|
JavaTM 2 Platform Standard Edition |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.cert.CertificateFactory
This class defines the functionality of a certificate factory, which is used to generate certificate and certificate revocation list (CRL) objects from their encodings.
A certificate factory for X.509 must return certificates that are an
instance of java.security.cert.X509Certificate
, and CRLs
that are an instance of java.security.cert.X509CRL
.
The following example reads a file with Base64 encoded certificates,
which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and
bounded at the end by -----END CERTIFICATE-----. We convert the
FileInputStream
(which does not support mark
and reset
) to a ByteArrayInputStream
(which
supports those methods), so that each call to
generateCertificate
consumes only one certificate, and the
read position of the input stream is positioned to the next certificate in
the file:
FileInputStream fis = new FileInputStream(filename); DataInputStream dis = new DataInputStream(fis); CertificateFactory cf = CertificateFactory.getInstance("X.509"); byte[] bytes = new byte[dis.available()]; dis.readFully(bytes); ByteArrayInputStream bais = new ByteArrayInputStream(bytes); while (bais.available() > 0) { Certificate cert = cf.generateCertificate(bais); System.out.println(cert.toString()); }
The following example parses a PKCS#7-formatted certificate reply stored in a file and extracts all the certificates from it:
FileInputStream fis = new FileInputStream(filename); CertificateFactory cf = CertificateFactory.getInstance("X.509"); Collection c = cf.generateCertificates(fis); Iterator i = c.iterator(); while (i.hasNext()) { Certificate cert = (Certificate)i.next(); System.out.println(cert); }
Certificate
,
X509Certificate
,
CRL
,
X509CRL
Constructor Summary | |
protected |
CertificateFactory(CertificateFactorySpi certFacSpi,
Provider provider,
String type)
Creates a CertificateFactory object of the given type, and encapsulates the given provider implementation (SPI object) in it. |
Method Summary | |
Certificate |
generateCertificate(InputStream inStream)
Generates a certificate object and initializes it with the data read from the input stream inStream . |
Collection |
generateCertificates(InputStream inStream)
Returns a (possibly empty) collection view of the certificates read from the given input stream inStream . |
CRL |
generateCRL(InputStream inStream)
Generates a certificate revocation list (CRL) object and initializes it with the data read from the input stream inStream . |
Collection |
generateCRLs(InputStream inStream)
Returns a (possibly empty) collection view of the CRLs read from the given input stream inStream . |
static CertificateFactory |
getInstance(String type)
Generates a certificate factory object that implements the specified certificate type. |
static CertificateFactory |
getInstance(String type,
String provider)
Generates a certificate factory object for the specified certificate type from the specified provider. |
Provider |
getProvider()
Returns the provider of this certificate factory. |
String |
getType()
Returns the name of the certificate type associated with this certificate factory. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Constructor Detail |
protected CertificateFactory(CertificateFactorySpi certFacSpi, Provider provider, String type)
certFacSpi
- the provider implementation.provider
- the provider.type
- the certificate type.Method Detail |
public static final CertificateFactory getInstance(String type) throws CertificateException
type
- the name of the requested certificate type.
See Appendix A in the
Java Cryptography Architecture API Specification & Reference
for information about standard certificate types.public static final CertificateFactory getInstance(String type, String provider) throws CertificateException, NoSuchProviderException
type
- the certificate typeprovider
- the name of the provider.Provider
public final Provider getProvider()
public final String getType()
public final Certificate generateCertificate(InputStream inStream) throws CertificateException
inStream
.
The given input stream inStream
must contain a single
certificate.
In order to take advantage of the specialized certificate format
supported by this certificate factory,
the returned certificate object can be typecast to the corresponding
certificate class. For example, if this certificate
factory implements X.509 certificates, the returned certificate object
can be typecast to the X509Certificate
class.
In the case of a certificate factory for X.509 certificates, the
certificate provided in inStream
must be DER-encoded and
may be supplied in binary or printable (Base64) encoding. If the
certificate is provided in Base64 encoding, it must be bounded at
the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at
the end by -----END CERTIFICATE-----.
Note that if the given input stream does not support
mark
and
reset
, this method will
consume the entire input stream.
inStream
- an input stream with the certificate data.public final Collection generateCertificates(InputStream inStream) throws CertificateException
inStream
.
In order to take advantage of the specialized certificate format
supported by this certificate factory, each element in
the returned collection view can be typecast to the corresponding
certificate class. For example, if this certificate
factory implements X.509 certificates, the elements in the returned
collection can be typecast to the X509Certificate
class.
In the case of a certificate factory for X.509 certificates,
inStream
may contain a sequence of DER-encoded certificates
in the formats described for
generateCertificate
.
In addition, inStream
may contain a PKCS#7 certificate
chain. This is a PKCS#7 SignedData object, with the only
significant field being certificates. In particular, the
signature and the contents are ignored. This format allows multiple
certificates to be downloaded at once. If no certificates are present,
an empty collection is returned.
Note that if the given input stream does not support
mark
and
reset
, this method will
consume the entire input stream.
inStream
- the input stream with the certificates.public final CRL generateCRL(InputStream inStream) throws CRLException
inStream
.
In order to take advantage of the specialized CRL format
supported by this certificate factory,
the returned CRL object can be typecast to the corresponding
CRL class. For example, if this certificate
factory implements X.509 CRLs, the returned CRL object
can be typecast to the X509CRL
class.
Note that if the given input stream does not support
mark
and
reset
, this method will
consume the entire input stream.
inStream
- an input stream with the CRL data.public final Collection generateCRLs(InputStream inStream) throws CRLException
inStream
.
In order to take advantage of the specialized CRL format
supported by this certificate factory, each element in
the returned collection view can be typecast to the corresponding
CRL class. For example, if this certificate
factory implements X.509 CRLs, the elements in the returned
collection can be typecast to the X509CRL
class.
In the case of a certificate factory for X.509 CRLs,
inStream
may contain a sequence of DER-encoded CRLs.
In addition, inStream
may contain a PKCS#7 CRL
set. This is a PKCS#7 SignedData object, with the only
significant field being crls. In particular, the
signature and the contents are ignored. This format allows multiple
CRLs to be downloaded at once. If no CRLs are present,
an empty collection is returned.
Note that if the given input stream does not support
mark
and
reset
, this method will
consume the entire input stream.
inStream
- the input stream with the CRLs.
|
JavaTM 2 Platform Standard Edition |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |