGenerator.class org/bouncycastle/crypto/RuntimeCryptoException.class org/bouncycastle/crypto/Signer.class org/bouncycastle/crypto/SignerWithRecovery.class org/bouncycastle/crypto/StreamBlockCipher.class org/bouncycastle/crypto/StreamCipher.class org/bouncycastle/crypto/Wrapper.class org/bouncycastle/crypto/agreement/ org/bouncycastle/crypto/agreement/DHAgreement.class org/bouncycastle/crypto/agreement/DHBasicAgreement.class org/bouncycastle/crypto/agreement/DHStandardGroups.class org/bouncycastle/crypto/agreement/ECDHBasicAgreement.class org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.class org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.class org/bouncycastle/crypto/agreement/jpake/ org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.class org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.class org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.class org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.class org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.class org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.class org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.class org/bouncycastle/crypto/agreement/kdf/ org/bouncycastle/crypto/agreement/kdf/DHKDFParameters.class org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.class org/bouncycastle/crypto/agreement/kdf/ECDHKEKGenerator.class org/bouncycastle/crypto/agreement/srp/ org/bouncycastle/crypto/agreement/srp/SRP6Client.class org/bouncycastle/crypto/agreement/srp/SRP6Server.class org/bouncycastle/crypto/agreement/srp/SRP6Util.class org/bouncycastle/crypto/agreement/srp/SRP6VerifierGenerator.class org/bouncycastle/crypto/commitments/ org/bouncycastle/crypto/commitments/HashCommitter.class org/bouncycastle/crypto/digests/ org/bouncycastle/crypto/digests/GOST3411Digest.class org/bouncycastle/crypto/digests/GeneralDigest.class org/bouncycastle/crypto/digests/LongDigest.class org/bouncycastle/crypto/digests/MD2Digest.class org/bouncycastle/crypto/digests/MD4Digest.class org/bouncycastle/crypto/digests/MD5Digest.class org/bouncycastle/crypto/digests/NonMemoableDigest.class org/bouncycastle/crypto/digests/NullDigest.class org/bouncycastle/crypto/digests/RIPEMD128Digest.class org/bouncycastle/crypto/digests/RIPEMD160Digest.class org/bouncycastle/crypto/digests/RIPEMD256Digest.class org/bouncycastle/crypto/digests/RIPEMD320Digest.class org/bouncycastle/crypto/digests/SHA1Digest.class org/bouncycastle/crypto/digests/SHA224Digest.class org/bouncycastle/crypto/digests/SHA256Digest.class org/bouncycastle/crypto/digests/SHA384Digest.class org/bouncycastle/crypto/digests/SHA3Digest.class org/bouncycastle/crypto/digests/SHA512Digest.class org/bouncycastle/crypto/digests/SHA512tDigest.class org/bouncycastle/crypto/digests/ShortenedDigest.class org/bouncycastle/crypto/digests/TigerDigest.class org/bouncycastle/crypto/digests/WhirlpoolDigest.class org/bouncycastle/crypto/ec/ org/bouncycastle/crypto/ec/ECDecryptor.class org/bouncycastle/crypto/ec/ECElGamalDecryptor.class org/bouncycastle/crypto/ec/ECElGamalEncryptor.class org/bouncycastle/crypto/ec/ECEncryptor.class org/bouncycastle/crypto/ec/ECNewPublicKeyTransform.class org/bouncycastle/crypto/ec/ECNewRandomnessTransform.class org/bouncycastle/crypto/ec/ECPair.class org/bouncycastle/crypto/ec/ECPairTransform.class org/bouncycastle/crypto/ec/ECUtil.class org/bouncycastle/crypto/encodings/ org/bouncycastle/crypto/encodings/ISO9796d1Encoding.class org/bouncycastle/crypto/encodings/OAEPEncoding.class org/bouncycastle/crypto/encodings/PKCS1Encoding$1.class org/bouncycastle/crypto/encodings/PKCS1Encoding.class org/bouncycastle/crypto/engines/ org/bouncycastle/crypto/engines/AESEngine.class org/bouncycastle/crypto/engines/AESFastEngine.class org/bouncycastle/crypto/engines/AESLightEngine.class org/bouncycastle/crypto/engines/AESWrapEngine.class org/bouncycastle/crypto/engines/BlowfishEngine.class org/bouncycastle/crypto/engines/CAST5Engine.class org/bouncycastle/crypto/engines/CAST6Engine.class org/bouncycastle/crypto/engines/CamelliaEngine.class org/bouncycastle/crypto/engines/CamelliaLightEngine.class org/bouncycastle/crypto/engines/CamelliaWrapEngine.class org/bouncycastle/crypto/engines/DESEngine.class org/bouncycastle/crypto/engines/DESedeEngine.class org/bouncycastle/crypto/engines/DESedeWrapEngine.class org/bouncycastle/crypto/engines/ElGamalEngine.class org/bouncycastle/crypto/engines/GOST28147Engine.class org/bouncycastle/crypto/engines/Grain128Engine.class org/bouncycastle/crypto/engines/Grainv1Engine.class org/bouncycastle/crypto/engines/HC128Engine.class org/bouncycastle/crypto/engines/HC256Engine.class org/bouncycastle/crypto/engines/IESEngine.class org/bouncycastle/crypto/engines/ISAACEngine.class org/bouncycastle/crypto/engines/NaccacheSternEngine.class org/bouncycastle/crypto/engines/NoekeonEngine.class org/bouncycastle/crypto/engines/NullEngine.class org/bouncycastle/crypto/engines/RC2Engine.class org/bouncycastle/crypto/engines/RC2WrapEngine.class org/bouncycastle/crypto/engines/RC4Engine.class org/bouncycastle/crypto/engines/RC532Engine.class org/bouncycastle/crypto/engines/RC564Engine.class org/bouncycastle/crypto/engines/RC6Engine.class org/bouncycastle/crypto/engines/RFC3211WrapEngine.class org/bouncycastle/crypto/engines/RFC3394WrapEngine.class org/bouncycastle/crypto/engines/RSABlindedEngine.class org/bouncycastle/crypto/engines/RSABlindingEngine.class org/bouncycastle/crypto/engines/RSACoreEngine.class org/bouncycastle/crypto/engines/RSAEngine.class org/bouncycastle/crypto/engines/RijndaelEngine.class org/bouncycastle/crypto/engines/SEEDEngine.class org/bouncycastle/crypto/engines/SEEDWrapEngine.class org/bouncycastle/crypto/engines/Salsa20Engine.class org/bouncycastle/crypto/engines/SerpentEngine.class org/bouncycastle/crypto/engines/SkipjackEngine.class org/bouncycastle/crypto/engines/TEAEngine.class org/bouncycastle/crypto/engines/TwofishEngine.class org/bouncycastle/crypto/engines/VMPCEngine.class org/bouncycastle/crypto/engines/VMPCKSA3Engine.class org/bouncycastle/crypto/engines/XTEAEngine.class org/bouncycastle/crypto/examples/ org/bouncycastle/crypto/examples/DESExample.class org/bouncycastle/crypto/examples/JPAKEExample.class org/bouncycastle/crypto/generators/ org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.class org/bouncycastle/crypto/generators/DESKeyGenerator.class org/bouncycastle/crypto/generators/DESedeKeyGenerator.class org/bouncycastle/crypto/generators/DHBasicKeyPairGenerator.class org/bouncycastle/crypto/generators/DHKeyGeneratorHelper.class org/bouncycastle/crypto/generators/DHKeyPairGenerator.class org/bouncycastle/crypto/generators/DHParametersGenerator.class org/bouncycastle/crypto/generators/DHParametersHelper.class org/bouncycastle/crypto/generators/DSAKeyPairGenerator.class org/bouncycastle/crypto/generators/DSAParametersGenerator.class org/bouncycastle/crypto/generators/DSTU4145KeyPairGenerator.class org/bouncycastle/crypto/generators/ECKeyPairGenerator.class org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.class org/bouncycastle/crypto/generators/ElGamalParametersGenerator.class org/bouncycastle/crypto/generators/EphemeralKeyPairGenerator.class org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.class org/bouncycastle/crypto/generators/GOST3410ParametersGenerator.class org/bouncycastle/crypto/generators/HKDFBytesGenerator.class org/bouncycastle/crypto/generators/KDF1BytesGenerator.class org/bouncycastle/crypto/generators/KDF2BytesGenerator.class org/bouncycastle/crypto/generators/MGF1BytesGenerator.class org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.class org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.class org/bouncycastle/crypto/generators/PKCS12ParametersGenerator.class org/bouncycastle/crypto/generators/PKCS5S1ParametersGenerator.class org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.class org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.class org/bouncycastle/crypto/generators/RSAKeyPairGenerator.class org/bouncycastle/crypto/generators/SCrypt.class org/bouncycastle/crypto/io/ org/bouncycastle/crypto/io/CipherInputStream.class org/bouncycastle/crypto/io/CipherOutputStream.class org/bouncycastle/crypto/io/DigestInputStream.class org/bouncycastle/crypto/io/DigestOutputStream.class org/bouncycastle/crypto/io/MacInputStream.class org/bouncycastle/crypto/io/MacOutputStream.class org/bouncycastle/crypto/io/SignerInputStream.class org/bouncycastle/crypto/io/SignerOutputStream.class org/bouncycastle/crypto/kems/ org/bouncycastle/crypto/kems/ECIESKeyEncapsulation.class org/bouncycastle/crypto/kems/RSAKeyEncapsulation.class org/bouncycastle/crypto/macs/ org/bouncycastle/crypto/macs/BlockCipherMac.class org/bouncycastle/crypto/macs/CBCBlockCipherMac.class org/bouncycastle/crypto/macs/CFBBlockCipherMac.class org/bouncycastle/crypto/macs/CMac.class org/bouncycastle/crypto/macs/GMac.class org/bouncycastle/crypto/macs/GOST28147Mac.class org/bouncycastle/crypto/macs/HMac.class org/bouncycastle/crypto/macs/ISO9797Alg3Mac.class org/bouncycastle/crypto/macs/MacCFBBlockCipher.class org/bouncycastle/crypto/macs/OldHMac.class org/bouncycastle/crypto/macs/SipHash.class org/bouncycastle/crypto/macs/VMPCMac.class org/bouncycastle/crypto/modes/ org/bouncycastle/crypto/modes/AEADBlockCipher.class org/bouncycastle/crypto/modes/CBCBlockCipher.class org/bouncycastle/crypto/modes/CCMBlockCipher.class org/bouncycastle/crypto/modes/CFBBlockCipher.class org/bouncycastle/crypto/modes/CTSBlockCipher.class org/bouncycastle/crypto/modes/EAXBlockCipher.class org/bouncycastle/crypto/modes/GCMBlockCipher.class org/bouncycastle/crypto/modes/GOFBBlockCipher.class org/bouncycastle/crypto/modes/OCBBlockCipher.class org/bouncycastle/crypto/modes/OFBBlockCipher.class org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.class org/bouncycastle/crypto/modes/PGPCFBBlockCipher.class org/bouncycastle/crypto/modes/PaddedBlockCipher.class org/bouncycastle/crypto/modes/SICBlockCipher.class org/bouncycastle/crypto/modes/gcm/ org/bouncycastle/crypto/modes/gcm/BasicGCMExponentiator.class org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.class org/bouncycastle/crypto/modes/gcm/GCMExponentiator.class org/bouncycastle/crypto/modes/gcm/GCMMultiplier.class org/bouncycastle/crypto/modes/gcm/GCMUtil.class org/bouncycastle/crypto/modes/gcm/Tables1kGCMExponentiator.class org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.class org/bouncycastle/crypto/modes/gcm/Tables8kGCMMultiplier.class org/bouncycastle/crypto/paddings/ org/bouncycastle/crypto/paddings/BlockCipherPadding.class org/bouncycastle/crypto/paddings/ISO10126d2Padding.class org/bouncycastle/crypto/paddings/ISO7816d4Padding.class org/bouncycastle/crypto/paddings/PKCS7Padding.class org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.class org/bouncycastle/crypto/paddings/TBCPadding.class org/bouncycastle/crypto/paddings/X923Padding.class org/bouncycastle/crypto/paddings/ZeroBytePadding.class org/bouncycastle/crypto/params/ org/bouncycastle/crypto/params/AEADParameters.class org/bouncycastle/crypto/params/AsymmetricKeyParameter.class org/bouncycastle/crypto/params/CCMParameters.class org/bouncycastle/crypto/params/DESParameters.class org/bouncycastle/crypto/params/DESedeParameters.class org/bouncycastle/crypto/params/DHKeyGenerationParameters.class org/bouncycastle/crypto/params/DHKeyParameters.class org/bouncycastle/crypto/params/DHParameters.class org/bouncycastle/crypto/params/DHPrivateKeyParameters.class org/bouncycastle/crypto/params/DHPublicKeyParameters.class org/bouncycastle/crypto/params/DHValidationParameters.class org/bouncycastle/crypto/params/DSAKeyGenerationParameters.class org/bouncycastle/crypto/params/DSAKeyParameters.class org/bouncycastle/crypto/params/DSAParameterGenerationParameters.class org/bouncycastle/crypto/params/DSAParameters.class org/bouncycastle/crypto/params/DSAPrivateKeyParameters.class org/bouncycastle/crypto/params/DSAPublicKeyParameters.class org/bouncycastle/crypto/params/DSAValidationParameters.class org/bouncycastle/crypto/params/ECDomainParameters.class org/bouncycastle/crypto/params/ECKeyGenerationParameters.class org/bouncycastle/crypto/params/ECKeyParameters.class org/bouncycastle/crypto/params/ECPrivateKeyParameters.class org/bouncycastle/crypto/params/ECPublicKeyParameters.class org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.class org/bouncycastle/crypto/params/ElGamalKeyParameters.class org/bouncycastle/crypto/params/ElGamalParameters.class org/bouncycastle/crypto/params/ElGamalPrivateKeyParameters.class org/bouncycastle/crypto/params/ElGamalPublicKeyParameters.class org/bouncycastle/crypto/params/GOST3410KeyGenerationParameters.class org/bouncycastle/crypto/params/GOST3410KeyParameters.class org/bouncycastle/crypto/params/GOST3410Parameters.class org/bouncycastle/crypto/params/GOST3410PrivateKeyParameters.class org/bouncycastle/crypto/params/GOST3410PublicKeyParameters.class org/bouncycastle/crypto/params/GOST3410ValidationParameters.class org/bouncycastle/crypto/params/HKDFParameters.class org/bouncycastle/crypto/params/IESParameters.class org/bouncycastle/crypto/params/IESWithCipherParameters.class org/bouncycastle/crypto/params/ISO18033KDFParameters.class org/bouncycastle/crypto/params/KDFParameters.class org/bouncycastle/crypto/params/KeyParameter.class org/bouncycastle/crypto/params/MGFParameters.class org/bouncycastle/crypto/params/MQVPrivateParameters.class org/bouncycastle/crypto/params/MQVPublicParameters.class org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.class org/bouncycastle/crypto/params/NaccacheSternKeyParameters.class org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.class org/bouncycastle/crypto/params/ParametersWithIV.class org/bouncycastle/crypto/params/ParametersWithRandom.class org/bouncycastle/crypto/params/ParametersWithSBox.class org/bouncycastle/crypto/params/ParametersWithSalt.class org/bouncycastle/crypto/params/RC2Parameters.class org/bouncycastle/crypto/params/RC5Parameters.class org/bouncycastle/crypto/params/RSABlindingParameters.class org/bouncycastle/crypto/params/RSAKeyGenerationParameters.class org/bouncycastle/crypto/params/RSAKeyParameters.class org/bouncycastle/crypto/params/RSAPrivateCrtKeyParameters.class org/bouncycastle/crypto/parsers/ org/bouncycastle/crypto/parsers/DHIESPublicKeyParser.class org/bouncycastle/crypto/parsers/ECIESPublicKeyParser.class org/bouncycastle/crypto/prng/ org/bouncycastle/crypto/prng/BasicEntropySourceProvider$1.class org/bouncycastle/crypto/prng/BasicEntropySourceProvider.class org/bouncycastle/crypto/prng/DRBGProvider.class org/bouncycastle/crypto/prng/DigestRandomGenerator.class org/bouncycastle/crypto/prng/EntropySource.class org/bouncycastle/crypto/prng/EntropySourceProvider.class org/bouncycastle/crypto/prng/FixedSecureRandom.class org/bouncycastle/crypto/prng/RandomGenerator.class org/bouncycastle/crypto/prng/ReversedWindowGenerator.class org/bouncycastle/crypto/prng/SP800SecureRandom.class org/bouncycastle/crypto/prng/SP800SecureRandomBuilder$CTRDRBGProvider.class org/bouncycastle/crypto/prng/SP800SecureRandomBuilder$DualECDRBGProvider.class org/bouncycastle/crypto/prng/SP800SecureRandomBuilder$HMacDRBGProvider.class org/bouncycastle/crypto/prng/SP800SecureRandomBuilder$HashDRBGProvider.class org/bouncycastle/crypto/prng/SP800SecureRandomBuilder.class org/bouncycastle/crypto/prng/ThreadedSeedGenerator$1.class org/bouncycastle/crypto/prng/ThreadedSeedGenerator$SeedGenerator.class org/bouncycastle/crypto/prng/ThreadedSeedGenerator.class org/bouncycastle/crypto/prng/VMPCRandomGenerator.class org/bouncycastle/crypto/prng/drbg/ org/bouncycastle/crypto/prng/drbg/CTRSP800DRBG.class org/bouncycastle/crypto/prng/drbg/DualECSP800DRBG.class org/bouncycastle/crypto/prng/drbg/HMacSP800DRBG.class org/bouncycastle/crypto/prng/drbg/HashSP800DRBG.class org/bouncycastle/crypto/prng/drbg/SP80090DRBG.class org/bouncycastle/crypto/prng/drbg/Utils.class org/bouncycastle/crypto/signers/ org/bouncycastle/crypto/signers/DSADigestSigner.class org/bouncycastle/crypto/signers/DSASigner.class org/bouncycastle/crypto/signers/DSTU4145Signer.class org/bouncycastle/crypto/signers/ECDSASigner.class org/bouncycastle/crypto/signers/ECGOST3410Signer.class org/bouncycastle/crypto/signers/ECNRSigner.class org/bouncycastle/crypto/signers/GOST3410Signer.class org/bouncycastle/crypto/signers/GenericSigner.class org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.class org/bouncycastle/crypto/signers/ISO9796d2Signer.class org/bouncycastle/crypto/signers/PSSSigner.class org/bouncycastle/crypto/signers/RSADigestSigner.class org/bouncycastle/crypto/tls/ org/bouncycastle/crypto/tls/AbstractTlsCipherFactory.class org/bouncycastle/crypto/tls/AbstractTlsClient.class org/bouncycastle/crypto/tls/AbstractTlsContext.class org/bouncycastle/crypto/tls/AbstractTlsKeyExchange.class org/bouncycastle/crypto/tls/AbstractTlsPeer.class org/bouncycastle/crypto/tls/AbstractTlsServer.class org/bouncycastle/crypto/tls/AbstractTlsSigner.class org/bouncycastle/crypto/tls/AlertDescription.class org/bouncycastle/crypto/tls/AlertLevel.class org/bouncycastle/crypto/tls/AlwaysValidVerifyer.class org/bouncycastle/crypto/tls/BulkCipherAlgorithm.class org/bouncycastle/crypto/tls/ByteQueue.class org/bouncycastle/crypto/tls/Certificate.class org/bouncycastle/crypto/tls/CertificateRequest.class org/bouncycastle/crypto/tls/CertificateVerifyer.class org/bouncycastle/crypto/tls/CipherSuite.class org/bouncycastle/crypto/tls/CipherType.class org/bouncycastle/crypto/tls/ClientAuthenticationType.class org/bouncycastle/crypto/tls/ClientCertificateType.class org/bouncycastle/crypto/tls/CombinedHash.class org/bouncycastle/crypto/tls/CompressionMethod.class org/bouncycastle/crypto/tls/ConnectionEnd.class org/bouncycastle/crypto/tls/ContentType.class org/bouncycastle/crypto/tls/DTLSClientProtocol$ClientHandshakeState.class org/bouncycastle/crypto/tls/DTLSClientProtocol.class org/bouncycastle/crypto/tls/DTLSEpoch.class org/bouncycastle/crypto/tls/DTLSHandshakeRetransmit.class org/bouncycastle/crypto/tls/DTLSProtocol.class org/bouncycastle/crypto/tls/DTLSReassembler$Range.class org/bouncycastle/crypto/tls/DTLSReassembler.class org/bouncycastle/crypto/tls/DTLSRecordLayer.class org/bouncycastle/crypto/tls/DTLSReliableHandshake$1.class org/bouncycastle/crypto/tls/DTLSReliableHandshake$Message.class org/bouncycastle/crypto/tls/DTLSReliableHandshake.class org/bouncycastle/crypto/tls/DTLSReplayWindow.class org/bouncycastle/crypto/tls/DTLSServerProtocol$ServerHandshakeState.class org/bouncycastle/crypto/tls/DTLSServerProtocol.class org/bouncycastle/crypto/tls/DTLSTransport.class org/bouncycastle/crypto/tls/DatagramTransport.class org/bouncycastle/crypto/tls/DefaultTlsAgreementCredentials.class org/bouncycastle/crypto/tls/DefaultTlsCipherFactory.class org/bouncycastle/crypto/tls/DefaultTlsClient.class org/bouncycastle/crypto/tls/DefaultTlsEncryptionCredentials.class org/bouncycastle/crypto/tls/DefaultTlsServer.class org/bouncycastle/crypto/tls/DefaultTlsSignerCredentials.class org/bouncycastle/crypto/tls/DeferredHash.class org/bouncycastle/crypto/tls/DigestAlgorithm.class org/bouncycastle/crypto/tls/ECBasisType.class org/bouncycastle/crypto/tls/ECCurveType.class org/bouncycastle/crypto/tls/ECPointFormat.class org/bouncycastle/crypto/tls/EncryptionAlgorithm.class org/bouncycastle/crypto/tls/ExporterLabel.class org/bouncycastle/crypto/tls/ExtensionType.class org/bouncycastle/crypto/tls/HandshakeType.class org/bouncycastle/crypto/tls/HashAlgorithm.class org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.class org/bouncycastle/crypto/tls/LegacyTlsAuthentication.class org/bouncycastle/crypto/tls/LegacyTlsClient.class org/bouncycastle/crypto/tls/MACAlgorithm.class org/bouncycastle/crypto/tls/NamedCurve.class org/bouncycastle/crypto/tls/NewSessionTicket.class org/bouncycastle/crypto/tls/PRFAlgorithm.class org/bouncycastle/crypto/tls/PSKTlsClient.class org/bouncycastle/crypto/tls/ProtocolVersion.class org/bouncycastle/crypto/tls/RecordStream.class org/bouncycastle/crypto/tls/SRPTlsClient.class org/bouncycastle/crypto/tls/SRTPProtectionProfile.class org/bouncycastle/crypto/tls/SSL3Mac.class org/bouncycastle/crypto/tls/SecurityParameters.class org/bouncycastle/crypto/tls/ServerOnlyTlsAuthentication.class org/bouncycastle/crypto/tls/SignatureAlgorithm.class org/bouncycastle/crypto/tls/SignatureAndHashAlgorithm.class org/bouncycastle/crypto/tls/SupplementalDataEntry.class org/bouncycastle/crypto/tls/SupplementalDataType.class org/bouncycastle/crypto/tls/TlsAEADCipher.class org/bouncycastle/crypto/tls/TlsAgreementCredentials.class org/bouncycastle/crypto/tls/TlsAuthentication.class org/bouncycastle/crypto/tls/TlsBlockCipher.class org/bouncycastle/crypto/tls/TlsCipher.class org/bouncycastle/crypto/tls/TlsCipherFactory.class org/bouncycastle/crypto/tls/TlsClient.class org/bouncycastle/crypto/tls/TlsClientContext.class org/bouncycastle/crypto/tls/TlsClientContextImpl.class org/bouncycastle/crypto/tls/TlsClientProtocol.class org/bouncycastle/crypto/tls/TlsCompression.class org/bouncycastle/crypto/tls/TlsContext.class org/bouncycastle/crypto/tls/TlsCredentials.class org/bouncycastle/crypto/tls/TlsDHEKeyExchange.class org/bouncycastle/crypto/tls/TlsDHKeyExchange.class org/bouncycastle/crypto/tls/TlsDHUtils.class org/bouncycastle/crypto/tls/TlsDSASigner.class org/bouncycastle/crypto/tls/TlsDSSSigner.class org/bouncycastle/crypto/tls/TlsECCUtils.class org/bouncycastle/crypto/tls/TlsECDHEKeyExchange.class org/bouncycastle/crypto/tls/TlsECDHKeyExchange.class org/bouncycastle/crypto/tls/TlsECDSASigner.class org/bouncycastle/crypto/tls/TlsEncryptionCredentials.class org/bouncycastle/crypto/tls/TlsFatalAlert.class org/bouncycastle/crypto/tls/TlsHandshakeHash.class org/bouncycastle/crypto/tls/TlsInputStream.class org/bouncycastle/crypto/tls/TlsKeyExchange.class org/bouncycastle/crypto/tls/TlsMac.class