X509CertificateFactory (6.0 API Documentation)

java.lang.Object
- java.security.cert.CertificateFactorySpi
- - iaik.x509.CertificateFactory
  - - iaik.x509.X509CertificateFactory

```
public class X509CertificateFactory
extends CertificateFactory
```
Extends the default, JDK11x compatible IAIK CertificateFactory to add support for CertPath generating methods. Only used with JDK versions >= 1.4.
By default the IAIK provider uses a JDK 1.1.x compliant CertificateFactory. However, if a JDK version >= 1.4 is used, the IAIK provider automatically switches to this CertificateFactory implementation to support the CertPath generating methods as introduced by JDK1.4 (since they maybe required by some JREs for jar file verification).
This class extends the default IAIK CertificateFactory about methods to maybe used for generating a CertPath from a List of certificates or from its encoded representation.
Currently the following encoding formats are supported:
- "PkiPath" (default): DER encoded X.509 PkiPath
- DER: DER encoded certificate chain
- PEM: PEM encoded certificate chain
- PKCS7: PKCS#7 format (degenerate SignedData)
- NETSCAPE: Netscape CertList
When using a CertificateFactory for reading certificates from an input stream to generate a CertPath, the default ("PkiPath) encoding format maybe used, or an encoding format may be explictly specified, e.g.:
```
 CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "IAIK");
 // the stream from which to read the certificates in, e.g., PKCS#7 format
 InputStream in = ...;
 // create CertPath
 CertPath certPath = certFactory.generateCertPath(in, X509CertPath.PKCS7);
 ... 
 
```
See Also:
CertificateFactory, X509CertPath, X509Certificate

Constructor Summary

Constructors
Constructor and Description

X509CertificateFactory()

Constructors
Constructor and Description
`X509CertificateFactory()`

Method Summary

Methods
Modifier and Type	Method and Description
`java.security.cert.CertPath`	`engineGenerateCertPath(java.io.InputStream inStream)` Generates a `CertPath` object from the certificates parsed from the given input stream.
`java.security.cert.CertPath`	`engineGenerateCertPath(java.io.InputStream inStream, java.lang.String encoding)` Generates a `CertPath` object from the certificates parsed from the given input stream, encoded in the given format.
`java.security.cert.CertPath`	`engineGenerateCertPath(java.util.List certificates)` Generates a `CertPath` from the certificates contained in the given list.
`java.util.Iterator`	`engineGetCertPathEncodings()` Returns an iterator of all CertPath encoding formats supported by this CertificateFactory.

Methods inherited from class iaik.x509.CertificateFactory
engineGenerateCertificate, engineGenerateCertificates, engineGenerateCRL, engineGenerateCRLs

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - X509CertificateFactory
```
public X509CertificateFactory()
```
- Method Detail
  - engineGetCertPathEncodings
```
public java.util.Iterator engineGetCertPathEncodings()
```
    Returns an iterator of all CertPath encoding formats supported by this CertificateFactory.
    Currently the following encoding formats are supported:
    - "PkiPath" (default): DER encoded X.509 PkiPath
    - DER: DER encoded certificate chain
    - PEM: PEM encoded certificate chain
    - PKCS7: PKCS#7 format (degenerate SignedData)
    - NETSCAPE: Netscape CertList
    Overrides:
    
    engineGetCertPathEncodings in class java.security.cert.CertificateFactorySpi
    
    Returns:
    the CertPath encoding formats supported by this CertificateFactory.
  - engineGenerateCertPath
```
public java.security.cert.CertPath engineGenerateCertPath(java.util.List certificates)
                                                   throws java.security.cert.CertificateException
```
    Generates a CertPath from the certificates contained in the given list.
    The certificates are ordered in a way that the certificate at index i+1 has issued the certificate at index i. This means that the target cert is located at index 0 and the certificate that has been issued by the trust anchor is located at index (n-1). (The trust anchor itself shall not be included in the path).
    If it is not possible to order the certificates they are accepted anyway. In this case it is the responsibility of the calling application to take care to supply the certificates in the right order. If not, CertPathValidators may not successfully validate the path.
    
    Overrides:
    
    engineGenerateCertPath in class java.security.cert.CertificateFactorySpi
    
    Parameters:
    certificates - the certificate list from which to create the cert path
    
    Returns:
    a CertPath for the given certificate list
    
    Throws:
    
    java.security.cert.CertificateException - if an exception occurs while creating the cert path
    Since:
    
    1.4
  - engineGenerateCertPath
```
public java.security.cert.CertPath engineGenerateCertPath(java.io.InputStream inStream)
                                                   throws java.security.cert.CertificateException
```
    Generates a CertPath object from the certificates parsed from the given input stream. The input stream has to supply the certificates in the default encoding format (@link CertPath#DEFAULT_ENCODING_FORMAT "PkiPath"} used by this CertificateFactory/CertPath implementation:
```
 PkiPath ::= SEQUENCE OF Certificate
 
```
    The certificates in a PKI path are ordered in a way that the certificate at index i has issued the certificate at index i+1. This means that the certificate that has been issued by the trust anchor is located at index 0 and the target cert is located at index (n-1). (The trust anchor itself shall not be included in the path).
    Overrides:
    
    engineGenerateCertPath in class java.security.cert.CertificateFactorySpi
    
    Parameters:
    inStream - the input stream from which to read the pki path
    
    Returns:
    a CertPath for the certificates parsed from the pki path
    
    Throws:
    
    java.security.cert.CertificateException - if an error occurs while parsing the certificates from the pki path
    Since:
    
    1.4
  - engineGenerateCertPath
```
public java.security.cert.CertPath engineGenerateCertPath(java.io.InputStream inStream,
                                                 java.lang.String encoding)
                                                   throws java.security.cert.CertificateException
```
    Generates a CertPath object from the certificates parsed from the given input stream, encoded in the given format.
    Currently the following encoding formats are supported:
    - "PkiPath" (default): DER encoded X.509 PkiPath
    - DER: DER encoded certificate chain
    - PEM: PEM encoded certificate chain
    - PKCS7: PKCS#7 format (degenerate SignedData)
    - NETSCAPE: Netscape CertList
    Overrides:
    
    engineGenerateCertPath in class java.security.cert.CertificateFactorySpi
    
    Parameters:
    inStream - the input stream from which to path the certificates
    encoding - the encoding format that has been used for encoding the certificates
    
    Returns:
    a CertPath for the certificates parsed from the stream
    
    Throws:
    
    java.security.cert.CertificateException - if an error occurs while parsing the certificates or the given encoding format is not supported
    Since:
    
    1.4

Class X509CertificateFactory

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.CertificateFactory

Methods inherited from class java.lang.Object

Constructor Detail

X509CertificateFactory

Method Detail

engineGetCertPathEncodings

engineGenerateCertPath

engineGenerateCertPath

engineGenerateCertPath