Abstract class for managing a variety of identity certificates.
An identity certificate is a guarantee by a principal that
a public key is that of another principal.  (A principal represents
an entity such as an individual user, a group, or a corporation.)

This class is an abstraction for certificates that have different
formats but important common uses.  For example, different types of
certificates, such as X.509 and PGP, share general certificate
functionality (like encoding and verifying) and
some types of information (like a public key).

X.509, PGP, and SDSI certificates can all be implemented by
subclassing the Certificate class, even though they contain different
sets of information, and they store and retrieve the information in
different ways.

Note: The classes in the package javax.security.cert
exist for compatibility with earlier versions of the
Java Secure Sockets Extension (JSSE). New applications should instead
use the standard Java SE certificate classes located in
java.security.cert.

Certificate Encoding Exception. This is thrown whenever an error
occurs whilst attempting to encode a certificate.

Note: The classes in the package javax.security.cert
exist for compatibility with earlier versions of the
Java Secure Sockets Extension (JSSE). New applications should instead
use the standard Java SE certificate classes located in
java.security.cert.

This exception indicates one of a variety of certificate problems.

Note: The classes in the package javax.security.cert
exist for compatibility with earlier versions of the
Java Secure Sockets Extension (JSSE). New applications should instead
use the standard Java SE certificate classes located in
java.security.cert.

Certificate Expired Exception. This is thrown whenever the current
Date or the specified Date is after the
notAfter date/time specified in the validity period
of the certificate.

Note: The classes in the package javax.security.cert
exist for compatibility with earlier versions of the
Java Secure Sockets Extension (JSSE). New applications should instead
use the standard Java SE certificate classes located in
java.security.cert.

Certificate is not yet valid exception. This is thrown whenever
the current Date or the specified Date
is before the notBefore date/time in the Certificate
validity period.

Note: The classes in the package javax.security.cert
exist for compatibility with earlier versions of the
Java Secure Sockets Extension (JSSE). New applications should instead
use the standard Java SE certificate classes located in
java.security.cert.

Certificate Parsing Exception. This is thrown whenever
invalid DER encoded certificate is parsed or unsupported DER features
are found in the Certificate.

Note: The classes in the package javax.security.cert
exist for compatibility with earlier versions of the
Java Secure Sockets Extension (JSSE). New applications should instead
use the standard Java SE certificate classes located in
java.security.cert.

Abstract class for X.509 v1 certificates. This provides a standard
way to access all the version 1 attributes of an X.509 certificate.
Attributes that are specific to X.509 v2 or v3 are not available
through this interface. Future API evolution will provide full access to
complete X.509 v3 attributes.

The basic X.509 format was defined by
ISO/IEC and ANSI X9 and is described below in ASN.1:


Certificate  ::=  SEQUENCE  {
    tbsCertificate       TBSCertificate,
    signatureAlgorithm   AlgorithmIdentifier,
    signature            BIT STRING  }

These certificates are widely used to support authentication and
other functionality in Internet security systems. Common applications
include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL),
code signing for trusted software distribution, and Secure Electronic
Transactions (SET).

These certificates are managed and vouched for by Certificate
Authorities (CAs). CAs are services which create certificates by
placing data in the X.509 standard format and then digitally signing
that data. CAs act as trusted third parties, making introductions
between principals who have no direct knowledge of each other.
CA certificates are either signed by themselves, or by some other
CA such as a "root" CA.

The ASN.1 definition of tbsCertificate is:


TBSCertificate  ::=  SEQUENCE  {
    version         [0]  EXPLICIT Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    signature            AlgorithmIdentifier,
    issuer               Name,
    validity             Validity,
    subject              Name,
    subjectPublicKeyInfo SubjectPublicKeyInfo,
    }

Here is sample code to instantiate an X.509 certificate:


InputStream inStream = new FileInputStream("fileName-of-cert");
X509Certificate cert = X509Certificate.getInstance(inStream);
inStream.close();
OR


byte[] certData = <certificate read from a file, say>
X509Certificate cert = X509Certificate.getInstance(certData);

In either case, the code that instantiates an X.509 certificate
consults the value of the cert.provider.x509v1 security property
to locate the actual implementation or instantiates a default implementation.

The cert.provider.x509v1 property is set to a default
implementation for X.509 such as:


cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl

The value of this cert.provider.x509v1 property has to be
changed to instantiate another implementation. If this security
property is not set, a default implementation will be used.
Currently, due to possible security restrictions on access to
Security properties, this value is looked up and cached at class
initialization time and will fallback on a default implementation if
the Security property is not accessible.

Note: The classes in the package javax.security.cert
exist for compatibility with earlier versions of the
Java Secure Sockets Extension (JSSE). New applications should instead
use the standard Java SE certificate classes located in
java.security.cert.