org/bouncycastle/crypto/tls/TlsNullCipher.class org/bouncycastle/crypto/tls/TlsNullCompression.class org/bouncycastle/crypto/tls/TlsOutputStream.class org/bouncycastle/crypto/tls/TlsPSKIdentity.class org/bouncycastle/crypto/tls/TlsPSKKeyExchange.class org/bouncycastle/crypto/tls/TlsPeer.class org/bouncycastle/crypto/tls/TlsProtocol.class org/bouncycastle/crypto/tls/TlsProtocolHandler.class org/bouncycastle/crypto/tls/TlsRSAKeyExchange.class org/bouncycastle/crypto/tls/TlsRSASigner.class org/bouncycastle/crypto/tls/TlsRSAUtils.class org/bouncycastle/crypto/tls/TlsRuntimeException.class org/bouncycastle/crypto/tls/TlsSRPKeyExchange.class org/bouncycastle/crypto/tls/TlsSRTPUtils.class org/bouncycastle/crypto/tls/TlsServer.class org/bouncycastle/crypto/tls/TlsServerContext.class org/bouncycastle/crypto/tls/TlsServerContextImpl.class org/bouncycastle/crypto/tls/TlsServerProtocol.class org/bouncycastle/crypto/tls/TlsSigner.class org/bouncycastle/crypto/tls/TlsSignerCredentials.class org/bouncycastle/crypto/tls/TlsStreamCipher.class org/bouncycastle/crypto/tls/TlsUtils.class org/bouncycastle/crypto/tls/UDPTransport.class org/bouncycastle/crypto/tls/UseSRTPData.class org/bouncycastle/crypto/tls/UserMappingType.class org/bouncycastle/crypto/util/ org/bouncycastle/crypto/util/Pack.class org/bouncycastle/crypto/util/PrivateKeyFactory.class org/bouncycastle/crypto/util/PrivateKeyInfoFactory.class org/bouncycastle/crypto/util/PublicKeyFactory.class org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.class org/bouncycastle/i18n/ org/bouncycastle/i18n/ErrorBundle.class org/bouncycastle/i18n/LocaleString.class org/bouncycastle/i18n/LocalizedException.class org/bouncycastle/i18n/LocalizedMessage$FilteredArguments.class org/bouncycastle/i18n/LocalizedMessage.class org/bouncycastle/i18n/MessageBundle.class org/bouncycastle/i18n/MissingEntryException.class org/bouncycastle/i18n/TextBundle.class org/bouncycastle/i18n/filter/ org/bouncycastle/i18n/filter/Filter.class org/bouncycastle/i18n/filter/HTMLFilter.class org/bouncycastle/i18n/filter/SQLFilter.class org/bouncycastle/i18n/filter/TrustedInput.class org/bouncycastle/i18n/filter/UntrustedInput.class org/bouncycastle/i18n/filter/UntrustedUrlInput.class org/bouncycastle/jcajce/ org/bouncycastle/jcajce/DefaultJcaJceHelper.class org/bouncycastle/jcajce/JcaJceHelper.class org/bouncycastle/jcajce/NamedJcaJceHelper.class org/bouncycastle/jcajce/ProviderJcaJceHelper.class org/bouncycastle/jcajce/io/ org/bouncycastle/jcajce/io/MacOutputStream.class org/bouncycastle/jcajce/provider/ org/bouncycastle/jcajce/provider/asymmetric/ org/bouncycastle/jcajce/provider/asymmetric/DH$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/DH.class org/bouncycastle/jcajce/provider/asymmetric/DSA$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/DSA.class org/bouncycastle/jcajce/provider/asymmetric/DSTU4145$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/DSTU4145.class org/bouncycastle/jcajce/provider/asymmetric/EC$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/EC.class org/bouncycastle/jcajce/provider/asymmetric/ECGOST$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/ECGOST.class org/bouncycastle/jcajce/provider/asymmetric/ElGamal$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/ElGamal.class org/bouncycastle/jcajce/provider/asymmetric/GOST$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/GOST.class org/bouncycastle/jcajce/provider/asymmetric/IES$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/IES.class org/bouncycastle/jcajce/provider/asymmetric/RSA$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/RSA.class org/bouncycastle/jcajce/provider/asymmetric/X509$Mappings.class org/bouncycastle/jcajce/provider/asymmetric/X509.class org/bouncycastle/jcajce/provider/asymmetric/dh/ org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParameterGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/dh/AlgorithmParametersSpi.class org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPrivateKey.class org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPublicKey.class org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher$1.class org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher$IES.class org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher$IESwithAES.class org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher$IESwithDESede.class org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.class org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.class org/bouncycastle/jcajce/provider/asymmetric/dh/KeyFactorySpi.class org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/dsa/ org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParameterGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/dsa/AlgorithmParametersSpi.class org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPrivateKey.class org/bouncycastle/jcajce/provider/asymmetric/dsa/BCDSAPublicKey.class org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$dsa224.class org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$dsa256.class org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$dsa384.class org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$dsa512.class org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$noneDSA.class org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner$stdDSA.class org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.class org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.class org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyFactorySpi.class org/bouncycastle/jcajce/provider/asymmetric/dsa/KeyPairGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/dstu/ org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PrivateKey.class org/bouncycastle/jcajce/provider/asymmetric/dstu/BCDSTU4145PublicKey.class org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyFactorySpi.class org/bouncycastle/jcajce/provider/asymmetric/dstu/KeyPairGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpi.class org/bouncycastle/jcajce/provider/asymmetric/dstu/SignatureSpiLe.class org/bouncycastle/jcajce/provider/asymmetric/ec/ org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.class org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPublicKey.class org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher$1.class org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher$ECIES.class org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher$ECIESwithAES.class org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher$ECIESwithDESede.class org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$DH.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$DHC.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$DHwithSHA1KDF.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$MQV.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi$MQVwithSHA1KDF.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$EC.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECDH.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECDHC.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECDSA.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECGOST3410.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi$ECMQV.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$EC.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$ECDH.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$ECDHC.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$ECDSA.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi$ECMQV.class org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$1.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$CVCDSAEncoder.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$StdDSAEncoder.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA224.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA256.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA384.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecCVCDSA512.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA224.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA256.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA384.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSA512.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSARipeMD160.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecDSAnone.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR224.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR256.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR384.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi$ecNR512.class org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.class org/bouncycastle/jcajce/provider/asymmetric/ecgost/ org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PrivateKey.class org/bouncycastle/jcajce/provider/asymmetric/ecgost/BCECGOST3410PublicKey.class org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyFactorySpi.class org/bouncycastle/jcajce/provider/asymmetric/ecgost/KeyPairGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/ecgost/SignatureSpi.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/ org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParameterGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/AlgorithmParametersSpi.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPrivateKey.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/BCElGamalPublicKey.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi$NoPadding.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi$PKCS1v1_5Padding.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/CipherSpi.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/ElGamalUtil.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyFactorySpi.class org/bouncycastle/jcajce/provider/asymmetric/elgamal/KeyPairGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/gost/ org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParameterGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/gost/AlgorithmParametersSpi.class org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PrivateKey.class org/bouncycastle/jcajce/provider/asymmetric/gost/BCGOST3410PublicKey.class org/bouncycastle/jcajce/provider/asymmetric/gost/KeyFactorySpi.class org/bouncycastle/jcajce/provider/asymmetric/gost/KeyPairGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/gost/SignatureSpi.class org/bouncycastle/jcajce/provider/asymmetric/ies/ org/bouncycastle/jcajce/provider/asymmetric/ies/AlgorithmParametersSpi.class org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi$IES.class org/bouncycastle/jcajce/provider/asymmetric/ies/CipherSpi.class org/bouncycastle/jcajce/provider/asymmetric/rsa/ org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi$OAEP.class org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi$PSS.class org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.class org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.class org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.class org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.class org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$ISO9796d1Padding.class org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$NoPadding.class org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$OAEPPadding.class org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$PKCS1v1_5Padding.class org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$PKCS1v1_5Padding_PrivateOnly.class org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi$PKCS1v1_5Padding_PublicOnly.class org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$MD2.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$MD4.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$MD5.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$RIPEMD128.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$RIPEMD160.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$RIPEMD256.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA1.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA224.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA256.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA384.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$SHA512.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi$noneRSA.class org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.class org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi$MD5WithRSAEncryption.class org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi$RIPEMD160WithRSAEncryption.class org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi$SHA1WithRSAEncryption.class org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.class org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyFactorySpi.class org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.class org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$NullPssDigest.class org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$PSSwithRSA.class org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA1withRSA.class org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA224withRSA.class org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA256withRSA.class org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA384withRSA.class org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$SHA512withRSA.class org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi$nonePSS.class org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.class org/bouncycastle/jcajce/provider/asymmetric/rsa/RSAUtil.class org/bouncycastle/jcajce/provider/asymmetric/util/ org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.class org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.class org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.class org/bouncycastle/jcajce/provider/asymmetric/util/DSABase.class org/bouncycastle/jcajce/provider/asymmetric/util/DSAEncoder.class org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.class org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.class org/bouncycastle/jcajce/provider/asymmetric/util/ExtendedInvalidKeySpecException.class org/bouncycastle/jcajce/provider/asymmetric/util/GOST3410Util.class org/bouncycastle/jcajce/provider/asymmetric/util/IESUtil.class org/bouncycastle/jcajce/provider/asymmetric/util/KeyUtil.class org/bouncycastle/jcajce/provider/asymmetric/util/PKCS12BagAttributeCarrierImpl.class org/bouncycastle/jcajce/provider/asymmetric/x509/ org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory$ExCertificateException.class org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.class org/bouncycastle/jcajce/provider/asymmetric/x509/ExtCRLException.class org/bouncycastle/jcajce/provider/asymmetric/x509/KeyFactory.class org/bouncycastle/jcajce/provider/asymmetric/x509/PEMUtil.class org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.class org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLEntryObject.class org/bouncycastle/jcajce/provider/asymmetric/x509/X509CRLObject.class org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.class org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.class org/bouncycastle/jcajce/provider/config/ org/bouncycastle/jcajce/provider/config/ConfigurableProvider.class org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.class org/bouncycastle/jcajce/provider/config/ProviderConfiguration.class org/bouncycastle/jcajce/provider/config/ProviderConfigurationPermission.class org/bouncycastle/jcajce/provider/digest/ org/bouncycastle/jcajce/provider/digest/BCMessageDigest.class org/bouncycastle/jcajce/provider/digest/DigestAlgorithmProvider.class org/bouncycastle/jcajce/provider/digest/GOST3411$Digest.class org/bouncycastle/jcajce/provider/digest/GOST3411$HashMac.class org/bouncycastle/jcajce/provider/digest/GOST3411$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/GOST3411$Mappings.class org/bouncycastle/jcajce/provider/digest/GOST3411.class org/bouncycastle/jcajce/provider/digest/MD2$Digest.class org/bouncycastle/jcajce/provider/digest/MD2$HashMac.class org/bouncycastle/jcajce/provider/digest/MD2$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/MD2$Mappings.class org/bouncycastle/jcajce/provider/digest/MD2.class org/bouncycastle/jcajce/provider/digest/MD4$Digest.class org/bouncycastle/jcajce/provider/digest/MD4$HashMac.class org/bouncycastle/jcajce/provider/digest/MD4$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/MD4$Mappings.class org/bouncycastle/jcajce/provider/digest/MD4.class org/bouncycastle/jcajce/provider/digest/MD5$Digest.class org/bouncycastle/jcajce/provider/digest/MD5$HashMac.class org/bouncycastle/jcajce/provider/digest/MD5$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/MD5$Mappings.class org/bouncycastle/jcajce/provider/digest/MD5.class org/bouncycastle/jcajce/provider/digest/RIPEMD128$Digest.class org/bouncycastle/jcajce/provider/digest/RIPEMD128$HashMac.class org/bouncycastle/jcajce/provider/digest/RIPEMD128$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/RIPEMD128$Mappings.class org/bouncycastle/jcajce/provider/digest/RIPEMD128.class org/bouncycastle/jcajce/provider/digest/RIPEMD160$Digest.class org/bouncycastle/jcajce/provider/digest/RIPEMD160$HashMac.class org/bouncycastle/jcajce/provider/digest/RIPEMD160$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/RIPEMD160$Mappings.class org/bouncycastle/jcajce/provider/digest/RIPEMD160$PBEWithHmac.class org/bouncycastle/jcajce/provider/digest/RIPEMD160$PBEWithHmacKeyFactory.class org/bouncycastle/jcajce/provider/digest/RIPEMD160.class org/bouncycastle/jcajce/provider/digest/RIPEMD256$Digest.class org/bouncycastle/jcajce/provider/digest/RIPEMD256$HashMac.class org/bouncycastle/jcajce/provider/digest/RIPEMD256$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/RIPEMD256$Mappings.class org/bouncycastle/jcajce/provider/digest/RIPEMD256.class org/bouncycastle/jcajce/provider/digest/RIPEMD320$Digest.class org/bouncycastle/jcajce/provider/digest/RIPEMD320$HashMac.class org/bouncycastle/jcajce/provider/digest/RIPEMD320$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/RIPEMD320$Mappings.class org/bouncycastle/jcajce/provider/digest/RIPEMD320.class org/bouncycastle/jcajce/provider/digest/SHA1$BasePBKDF2WithHmacSHA1.class org/bouncycastle/jcajce/provider/digest/SHA1$Digest.class org/bouncycastle/jcajce/provider/digest/SHA1$HashMac.class org/bouncycastle/jcajce/provider/digest/SHA1$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/SHA1$Mappings.class org/bouncycastle/jcajce/provider/digest/SHA1$PBEWithMacKeyFactory.class org/bouncycastle/jcajce/provider/digest/SHA1$PBKDF2WithHmacSHA18BIT.class org/bouncycastle/jcajce/provider/digest/SHA1$PBKDF2WithHmacSHA1UTF8.class org/bouncycastle/jcajce/provider/digest/SHA1$SHA1Mac.class org/bouncycastle/jcajce/provider/digest/SHA1.class org/bouncycastle/jcajce/provider/digest/SHA224$Digest.class org/bouncycastle/jcajce/provider/digest/SHA224$HashMac.class org/bouncycastle/jcajce/provider/digest/SHA224$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/SHA224$Mappings.class org/bouncycastle/jcajce/provider/digest/SHA224.class org/bouncycastle/jcajce/provider/digest/SHA256$Digest.class org/bouncycastle/jcajce/provider/digest/SHA256$HashMac.class org/bouncycastle/jcajce/provider/digest/SHA256$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/SHA256$Mappings.class org/bouncycastle/jcajce/provider/digest/SHA256$PBEWithMacKeyFactory.class org/bouncycastle/jcajce/provider/digest/SHA256.class org/bouncycastle/jcajce/provider/digest/SHA3$Digest224.class org/bouncycastle/jcajce/provider/digest/SHA3$Digest256.class org/bouncycastle/jcajce/provider/digest/SHA3$Digest384.class org/bouncycastle/jcajce/provider/digest/SHA3$Digest512.class org/bouncycastle/jcajce/provider/digest/SHA3$DigestSHA3.class org/bouncycastle/jcajce/provider/digest/SHA3$HashMac224.class org/bouncycastle/jcajce/provider/digest/SHA3$HashMac256.class org/bouncycastle/jcajce/provider/digest/SHA3$HashMac384.class org/bouncycastle/jcajce/provider/digest/SHA3$HashMac512.class org/bouncycastle/jcajce/provider/digest/SHA3$KeyGenerator224.class org/bouncycastle/jcajce/provider/digest/SHA3$KeyGenerator256.class org/bouncycastle/jcajce/provider/digest/SHA3$KeyGenerator384.class org/bouncycastle/jcajce/provider/digest/SHA3$KeyGenerator512.class org/bouncycastle/jcajce/provider/digest/SHA3$Mappings.class org/bouncycastle/jcajce/provider/digest/SHA3.class org/bouncycastle/jcajce/provider/digest/SHA384$Digest.class org/bouncycastle/jcajce/provider/digest/SHA384$HashMac.class org/bouncycastle/jcajce/provider/digest/SHA384$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/SHA384$Mappings.class org/bouncycastle/jcajce/provider/digest/SHA384$OldSHA384.class org/bouncycastle/jcajce/provider/digest/SHA384.class org/bouncycastle/jcajce/provider/digest/SHA512$Digest.class org/bouncycastle/jcajce/provider/digest/SHA512$DigestT.class org/bouncycastle/jcajce/provider/digest/SHA512$DigestT224.class org/bouncycastle/jcajce/provider/digest/SHA512$DigestT256.class org/bouncycastle/jcajce/provider/digest/SHA512$HashMac.class org/bouncycastle/jcajce/provider/digest/SHA512$HashMacT224.class org/bouncycastle/jcajce/provider/digest/SHA512$HashMacT256.class org/bouncycastle/jcajce/provider/digest/SHA512$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/SHA512$KeyGeneratorT224.class org/bouncycastle/jcajce/provider/digest/SHA512$KeyGeneratorT256.class org/bouncycastle/jcajce/provider/digest/SHA512$Mappings.class org/bouncycastle/jcajce/provider/digest/SHA512$OldSHA512.class org/bouncycastle/jcajce/provider/digest/SHA512.class org/bouncycastle/jcajce/provider/digest/Tiger$Digest.class org/bouncycastle/jcajce/provider/digest/Tiger$HashMac.class org/bouncycastle/jcajce/provider/digest/Tiger$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/Tiger$Mappings.class org/bouncycastle/jcajce/provider/digest/Tiger$PBEWithHashMac.class org/bouncycastle/jcajce/provider/digest/Tiger$PBEWithMacKeyFactory.class org/bouncycastle/jcajce/provider/digest/Tiger$TigerHmac.class org/bouncycastle/jcajce/provider/digest/Tiger.class org/bouncycastle/jcajce/provider/digest/Whirlpool$Digest.class org/bouncycastle/jcajce/provider/digest/Whirlpool$HashMac.class org/bouncycastle/jcajce/provider/digest/Whirlpool$KeyGenerator.class org/bouncycastle/jcajce/provider/digest/Whirlpool$Mappings.class org/bouncycastle/jcajce/provider/digest/Whirlpool.class org/bouncycastle/jcajce/provider/keystore/ org/bouncycastle/jcajce/provider/keystore/BC$Mappings.class org/bouncycastle/jcajce/provider/keystore/BC.class org/bouncycastle/jcajce/provider/keystore/PKCS12$Mappings.class org/bouncycastle/jcajce/provider/keystore/PKCS12.class org/bouncycastle/jcajce/provider/keystore/bc/ org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi$BouncyCastleStore.class org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi$Std.class org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi$StoreEntry.class org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi$Version1.class org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.class org/bouncycastle/jcajce/provider/keystore/pkcs12/ org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$1.class org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$BCPKCS12KeyStore.class org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES.class org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$CertId.class org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$DefPKCS12KeyStore.class org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES.class org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi$IgnoresCaseHashtable.class org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.class org/bouncycastle/jcajce/provider/symmetric/ org/bouncycastle/jcajce/provider/symmetric/AES$AESCMAC.class org/bouncycastle/jcajce/provider/symmetric/AES$AESGMAC.class org/bouncycastle/jcajce/provider/symmetric/AES$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/AES$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/AES$CBC.class org/bouncycastle/jcajce/provider/symmetric/AES$CFB.class org/bouncycastle/jcajce/provider/symmetric/AES$ECB$1.class org/bouncycastle/jcajce/provider/symmetric/AES$ECB.class org/bouncycastle/jcajce/provider/symmetric/AES$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/AES$KeyGen128.class org/bouncycastle/jcajce/provider/symmetric/AES$KeyGen192.class org/bouncycastle/jcajce/provider/symmetric/AES$KeyGen256.class org/bouncycastle/jcajce/provider/symmetric/AES$Mappings.class org/bouncycastle/jcajce/provider/symmetric/AES$OFB.