CertificateFactory

public class CertificateFactory extends Object

This class defines the functionality of a certificate factory, which is used to generate certificate, certification path (CertPath) and certificate revocation list (CRL) objects from their encodings.

For encodings consisting of multiple certificates, use generateCertificates when you want to parse a collection of possibly unrelated certificates. Otherwise, use generateCertPath when you want to generate a CertPath (a certificate chain) and subsequently validate it with a CertPathValidator.

A certificate factory for X.509 must return certificates that are an instance of java.security.cert.X509Certificate, and CRLs that are an instance of java.security.cert.X509CRL.

The following example reads a file with Base64 encoded certificates, which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and bounded at the end by -----END CERTIFICATE-----. We convert the FileInputStream (which does not support mark and reset) to a BufferedInputStream (which supports those methods), so that each call to generateCertificate consumes only one certificate, and the read position of the input stream is positioned to the next certificate in the file:

 FileInputStream fis = new FileInputStream(filename);
 BufferedInputStream bis = new BufferedInputStream(fis);

 CertificateFactory cf = CertificateFactory.getInstance("X.509");

 while (bis.available() > 0) {
    Certificate cert = cf.generateCertificate(bis);
    System.out.println(cert.toString());
 }
 

The following example parses a PKCS#7-formatted certificate reply stored in a file and extracts all the certificates from it:

 FileInputStream fis = new FileInputStream(filename);
 CertificateFactory cf = CertificateFactory.getInstance("X.509");
 Collection c = cf.generateCertificates(fis);
 Iterator i = c.iterator();
 while (i.hasNext()) {
    Certificate cert = (Certificate)i.next();
    System.out.println(cert);
 }
 

Android provides the following CertificateFactory types:

Name Supported (API Levels)
X.509 1+
and the following CertPath encodings:
Name Supported (API Levels)
PKCS7 1+
PkiPath 1+
The type and encodings are described in the CertificateFactory section and the CertPath Encodings section of the Java Cryptography Architecture Standard Algorithm Name Documentation.

Protected Constructor Summary

CertificateFactory(CertificateFactorySpi certFacSpi, Provider provider, String type)
Creates a CertificateFactory object of the given type, and encapsulates the given provider implementation (SPI object) in it.

Public Method Summary

final CRL
generateCRL(InputStream inStream)
Generates a certificate revocation list (CRL) object and initializes it with the data read from the input stream inStream.
final Collection<? extends CRL>
generateCRLs(InputStream inStream)
Returns a (possibly empty) collection view of the CRLs read from the given input stream inStream.
final CertPath
generateCertPath(List<? extends Certificate> certificates)
Generates a CertPath object and initializes it with a List of Certificates.
final CertPath
generateCertPath(InputStream inStream)
Generates a CertPath object and initializes it with the data read from the InputStream inStream.
final CertPath
generateCertPath(InputStream inStream, String encoding)
Generates a CertPath object and initializes it with the data read from the InputStream inStream.
final Certificate
generateCertificate(InputStream inStream)
Generates a certificate object and initializes it with the data read from the input stream inStream.
final Collection<? extends Certificate>
generateCertificates(InputStream inStream)
Returns a (possibly empty) collection view of the certificates read from the given input stream inStream.
final Iterator<String>
getCertPathEncodings()
Returns an iteration of the CertPath encodings supported by this certificate factory, with the default encoding first.
final static CertificateFactory
getInstance(String type)
Returns a certificate factory object that implements the specified certificate type.
final static CertificateFactory
getInstance(String type, String provider)
Returns a certificate factory object for the specified certificate type.
final static CertificateFactory
getInstance(String type, Provider provider)
Returns a certificate factory object for the specified certificate type.
final Provider
getProvider()
Returns the provider of this certificate factory.
final String
getType()
Returns the name of the certificate type associated with this certificate factory.

Inherited Method Summary

Protected Constructors

protected CertificateFactory (CertificateFactorySpi certFacSpi, Provider provider, String type)

Creates a CertificateFactory object of the given type, and encapsulates the given provider implementation (SPI object) in it.

Parameters
certFacSpi the provider implementation.
provider the provider.
type the certificate type.

Public Methods

public final CRL generateCRL (InputStream inStream)

Generates a certificate revocation list (CRL) object and initializes it with the data read from the input stream inStream.

In order to take advantage of the specialized CRL format supported by this certificate factory, the returned CRL object can be typecast to the corresponding CRL class. For example, if this certificate factory implements X.509 CRLs, the returned CRL object can be typecast to the X509CRL class.

Note that if the given input stream does not support