This class defines methods for parsing
certificates, certificate chains (certification paths) and
certificate
revocation lists (CRLs) from byte streams. Obtain a
CertificateFactory by calling one of the static
getInstance( ) factory methods and specifying the
type of certificate or CRL to be parsed, and, optionally, the desired
service provider to perform the parsing. The default
"SUN" provider defines only a
single "X.509" certificate type, so
you typically obtain a CertificateFactory with
this code:
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Once you have obtained a CertificateFactory for
the desired type of certificate, call
generateCertificate( ) to
parse a Certificate from a specified byte stream,
or call generateCertificates( ) to
parse a group of unrelated certificates (i.e. certificates that do
not form a certificate chain) from a stream and return them as a
Collection of Certificate
objects. Similarly, call generateCRL( ) to parse a
single CRL object from a stream, and call generateCRLs(
) to parse a Collection of
CRL objects from the stream. These
CertificateFactory methods read to the end of the
specified stream. If the stream supports mark( ) and
reset(
), however, the CertificateFactory
resets the stream to the position after the end of the last
certificate or CRL read. If you specified a certificate type of
"X.509", the
Certificate and CRL objects
returned by a CertificateFactory can be cast
safely to X509Certificate and
X509CRL. A certificate factory for X.509
certificates can parse certificates encoded in binary or printable
hexadecimal form. If the certificate is in hexadecimal form, it must
begin with the string "-BEGIN
CERTIFICATE-" and end with the string
"-END
CERTIFICATE-".
The generateCertPath(
) methods return a CertPath
object representing a certificate chain. These methods can create a
CertPath object from a List of
Certificate object, or by reading the chained
certificates from a stream. Specify the
encoding of the certificate chain by
passing the name of the encoding standard to
generateCertPath( ). The default
"SUN" provider supports the
"PKCS7" and the
"PkiPath" encodings.
getCertPathEncoding(
) returns an Iterator of the
encodings supported by the current provider. The first encoding
returned by the iterator is the default used when no encoding is
explicitly specified.
public class CertificateFactory {
// Protected Constructors
protected CertificateFactory(CertificateFactorySpi certFacSpi,
java.security.Provider provider, String type);
// Public Class Methods
public static final CertificateFactory getInstance(String type)
throws CertificateException;
1.4 public static final CertificateFactory getInstance(String type,
java.security.Provider provider)
throws CertificateException;
public static final CertificateFactory getInstance(String type,
String provider)
throws CertificateException, java.security.NoSuchProviderException;
// Public Instance Methods
public final java.security.cert.Certificate generateCertificate
(java.io.InputStream inStream)
throws CertificateException;
public final java.util.Collection<? extends java.security.cert.Certificate>
generateCertificates(java.io.InputStream inStream)
throws CertificateException;
1.4 public final CertPath generateCertPath(java.util.List<?
extends java.security.cert.Certificate> certificates)
throws CertificateException;
1.4 public final CertPath generateCertPath(java.io.InputStream inStream)
throws CertificateException;
1.4 public final CertPath generateCertPath(java.io.InputStream inStream,
String encoding)
throws CertificateException;
public final CRL generateCRL(java.io.InputStream inStream)
throws CRLException;
public final java.util.Collection<? extends CRL> generateCRLs
(java.io.InputStream inStream)
throws CRLException;
1.4 public final java.util.Iterator<String> getCertPathEncodings( );
public final java.security.Provider getProvider( );
public final String getType( );
}