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithAESCBC.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithMD5And128BitAESCBCOpenSSL.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithMD5And192BitAESCBCOpenSSL.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithMD5And256BitAESCBCOpenSSL.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHA256And128BitAESBC.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHA256And192BitAESBC.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHA256And256BitAESBC.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHAAnd128BitAESBC.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHAAnd192BitAESBC.class org/bouncycastle/jcajce/provider/symmetric/AES$PBEWithSHAAnd256BitAESBC.class org/bouncycastle/jcajce/provider/symmetric/AES$RFC3211Wrap.class org/bouncycastle/jcajce/provider/symmetric/AES$Wrap.class org/bouncycastle/jcajce/provider/symmetric/AES.class org/bouncycastle/jcajce/provider/symmetric/ARC4$Base.class org/bouncycastle/jcajce/provider/symmetric/ARC4$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/ARC4$Mappings.class org/bouncycastle/jcajce/provider/symmetric/ARC4$PBEWithSHAAnd128Bit.class org/bouncycastle/jcajce/provider/symmetric/ARC4$PBEWithSHAAnd128BitKeyFactory.class org/bouncycastle/jcajce/provider/symmetric/ARC4$PBEWithSHAAnd40Bit.class org/bouncycastle/jcajce/provider/symmetric/ARC4$PBEWithSHAAnd40BitKeyFactory.class org/bouncycastle/jcajce/provider/symmetric/ARC4.class org/bouncycastle/jcajce/provider/symmetric/Blowfish$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/Blowfish$CBC.class org/bouncycastle/jcajce/provider/symmetric/Blowfish$ECB.class org/bouncycastle/jcajce/provider/symmetric/Blowfish$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Blowfish$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Blowfish.class org/bouncycastle/jcajce/provider/symmetric/CAST5$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/CAST5$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/CAST5$CBC.class org/bouncycastle/jcajce/provider/symmetric/CAST5$ECB.class org/bouncycastle/jcajce/provider/symmetric/CAST5$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/CAST5$Mappings.class org/bouncycastle/jcajce/provider/symmetric/CAST5.class org/bouncycastle/jcajce/provider/symmetric/CAST6$ECB.class org/bouncycastle/jcajce/provider/symmetric/CAST6$GMAC.class org/bouncycastle/jcajce/provider/symmetric/CAST6$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/CAST6$Mappings.class org/bouncycastle/jcajce/provider/symmetric/CAST6.class org/bouncycastle/jcajce/provider/symmetric/Camellia$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/Camellia$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/Camellia$CBC.class org/bouncycastle/jcajce/provider/symmetric/Camellia$ECB$1.class org/bouncycastle/jcajce/provider/symmetric/Camellia$ECB.class org/bouncycastle/jcajce/provider/symmetric/Camellia$GMAC.class org/bouncycastle/jcajce/provider/symmetric/Camellia$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Camellia$KeyGen128.class org/bouncycastle/jcajce/provider/symmetric/Camellia$KeyGen192.class org/bouncycastle/jcajce/provider/symmetric/Camellia$KeyGen256.class org/bouncycastle/jcajce/provider/symmetric/Camellia$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Camellia$RFC3211Wrap.class org/bouncycastle/jcajce/provider/symmetric/Camellia$Wrap.class org/bouncycastle/jcajce/provider/symmetric/Camellia.class org/bouncycastle/jcajce/provider/symmetric/DES$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/DES$CBC.class org/bouncycastle/jcajce/provider/symmetric/DES$CBCMAC.class org/bouncycastle/jcajce/provider/symmetric/DES$CMAC.class org/bouncycastle/jcajce/provider/symmetric/DES$DES64.class org/bouncycastle/jcajce/provider/symmetric/DES$DES64with7816d4.class org/bouncycastle/jcajce/provider/symmetric/DES$DES9797Alg3.class org/bouncycastle/jcajce/provider/symmetric/DES$DES9797Alg3with7816d4.class org/bouncycastle/jcajce/provider/symmetric/DES$DESCFB8.class org/bouncycastle/jcajce/provider/symmetric/DES$DESPBEKeyFactory.class org/bouncycastle/jcajce/provider/symmetric/DES$ECB.class org/bouncycastle/jcajce/provider/symmetric/DES$KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/DES$KeyGenerator.class org/bouncycastle/jcajce/provider/symmetric/DES$Mappings.class org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithMD2.class org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithMD2KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithMD5.class org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithMD5KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithSHA1.class org/bouncycastle/jcajce/provider/symmetric/DES$PBEWithSHA1KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/DES$RFC3211.class org/bouncycastle/jcajce/provider/symmetric/DES.class org/bouncycastle/jcajce/provider/symmetric/DESede$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/DESede$CBC.class org/bouncycastle/jcajce/provider/symmetric/DESede$CBCMAC.class org/bouncycastle/jcajce/provider/symmetric/DESede$CMAC.class org/bouncycastle/jcajce/provider/symmetric/DESede$DESede64.class org/bouncycastle/jcajce/provider/symmetric/DESede$DESede64with7816d4.class org/bouncycastle/jcajce/provider/symmetric/DESede$DESedeCFB8.class org/bouncycastle/jcajce/provider/symmetric/DESede$ECB.class org/bouncycastle/jcajce/provider/symmetric/DESede$KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/DESede$KeyGenerator.class org/bouncycastle/jcajce/provider/symmetric/DESede$KeyGenerator3.class org/bouncycastle/jcajce/provider/symmetric/DESede$Mappings.class org/bouncycastle/jcajce/provider/symmetric/DESede$PBEWithSHAAndDES2Key.class org/bouncycastle/jcajce/provider/symmetric/DESede$PBEWithSHAAndDES2KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/DESede$PBEWithSHAAndDES3Key.class org/bouncycastle/jcajce/provider/symmetric/DESede$PBEWithSHAAndDES3KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/DESede$RFC3211.class org/bouncycastle/jcajce/provider/symmetric/DESede$Wrap.class org/bouncycastle/jcajce/provider/symmetric/DESede.class org/bouncycastle/jcajce/provider/symmetric/GOST28147$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/GOST28147$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/GOST28147$CBC.class org/bouncycastle/jcajce/provider/symmetric/GOST28147$ECB.class org/bouncycastle/jcajce/provider/symmetric/GOST28147$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/GOST28147$Mac.class org/bouncycastle/jcajce/provider/symmetric/GOST28147$Mappings.class org/bouncycastle/jcajce/provider/symmetric/GOST28147.class org/bouncycastle/jcajce/provider/symmetric/Grain128$Base.class org/bouncycastle/jcajce/provider/symmetric/Grain128$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Grain128$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Grain128.class org/bouncycastle/jcajce/provider/symmetric/Grainv1$Base.class org/bouncycastle/jcajce/provider/symmetric/Grainv1$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Grainv1$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Grainv1.class org/bouncycastle/jcajce/provider/symmetric/HC128$Base.class org/bouncycastle/jcajce/provider/symmetric/HC128$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/HC128$Mappings.class org/bouncycastle/jcajce/provider/symmetric/HC128.class org/bouncycastle/jcajce/provider/symmetric/HC256$Base.class org/bouncycastle/jcajce/provider/symmetric/HC256$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/HC256$Mappings.class org/bouncycastle/jcajce/provider/symmetric/HC256.class org/bouncycastle/jcajce/provider/symmetric/Noekeon$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/Noekeon$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/Noekeon$ECB.class org/bouncycastle/jcajce/provider/symmetric/Noekeon$GMAC.class org/bouncycastle/jcajce/provider/symmetric/Noekeon$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Noekeon$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Noekeon.class org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2$Mappings.class org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.class org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12$Mappings.class org/bouncycastle/jcajce/provider/symmetric/PBEPKCS12.class org/bouncycastle/jcajce/provider/symmetric/RC2$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/RC2$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/RC2$CBC.class org/bouncycastle/jcajce/provider/symmetric/RC2$CBCMAC.class org/bouncycastle/jcajce/provider/symmetric/RC2$CFB8MAC.class org/bouncycastle/jcajce/provider/symmetric/RC2$ECB.class org/bouncycastle/jcajce/provider/symmetric/RC2$KeyGenerator.class org/bouncycastle/jcajce/provider/symmetric/RC2$Mappings.class org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithMD2KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithMD5AndRC2.class org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithMD5KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHA1AndRC2.class org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHA1KeyFactory.class org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHAAnd128BitKeyFactory.class org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHAAnd128BitRC2.class org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHAAnd40BitKeyFactory.class org/bouncycastle/jcajce/provider/symmetric/RC2$PBEWithSHAAnd40BitRC2.class org/bouncycastle/jcajce/provider/symmetric/RC2$Wrap.class org/bouncycastle/jcajce/provider/symmetric/RC2.class org/bouncycastle/jcajce/provider/symmetric/RC5$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/RC5$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/RC5$CBC32.class org/bouncycastle/jcajce/provider/symmetric/RC5$CFB8Mac32.class org/bouncycastle/jcajce/provider/symmetric/RC5$ECB32.class org/bouncycastle/jcajce/provider/symmetric/RC5$ECB64.class org/bouncycastle/jcajce/provider/symmetric/RC5$KeyGen32.class org/bouncycastle/jcajce/provider/symmetric/RC5$KeyGen64.class org/bouncycastle/jcajce/provider/symmetric/RC5$Mac32.class org/bouncycastle/jcajce/provider/symmetric/RC5$Mappings.class org/bouncycastle/jcajce/provider/symmetric/RC5.class org/bouncycastle/jcajce/provider/symmetric/RC6$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/RC6$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/RC6$CBC.class org/bouncycastle/jcajce/provider/symmetric/RC6$CFB.class org/bouncycastle/jcajce/provider/symmetric/RC6$ECB$1.class org/bouncycastle/jcajce/provider/symmetric/RC6$ECB.class org/bouncycastle/jcajce/provider/symmetric/RC6$GMAC.class org/bouncycastle/jcajce/provider/symmetric/RC6$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/RC6$Mappings.class org/bouncycastle/jcajce/provider/symmetric/RC6$OFB.class org/bouncycastle/jcajce/provider/symmetric/RC6.class org/bouncycastle/jcajce/provider/symmetric/Rijndael$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/Rijndael$ECB$1.class org/bouncycastle/jcajce/provider/symmetric/Rijndael$ECB.class org/bouncycastle/jcajce/provider/symmetric/Rijndael$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Rijndael$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Rijndael.class org/bouncycastle/jcajce/provider/symmetric/SEED$AlgParamGen.class org/bouncycastle/jcajce/provider/symmetric/SEED$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/SEED$CBC.class org/bouncycastle/jcajce/provider/symmetric/SEED$ECB$1.class org/bouncycastle/jcajce/provider/symmetric/SEED$ECB.class org/bouncycastle/jcajce/provider/symmetric/SEED$GMAC.class org/bouncycastle/jcajce/provider/symmetric/SEED$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/SEED$Mappings.class org/bouncycastle/jcajce/provider/symmetric/SEED$Wrap.class org/bouncycastle/jcajce/provider/symmetric/SEED.class org/bouncycastle/jcajce/provider/symmetric/Salsa20$Base.class org/bouncycastle/jcajce/provider/symmetric/Salsa20$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Salsa20$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Salsa20.class org/bouncycastle/jcajce/provider/symmetric/Serpent$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/Serpent$ECB$1.class org/bouncycastle/jcajce/provider/symmetric/Serpent$ECB.class org/bouncycastle/jcajce/provider/symmetric/Serpent$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Serpent$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Serpent$SerpentGMAC.class org/bouncycastle/jcajce/provider/symmetric/Serpent.class org/bouncycastle/jcajce/provider/symmetric/SipHash$Mac.class org/bouncycastle/jcajce/provider/symmetric/SipHash$Mac48.class org/bouncycastle/jcajce/provider/symmetric/SipHash$Mappings.class org/bouncycastle/jcajce/provider/symmetric/SipHash.class org/bouncycastle/jcajce/provider/symmetric/Skipjack$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/Skipjack$ECB.class org/bouncycastle/jcajce/provider/symmetric/Skipjack$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Skipjack$Mac.class org/bouncycastle/jcajce/provider/symmetric/Skipjack$MacCFB8.class org/bouncycastle/jcajce/provider/symmetric/Skipjack$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Skipjack.class org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.class org/bouncycastle/jcajce/provider/symmetric/TEA$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/TEA$ECB.class org/bouncycastle/jcajce/provider/symmetric/TEA$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/TEA$Mappings.class org/bouncycastle/jcajce/provider/symmetric/TEA.class org/bouncycastle/jcajce/provider/symmetric/Twofish$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/Twofish$ECB$1.class org/bouncycastle/jcajce/provider/symmetric/Twofish$ECB.class org/bouncycastle/jcajce/provider/symmetric/Twofish$GMAC.class org/bouncycastle/jcajce/provider/symmetric/Twofish$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/Twofish$Mappings.class org/bouncycastle/jcajce/provider/symmetric/Twofish$PBEWithSHA.class org/bouncycastle/jcajce/provider/symmetric/Twofish$PBEWithSHAKeyFactory.class org/bouncycastle/jcajce/provider/symmetric/Twofish.class org/bouncycastle/jcajce/provider/symmetric/VMPC$Base.class org/bouncycastle/jcajce/provider/symmetric/VMPC$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/VMPC$Mac.class org/bouncycastle/jcajce/provider/symmetric/VMPC$Mappings.class org/bouncycastle/jcajce/provider/symmetric/VMPC.class org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3$Base.class org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3$Mappings.class org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3.class org/bouncycastle/jcajce/provider/symmetric/XTEA$AlgParams.class org/bouncycastle/jcajce/provider/symmetric/XTEA$ECB.class org/bouncycastle/jcajce/provider/symmetric/XTEA$KeyGen.class org/bouncycastle/jcajce/provider/symmetric/XTEA$Mappings.class org/bouncycastle/jcajce/provider/symmetric/XTEA.class org/bouncycastle/jcajce/provider/symmetric/util/ org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.class org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.class org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.class org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher$AEADGenericBlockCipher.class org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher$BufferedGenericBlockCipher.class org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher$GenericBlockCipher.class org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.class org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.class org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.class org/bouncycastle/jcajce/provider/symmetric/util/BaseSecretKeyFactory.class org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.class org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.class org/bouncycastle/jcajce/provider/symmetric/util/BlockCipherProvider.class org/bouncycastle/jcajce/provider/symmetric/util/IvAlgorithmParameters.class org/bouncycastle/jcajce/provider/symmetric/util/PBE$Util.class org/bouncycastle/jcajce/provider/symmetric/util/PBE.class org/bouncycastle/jcajce/provider/symmetric/util/PBESecretKeyFactory.class org/bouncycastle/jcajce/provider/util/ org/bouncycastle/jcajce/provider/util/AlgorithmProvider.class org/bouncycastle/jcajce/provider/util/AsymmetricAlgorithmProvider.class org/bouncycastle/jcajce/provider/util/AsymmetricKeyInfoConverter.class org/bouncycastle/jcajce/provider/util/DigestFactory.class org/bouncycastle/jcajce/provider/util/SecretKeyUtil.class org/bouncycastle/jce/ org/bouncycastle/jce/ECGOST3410NamedCurveTable.class org/bouncycastle/jce/ECKeyUtil$UnexpectedException.class org/bouncycastle/jce/ECKeyUtil.class org/bouncycastle/jce/ECNamedCurveTable.class org/bouncycastle/jce/ECPointUtil.class org/bouncycastle/jce/MultiCertStoreParameters.class org/bouncycastle/jce/PKCS10CertificationRequest.class org/bouncycastle/jce/PKCS12Util.class org/bouncycastle/jce/PrincipalUtil.class org/bouncycastle/jce/X509KeyUsage.class org/bouncycastle/jce/X509LDAPCertStoreParameters$1.class org/bouncycastle/jce/X509LDAPCertStoreParameters$Builder.class org/bouncycastle/jce/X509LDAPCertStoreParameters.class org/bouncycastle/jce/X509Principal.class org/bouncycastle/jce/examples/ org/bouncycastle/jce/examples/PKCS12Example.class org/bouncycastle/jce/exception/ org/bouncycastle/jce/exception/ExtCertPathBuilderException.class org/bouncycastle/jce/exception/ExtCertPathValidatorException.class org/bouncycastle/jce/exception/ExtCertificateEncodingException.class org/bouncycastle/jce/exception/ExtException.class org/bouncycastle/jce/exception/ExtIOException.class org/bouncycastle/jce/interfaces/ org/bouncycastle/jce/interfaces/BCKeyStore.class org/bouncycastle/jce/interfaces/ECKey.class org/bouncycastle/jce/interfaces/ECPointEncoder.class org/bouncycastle/jce/interfaces/ECPrivateKey.class org/bouncycastle/jce/interfaces/ECPublicKey.class org/bouncycastle/jce/interfaces/ElGamalKey.class org/bouncycastle/jce/interfaces/ElGamalPrivateKey.class org/bouncycastle/jce/interfaces/ElGamalPublicKey.class org/bouncycastle/jce/interfaces/GOST3410Key.class org/bouncycastle/jce/interfaces/GOST3410Params.class org/bouncycastle/jce/interfaces/GOST3410PrivateKey.class org/bouncycastle/jce/interfaces/GOST3410PublicKey.class org/bouncycastle/jce/interfaces/IESKey.class org/bouncycastle/jce/interfaces/MQVPrivateKey.class org/bouncycastle/jce/interfaces/MQVPublicKey.class org/bouncycastle/jce/interfaces/PKCS12BagAttributeCarrier.class org/bouncycastle/jce/netscape/ org/bouncycastle/jce/netscape/NetscapeCertRequest.class org/bouncycastle/jce/provider/ org/bouncycastle/jce/provider/AnnotatedException.class org/bouncycastle/jce/provider/BouncyCastleProvider$1.class org/bouncycastle/jce/provider/BouncyCastleProvider.class org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.class org/bouncycastle/jce/provider/BrokenJCEBlockCipher$BrokePBEWithMD5AndDES.class org/bouncycastle/jce/provider/BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES.class org/bouncycastle/jce/provider/BrokenJCEBlockCipher$BrokePBEWithSHAAndDES2Key.class org/bouncycastle/jce/provider/BrokenJCEBlockCipher$BrokePBEWithSHAAndDES3Key.class org/bouncycastle/jce/provider/BrokenJCEBlockCipher$OldPBEWithSHAAndDES3Key.class org/bouncycastle/jce/provider/BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish.class org/bouncycastle/jce/provider/BrokenJCEBlockCipher.class