public abstract class CertificateFactorySpi
extends java.lang.Object
CertificateFactory
class. All
the abstract methods in this class must be implemented by each cryptographic service provider who wishes to supply
the implementation of a certificate factory for a particular certificate type, e.g., X.509.
Certificate factories are used to generate certificate, certification path (CertPath
) and certificate
revocation list (CRL) objects from their encodings.
A certificate factory for X.509 must return certificates that are an instance of
java.security.cert.X509Certificate
, and CRLs that are an instance of java.security.cert.X509CRL
.
CertificateFactory
,
Certificate
,
X509Certificate
Constructor and Description |
---|
CertificateFactorySpi() |
Modifier and Type | Method and Description |
---|---|
abstract Certificate |
engineGenerateCertificate(java.io.InputStream inStream)
Generates a certificate object and initializes it with the data read from the input stream
inStream . |
public abstract Certificate engineGenerateCertificate(java.io.InputStream inStream) throws CertificateException
inStream
.
In order to take advantage of the specialized certificate format supported by this certificate factory, the
returned certificate object can be typecast to the corresponding certificate class. For example, if this
certificate factory implements X.509 certificates, the returned certificate object can be typecast to the
X509Certificate
class.
In the case of a certificate factory for X.509 certificates, the certificate provided in inStream
must be
DER-encoded and may be supplied in binary or printable (Base64) encoding. If the certificate is provided in
Base64 encoding, it must be bounded at the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at the
end by -----END CERTIFICATE-----.
Note that if the given input stream does not support mark
and
reset
, this method will consume the entire input stream. Otherwise, each call
to this method consumes one certificate and the read position of the input stream is positioned to the next
available byte after the inherent end-of-certificate marker. If the data in the input stream does not contain an
inherent end-of-certificate marker (other than EOF) and there is trailing data after the certificate is parsed, a
CertificateException
is thrown.
inStream
- an input stream with the certificate data.CertificateException
- on parsing errors.