The javax cert package was a subset derived from an early beta
release of JDK1.2. We did this, reluctantly, so that the SSL api could
be used on JDK1.1-based platforms which did not come with an X.509
certificate api. When running under JDK1.2 the javax cert api can be
trivially implemented by simply delegating calls on javax cert objects
to instances of java.security.cert certs. Applications using the SSL
api can continue to use the javax cert api and, in that way, can run on
either JDK1.1 or 1.2. Applications running on JDK1.2 that want a more
complete certificate api than is present in the javax api can trivially
using the javax api to get the DER encoding of the certificate and then
create an instance of a java.security.cert.X509Certificate from that.
A bit awkward, but it works. A future revision of the SSL api will
almost certainly add new methods which will return JDK1.2 certificates
directly.
>
> I realise this spec is a bit old, but are you going to update it to
> reflect Java 2 or is it a dead spec? If it is going to be updated, is
> there an estimate of when?
Yes, it is a bit stale. We plan to update it in the near future
and will soon begin work under the new Java Standard Extension
Open Development Process on a new revision of the api. I look forward
to your participation.
>
> I have checked the other Java SSL implementations and each one has a
> different API (including ours, obviously). This isn't too good for the
> developer community!
No, but it has been somewhat inevitable given earlier product
needs to support JDK1.0 platforms and some incomplete JDK1.1
platform implementations.
Jeff