org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.class org/bouncycastle/jce/provider/BrokenPBE$Util.class org/bouncycastle/jce/provider/BrokenPBE.class org/bouncycastle/jce/provider/CertPathValidatorUtilities.class org/bouncycastle/jce/provider/CertStatus.class org/bouncycastle/jce/provider/CertStoreCollectionSpi.class org/bouncycastle/jce/provider/DHUtil.class org/bouncycastle/jce/provider/ExtCRLException.class org/bouncycastle/jce/provider/JCEDHPrivateKey.class org/bouncycastle/jce/provider/JCEDHPublicKey.class org/bouncycastle/jce/provider/JCEECPrivateKey.class org/bouncycastle/jce/provider/JCEECPublicKey.class org/bouncycastle/jce/provider/JCEElGamalPrivateKey.class org/bouncycastle/jce/provider/JCEElGamalPublicKey.class org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.class org/bouncycastle/jce/provider/JCERSAPrivateKey.class org/bouncycastle/jce/provider/JCERSAPublicKey.class org/bouncycastle/jce/provider/JCEStreamCipher$Blowfish_CFB8.class org/bouncycastle/jce/provider/JCEStreamCipher$Blowfish_OFB8.class org/bouncycastle/jce/provider/JCEStreamCipher$DES_CFB8.class org/bouncycastle/jce/provider/JCEStreamCipher$DES_OFB8.class org/bouncycastle/jce/provider/JCEStreamCipher$DESede_CFB8.class org/bouncycastle/jce/provider/JCEStreamCipher$DESede_OFB8.class org/bouncycastle/jce/provider/JCEStreamCipher$Skipjack_CFB8.class org/bouncycastle/jce/provider/JCEStreamCipher$Skipjack_OFB8.class org/bouncycastle/jce/provider/JCEStreamCipher$Twofish_CFB8.class org/bouncycastle/jce/provider/JCEStreamCipher$Twofish_OFB8.class org/bouncycastle/jce/provider/JCEStreamCipher.class org/bouncycastle/jce/provider/JDKDSAPrivateKey.class org/bouncycastle/jce/provider/JDKDSAPublicKey.class org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.class org/bouncycastle/jce/provider/MultiCertStoreSpi.class org/bouncycastle/jce/provider/OldPKCS12ParametersGenerator.class org/bouncycastle/jce/provider/PEMUtil.class org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.class org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.class org/bouncycastle/jce/provider/PKIXCRLUtil.class org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi.class org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.class org/bouncycastle/jce/provider/PKIXNameConstraintValidator.class org/bouncycastle/jce/provider/PKIXNameConstraintValidatorException.class org/bouncycastle/jce/provider/PKIXPolicyNode.class org/bouncycastle/jce/provider/RFC3280CertPathUtilities.class org/bouncycastle/jce/provider/RFC3281CertPathUtilities.class org/bouncycastle/jce/provider/ReasonsMask.class org/bouncycastle/jce/provider/X509AttrCertParser.class org/bouncycastle/jce/provider/X509CRLEntryObject.class org/bouncycastle/jce/provider/X509CRLObject.class org/bouncycastle/jce/provider/X509CRLParser.class org/bouncycastle/jce/provider/X509CertPairParser.class org/bouncycastle/jce/provider/X509CertParser.class org/bouncycastle/jce/provider/X509CertificateObject.class org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.class org/bouncycastle/jce/provider/X509SignatureUtil.class org/bouncycastle/jce/provider/X509StoreAttrCertCollection.class org/bouncycastle/jce/provider/X509StoreCRLCollection.class org/bouncycastle/jce/provider/X509StoreCertCollection.class org/bouncycastle/jce/provider/X509StoreCertPairCollection.class org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.class org/bouncycastle/jce/provider/X509StoreLDAPCRLs.class org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.class org/bouncycastle/jce/provider/X509StoreLDAPCerts.class org/bouncycastle/jce/spec/ org/bouncycastle/jce/spec/ECKeySpec.class org/bouncycastle/jce/spec/ECNamedCurveGenParameterSpec.class org/bouncycastle/jce/spec/ECNamedCurveParameterSpec.class org/bouncycastle/jce/spec/ECNamedCurveSpec.class org/bouncycastle/jce/spec/ECParameterSpec.class org/bouncycastle/jce/spec/ECPrivateKeySpec.class org/bouncycastle/jce/spec/ECPublicKeySpec.class org/bouncycastle/jce/spec/ElGamalGenParameterSpec.class org/bouncycastle/jce/spec/ElGamalKeySpec.class org/bouncycastle/jce/spec/ElGamalParameterSpec.class org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.class org/bouncycastle/jce/spec/ElGamalPublicKeySpec.class org/bouncycastle/jce/spec/GOST28147ParameterSpec.class org/bouncycastle/jce/spec/GOST3410ParameterSpec.class org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.class org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.class org/bouncycastle/jce/spec/GOST3410PublicKeySpec.class org/bouncycastle/jce/spec/IEKeySpec.class org/bouncycastle/jce/spec/IESParameterSpec.class org/bouncycastle/jce/spec/MQVPrivateKeySpec.class org/bouncycastle/jce/spec/MQVPublicKeySpec.class org/bouncycastle/jce/spec/RepeatedSecretKeySpec.class org/bouncycastle/math/ org/bouncycastle/math/ec/ org/bouncycastle/math/ec/ECAlgorithms.class org/bouncycastle/math/ec/ECConstants.class org/bouncycastle/math/ec/ECCurve$F2m.class org/bouncycastle/math/ec/ECCurve$Fp.class org/bouncycastle/math/ec/ECCurve.class org/bouncycastle/math/ec/ECFieldElement$F2m.class org/bouncycastle/math/ec/ECFieldElement$Fp.class org/bouncycastle/math/ec/ECFieldElement.class org/bouncycastle/math/ec/ECMultiplier.class org/bouncycastle/math/ec/ECPoint$F2m.class org/bouncycastle/math/ec/ECPoint$Fp.class org/bouncycastle/math/ec/ECPoint.class org/bouncycastle/math/ec/FpNafMultiplier.class org/bouncycastle/math/ec/IntArray.class org/bouncycastle/math/ec/PreCompInfo.class org/bouncycastle/math/ec/ReferenceMultiplier.class org/bouncycastle/math/ec/SimpleBigDecimal.class org/bouncycastle/math/ec/Tnaf.class org/bouncycastle/math/ec/WNafMultiplier.class org/bouncycastle/math/ec/WNafPreCompInfo.class org/bouncycastle/math/ec/WTauNafMultiplier.class org/bouncycastle/math/ec/WTauNafPreCompInfo.class org/bouncycastle/math/ec/ZTauElement.class org/bouncycastle/ocsp/ org/bouncycastle/ocsp/BasicOCSPResp.class org/bouncycastle/ocsp/BasicOCSPRespGenerator$ResponseObject.class org/bouncycastle/ocsp/BasicOCSPRespGenerator.class org/bouncycastle/ocsp/CertificateID.class org/bouncycastle/ocsp/CertificateStatus.class org/bouncycastle/ocsp/OCSPException.class org/bouncycastle/ocsp/OCSPReq.class org/bouncycastle/ocsp/OCSPReqGenerator$RequestObject.class org/bouncycastle/ocsp/OCSPReqGenerator.class org/bouncycastle/ocsp/OCSPResp.class org/bouncycastle/ocsp/OCSPRespGenerator.class org/bouncycastle/ocsp/OCSPRespStatus.class org/bouncycastle/ocsp/OCSPUtil.class org/bouncycastle/ocsp/Req.class org/bouncycastle/ocsp/RespData.class org/bouncycastle/ocsp/RespID.class org/bouncycastle/ocsp/RevokedStatus.class org/bouncycastle/ocsp/SingleResp.class org/bouncycastle/ocsp/UnknownStatus.class org/bouncycastle/pqc/ org/bouncycastle/pqc/asn1/ org/bouncycastle/pqc/asn1/GMSSPrivateKey.class org/bouncycastle/pqc/asn1/GMSSPublicKey.class org/bouncycastle/pqc/asn1/McElieceCCA2PrivateKey.class org/bouncycastle/pqc/asn1/McElieceCCA2PublicKey.class org/bouncycastle/pqc/asn1/McEliecePrivateKey.class org/bouncycastle/pqc/asn1/McEliecePublicKey.class org/bouncycastle/pqc/asn1/PQCObjectIdentifiers.class org/bouncycastle/pqc/asn1/ParSet.class org/bouncycastle/pqc/asn1/RainbowPrivateKey.class org/bouncycastle/pqc/asn1/RainbowPublicKey.class org/bouncycastle/pqc/crypto/ org/bouncycastle/pqc/crypto/DigestingMessageSigner.class org/bouncycastle/pqc/crypto/MessageEncryptor.class org/bouncycastle/pqc/crypto/MessageSigner.class org/bouncycastle/pqc/crypto/gmss/ org/bouncycastle/pqc/crypto/gmss/GMSSDigestProvider.class org/bouncycastle/pqc/crypto/gmss/GMSSKeyGenerationParameters.class org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.class org/bouncycastle/pqc/crypto/gmss/GMSSKeyParameters.class org/bouncycastle/pqc/crypto/gmss/GMSSLeaf.class org/bouncycastle/pqc/crypto/gmss/GMSSParameters.class org/bouncycastle/pqc/crypto/gmss/GMSSPrivateKeyParameters.class org/bouncycastle/pqc/crypto/gmss/GMSSPublicKeyParameters.class org/bouncycastle/pqc/crypto/gmss/GMSSRootCalc.class org/bouncycastle/pqc/crypto/gmss/GMSSRootSig.class org/bouncycastle/pqc/crypto/gmss/GMSSSigner.class org/bouncycastle/pqc/crypto/gmss/GMSSUtils.class org/bouncycastle/pqc/crypto/gmss/Treehash.class org/bouncycastle/pqc/crypto/gmss/util/ org/bouncycastle/pqc/crypto/gmss/util/GMSSRandom.class org/bouncycastle/pqc/crypto/gmss/util/GMSSUtil.class org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.class org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.class org/bouncycastle/pqc/crypto/mceliece/ org/bouncycastle/pqc/crypto/mceliece/Conversions.class org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2KeyGenerationParameters.class org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2KeyPairGenerator.class org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2KeyParameters.class org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2Parameters.class org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2Primitives.class org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2PrivateKeyParameters.class org/bouncycastle/pqc/crypto/mceliece/McElieceCCA2PublicKeyParameters.class org/bouncycastle/pqc/crypto/mceliece/McElieceFujisakiCipher.class org/bouncycastle/pqc/crypto/mceliece/McElieceFujisakiDigestCipher.class org/bouncycastle/pqc/crypto/mceliece/McElieceKeyGenerationParameters.class org/bouncycastle/pqc/crypto/mceliece/McElieceKeyPairGenerator.class org/bouncycastle/pqc/crypto/mceliece/McElieceKeyParameters.class org/bouncycastle/pqc/crypto/mceliece/McElieceKobaraImaiCipher.class org/bouncycastle/pqc/crypto/mceliece/McElieceKobaraImaiDigestCipher.class org/bouncycastle/pqc/crypto/mceliece/McEliecePKCSCipher.class org/bouncycastle/pqc/crypto/mceliece/McEliecePKCSDigestCipher.class org/bouncycastle/pqc/crypto/mceliece/McElieceParameters.class org/bouncycastle/pqc/crypto/mceliece/McEliecePointchevalCipher.class org/bouncycastle/pqc/crypto/mceliece/McEliecePointchevalDigestCipher.class org/bouncycastle/pqc/crypto/mceliece/McEliecePrivateKeyParameters.class org/bouncycastle/pqc/crypto/mceliece/McEliecePublicKeyParameters.class org/bouncycastle/pqc/crypto/rainbow/ org/bouncycastle/pqc/crypto/rainbow/Layer.class org/bouncycastle/pqc/crypto/rainbow/RainbowKeyGenerationParameters.class org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.class org/bouncycastle/pqc/crypto/rainbow/RainbowKeyParameters.class org/bouncycastle/pqc/crypto/rainbow/RainbowParameters.class org/bouncycastle/pqc/crypto/rainbow/RainbowPrivateKeyParameters.class org/bouncycastle/pqc/crypto/rainbow/RainbowPublicKeyParameters.class org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.class org/bouncycastle/pqc/crypto/rainbow/util/ org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.class org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.class org/bouncycastle/pqc/crypto/rainbow/util/RainbowUtil.class org/bouncycastle/pqc/jcajce/ org/bouncycastle/pqc/jcajce/provider/ org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider$1.class org/bouncycastle/pqc/jcajce/provider/BouncyCastlePQCProvider.class org/bouncycastle/pqc/jcajce/provider/McEliece$Mappings.class org/bouncycastle/pqc/jcajce/provider/McEliece.class org/bouncycastle/pqc/jcajce/provider/Rainbow$Mappings.class org/bouncycastle/pqc/jcajce/provider/Rainbow.class org/bouncycastle/pqc/jcajce/provider/gmss/ org/bouncycastle/pqc/jcajce/provider/gmss/BCGMSSPublicKey.class org/bouncycastle/pqc/jcajce/provider/mceliece/ org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PrivateKey.class org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcElieceCCA2PublicKey.class org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePrivateKey.class org/bouncycastle/pqc/jcajce/provider/mceliece/BCMcEliecePublicKey.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeyFactorySpi.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2KeysToParams.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceCCA2Primitives.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki224.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki256.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki384.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi$McElieceFujisaki512.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceFujisakiCipherSpi.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyFactorySpi.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyPairGeneratorSpi$McEliece.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyPairGeneratorSpi$McElieceCCA2.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeyPairGeneratorSpi.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKeysToParams.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai224.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai256.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai384.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi$McElieceKobaraImai512.class org/bouncycastle/pqc/jcajce/provider/mceliece/McElieceKobaraImaiCipherSpi.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS224.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS256.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS384.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi$McEliecePKCS512.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePKCSCipherSpi.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval224.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval256.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval384.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi$McEliecePointcheval512.class org/bouncycastle/pqc/jcajce/provider/mceliece/McEliecePointchevalCipherSpi.class org/bouncycastle/pqc/jcajce/provider/rainbow/ org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPrivateKey.class org/bouncycastle/pqc/jcajce/provider/rainbow/BCRainbowPublicKey.class org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyFactorySpi.class org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeyPairGeneratorSpi.class org/bouncycastle/pqc/jcajce/provider/rainbow/RainbowKeysToParams.class org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi$withSha224.class org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi$withSha256.class org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi$withSha384.class org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi$withSha512.class org/bouncycastle/pqc/jcajce/provider/rainbow/SignatureSpi.class org/bouncycastle/pqc/jcajce/provider/util/ org/bouncycastle/pqc/jcajce/provider/util/AsymmetricBlockCipher.class org/bouncycastle/pqc/jcajce/provider/util/AsymmetricHybridCipher.class org/bouncycastle/pqc/jcajce/provider/util/CipherSpiExt.class org/bouncycastle/pqc/jcajce/provider/util/KeyUtil.class org/bouncycastle/pqc/jcajce/spec/ org/bouncycastle/pqc/jcajce/spec/ECCKeyGenParameterSpec.class org/bouncycastle/pqc/jcajce/spec/GMSSKeySpec.class org/bouncycastle/pqc/jcajce/spec/GMSSPrivateKeySpec.class org/bouncycastle/pqc/jcajce/spec/GMSSPublicKeySpec.class org/bouncycastle/pqc/jcajce/spec/McElieceCCA2ParameterSpec.class org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PrivateKeySpec.class org/bouncycastle/pqc/jcajce/spec/McElieceCCA2PublicKeySpec.class org/bouncycastle/pqc/jcajce/spec/McEliecePrivateKeySpec.class org/bouncycastle/pqc/jcajce/spec/McEliecePublicKeySpec.class org/bouncycastle/pqc/jcajce/spec/RainbowParameterSpec.class org/bouncycastle/pqc/jcajce/spec/RainbowPrivateKeySpec.class org/bouncycastle/pqc/jcajce/spec/RainbowPublicKeySpec.class org/bouncycastle/pqc/math/ org/bouncycastle/pqc/math/linearalgebra/ org/bouncycastle/pqc/math/linearalgebra/BigEndianConversions.class org/bouncycastle/pqc/math/linearalgebra/BigIntUtils.class org/bouncycastle/pqc/math/linearalgebra/ByteUtils.class org/bouncycastle/pqc/math/linearalgebra/CharUtils.class org/bouncycastle/pqc/math/linearalgebra/GF2Matrix.class org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.class org/bouncycastle/pqc/math/linearalgebra/GF2Vector.class org/bouncycastle/pqc/math/linearalgebra/GF2mField.class org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.class org/bouncycastle/pqc/math/linearalgebra/GF2mVector.class org/bouncycastle/pqc/math/linearalgebra/GF2nElement.class org/bouncycastle/pqc/math/linearalgebra/GF2nField.class org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.class org/bouncycastle/pqc/math/linearalgebra/GF2nONBField.class org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomial.class org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomialElement.class org/bouncycastle/pqc/math/linearalgebra/GF2nPolynomialField.class org/bouncycastle/pqc/math/linearalgebra/GFElement.class org/bouncycastle/pqc/math/linearalgebra/GoppaCode$MaMaPe.class org/bouncycastle/pqc/math/linearalgebra/GoppaCode$MatrixSet.class org/bouncycastle/pqc/math/linearalgebra/GoppaCode.class org/bouncycastle/pqc/math/linearalgebra/IntUtils.class org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.class org/bouncycastle/pqc/math/linearalgebra/LittleEndianConversions.class org/bouncycastle/pqc/math/linearalgebra/Matrix.class org/bouncycastle/pqc/math/linearalgebra/Permutation.class org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.class org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.class org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.class org/bouncycastle/pqc/math/linearalgebra/RandUtils.class org/bouncycastle/pqc/math/linearalgebra/Vector.class org/bouncycastle/util/ org/bouncycastle/util/Arrays.class org/bouncycastle/util/BigIntegers.class org/bouncycastle/util/CollectionStore.class org/bouncycastle/util/IPAddress.class org/bouncycastle/util/Integers.class org/bouncycastle/util/Memoable.class org/bouncycastle/util/MemoableResetException.class org/bouncycastle/util/Selector.class org/bouncycastle/util/Store.class org/bouncycastle/util/StoreException.class org/bouncycastle/util/StreamParser.class org/bouncycastle/util/StreamParsingException.class org/bouncycastle/util/Strings.class org/bouncycastle/util/encoders/ org/bouncycastle/util/encoders/Base64.class org/bouncycastle/util/encoders/Base64Encoder.class org/bouncycastle/util/encoders/BufferedDecoder.class org/bouncycastle/util/encoders/BufferedEncoder.class org/bouncycastle/util/encoders/DecoderException.class org/bouncycastle/util/encoders/Encoder.class org/bouncycastle/util/encoders/EncoderException.class org/bouncycastle/util/encoders/Hex.class org/bouncycastle/util/encoders/HexEncoder.class org/bouncycastle/util/encoders/HexTranslator.class org/bouncycastle/util/encoders/Translator.class org/bouncycastle/util/encoders/UrlBase64.class org/bouncycastle/util/encoders/UrlBase64Encoder.class org/bouncycastle/util/io/ org/bouncycastle/util/io/StreamOverflowException.class org/bouncycastle/util/io/Streams.class org/bouncycastle/util/io/TeeInputStream.class org/bouncycastle/util/io/TeeOutputStream.class org/bouncycastle/util/io/pem/ org/bouncycastle/util/io/pem/PemGenerationException.class org/bouncycastle/util/io/pem/PemHeader.class org/bouncycastle/util/io/pem/PemObject.class org/bouncycastle/util/io/pem/PemObjectGenerator.class org/bouncycastle/util/io/pem/PemObjectParser.class org/bouncycastle/util/io/pem/PemReader.class org/bouncycastle/util/io/pem/PemWriter.class org/bouncycastle/util/test/ org/bouncycastle/util/test/FixedSecureRandom.class org/bouncycastle/util/test/NumberParsing.class org/bouncycastle/util/test/SimpleTest.class org/bouncycastle/util/test/SimpleTestResult.class org/bouncycastle/util/test/Test.class org/bouncycastle/util/test/TestFailedException.class org/bouncycastle/util/test/TestResult.class org/bouncycastle/util/test/UncloseableOutputStream.class org/bouncycastle/x509/ org/bouncycastle/x509/AttributeCertificateHolder.class org/bouncycastle/x509/AttributeCertificateIssuer.class org/bouncycastle/x509/CertPathReviewerException.class org/bouncycastle/x509/CertPathReviewerMessages.properties org/bouncycastle/x509/CertPathReviewerMessages_de.properties org/bouncycastle/x509/ExtCertificateEncodingException.class org/bouncycastle/x509/ExtendedPKIXBuilderParameters.class org/bouncycastle/x509/ExtendedPKIXParameters.class org/bouncycastle/x509/NoSuchParserException.class org/bouncycastle/x509/NoSuchStoreException.class org/bouncycastle/x509/PKIXAttrCertChecker.class org/bouncycastle/x509/PKIXCertPathReviewer.class org/bouncycastle/x509/X509Attribute.class org/bouncycastle/x509/X509AttributeCertStoreSelector.class org/bouncycastle/x509/X509AttributeCertificate.class org/bouncycastle/x509/X509CRLStoreSelector.class org/bouncycastle/x509/X509CertPairStoreSelector.class org/bouncycastle/x509/X509CertStoreSelector.class org/bouncycastle/x509/X509CertificatePair.class org/bouncycastle/x509/X509CollectionStoreParameters.class org/bouncycastle/x509/X509Store.class org/bouncycastle/x509/X509StoreParameters.class org/bouncycastle/x509/X509StoreSpi.class org/bouncycastle/x509/X509StreamParser.class org/bouncycastle/x509/X509StreamParserSpi.class org/bouncycastle/x509/X509Util$Implementation.class org/bouncycastle/x509/X509Util.class org/bouncycastle/x509/X509V1CertificateGenerator.class org/bouncycastle/x509/X509V2AttributeCertificate.class org/bouncycastle/x509/X509V2AttributeCertificateGenerator.class org/bouncycastle/x509/X509V2CRLGenerator$ExtCRLException.class org/bouncycastle/x509/X509V2CRLGenerator.class org/bouncycastle/x509/X509V3CertificateGenerator.class org/bouncycastle/x509/examples/ org/bouncycastle/x509/examples/AttrCertExample.class org/bouncycastle/x509/extension/ org/bouncycastle/x509/extension/AuthorityKeyIdentifierStructure.class org/bouncycastle/x509/extension/SubjectKeyIdentifierStructure.class org/bouncycastle/x509/extension/X509ExtensionUtil.class org/bouncycastle/x509/util/ org/bouncycastle/x509/util/LDAPStoreHelper.class org/bouncycastle/x509/util/StreamParser.class org/bouncycastle/x509/util/StreamParsingException.class unzip and jar xf also both worked fine for me
          Hide
          Christopher Tubbs added a comment -

