Author(s)Hemma Prafullchandra, Jan Luehe, Sean Mullan
This class defines the functionality of a certificate factory, which is
used to generate certificate, certification path (CertPath)
and certificate revocation list (CRL) objects from their encodings.
For encodings consisting of multiple certificates, use
generateCertificates when you want to
parse a collection of possibly unrelated certificates. Otherwise,
use generateCertPath when you want to generate
a CertPath (a certificate chain) and subsequently
validate it with a CertPathValidator.
A certificate factory for X.509 must return certificates that are an
instance of java.security.cert.X509Certificate, and CRLs
that are an instance of java.security.cert.X509CRL.
The following example reads a file with Base64 encoded certificates,
which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and
bounded at the end by -----END CERTIFICATE-----. We convert the
FileInputStream (which does not support mark
and reset) to a BufferedInputStream (which
supports those methods), so that each call to
generateCertificate consumes only one certificate, and the
read position of the input stream is positioned to the next certificate in
the file:
FileInputStream fis = new FileInputStream(filename);
BufferedInputStream bis = new BufferedInputStream(fis);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
while (bis.available() > 0) {
Certificate cert = cf.generateCertificate(bis);
System.out.println(cert.toString());
}
The following example parses a PKCS#7-formatted certificate reply stored
in a file and extracts all the certificates from it:
FileInputStream fis = new FileInputStream(filename);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection c = cf.generateCertificates(fis);
Iterator i = c.iterator();
while (i.hasNext()) {
Certificate cert = (Certificate)i.next();
System.out.println(cert);
}
CertPath) and certificate revocation list (CRL) objects from their encodings.For encodings consisting of multiple certificates, use
generateCertificateswhen you want to parse a collection of possibly unrelated certificates. Otherwise, usegenerateCertPathwhen you want to generate aCertPath(a certificate chain) and subsequently validate it with aCertPathValidator.A certificate factory for X.509 must return certificates that are an instance of
java.security.cert.X509Certificate, and CRLs that are an instance ofjava.security.cert.X509CRL.The following example reads a file with Base64 encoded certificates, which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and bounded at the end by -----END CERTIFICATE-----. We convert the
FileInputStream(which does not supportmarkandreset) to aBufferedInputStream(which supports those methods), so that each call togenerateCertificateconsumes only one certificate, and the read position of the input stream is positioned to the next certificate in the file:FileInputStream fis = new FileInputStream(filename); BufferedInputStream bis = new BufferedInputStream(fis); CertificateFactory cf = CertificateFactory.getInstance("X.509"); while (bis.available() > 0) { Certificate cert = cf.generateCertificate(bis); System.out.println(cert.toString()); }The following example parses a PKCS#7-formatted certificate reply stored in a file and extracts all the certificates from it:
FileInputStream fis = new FileInputStream(filename); CertificateFactory cf = CertificateFactory.getInstance("X.509"); Collection c = cf.generateCertificates(fis); Iterator i = c.iterator(); while (i.hasNext()) { Certificate cert = (Certificate)i.next(); System.out.println(cert); }