          Michael Berman wrote:

          I'm not rewriting any custom socket code

          That's good at least, but...

          There's no way the JSSE properties can be respected automatically

          is simply not true. See TSSLTransportFactory.getServerSocket(int port) or the two param one (int, int)'s javadoc.

          Whether you use this method or the one that explicitly passes these properties, I don't care... so long as it falls back on the JSSE properties, the configuration looks similar to JSSE property names, and it supports all the features that the JSSE properties would if they were set as system properties.

          This is not a client-side setting

          The issue is applicable to both client-side configuration and server-side configuration. My previously expressed opinions were primarily for client-side configuration. For server-side, I've been thinking about better scoped configuration anyway (separate config files... not xml, and separate enums, for separate services). That would resolve some of these questions about where to put configuration and would address the monitor's limited ssl configuration as well. In the meantime, I think something like instance.javax.net.ssl.* or general.javax.net.ssl.* might be a decent compromise for server configuration.

          the tservers themselves need to know where to find the keyStore.

          Recall that part of my criticism of a keyStore-only based configuration was based on the idea that there are other JSSE properties allow you to configure an alternate provider as well (eg. javax.net.ssl.keyStoreProvider).

          This means that probably you want the monitor to have a cert cut from a "real" CA, but enforcing that requirement for every tserver will be unwieldy and not necessary for most deployments.

          How is this unwieldy? I concede that monitor may have different certs than tservers, but I don't agree that having a "real" CA for every tserver will be unwieldy or unnecessary. Having a CA that is trusted sign the certs used by the tservers is essential for clients communicating with the SSL-enabled instance... otherwise, they'll have to have a trustStore that includes the cert of every tserver... and that is unwieldy. Unless you were planning on making clients trust anything that the tserver throws at them... which would undermine the security of the feature.

          Is there any particular reason that it's ok for the monitor to have custom SSL properties, but not the RPC connections?

          No. See my suggestion above for the scoping of properties in separate properties files, and the compromise for prefixing them with a particular scope. The main point is I want users to understand at a glance that something like "monitor.javax.net.ssl.keyStore" is "javax.net.ssl.keyStore" scoped to "monitor". This gets murkier, if the property names are "monitor.ssl.keyStore", but we're stuck with that for now. The main point I want to make for the RPC is that I want to ensure we're moving forward towards a more intuitive and flexible configuration standards. It is not necessarily a blocker for the feature.

          Show
          Christopher Tubbs added a comment - Michael Berman wrote: I'm not rewriting any custom socket code That's good at least, but... There's no way the JSSE properties can be respected automatically is simply not true. See TSSLTransportFactory.getServerSocket(int port) or the two param one (int, int)'s javadoc. Whether you use this method or the one that explicitly passes these properties, I don't care... so long as it falls back on the JSSE properties, the configuration looks similar to JSSE property names, and it supports all the features that the JSSE properties would if they were set as system properties. This is not a client-side setting The issue is applicable to both client-side configuration and server-side configuration. My previously expressed opinions were primarily for client-side configuration. For server-side, I've been thinking about better scoped configuration anyway (separate config files... not xml, and separate enums, for separate services). That would resolve some of these questions about where to put configuration and would address the monitor's limited ssl configuration as well. In the meantime, I think something like instance.javax.net.ssl.* or general.javax.net.ssl.* might be a decent compromise for server configuration. the tservers themselves need to know where to find the keyStore. Recall that part of my criticism of a keyStore-only based configuration was based on the idea that there are other JSSE properties allow you to configure an alternate provider as well (eg. javax.net.ssl.keyStoreProvider). This means that probably you want the monitor to have a cert cut from a "real" CA, but enforcing that requirement for every tserver will be unwieldy and not necessary for most deployments. How is this unwieldy? I concede that monitor may have different certs than tservers, but I don't agree that having a "real" CA for every tserver will be unwieldy or unnecessary. Having a CA that is trusted sign the certs used by the tservers is essential for clients communicating with the SSL-enabled instance... otherwise, they'll have to have a trustStore that includes the cert of every tserver... and that is unwieldy. Unless you were planning on making clients trust anything that the tserver throws at them... which would undermine the security of the feature. Is there any particular reason that it's ok for the monitor to have custom SSL properties, but not the RPC connections? No. See my suggestion above for the scoping of properties in separate properties files, and the compromise for prefixing them with a particular scope. The main point is I want users to understand at a glance that something like "monitor.javax.net.ssl.keyStore" is "javax.net.ssl.keyStore" scoped to "monitor". This gets murkier, if the property names are "monitor.ssl.keyStore", but we're stuck with that for now. The main point I want to make for the RPC is that I want to ensure we're moving forward towards a more intuitive and flexible configuration standards. It is not necessarily a blocker for the feature.
          Hide
          Christopher Tubbs added a comment -

          Regarding the broken dependency on bouncycastle... it seems to me that this isn't an essential part of this feature. It may be better to conditionally load the provider if it's available... but don't if not. And that may be better anyway, because we probably don't want to package it, in case there's any issues with regard to export restrictions.

          Show
          Christopher Tubbs added a comment - Regarding the broken dependency on bouncycastle... it seems to me that this isn't an essential part of this feature. It may be better to conditionally load the provider if it's available... but don't if not. And that may be better anyway, because we probably don't want to package it, in case there's any issues with regard to export restrictions.
          Hide
          John Vines added a comment -

          That sounds like a pain for downstream users. I can understand doing it in the short term, but we should probably start on the process for getting that taken care of.

          https://issues.apache.org/jira/browse/TIKA-118
          http://www.apache.org/licenses/exports/
          http://markmail.org/message/jduwmahz7nfcrzw6

          That last link makes me think we need to take care of this NOW, due to ACCUMULO-998.

          I'm opening a ticket for this, since this is a blocker, if not a fire drill.

          Show
          John Vines added a comment - That sounds like a pain for downstream users. I can understand doing it in the short term, but we should probably start on the process for getting that taken care of. https://issues.apache.org/jira/browse/TIKA-118 http://www.apache.org/licenses/exports/ http://markmail.org/message/jduwmahz7nfcrzw6 That last link makes me think we need to take care of this NOW, due to ACCUMULO-998 . I'm opening a ticket for this, since this is a blocker, if not a fire drill.
          Hide
          Michael Berman added a comment -

          >> There's no way the JSSE properties can be respected automatically

          is simply not true. See TSSLTransportFactory.getServerSocket(int port) or the two param one (int, int)'s javadoc.

          My point was, we at least need to figure out if we want to use a TSSLTransportFactory at all. And beyond that, the stack is still quite different since the THsHaServer doesn't support SSL. So I'm still confident "we will end up examining and branching based on the properties no matter how we do it" is true.

          I think something like instance.javax.net.ssl.* or general.javax.net.ssl.* might be a decent compromise for server configuration.

          This sounds fine to me.

          >> the tservers themselves need to know where to find the keyStore.

          Recall that part of my criticism of a keyStore-only based configuration was based on the idea that there are other JSSE properties allow you to configure an alternate provider as well (eg. javax.net.ssl.keyStoreProvider).

          Here I was just using keystore as an example property. Replace "keyStore" with "keyProvider" and my point still stands. But it sounds like this issue is addressed by your other answers anyway, so no big deal.

          >> This means that probably you want the monitor to have a cert cut from a "real" CA, but enforcing that requirement for every tserver will be unwieldy and not necessary for most deployments.

          How is this unwieldy? I concede that monitor may have different certs than tservers, but I don't agree that having a "real" CA for every tserver will be unwieldy or unnecessary. Having a CA that is trusted sign the certs used by the tservers is essential for clients communicating with the SSL-enabled instance... otherwise, they'll have to have a trustStore that includes the cert of every tserver... and that is unwieldy. Unless you were planning on making clients trust anything that the tserver throws at them... which would undermine the security of the feature.

          I think you've misunderstood me here. Absolutely the tservers' certs need to be signed by a known CA that can be trusted by clients. I believe there's value in the monitor's https cert being signed by a public root CA that is likely to be known about by web browsers. This is what I meant by a "real" CA, and this is the part that seems unwieldy (and usually unnecessary) for tserver certs. It's easier to distribute custom trusted roots to client applications than to end users' web browsers, and getting certs signed by public trusted roots is expensive, usually requires manual intervention, and is impossible if you want to do hostname verification for machines not on the internet. This is the distinction I was trying to draw between requirements for monitor vs. thrift certs. But, since it sounds like you're fine with a service qualifier before the JSSE-like property key, I believe that addresses my original concern.

          Show
          Michael Berman added a comment - >> There's no way the JSSE properties can be respected automatically is simply not true. See TSSLTransportFactory.getServerSocket(int port) or the two param one (int, int)'s javadoc. My point was, we at least need to figure out if we want to use a TSSLTransportFactory at all. And beyond that, the stack is still quite different since the THsHaServer doesn't support SSL. So I'm still confident "we will end up examining and branching based on the properties no matter how we do it" is true. I think something like instance.javax.net.ssl.* or general.javax.net.ssl.* might be a decent compromise for server configuration. This sounds fine to me. >> the tservers themselves need to know where to find the keyStore. Recall that part of my criticism of a keyStore-only based configuration was based on the idea that there are other JSSE properties allow you to configure an alternate provider as well (eg. javax.net.ssl.keyStoreProvider). Here I was just using keystore as an example property. Replace "keyStore" with "keyProvider" and my point still stands. But it sounds like this issue is addressed by your other answers anyway, so no big deal. >> This means that probably you want the monitor to have a cert cut from a "real" CA, but enforcing that requirement for every tserver will be unwieldy and not necessary for most deployments. How is this unwieldy? I concede that monitor may have different certs than tservers, but I don't agree that having a "real" CA for every tserver will be unwieldy or unnecessary. Having a CA that is trusted sign the certs used by the tservers is essential for clients communicating with the SSL-enabled instance... otherwise, they'll have to have a trustStore that includes the cert of every tserver... and that is unwieldy. Unless you were planning on making clients trust anything that the tserver throws at them... which would undermine the security of the feature. I think you've misunderstood me here. Absolutely the tservers' certs need to be signed by a known CA that can be trusted by clients. I believe there's value in the monitor's https cert being signed by a public root CA that is likely to be known about by web browsers. This is what I meant by a "real" CA, and this is the part that seems unwieldy (and usually unnecessary) for tserver certs. It's easier to distribute custom trusted roots to client applications than to end users' web browsers, and getting certs signed by public trusted roots is expensive, usually requires manual intervention, and is impossible if you want to do hostname verification for machines not on the internet. This is the distinction I was trying to draw between requirements for monitor vs. thrift certs. But, since it sounds like you're fine with a service qualifier before the JSSE-like property key, I believe that addresses my original concern.
          Hide
          Michael Berman added a comment -

          Re: bouncycastle...

          It's true that it's not at all necessary for the mainline, running accumulo with SSL connections scenario. It is necessary for provisioning certs (Sun's default JSSE provider does not provide any way to sign certs). So, if someone is willing to bring their own certs for each node, you can get everything up and running without it. But, the tool to help sign and distribute certs for each node will have a real code dependency on BC (not just as a JSSE provider that can be conditionally loaded). We could probably get away with not distributing it anyway, but you'll get ClassNotFound exceptions if you run the cert provisioning code, run a MAC with SSL enabled, or run integration tests. If it's possible to satisfy the export control requirements (per Vines's links above), it sounds like that's a better plan.

          Show
          Michael Berman added a comment - Re: bouncycastle... It's true that it's not at all necessary for the mainline, running accumulo with SSL connections scenario. It is necessary for provisioning certs (Sun's default JSSE provider does not provide any way to sign certs). So, if someone is willing to bring their own certs for each node, you can get everything up and running without it. But, the tool to help sign and distribute certs for each node will have a real code dependency on BC (not just as a JSSE provider that can be conditionally loaded). We could probably get away with not distributing it anyway, but you'll get ClassNotFound exceptions if you run the cert provisioning code, run a MAC with SSL enabled, or run integration tests. If it's possible to satisfy the export control requirements (per Vines's links above), it sounds like that's a better plan.
          Hide
          Christopher Tubbs added a comment -

          it sounds like you're fine with a service qualifier before the JSSE-like property key

          Affirmative I'd prefer the JSSE properties go unprefixed, and the configuration location/context perform the scoping (eg. client.conf contains raw JSSE properties, and monitor.conf contain raw JSSE properties; vs. a single config file containing client.<JSSE property> and monitor.<JSSE property>, but this is a decent compromise.)

          Also, if say "client.ssl.enabled = true", and those JSSE properties prefixed with "client." are absent, a fallback to the unprefixed ones read out of the configuration file or the system properties might be prudent. So, when "client.ssl.enabled" is set to "true", the relevant properties can be configured with the "client." prefix or without, and those without are treated as a global fallback. I don't think they should be mix-and-matched, though (prefixed and non-prefixed), so if any have the prefix for that scope, no unprefixed ones are used.

          Regarding BC:

          Automatic cert provisioning within Accumulo itself seems out of scope to me (if it were me, I'd rather use the system's certs in /etc/pki/tls/certs/, which is the default location for the Apache web server and a bunch of other apps, and uniquely identify the server cryptographically). And, since BC is only needed for cert provisioning and signing, it seems to me that this code (and dependencies) would make the most sense outside of Accumulo's core and provided as a useful add-on. As long as we make sure Accumulo can be configured easily, we'll set the groundwork for any provisioning utility or practice that users are already familiar with for their other secure applications, according to their environment's policies and practices. I'd prefer not trying to provide everything when those functions already exist in Linux environments in standard ways. Instead, we should leverage those standard practices, and document how to interact with them. This significantly reduces the learning curve for system administrators, I think.

          As for the export stuff... John Vines is probably right that it may be relevant to ACCUMULO-998 anyway (I'm certainly no expert), but I still don't see a need to add the dependency if it's just for a provisioning tool that can be easily separated from core functionality.

          Show
          Christopher Tubbs added a comment - it sounds like you're fine with a service qualifier before the JSSE-like property key Affirmative I'd prefer the JSSE properties go unprefixed, and the configuration location/context perform the scoping (eg. client.conf contains raw JSSE properties, and monitor.conf contain raw JSSE properties; vs. a single config file containing client.<JSSE property> and monitor.<JSSE property>, but this is a decent compromise.) Also, if say "client.ssl.enabled = true", and those JSSE properties prefixed with "client." are absent, a fallback to the unprefixed ones read out of the configuration file or the system properties might be prudent. So, when "client.ssl.enabled" is set to "true", the relevant properties can be configured with the "client." prefix or without, and those without are treated as a global fallback. I don't think they should be mix-and-matched, though (prefixed and non-prefixed), so if any have the prefix for that scope, no unprefixed ones are used. Regarding BC: Automatic cert provisioning within Accumulo itself seems out of scope to me (if it were me, I'd rather use the system's certs in /etc/pki/tls/certs/, which is the default location for the Apache web server and a bunch of other apps, and uniquely identify the server cryptographically). And, since BC is only needed for cert provisioning and signing, it seems to me that this code (and dependencies) would make the most sense outside of Accumulo's core and provided as a useful add-on. As long as we make sure Accumulo can be configured easily, we'll set the groundwork for any provisioning utility or practice that users are already familiar with for their other secure applications, according to their environment's policies and practices. I'd prefer not trying to provide everything when those functions already exist in Linux environments in standard ways. Instead, we should leverage those standard practices, and document how to interact with them. This significantly reduces the learning curve for system administrators, I think. As for the export stuff... John Vines is probably right that it may be relevant to ACCUMULO-998 anyway (I'm certainly no expert), but I still don't see a need to add the dependency if it's just for a provisioning tool that can be easily separated from core functionality.
          Hide
          Michael Berman added a comment -

          Also, if say "client.ssl.enabled = true", and those JSSE properties prefixed with "client." are absent, a fallback to the unprefixed ones read out of the configuration file or the system properties might be prudent. So, when "client.ssl.enabled" is set to "true", the relevant properties can be configured with the "client." prefix or without, and those without are treated as a global fallback. I don't think they should be mix-and-matched, though (prefixed and non-prefixed), so if any have the prefix for that scope, no unprefixed ones are used.

          I'm not sure I see the value in client properties being separated from server properties. If ssl is enabled for the server, it should be enabled for clients. For the most part these don't need to overlap, since server properties will come out of accumulo-site.xml and client properties will come out of local client config, but it would be nice if, for example, the shell continued to work without special configuration, because it just picked up general.ssl.enabled from the site config.

          The prefix fallback process sounds like a good addition, but it seems like it makes more sense in combination with a bigger conf refactor (for example splitting into client.conf, monitor.conf, etc). I'd like to defer that work to the broader effort so changes in conf patterns can be considered holistically.

          Regarding BC:

          Right now it's not totally separate...it's used by the MAC if you enable SSL to provision its own local cert (much like it generates all its own config as part of initialization). Thus it's also used by the ITs to test SSL. I suppose we could make the MAC not natively support SSL, requiring users to provide their own certs, and just include pre-generated certs in the ITs' resources directory, but that feels less elegant than being able to say simply miniAccumuloConfig.useSsl(true) if you want to test SSL connections.

          Also, regarding provisioning scenarios, I think some people will want to use certs signed by public CAs the same way they would want to for a webserver, but I still believe this will be unwieldy for tservers. I think the much more common scenario would be for someone to generate a self-signed root on one box, and then want to just cut however many more local certs on each of the nodes in the cluster. As far as reducing the learning curve for system administrators, I think running bin/accumulo init-ssl on each machine, and having that generate certs in default locations and not require any additional config would actually be less work than making them configure a bunch of properties and figure out what relationships they want among all their certs, even if the properties point to standardish locations. Having a separate root and trust tree for accumulo also provides some additional protection. I may not want to trust any accumulo that has a cert signed by a public CA, since anyone could have a cert signed by a public CA. If my cluster has its own root, I can be confident that any cert signed by that root is part of my cluster.

          Show
          Michael Berman added a comment - Also, if say "client.ssl.enabled = true", and those JSSE properties prefixed with "client." are absent, a fallback to the unprefixed ones read out of the configuration file or the system properties might be prudent. So, when "client.ssl.enabled" is set to "true", the relevant properties can be configured with the "client." prefix or without, and those without are treated as a global fallback. I don't think they should be mix-and-matched, though (prefixed and non-prefixed), so if any have the prefix for that scope, no unprefixed ones are used. I'm not sure I see the value in client properties being separated from server properties. If ssl is enabled for the server, it should be enabled for clients. For the most part these don't need to overlap, since server properties will come out of accumulo-site.xml and client properties will come out of local client config, but it would be nice if, for example, the shell continued to work without special configuration, because it just picked up general.ssl.enabled from the site config. The prefix fallback process sounds like a good addition, but it seems like it makes more sense in combination with a bigger conf refactor (for example splitting into client.conf, monitor.conf, etc). I'd like to defer that work to the broader effort so changes in conf patterns can be considered holistically. Regarding BC: Right now it's not totally separate...it's used by the MAC if you enable SSL to provision its own local cert (much like it generates all its own config as part of initialization). Thus it's also used by the ITs to test SSL. I suppose we could make the MAC not natively support SSL, requiring users to provide their own certs, and just include pre-generated certs in the ITs' resources directory, but that feels less elegant than being able to say simply miniAccumuloConfig.useSsl(true) if you want to test SSL connections. Also, regarding provisioning scenarios, I think some people will want to use certs signed by public CAs the same way they would want to for a webserver, but I still believe this will be unwieldy for tservers. I think the much more common scenario would be for someone to generate a self-signed root on one box, and then want to just cut however many more local certs on each of the nodes in the cluster. As far as reducing the learning curve for system administrators, I think running bin/accumulo init-ssl on each machine, and having that generate certs in default locations and not require any additional config would actually be less work than making them configure a bunch of properties and figure out what relationships they want among all their certs, even if the properties point to standardish locations. Having a separate root and trust tree for accumulo also provides some additional protection. I may not want to trust any accumulo that has a cert signed by a public CA, since anyone could have a cert signed by a public CA. If my cluster has its own root, I can be confident that any cert signed by that root is part of my cluster.
          Hide
          Keith Turner added a comment -

          Christopher Tubbs you have some very specific ideas about client side config that sound good. Do you think you would have time to put something together for 1.6 that Michael Berman could use for this feature? It seems to be a bit of dependency for this feature. I am just trying to work out how we can have minimal churn from a users perspective. Introducing this feature in 1.6 and a proper client side config in 1.7 is sub-optimal for users.

          Show
          Keith Turner added a comment - Christopher Tubbs you have some very specific ideas about client side config that sound good. Do you think you would have time to put something together for 1.6 that Michael Berman could use for this feature? It seems to be a bit of dependency for this feature. I am just trying to work out how we can have minimal churn from a users perspective. Introducing this feature in 1.6 and a proper client side config in 1.7 is sub-optimal for users.
          Hide
          Michael Berman added a comment -

          Attaching fresh patch.

          The biggest change from the last one is the segregation of ClientConfig from AccumuloConfig. Also added some more configurability, and integrated various minor feedback.

          Show
          Michael Berman added a comment - Attaching fresh patch. The biggest change from the last one is the segregation of ClientConfig from AccumuloConfig. Also added some more configurability, and integrated various minor feedback.
          Michael Berman made changes -
          Attachment ACCUMULO-1009_thriftSsl.patch [ 12603843 ]
          Michael Berman made changes -
          Attachment ACCUMULO-1009_thriftSsl.patch [ 12597804 ]
          Hide
          Michael Berman added a comment -

          I wanted to get the patch out so everyone could see the direction I went with the ClientConfig, but there are a few known loose ends:

          • If you turn on requireClientAuth, there's no way to configure a ZKInstance to present a client cert
          • We need tests around the JSEE configuration mode, and around requireClientAuth
          Show
          Michael Berman added a comment - I wanted to get the patch out so everyone could see the direction I went with the ClientConfig, but there are a few known loose ends: If you turn on requireClientAuth, there's no way to configure a ZKInstance to present a client cert We need tests around the JSEE configuration mode, and around requireClientAuth
          Hide
          Michael Allen added a comment -

          I wanted to +1 Michael's comments above around setting up an independent set of roots for your cluster. Getting "real" certificates is a pain in the <insert your favorite body part here>, especially when you start talking about trying to set up your own sub-root from which you can cut certificates. Requiring someone to understand how to do all that and then set up a bunch of configuration properties on top of it puts up a big barrier to entry.

          Having something like Michael's suggested bin/accumulo init-ssl call do the certificate generation and configuration for you would be my strongly preferred choice, and would make setting up secure clusters much much easier. The work to set up a reasonably secure SSL deployment is boilerplate, albeit complex boilerplate. Unless you are extremely keen on handling this setup yourself, or your company has stringent requirements in this area, having a very easy to set up SSL configuration is a big boon.

          I also agree that being able to quickly test an SSL-enabled mini-cluster is another huge win for making this code easily testable and maintainable.

          Show
          Michael Allen added a comment - I wanted to +1 Michael's comments above around setting up an independent set of roots for your cluster. Getting "real" certificates is a pain in the <insert your favorite body part here>, especially when you start talking about trying to set up your own sub-root from which you can cut certificates. Requiring someone to understand how to do all that and then set up a bunch of configuration properties on top of it puts up a big barrier to entry. Having something like Michael's suggested bin/accumulo init-ssl call do the certificate generation and configuration for you would be my strongly preferred choice, and would make setting up secure clusters much much easier. The work to set up a reasonably secure SSL deployment is boilerplate, albeit complex boilerplate. Unless you are extremely keen on handling this setup yourself, or your company has stringent requirements in this area, having a very easy to set up SSL configuration is a big boon. I also agree that being able to quickly test an SSL-enabled mini-cluster is another huge win for making this code easily testable and maintainable.
          Hide
          Christopher Tubbs added a comment -

          Michael Berman wrote:

          I'm not sure I see the value in client properties being separated from server properties.

          You're right. "rpc." might be an appropriate scope for both client and server configuration.

          The prefix fallback process sounds like a good addition, but it seems like it makes more sense in combination with a bigger conf refactor (for example splitting into client.conf, monitor.conf, etc). I'd like to defer that work to the broader effort so changes in conf patterns can be considered holistically.

          Seems reasonable. I had hoped I'd have time for that in 1.6, but the timeline is advancing too quickly, and I'm doubtful I'm going to have time for it. My main concern at this point is that I don't want to set a precedent that we're stuck with that would prevent this improvement in 1.7.

          Keith Turner wrote:

          Introducing this feature in 1.6 and a proper client side config in 1.7 is sub-optimal for users.

          Agreed, but I'm not sure I have time to re-prioritize. If we can avoid that, to reduce any potential churn, by hammering it out here, I'd rather do that.

          Michael Berman wrote:

          I suppose we could make the MAC not natively support SSL, requiring users to provide their own certs, and just include pre-generated certs in the ITs' resources directory, but that feels less elegant than being able to say simply miniAccumuloConfig.useSsl(true) if you want to test SSL connections.

          Actually, there's precisely what keytool-maven-plugin is for. I'd much rather have MiniAccumuloCluster use a specified keystore from config properties than to generate its own. That way, it more closely resembles a real Accumulo instance's configuration (a design goal for Mini is that it mimics a real instance as closely as possible).

          As far as reducing the learning curve for system administrators, I think running bin/accumulo init-ssl on each machine, and having that generate certs in default locations and not require any additional config would actually be less work than making them configure a bunch of properties and figure out what relationships they want among all their certs, even if the properties point to standardish locations.

          It's not always about reducing the work... sometimes, it's about doing stuff in the way they already know how to do (or have already done). I'd much rather not re-invent the wheel for provisioning certs. If we just make it simple to configure certs, system administrators can just provision using whatever process they currently know or use. No re-inventing the wheel at all.

          As for "real CA" signing... I expect a common use case would be to use an intermediate CA that is signed by a "real CA". I'm not suggesting that anybody go through the headache of getting every tserver cert signed by a common public root. But... it doesn't really matter whether the "real CA" is one that is pre-configured in a browser (something like VeriSign's root)... so long as it's easy to configure. The point is to make it easy to control which one they'll trust... which may be generated from their root, or an intermediate root, or a trustStore that holds all the individual tserver public certs. The point is to not make decisions for users regarding certificate provisioning, and to just make it easy for them to use what they want.

          I'll have to take a more detailed look at the updated patch sometime later today to see if I have any further feedback.

          Show
          Christopher Tubbs added a comment - Michael Berman wrote: I'm not sure I see the value in client properties being separated from server properties. You're right. "rpc." might be an appropriate scope for both client and server configuration. The prefix fallback process sounds like a good addition, but it seems like it makes more sense in combination with a bigger conf refactor (for example splitting into client.conf, monitor.conf, etc). I'd like to defer that work to the broader effort so changes in conf patterns can be considered holistically. Seems reasonable. I had hoped I'd have time for that in 1.6, but the timeline is advancing too quickly, and I'm doubtful I'm going to have time for it. My main concern at this point is that I don't want to set a precedent that we're stuck with that would prevent this improvement in 1.7. Keith Turner wrote: Introducing this feature in 1.6 and a proper client side config in 1.7 is sub-optimal for users. Agreed, but I'm not sure I have time to re-prioritize. If we can avoid that, to reduce any potential churn, by hammering it out here, I'd rather do that. Michael Berman wrote: I suppose we could make the MAC not natively support SSL, requiring users to provide their own certs, and just include pre-generated certs in the ITs' resources directory, but that feels less elegant than being able to say simply miniAccumuloConfig.useSsl(true) if you want to test SSL connections. Actually, there's precisely what keytool-maven-plugin is for. I'd much rather have MiniAccumuloCluster use a specified keystore from config properties than to generate its own. That way, it more closely resembles a real Accumulo instance's configuration (a design goal for Mini is that it mimics a real instance as closely as possible). As far as reducing the learning curve for system administrators, I think running bin/accumulo init-ssl on each machine, and having that generate certs in default locations and not require any additional config would actually be less work than making them configure a bunch of properties and figure out what relationships they want among all their certs, even if the properties point to standardish locations. It's not always about reducing the work... sometimes, it's about doing stuff in the way they already know how to do (or have already done). I'd much rather not re-invent the wheel for provisioning certs. If we just make it simple to configure certs, system administrators can just provision using whatever process they currently know or use. No re-inventing the wheel at all. As for "real CA" signing... I expect a common use case would be to use an intermediate CA that is signed by a "real CA". I'm not suggesting that anybody go through the headache of getting every tserver cert signed by a common public root. But... it doesn't really matter whether the "real CA" is one that is pre-configured in a browser (something like VeriSign's root)... so long as it's easy to configure. The point is to make it easy to control which one they'll trust... which may be generated from their root, or an intermediate root, or a trustStore that holds all the individual tserver public certs. The point is to not make decisions for users regarding certificate provisioning, and to just make it easy for them to use what they want. I'll have to take a more detailed look at the updated patch sometime later today to see if I have any further feedback.
          Hide
          Michael Berman added a comment -

          You're right. "rpc." might be an appropriate scope for both client and server configuration.

          I like rpc. I'll update the patch.

          My main concern at this point is that I don't want to set a precedent that we're stuck with that would prevent this improvement in 1.7.

          I think we have a pretty graceful path at this point. If we introduce the fully qualified property names now, we can introduce a fallback to more general properties later and any old config will continue to work fine. It doesn't feel like these couple new properties motivate separating into separate config files, since whenever we do that, we're going to have to keep supporting a unified accumulo-site.xml, so having a couple extra properties in there doesn't seem like it'll affect ease of implementation or migration one way or the other.

          It's not always about reducing the work... sometimes, it's about doing stuff in the way they already know how to do (or have already done). I'd much rather not re-invent the wheel for provisioning certs. If we just make it simple to configure certs, system administrators can just provision using whatever process they currently know or use. No re-inventing the wheel at all.

          There's absolutely nothing preventing you from provisioning certs the way you know how, assuming you already know how and you happen to have an intermediate cert handy. I think it would be nice for people to have an easy option as well if they're not already so equipped. And as Michael Allen says above, there are definitely security and operational reasons for wanting a separate trust tree for your accumulo deployment.

          I do think you're right that it would be good to be able to configure a MAC to use existing certs...I'll make that update in the next round. But I also think there's value in not having to pre-provision certs just to use a MAC with SSL. You say that a design goal for the MAC is to mimic a real instance as closely as possible, but at the moment there's actually no way for you to tell it to use an external config source at all. You just configure a MiniAccumuloConfig, and then it writes out its own entire conf directory. It doesn't seem like it's compromising the design to have it also write out certs as part of that step.

          Show
          Michael Berman added a comment - You're right. "rpc." might be an appropriate scope for both client and server configuration. I like rpc. I'll update the patch. My main concern at this point is that I don't want to set a precedent that we're stuck with that would prevent this improvement in 1.7. I think we have a pretty graceful path at this point. If we introduce the fully qualified property names now, we can introduce a fallback to more general properties later and any old config will continue to work fine. It doesn't feel like these couple new properties motivate separating into separate config files, since whenever we do that, we're going to have to keep supporting a unified accumulo-site.xml, so having a couple extra properties in there doesn't seem like it'll affect ease of implementation or migration one way or the other. It's not always about reducing the work... sometimes, it's about doing stuff in the way they already know how to do (or have already done). I'd much rather not re-invent the wheel for provisioning certs. If we just make it simple to configure certs, system administrators can just provision using whatever process they currently know or use. No re-inventing the wheel at all. There's absolutely nothing preventing you from provisioning certs the way you know how, assuming you already know how and you happen to have an intermediate cert handy. I think it would be nice for people to have an easy option as well if they're not already so equipped. And as Michael Allen says above, there are definitely security and operational reasons for wanting a separate trust tree for your accumulo deployment. I do think you're right that it would be good to be able to configure a MAC to use existing certs...I'll make that update in the next round. But I also think there's value in not having to pre-provision certs just to use a MAC with SSL. You say that a design goal for the MAC is to mimic a real instance as closely as possible, but at the moment there's actually no way for you to tell it to use an external config source at all. You just configure a MiniAccumuloConfig, and then it writes out its own entire conf directory. It doesn't seem like it's compromising the design to have it also write out certs as part of that step.
          Hide
          Christopher Tubbs added a comment -

          I think we have a pretty graceful path at this point.

          Agreed.

          There's absolutely nothing preventing you from provisioning certs the way you know how, assuming you already know how and you happen to have an intermediate cert handy.

          No (so long as you're making it configurable... and I think we're on the same page on that), there's nothing preventing you from doing that. But, by providing a "security on" button, you're encouraging users to not even think about security by creating an easy button (like your proposed "bin/accumulo init-ssl") that presumably implements some sort of security without thinking about what kind of security, what protections it offers, and what risks it mitigates. This is a bad precedent, and it feels like your coding to developers (like us, for ease in testing) rather than users... either that, or users who want security but really don't know what they're doing and who just want the comfort of "security" (not a good target audience to cater to, as a rule).

          Besides, you're not doing end users any favors by providing an "easy button" for security. Anybody whose first experience with certificate management and provisioning is with this "easy button", will have to learn it all over again when they use SSL in any other Java application, and users who do have the experience will want to configure the details themselves, to ensure they are set up correctly (or they'll learn an unnecessary shortcut).

          The short of it is that Accumulo should not be in the business of provisioning or managing certificates. We should make it easy to configure and use whatever certificates user provide, and any external convenience provisioning software should be left as an external tool, because that's outside the scope of Accumulo (just as its outside the scope of Tomcat, Apache Web Server, Jetty, JBoss, Thrift, and any other SSL-capable application).

          The best thing for provisioning is to simply document how one might provision certificates... perhaps as a sequence of keytool or openssl commands. That way, it's clear to users that Accumulo's security isn't anything special or custom or novel. It's simply leveraging the same kinds of security that is available to them in other applications... the same that they may already understand, or that is well documented, or that they can get help with on StackOverflow or the countless message boards.

          I can certainly get behind an external tool to help provision certificates for an entire cluster... I'd probably use something like that, but I think that's way outside the scope of Accumulo.

          I know it seems like it, but I'm really not trying to argue for the rougher path for end users. I want things to go easy for them, too. But, I don't want them to have to re-learn custom things, and I don't want compromise security by automating security considerations that are necessary when provisioning certificates. I also don't want our public API and configuration to reflect our internal needs for development and testing, instead of the end-user's needs. I also want to protect against bloat, and the tendency to try to make software do all the things.

          And as Michael Allen says above, there are definitely security and operational reasons for wanting a separate trust tree for your accumulo deployment.

          I don't disagree. This is not an argument against that use case... I concede the utility and convenience of that. I do not concede that we should provide tools for provisioning that type of certificate chain and encourage users to turn on security "auto-magically" with an "easy button".

          no way for you to tell it to use an external config source

          That's not quite true. MiniAccumuloConfig accepts a map of keys to values, for configuration elements, which mimics the accumulo-site.xml file. It's relatively trivial to construct this map from any arbitrary external source. Provisioning certs is not part of regular Accumulo initialization, and it shouldn't be part of MAC's initialization.

          Show
          Christopher Tubbs added a comment - I think we have a pretty graceful path at this point. Agreed. There's absolutely nothing preventing you from provisioning certs the way you know how, assuming you already know how and you happen to have an intermediate cert handy. No (so long as you're making it configurable... and I think we're on the same page on that), there's nothing preventing you from doing that. But, by providing a "security on" button, you're encouraging users to not even think about security by creating an easy button (like your proposed "bin/accumulo init-ssl") that presumably implements some sort of security without thinking about what kind of security, what protections it offers, and what risks it mitigates. This is a bad precedent, and it feels like your coding to developers (like us, for ease in testing) rather than users... either that, or users who want security but really don't know what they're doing and who just want the comfort of "security" (not a good target audience to cater to, as a rule). Besides, you're not doing end users any favors by providing an "easy button" for security. Anybody whose first experience with certificate management and provisioning is with this "easy button", will have to learn it all over again when they use SSL in any other Java application , and users who do have the experience will want to configure the details themselves, to ensure they are set up correctly (or they'll learn an unnecessary shortcut). The short of it is that Accumulo should not be in the business of provisioning or managing certificates. We should make it easy to configure and use whatever certificates user provide, and any external convenience provisioning software should be left as an external tool, because that's outside the scope of Accumulo (just as its outside the scope of Tomcat, Apache Web Server, Jetty, JBoss, Thrift, and any other SSL-capable application). The best thing for provisioning is to simply document how one might provision certificates... perhaps as a sequence of keytool or openssl commands. That way, it's clear to users that Accumulo's security isn't anything special or custom or novel. It's simply leveraging the same kinds of security that is available to them in other applications... the same that they may already understand, or that is well documented, or that they can get help with on StackOverflow or the countless message boards. I can certainly get behind an external tool to help provision certificates for an entire cluster... I'd probably use something like that, but I think that's way outside the scope of Accumulo. I know it seems like it, but I'm really not trying to argue for the rougher path for end users. I want things to go easy for them, too. But, I don't want them to have to re-learn custom things, and I don't want compromise security by automating security considerations that are necessary when provisioning certificates. I also don't want our public API and configuration to reflect our internal needs for development and testing, instead of the end-user's needs. I also want to protect against bloat, and the tendency to try to make software do all the things. And as Michael Allen says above, there are definitely security and operational reasons for wanting a separate trust tree for your accumulo deployment. I don't disagree. This is not an argument against that use case... I concede the utility and convenience of that. I do not concede that we should provide tools for provisioning that type of certificate chain and encourage users to turn on security "auto-magically" with an "easy button". no way for you to tell it to use an external config source That's not quite true. MiniAccumuloConfig accepts a map of keys to values, for configuration elements, which mimics the accumulo-site.xml file. It's relatively trivial to construct this map from any arbitrary external source. Provisioning certs is not part of regular Accumulo initialization, and it shouldn't be part of MAC's initialization.
          Hide
          Michael Berman added a comment -

          Anyone else want to weigh in? It seems pretty clear that neither of us is going to convince the other. Just looked over the jetty and tomcat SSL howtos, btw, and both have special settings in their conf to set where to find keystores and truststores. JSSE is a nice dream, but I don't believe it's so universally supported that anything can be asserted about "any other Java application." It is true that neither provides a tool to help provision certs, but also neither of them are typically deployed in massive clusters where it makes sense for them to have their own dedicated root. Wanting to limit scope is a fair point, but I think dramatically easing setup of what I imagine to be the most common deployment pattern is worth it. We could ask people to create their own accumulo tree in HDFS (and plenty of other hadoop-based tools' first step is "run this hadoop command..."), but instead we have init do it because complicated install procedures are a huge barrier to adoption.

          Show
          Michael Berman added a comment - Anyone else want to weigh in? It seems pretty clear that neither of us is going to convince the other. Just looked over the jetty and tomcat SSL howtos, btw, and both have special settings in their conf to set where to find keystores and truststores. JSSE is a nice dream, but I don't believe it's so universally supported that anything can be asserted about "any other Java application." It is true that neither provides a tool to help provision certs, but also neither of them are typically deployed in massive clusters where it makes sense for them to have their own dedicated root. Wanting to limit scope is a fair point, but I think dramatically easing setup of what I imagine to be the most common deployment pattern is worth it. We could ask people to create their own accumulo tree in HDFS (and plenty of other hadoop-based tools' first step is "run this hadoop command..."), but instead we have init do it because complicated install procedures are a huge barrier to adoption.
          Hide
          Michael Berman added a comment -

          Fresh patch with minor changes... add a test for clientAuth, a few fixes around optionless shell startup, and some property renaming.

          Show
          Michael Berman added a comment - Fresh patch with minor changes... add a test for clientAuth, a few fixes around optionless shell startup, and some property renaming.
          Michael Berman made changes -
          Attachment ACCUMULO-1009_thriftSsl.patch [ 12604044 ]
          Michael Berman made changes -
          Attachment ACCUMULO-1009_thriftSsl.patch [ 12603843 ]
          Hide
          Alex Moundalexis added a comment -

          I'll throw in my $0.02; in short, resist the temptation to handle certificate provisioning.

          If provisioning is included, it becomes a type of one-off product that:

          • does its own thing
          • has to be maintained
          • security/admin folks have to address separately as a one-off

          When key/truststores can be reused between services, it makes life of the admin a lot easier. For users that require encryption in transit, certificates are typically well understood and tooling exists to generate and provision. That being said, trying to shoehorn those certs into an internally-provisioned piece is usually kludgy at best.

          I see "accumulo init" as a case where steps – though complicated – are going to be identical across users and are required to get the thing up and running, whereas the generation of certificates is going to vary a bit and is still optional.

          I'm fairly new to Accumulo, but I've spent a good chunk of time supporting other systems requiring encryption in-transit.

          Show
          Alex Moundalexis added a comment - I'll throw in my $0.02; in short, resist the temptation to handle certificate provisioning. If provisioning is included, it becomes a type of one-off product that: does its own thing has to be maintained security/admin folks have to address separately as a one-off When key/truststores can be reused between services, it makes life of the admin a lot easier. For users that require encryption in transit, certificates are typically well understood and tooling exists to generate and provision. That being said, trying to shoehorn those certs into an internally-provisioned piece is usually kludgy at best. I see "accumulo init" as a case where steps – though complicated – are going to be identical across users and are required to get the thing up and running, whereas the generation of certificates is going to vary a bit and is still optional. I'm fairly new to Accumulo, but I've spent a good chunk of time supporting other systems requiring encryption in-transit.
          Hide
          John Vines added a comment -

          Alex makes a good point about maintaing the init-ssl scripts and I totally understand Christopher's point about having user's falsely believe their security, but I think just being able to have MAC run in SSL mode from a test automation standpoint is something we really should have together. I can understand the init-ssl stuff becoming a portion of MAC to denote this, but we really should have MAC runnable with SSL.

          Show
          John Vines added a comment - Alex makes a good point about maintaing the init-ssl scripts and I totally understand Christopher's point about having user's falsely believe their security, but I think just being able to have MAC run in SSL mode from a test automation standpoint is something we really should have together. I can understand the init-ssl stuff becoming a portion of MAC to denote this, but we really should have MAC runnable with SSL.
          Hide
          Keith Turner added a comment -

          I just spent a bit looking at a patch. And I see a new one was posted recently, these may be against the older one. It would be nice to post multiple version of the patch and then I could state that my comments are against version 002 of the patch.

          • what does certutils do that keytool does not? or does it just make things easier? How do you expect the user to run this? "accumulo org.apache.accumulo.server.security.ssl.CertUtils" ? If this is the case, then this utility is not front and center and the user would really have to look for it.
          • should generate all print a disclaimer clearly stating any potential pitfalls/risk the user should be aware of? Christopher Tubbs would this address your concern?
          • Adding ssl options to MAC is done to test Accumulo itself. However this will also be available to Accumulo users using MAC. Is this an API you feel comfortable supporting for a few years?
          • I am not in favor of adding "public ZooKeeperInstance(String instanceName, String zooKeepers, boolean sslEnabled)". This is not a scalable approach for configuring Accumulo. For example when ACCUMULO-1268 is implemented we would not want constructors for : (..., sslEnabled), (...,sslEnabled,timeout), (...,timeout) . I think the constructors that take ClientConfiguration are sufficient and ClientConfiguration looks nice, like it. I am kinda torn about making client and sever config follow differnt models, but the new client config seems better. I still need to look at it in more detail.
          • what needs to be done for the proxy w.r.t to ssl? should ClientConfiguration be exposed to proxy api? should proxy server support ssl? maybe we should create sub-tickets

          Seems like we need test for the following scenarios :

          • Server requires clients have cert signed by trusted CA (test client w/ valid cert, w/o cert, w/ invalid cert)
          • Server requires SSL, client tries connecting w/o SSL
          • Server does not have a cert that client trust
          • Multiple ZooKeeperInstances in the same java process with different SSL config (is this possible? It looks like you included ssl options in the Key in ThriftTransportPool?) This could happen if a single process connected to multiple Accumulo instances
          Show
          Keith Turner added a comment - I just spent a bit looking at a patch. And I see a new one was posted recently, these may be against the older one. It would be nice to post multiple version of the patch and then I could state that my comments are against version 002 of the patch. what does certutils do that keytool does not? or does it just make things easier? How do you expect the user to run this? "accumulo org.apache.accumulo.server.security.ssl.CertUtils" ? If this is the case, then this utility is not front and center and the user would really have to look for it. should generate all print a disclaimer clearly stating any potential pitfalls/risk the user should be aware of? Christopher Tubbs would this address your concern? Adding ssl options to MAC is done to test Accumulo itself. However this will also be available to Accumulo users using MAC. Is this an API you feel comfortable supporting for a few years? I am not in favor of adding "public ZooKeeperInstance(String instanceName, String zooKeepers, boolean sslEnabled)". This is not a scalable approach for configuring Accumulo. For example when ACCUMULO-1268 is implemented we would not want constructors for : (..., sslEnabled), (...,sslEnabled,timeout), (...,timeout) . I think the constructors that take ClientConfiguration are sufficient and ClientConfiguration looks nice, like it. I am kinda torn about making client and sever config follow differnt models, but the new client config seems better. I still need to look at it in more detail. what needs to be done for the proxy w.r.t to ssl? should ClientConfiguration be exposed to proxy api? should proxy server support ssl? maybe we should create sub-tickets Seems like we need test for the following scenarios : Server requires clients have cert signed by trusted CA (test client w/ valid cert, w/o cert, w/ invalid cert) Server requires SSL, client tries connecting w/o SSL Server does not have a cert that client trust Multiple ZooKeeperInstances in the same java process with different SSL config (is this possible? It looks like you included ssl options in the Key in ThriftTransportPool?) This could happen if a single process connected to multiple Accumulo instances
          Hide
          Christopher Tubbs added a comment -

          John Vines: We can make MAC easy to configure SSL for testing, regardless of whether the provisioning code is there or not. But what specific security configuration are you testing by providing a security switch that automatically provisions and configures MAC?

          The described situation is no different than configuring the jetty-maven-plugin with certs to test a webapp in Jetty with ssl... but you don't see Jetty with a "do security" configuration option that automatically chooses a security configuration to test against... you still have to provision certs (generating certs, using something like keytool-maven-plugin, if testing in maven, or by providing a specific cert), in order to test the app with that specific security configuration. Testing "security on" is next to meaningless. Testing a specific security configuration is far more valuable to users.

          So, I'm not convinced that users will get value from MAC having provisioning code. However, I do think there's value in documenting the provisioning and configuration of certs (with openssl or keytool) in an example. And... what would be really valuable is having this done automatically in an integration test baked-in to the next version of the Instamo maven archetype that supports SSL.

          Show
          Christopher Tubbs added a comment - John Vines : We can make MAC easy to configure SSL for testing, regardless of whether the provisioning code is there or not. But what specific security configuration are you testing by providing a security switch that automatically provisions and configures MAC? The described situation is no different than configuring the jetty-maven-plugin with certs to test a webapp in Jetty with ssl... but you don't see Jetty with a "do security" configuration option that automatically chooses a security configuration to test against... you still have to provision certs (generating certs, using something like keytool-maven-plugin, if testing in maven, or by providing a specific cert), in order to test the app with that specific security configuration. Testing "security on" is next to meaningless. Testing a specific security configuration is far more valuable to users. So, I'm not convinced that users will get value from MAC having provisioning code. However, I do think there's value in documenting the provisioning and configuration of certs (with openssl or keytool) in an example. And... what would be really valuable is having this done automatically in an integration test baked-in to the next version of the Instamo maven archetype that supports SSL.
          Hide
          Josh Elser added a comment -

          Trying to catch up on the discussion (glad to see such in-depth discussion )

          As Keith Turner and Alex Moundalexis touched on, I think it may be good to take a step back and provision out the sub-tasks here. As a general statement, my gut agrees that we don't want to be in the "security provisioning" realm just for the monumental difficulties in doing it correctly. That being said, I think it would be prudent to have some sort of "basic" mechanism in which we can test things. The simplest approach to me would be to generate cert(s), keystore, local-CA, and w/e else we need to run "securely" for MAC, document how it was done, and then bundle that as a first go-around. A sub-task can be made to find a happy medium with what we could do automatically and what is best left up to the integrator/sys-admin?

          Testing security for the sake of "is it secure?" is likely without much gain, but there are definitely the edge-cases like Keith Turner pointed out which need testing.

          All that being said, trying to break down the larger wire encryption issue into some more tenable pieces is a good idea (plus so the next patch doesn't break the 4k line count )

          Show
          Josh Elser added a comment - Trying to catch up on the discussion (glad to see such in-depth discussion ) As Keith Turner and Alex Moundalexis touched on, I think it may be good to take a step back and provision out the sub-tasks here. As a general statement, my gut agrees that we don't want to be in the "security provisioning" realm just for the monumental difficulties in doing it correctly. That being said, I think it would be prudent to have some sort of "basic" mechanism in which we can test things. The simplest approach to me would be to generate cert(s), keystore, local-CA, and w/e else we need to run "securely" for MAC, document how it was done, and then bundle that as a first go-around. A sub-task can be made to find a happy medium with what we could do automatically and what is best left up to the integrator/sys-admin? Testing security for the sake of "is it secure?" is likely without much gain, but there are definitely the edge-cases like Keith Turner pointed out which need testing. All that being said, trying to break down the larger wire encryption issue into some more tenable pieces is a good idea (plus so the next patch doesn't break the 4k line count )
          Christopher Tubbs made changes -
          Link This issue is related to ACCUMULO-1726 [ ACCUMULO-1726 ]
          Hide
          Michael Berman added a comment -

          I'll start versioning my patches.

          I wasn't thinking CertUtils would be the final interface to cert provisioning; I just provided that for our MAC testing and to bootstrap other developers trying out my patch. As it is, it doesn't really do anything that keytool doesn't do, but my intention is that there would be another layer of tool on top of it that helps with the cluster management aspects. So, you run accumulo init-ssl for the first time on one machine, and it generates all the certs, and sticks the root on HDFS somewhere. Then, if you run init-ssl on another node, it copies the root to the local system, cuts a fresh private key off of it, and sticks both in the default locations. The instance secret is also used as the keystore password, and the location in hdfs for the keystore is well known given an instance name, so there doesn't need to be any human intervention to cut new private keys for each new node, apart from running the script, assuming you're using all the defaults. Of course, all of this would be optional; you can always stick in arbitrary keys from arbitrary sources.

          WRT MAC, not only do I feel comfortable supporting it, I think it's super valuable for others to be able to test their own apps against SSL-enabled accumulo.

          I'm fine getting rid of the sslEnabled constructors.

          I think the proxy needs to support SSL on both sides. A subticket definitely makes sense to me.

          Show
          Michael Berman added a comment - I'll start versioning my patches. I wasn't thinking CertUtils would be the final interface to cert provisioning; I just provided that for our MAC testing and to bootstrap other developers trying out my patch. As it is, it doesn't really do anything that keytool doesn't do, but my intention is that there would be another layer of tool on top of it that helps with the cluster management aspects. So, you run accumulo init-ssl for the first time on one machine, and it generates all the certs, and sticks the root on HDFS somewhere. Then, if you run init-ssl on another node, it copies the root to the local system, cuts a fresh private key off of it, and sticks both in the default locations. The instance secret is also used as the keystore password, and the location in hdfs for the keystore is well known given an instance name, so there doesn't need to be any human intervention to cut new private keys for each new node, apart from running the script, assuming you're using all the defaults. Of course, all of this would be optional; you can always stick in arbitrary keys from arbitrary sources. WRT MAC, not only do I feel comfortable supporting it, I think it's super valuable for others to be able to test their own apps against SSL-enabled accumulo. I'm fine getting rid of the sslEnabled constructors. I think the proxy needs to support SSL on both sides. A subticket definitely makes sense to me.
          Hide
          Michael Berman added a comment -

          Multiple ZooKeeperInstances in the same java process with different SSL config (is this possible? It looks like you included ssl options in the Key in ThriftTransportPool?) This could happen if a single process connected to multiple Accumulo instances

          Generally this should be fine. The cached transports are keyed on (location, timeout, sslEnabled), so if you're connecting to multiple instances from the same process, they should have different locations anyway, so the different SSL settings will be segregated. One potential area for concern is that I'm only using the sslEnabled flag, not the full set of SSL parameters, so if you have connected successfully with some cert, and then in the same process you try to connect with a different cert, you could get a cached, connected transport, even though you might not otherwise trust the remote server (or you might have an invalid client cert, if that's turned on). It seemed to me like this risk was pretty minimal, since you're already in the same process, but if others think it's too big a risk, it would be easy to add all the SSL params to the key.

          Show
          Michael Berman added a comment - Multiple ZooKeeperInstances in the same java process with different SSL config (is this possible? It looks like you included ssl options in the Key in ThriftTransportPool?) This could happen if a single process connected to multiple Accumulo instances Generally this should be fine. The cached transports are keyed on (location, timeout, sslEnabled), so if you're connecting to multiple instances from the same process, they should have different locations anyway, so the different SSL settings will be segregated. One potential area for concern is that I'm only using the sslEnabled flag, not the full set of SSL parameters, so if you have connected successfully with some cert, and then in the same process you try to connect with a different cert, you could get a cached, connected transport, even though you might not otherwise trust the remote server (or you might have an invalid client cert, if that's turned on). It seemed to me like this risk was pretty minimal, since you're already in the same process, but if others think it's too big a risk, it would be easy to add all the SSL params to the key.
          Hide
          Keith Turner added a comment -

          So, you run accumulo init-ssl

          Where is this in the patch? I search the patch for "init-ssl" and find nothing.

          Then, if you run init-ssl on another node, it copies the root to the local system, cuts a fresh private key off of it, and sticks both in the default locations

          If you have time I would really appreciate if you could post example commands for initializing a 3 node cluster using this process.

          if you have connected successfully with some cert, and then in the same process you try to connect with a different cert, you could get a cached, connected transport

          I think it would be worthwhile addressing or at the very least opening a subticket to track the issue so its not forgotten. I'll open a subticket.

          Show
          Keith Turner added a comment - So, you run accumulo init-ssl Where is this in the patch? I search the patch for "init-ssl" and find nothing. Then, if you run init-ssl on another node, it copies the root to the local system, cuts a fresh private key off of it, and sticks both in the default locations If you have time I would really appreciate if you could post example commands for initializing a 3 node cluster using this process. if you have connected successfully with some cert, and then in the same process you try to connect with a different cert, you could get a cached, connected transport I think it would be worthwhile addressing or at the very least opening a subticket to track the issue so its not forgotten. I'll open a subticket.
          Hide
          Michael Berman added a comment -

          my intention is that there would be another layer of tool on top of it

          It's not in the patch because I haven't written it yet. This is what I was alluding to in my first comment with the TODO item "Interactive cert generation process more like `bin/accumulo init`, rather than running CertUtils with a big pile of switches." And then I didn't want to spend to much time on it until it had been worked out whether or not we actually wanted such a thing.

          Show
          Michael Berman added a comment - my intention is that there would be another layer of tool on top of it It's not in the patch because I haven't written it yet. This is what I was alluding to in my first comment with the TODO item "Interactive cert generation process more like `bin/accumulo init`, rather than running CertUtils with a big pile of switches." And then I didn't want to spend to much time on it until it had been worked out whether or not we actually wanted such a thing.
          Hide
          Keith Turner added a comment -

          It's not in the patch because I haven't written it yet.

          I thought all of the discussion was about something that was in the patch. I took a close look at it today and was surprised to not see any hint of "init-ssl". The problem was I did not go back an reread everything, it was just too much. I suppose there should be a init-ssl subticket, but there is already so much discussion here.

          Show
          Keith Turner added a comment - It's not in the patch because I haven't written it yet. I thought all of the discussion was about something that was in the patch. I took a close look at it today and was surprised to not see any hint of "init-ssl". The problem was I did not go back an reread everything, it was just too much. I suppose there should be a init-ssl subticket, but there is already so much discussion here.
          Hide
          Michael Berman added a comment -

          Yeah, if we decide we want it, I'll definitely split it out into a subtask. I figured I'd let the discussion here play out, though, since there's already so much of it. Most of the discussion that applies to init-ssl was originally about CertUtils, which does all the dirty work that init-ssl would just be dressing around. I suppose one possible outcome is that we keep CertUtils for its use in the MAC and our integration tests (but maybe move it into the MAC module) and skip init-ssl as being out of scope.

          Show
          Michael Berman added a comment - Yeah, if we decide we want it, I'll definitely split it out into a subtask. I figured I'd let the discussion here play out, though, since there's already so much of it. Most of the discussion that applies to init-ssl was originally about CertUtils, which does all the dirty work that init-ssl would just be dressing around. I suppose one possible outcome is that we keep CertUtils for its use in the MAC and our integration tests (but maybe move it into the MAC module) and skip init-ssl as being out of scope.
          Hide
          Christopher Tubbs added a comment - - edited

          Summarizing the recent major points:

          1. No bouncycastle dependency
            • unless and until any possible legal obligations for crypto are described and satisfied (feature BLOCKER)
          2. Integration tests for configuration of all security options are needed
            • We need to ensure that user-provided certificates work correctly. I recommend keytool-maven-plugin with MAC. (feature BLOCKER)
            • Similar integration tests can be written as examples for how users can test their applications (and we can bake these into future Instamo versions).
          3. No automatic cert provisioning, even in MAC
            • it makes decisions about the specific security environment to be used (or tested) that does not help an informed user conscientious of security, who wants to use (or test) a specific configuration

          Regarding the proposed "init-ssl":

          1. The proposed implementation, putting CA private certs in HDFS, is a very bad idea
            • it undermines the "authority" part of the term CA. (I realize this is only one possible way this could be implemented.)
          2. The CertUtils and proposed init-ssl are attempts to make it easier for users. I think this would better be achieved by:
            • good documentation for how to generate and configure certs
            • reference existing (external) provisioning tools (like keytool, openssl, and keytool-maven-plugin)
            • examples
          3. init-ssl would be useful, but...
            • if added, it can easily wrap keytool or openssl, rather than custom provisioning code
            • it may be more useful to bake this in to the proposed Configurator (ACCUMULO-780), as an additional prompt
          Show
          Christopher Tubbs added a comment - - edited Summarizing the recent major points: No bouncycastle dependency unless and until any possible legal obligations for crypto are described and satisfied (feature BLOCKER ) Integration tests for configuration of all security options are needed We need to ensure that user-provided certificates work correctly. I recommend keytool-maven-plugin with MAC. (feature BLOCKER ) Similar integration tests can be written as examples for how users can test their applications (and we can bake these into future Instamo versions). No automatic cert provisioning, even in MAC it makes decisions about the specific security environment to be used (or tested) that does not help an informed user conscientious of security, who wants to use (or test) a specific configuration Regarding the proposed "init-ssl": The proposed implementation, putting CA private certs in HDFS, is a very bad idea it undermines the "authority" part of the term CA. (I realize this is only one possible way this could be implemented.) The CertUtils and proposed init-ssl are attempts to make it easier for users. I think this would better be achieved by: good documentation for how to generate and configure certs reference existing (external) provisioning tools (like keytool, openssl, and keytool-maven-plugin) examples init-ssl would be useful, but... if added, it can easily wrap keytool or openssl, rather than custom provisioning code it may be more useful to bake this in to the proposed Configurator ( ACCUMULO-780 ), as an additional prompt
          Hide
          Michael Berman added a comment -

          I'm assuming by "the recent major points" you're specifically talking about your own recent major points. Just clarifying because it sounds like you're asserting points that I don't believe are universally agreed upon. Some specific responses to new points that I haven't seen before upthread...

          The proposed implementation, putting CA private certs in HDFS, is a very bad idea (it undermines the "authority" part of the term CA)

          Really? All it's saying is that anyone with the password to decrypt the key is the authority. I don't believe there's anything fundamental about the concept of "authority" that requires they only work from one physical machine. As it is, if you have the instance secret, you can do whatever you want with the accumulo cluster. The root of trust has to start somewhere, and for the rest of accumulo, at the moment, that root of trust is the filesystem security on the site config. I don't see why it would be a problem for the same to be true for the SSL trust.

          init-ssl would be useful, but if added, it can easily wrap keytool or openssl, rather than custom provisioning code

          Why is wrapping keytool or openssl better than wrapping bouncycastle? The interfaces are pretty much the same, except that BC can be pulled in as a maven dependency and doesn't require a brittle connection to tools separately installed on the system in varied versions and locations.

          Show
          Michael Berman added a comment - I'm assuming by "the recent major points" you're specifically talking about your own recent major points. Just clarifying because it sounds like you're asserting points that I don't believe are universally agreed upon. Some specific responses to new points that I haven't seen before upthread... The proposed implementation, putting CA private certs in HDFS, is a very bad idea (it undermines the "authority" part of the term CA) Really? All it's saying is that anyone with the password to decrypt the key is the authority. I don't believe there's anything fundamental about the concept of "authority" that requires they only work from one physical machine. As it is, if you have the instance secret, you can do whatever you want with the accumulo cluster. The root of trust has to start somewhere, and for the rest of accumulo, at the moment, that root of trust is the filesystem security on the site config. I don't see why it would be a problem for the same to be true for the SSL trust. init-ssl would be useful, but if added, it can easily wrap keytool or openssl, rather than custom provisioning code Why is wrapping keytool or openssl better than wrapping bouncycastle? The interfaces are pretty much the same, except that BC can be pulled in as a maven dependency and doesn't require a brittle connection to tools separately installed on the system in varied versions and locations.
          Hide
          Christopher Tubbs added a comment -

          your own recent major points

          Points that haven't been addressed fully yet.

          Really?

          Yes. If everybody can behave as the CA, then this is no more secure than having every node generate its own self-signed certificate, or reusing the same certificate for every node. This mechanism adds complexity, but not more security. Further, it masquerades as extra security, by implying a particular trust model that is not actually followed. Additionally, by making the encrypted private key widely available, it reduces the security of the CA's private key to a much more attainable instance secret that's available on every box in the cluster.

          In any case, that was just a passing comment; if you actually implement it, I'll review the patch directly.

          As it is, if you have the instance secret, you can do whatever you want with the accumulo cluster.

          That's true without SSL, but it doesn't have to be true with SSL. Especially if we get ZK using SSL (or at least authenticating with certificates), we can get rid of the instance.secret entirely. I'd rather not add an additional mechanism to rely on it if we don't need to.

          Why is wrapping keytool or openssl better than wrapping bouncycastle?

          Every version of Java that can run Accumulo comes with keytool. openssl is a dependency of yum, apt, ssh, and lsb, and we don't have to package them or maintain custom code to leverage them (just documentation). keytool can use an installed bouncycastle, if it is available on the runtime system. keytool and openssl are familiar tools to system administrators and security-conscious users. They have better documentation and external support, and known security risks. They have a demonstrable level of trust, and an explicit scope, and are the de facto tools for users of more popular SSL-enabled services.

          BC can be pulled in as a maven dependency

          So can keytool-maven-plugin, which can use bouncycastle as a test dependency. We don't need to package it as an additional runtime dependency if we just want it for testing.

          Show
          Christopher Tubbs added a comment - your own recent major points Points that haven't been addressed fully yet. Really? Yes. If everybody can behave as the CA, then this is no more secure than having every node generate its own self-signed certificate, or reusing the same certificate for every node. This mechanism adds complexity, but not more security. Further, it masquerades as extra security, by implying a particular trust model that is not actually followed. Additionally, by making the encrypted private key widely available, it reduces the security of the CA's private key to a much more attainable instance secret that's available on every box in the cluster. In any case, that was just a passing comment; if you actually implement it, I'll review the patch directly. As it is, if you have the instance secret, you can do whatever you want with the accumulo cluster. That's true without SSL, but it doesn't have to be true with SSL. Especially if we get ZK using SSL (or at least authenticating with certificates), we can get rid of the instance.secret entirely. I'd rather not add an additional mechanism to rely on it if we don't need to. Why is wrapping keytool or openssl better than wrapping bouncycastle? Every version of Java that can run Accumulo comes with keytool. openssl is a dependency of yum, apt, ssh, and lsb, and we don't have to package them or maintain custom code to leverage them (just documentation). keytool can use an installed bouncycastle, if it is available on the runtime system. keytool and openssl are familiar tools to system administrators and security-conscious users. They have better documentation and external support, and known security risks. They have a demonstrable level of trust, and an explicit scope, and are the de facto tools for users of more popular SSL-enabled services. BC can be pulled in as a maven dependency So can keytool-maven-plugin, which can use bouncycastle as a test dependency. We don't need to package it as an additional runtime dependency if we just want it for testing.
          Hide
          Michael Allen added a comment -

          Yes. If everybody can behave as the CA, then this is no more secure than having every node generate its own self-signed certificate, or reusing the same certificate for every node. This mechanism adds complexity, but not more security. Further, it masquerades as extra security, by implying a particular trust model that is not actually followed. Additionally, by making the encrypted private key widely available, it reduces the security of the CA's private key to a much more attainable instance secret that's available on every box in the cluster.

          I disagree that providing an easy and automated way to set up SSL provides no more security and only adds complexity. Nor will I argue that it provides iron-clad security. It is a step along the path towards good security.

          It seems like from your previous comments, you think an administrator must make the leap from no security to all security in one bound. I think this is a mistake. Database administrators are not all familiar with SSL, and how to correctly deploy it. Deploying it properly is a mechanical issue, one that can be easily automated. (By properly I am merely referring to getting actual SSL connections working, not yet to how the certificate material is secured.) Once deployed, network sniffing attacks and man-in-the-middle attacks are thwarted, even if all Accumulo tserver nodes in the system have access to the issuing CA.

          Securing the issuing CA can just be a matter of having the administrator use a password for the root certificate's private key that is different than the instance secret. Every new node will require that that password be provided, thwarting the ability to have that node deployed unattended, but ratcheting up the security. One could also devise a scheme where the root certificate itself is kept offline until needed, further increasing one's ability to control access to it.

          Having each tserver generate its own self-signed certificate without a root cert is a non-starter from a deployment perspective. Getting the entire set of certs out to clients as the trusted set is too unwieldy to be an effective strategy. Having the certificates signed by one root implies that that entity either has access to the instance secret or to the administrators password used to secure the root certificate. My judgement is that that is a stronger security statement than having each server generate their own certificate without a root.

          That's true without SSL, but it doesn't have to be true with SSL. Especially if we get ZK using SSL (or at least authenticating with certificates), we can get rid of the instance.secret entirely. I'd rather not add an additional mechanism to rely on it if we don't need to.

          I'm not sure this changes the security equation all that much. To attack the system now you have to break into a node and find the instance secret. To break the system you describe, you would have to break into a node and find the client certificate. Having different client certificates has a better recovery strategy (invalidate that one certificate), but it isn't any better when it comes to an attacker attempting to undermine the system.

          I'm all for getting rid of secrets we do not need, BTW, don't get me wrong. Getting ZK to use SSL is also extremely laudable and a goal to reach for. I suggest Michael move forward on getting a patch in shape that automatically generates certificates, and let's hash out whether or not we think it's good enough from there.

          Let me also state one more point: getting Accumulo to the point where the norm is using SSL-based connections is crucial as a goal, especially when user credentials go in the clear over the wire otherwise on every Thrift call. Everything we can do to lower the activation barrier around setting up SSL makes the system more secure and puts up more barriers to easy attacks.

          Show
          Michael Allen added a comment - Yes. If everybody can behave as the CA, then this is no more secure than having every node generate its own self-signed certificate, or reusing the same certificate for every node. This mechanism adds complexity, but not more security. Further, it masquerades as extra security, by implying a particular trust model that is not actually followed. Additionally, by making the encrypted private key widely available, it reduces the security of the CA's private key to a much more attainable instance secret that's available on every box in the cluster. I disagree that providing an easy and automated way to set up SSL provides no more security and only adds complexity. Nor will I argue that it provides iron-clad security. It is a step along the path towards good security. It seems like from your previous comments, you think an administrator must make the leap from no security to all security in one bound. I think this is a mistake. Database administrators are not all familiar with SSL, and how to correctly deploy it. Deploying it properly is a mechanical issue, one that can be easily automated. (By properly I am merely referring to getting actual SSL connections working, not yet to how the certificate material is secured.) Once deployed, network sniffing attacks and man-in-the-middle attacks are thwarted, even if all Accumulo tserver nodes in the system have access to the issuing CA. Securing the issuing CA can just be a matter of having the administrator use a password for the root certificate's private key that is different than the instance secret. Every new node will require that that password be provided, thwarting the ability to have that node deployed unattended, but ratcheting up the security. One could also devise a scheme where the root certificate itself is kept offline until needed, further increasing one's ability to control access to it. Having each tserver generate its own self-signed certificate without a root cert is a non-starter from a deployment perspective. Getting the entire set of certs out to clients as the trusted set is too unwieldy to be an effective strategy. Having the certificates signed by one root implies that that entity either has access to the instance secret or to the administrators password used to secure the root certificate. My judgement is that that is a stronger security statement than having each server generate their own certificate without a root. That's true without SSL, but it doesn't have to be true with SSL. Especially if we get ZK using SSL (or at least authenticating with certificates), we can get rid of the instance.secret entirely. I'd rather not add an additional mechanism to rely on it if we don't need to. I'm not sure this changes the security equation all that much. To attack the system now you have to break into a node and find the instance secret. To break the system you describe, you would have to break into a node and find the client certificate. Having different client certificates has a better recovery strategy (invalidate that one certificate), but it isn't any better when it comes to an attacker attempting to undermine the system. I'm all for getting rid of secrets we do not need, BTW, don't get me wrong. Getting ZK to use SSL is also extremely laudable and a goal to reach for. I suggest Michael move forward on getting a patch in shape that automatically generates certificates, and let's hash out whether or not we think it's good enough from there. Let me also state one more point: getting Accumulo to the point where the norm is using SSL-based connections is crucial as a goal, especially when user credentials go in the clear over the wire otherwise on every Thrift call. Everything we can do to lower the activation barrier around setting up SSL makes the system more secure and puts up more barriers to easy attacks.
          Hide
          Christopher Tubbs added a comment -

          A better mechanism would be to leave the CA on one box (the master?) and have tservers generate certs and submit the public key to the master for signing. This can be automated to the same degree as the previous proposed implementation, and is far more secure. There's no reason to automate an bad method of key distribution, when a better mechanism offers the same level of convenience, and better security, with the same user experience (they still have to execute "init-ssl" on each box). This argument is not an argument against the target goal of convenience... it was simply an attempt at pointing out flaws in one possible implementation of that convenience feature.

          To break the system you describe, you would have to break into a node and find the client certificate. Having different client certificates has a better recovery strategy (invalidate that one certificate), but it isn't any better when it comes to an attacker attempting to undermine the system.

          To me, that seems like a huge change to the "security equation".

          I'm all for getting rid of secrets we do not need

          Getting SSL authentication to ZK is a harder task, and I see it as separate from this ticket (a sub-ticket, or related ticket, perhaps). We won't be able to get rid of the instance.secret until that's done (at least). I just worry that the previously proposed mechanism would create an additional (unnecessary) dependency on it.

          However, further discussions about the particular implementation of a certificate provisioning solution seems futile, though, until we can address whether provisioning should be included in the first place. If it is included, then we need to address whether it is sensible to do it with an additional dependency and custom code (rather than leverage the available tools already on the system and specifically designed for that purpose).

          Show
          Christopher Tubbs added a comment - A better mechanism would be to leave the CA on one box (the master?) and have tservers generate certs and submit the public key to the master for signing. This can be automated to the same degree as the previous proposed implementation, and is far more secure. There's no reason to automate an bad method of key distribution, when a better mechanism offers the same level of convenience, and better security, with the same user experience (they still have to execute "init-ssl" on each box). This argument is not an argument against the target goal of convenience... it was simply an attempt at pointing out flaws in one possible implementation of that convenience feature. To break the system you describe, you would have to break into a node and find the client certificate. Having different client certificates has a better recovery strategy (invalidate that one certificate), but it isn't any better when it comes to an attacker attempting to undermine the system. To me, that seems like a huge change to the "security equation". I'm all for getting rid of secrets we do not need Getting SSL authentication to ZK is a harder task, and I see it as separate from this ticket (a sub-ticket, or related ticket, perhaps). We won't be able to get rid of the instance.secret until that's done (at least). I just worry that the previously proposed mechanism would create an additional (unnecessary) dependency on it. However, further discussions about the particular implementation of a certificate provisioning solution seems futile, though, until we can address whether provisioning should be included in the first place. If it is included, then we need to address whether it is sensible to do it with an additional dependency and custom code (rather than leverage the available tools already on the system and specifically designed for that purpose).
          Hide
          Michael Allen added a comment -

          I agree that we should probably focus the conversation back on whether or not we should provision certs automatically from within Accumulo.

          My stance on that question, by the way, is unquestionably yes, we should do that from within Accumulo, no matter if we rely on keytool or BC or openssl to be the workhorse for accomplishing it.

          Show
          Michael Allen added a comment - I agree that we should probably focus the conversation back on whether or not we should provision certs automatically from within Accumulo. My stance on that question, by the way, is unquestionably yes, we should do that from within Accumulo, no matter if we rely on keytool or BC or openssl to be the workhorse for accomplishing it.
          Hide
          Michael Berman added a comment -

          Ok, in an effort to unblock this changeset from the provisioning issue (which I'll file as a separate issue), I've attached a new patch where CertUtils is pulled out of server and minicluster has no capability to generate its own certs.

          I know Christopher Tubbs wants to switch to using keytool-maven-plugin for the provisioning in our integration tests, but it doesn't actually support cert generation without JDK 1.7, and my understanding is that we want to stay 1.6 compatible for the time being. (It's also not clear that it supports generating self-signed certs without external tools even then.) So, for now, I just moved CertUtils (and the corresponding bouncycastle deps) into a test-only scope.

          I've also included an @Ignored test of our support for SSL config through JSSE system properties, however, at the moment it appears that setting JSSE system properties breaks ZK connections. This seems likely to be related to ZOOKEEPER-1554, but I'll do some more investigation and comment over there. So, I know Christopher Tubbs was pretty insistent that we support JSSE config, but should we include it even though we know it won't work, in anticipation of the ZK issues getting resolved in the future, or should we pull the support completely until there's a chance of it actually working?

          Show
          Michael Berman added a comment - Ok, in an effort to unblock this changeset from the provisioning issue (which I'll file as a separate issue), I've attached a new patch where CertUtils is pulled out of server and minicluster has no capability to generate its own certs. I know Christopher Tubbs wants to switch to using keytool-maven-plugin for the provisioning in our integration tests, but it doesn't actually support cert generation without JDK 1.7, and my understanding is that we want to stay 1.6 compatible for the time being. (It's also not clear that it supports generating self-signed certs without external tools even then.) So, for now, I just moved CertUtils (and the corresponding bouncycastle deps) into a test-only scope. I've also included an @Ignored test of our support for SSL config through JSSE system properties, however, at the moment it appears that setting JSSE system properties breaks ZK connections. This seems likely to be related to ZOOKEEPER-1554 , but I'll do some more investigation and comment over there. So, I know Christopher Tubbs was pretty insistent that we support JSSE config, but should we include it even though we know it won't work, in anticipation of the ZK issues getting resolved in the future, or should we pull the support completely until there's a chance of it actually working?
          Michael Berman made changes -
          Attachment ACCUMULO-1009_thriftSsl-2013-10-4.patch [ 12606814 ]
          Hide
          Christopher Tubbs added a comment -

          keytool-maven-plugin supports key generation prior to jdk 1.7. You just have to stick with the same keystore for both keystore and truststore for testing, until 1.7, when you can do CSRs. openssl can still do certificate generation with the exec plugin, regardless of the jdk version.

          However, I don't see an issue with a test scope solution, because we're not encouraging users to rely on Accumulo to generate certs, and we're not shipping the extra dependencies.

          As for the ZK breakage, I think it would have been nice to fall back to JSSE options configured in system properties rather than config. But if that fallback can't be tested due to the breakage of ZK, don't bother. We can add that when we can test it. It's sufficient to rely only on the context-prefixed JSSE properties carried in the configuration files.

          Show
          Christopher Tubbs added a comment - keytool-maven-plugin supports key generation prior to jdk 1.7. You just have to stick with the same keystore for both keystore and truststore for testing, until 1.7, when you can do CSRs. openssl can still do certificate generation with the exec plugin, regardless of the jdk version. However, I don't see an issue with a test scope solution, because we're not encouraging users to rely on Accumulo to generate certs, and we're not shipping the extra dependencies. As for the ZK breakage, I think it would have been nice to fall back to JSSE options configured in system properties rather than config. But if that fallback can't be tested due to the breakage of ZK, don't bother. We can add that when we can test it. It's sufficient to rely only on the context-prefixed JSSE properties carried in the configuration files.
          Hide
          John Vines added a comment -

          Christopher Tubbs it sounds like you're content with the current implementation then?

          Show
          John Vines added a comment - Christopher Tubbs it sounds like you're content with the current implementation then?
          Hide
          Christopher Tubbs added a comment -

          In principle, I haven't looked at every line of code yet.

          Show
          Christopher Tubbs added a comment - In principle, I haven't looked at every line of code yet.
          Hide
          Josh Elser added a comment -

          I haven't looked at every line of code yet.

          .... do you plan to? o.o

          Show
          Josh Elser added a comment - I haven't looked at every line of code yet. .... do you plan to? o.o
          Hide
          Christopher Tubbs added a comment -

          Sure, eventually. Don't let me be the hold-up, though. Why don't we drop it on ReviewBoard, so we can get multiple eyes on? Sean Busbey seems to have been pushing to use that a bit more.

          Show
          Christopher Tubbs added a comment - Sure, eventually. Don't let me be the hold-up, though. Why don't we drop it on ReviewBoard, so we can get multiple eyes on? Sean Busbey seems to have been pushing to use that a bit more.
          Hide
          John Vines added a comment -

          Added to review board

          Show
          John Vines added a comment - Added to review board
          John Vines made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          John Vines made changes -
          Component/s client [ 12316207 ]
          Component/s master [ 12316202 ]
          Component/s monitor [ 12316204 ]
          Component/s tserver [ 12316201 ]
          Hide
          Michael Berman added a comment -

          I filed a new review at Vines's request, so I would be the requestor of record instead of him: https://reviews.apache.org/r/15245/#

          Show
          Michael Berman added a comment - I filed a new review at Vines's request, so I would be the requestor of record instead of him: https://reviews.apache.org/r/15245/#
          Hide
          Eric Newton added a comment -

          Is this ready to go now? I have a patch, which I will attach, with attribution to Michael Berman which applies to 1.6.0-SNAPSHOT.

          Show
          Eric Newton added a comment - Is this ready to go now? I have a patch, which I will attach, with attribution to Michael Berman which applies to 1.6.0-SNAPSHOT.
          Hide
          Eric Newton added a comment -

          a git-style patch with attribution to Michael Berman

          Show
          Eric Newton added a comment - a git-style patch with attribution to Michael Berman
          Eric Newton made changes -
          Attachment ACCUMULO-1009.patch [ 12614678 ]
          Hide
          Michael Berman added a comment -

          Thanks Eric Newton. As far as I can tell, all outstanding issues have been addressed, and the reviewboard has been quiet for a while.

          Show
          Michael Berman added a comment - Thanks Eric Newton . As far as I can tell, all outstanding issues have been addressed, and the reviewboard has been quiet for a while.
          Hide
          ASF subversion and git services added a comment -

          Commit 7038755be153e11ca5ea7278d96746d72b24ea05 in branch refs/heads/master from Michael Berman
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=7038755 ]

          ACCUMULO-1009

          Signed-off-by: Eric Newton <eric.newton@gmail.com>

          Show
          ASF subversion and git services added a comment - Commit 7038755be153e11ca5ea7278d96746d72b24ea05 in branch refs/heads/master from Michael Berman [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=7038755 ] ACCUMULO-1009 Signed-off-by: Eric Newton <eric.newton@gmail.com>
          Hide
          ASF subversion and git services added a comment -

          Commit 2faafcce4d8a52a3d64fb1318f8315e7a6e0805a in branch refs/heads/1.6.0-SNAPSHOT from Michael Berman
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=2faafcc ]

          ACCUMULO-1009

          Signed-off-by: Eric Newton <eric.newton@gmail.com>

          Show
          ASF subversion and git services added a comment - Commit 2faafcce4d8a52a3d64fb1318f8315e7a6e0805a in branch refs/heads/1.6.0-SNAPSHOT from Michael Berman [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=2faafcc ] ACCUMULO-1009 Signed-off-by: Eric Newton <eric.newton@gmail.com>
          Eric Newton made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Hide
          ASF subversion and git services added a comment -

          Commit e647b1b1ba3c66c8a0fccd21c879f70c31476a69 in branch refs/heads/1.6.0-SNAPSHOT from Christopher Tubbs
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=e647b1b ]

          ACCUMULO-1009 Clean up javadocs and warnings from prior commits

          Show
          ASF subversion and git services added a comment - Commit e647b1b1ba3c66c8a0fccd21c879f70c31476a69 in branch refs/heads/1.6.0-SNAPSHOT from Christopher Tubbs [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=e647b1b ] ACCUMULO-1009 Clean up javadocs and warnings from prior commits
          Hide
          ASF subversion and git services added a comment -

          Commit de4f71e27160b8e86bcd73fcea105024d74da642 in branch refs/heads/1.6.0-SNAPSHOT from Christopher Tubbs
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=de4f71e ]

          ACCUMULO-1009 Another javadoc problem fixed

          Show
          ASF subversion and git services added a comment - Commit de4f71e27160b8e86bcd73fcea105024d74da642 in branch refs/heads/1.6.0-SNAPSHOT from Christopher Tubbs [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=de4f71e ] ACCUMULO-1009 Another javadoc problem fixed
          Hide
          ASF subversion and git services added a comment -

          Commit 5bd68ef9b751848a441cb56ca82a7e2aafdf1461 in branch refs/heads/1.6.0-SNAPSHOT from Keith Turner
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5bd68ef ]

          ACCUMULO-1009 moved ClientConfiguration into public API and removed its usage of AccumuloConfiguration

          Show
          ASF subversion and git services added a comment - Commit 5bd68ef9b751848a441cb56ca82a7e2aafdf1461 in branch refs/heads/1.6.0-SNAPSHOT from Keith Turner [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5bd68ef ] ACCUMULO-1009 moved ClientConfiguration into public API and removed its usage of AccumuloConfiguration
          Hide
          ASF subversion and git services added a comment -

          Commit 5bd68ef9b751848a441cb56ca82a7e2aafdf1461 in branch refs/heads/master from Keith Turner
          [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5bd68ef ]

          ACCUMULO-1009 moved ClientConfiguration into public API and removed its usage of AccumuloConfiguration

          Show
          ASF subversion and git services added a comment - Commit 5bd68ef9b751848a441cb56ca82a7e2aafdf1461 in branch refs/heads/master from Keith Turner [ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=5bd68ef ] ACCUMULO-1009 moved ClientConfiguration into public API and removed its usage of AccumuloConfiguration

            People

            • Assignee:
              Michael Berman
              Reporter:
              Keith Turner
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development