Re: Certificate classes in java.security.cert vs.javax.security.cert

Jeff Nisewanger (jdn@puuoo.eng.sun.com)
Tue, 2 Mar 1999 11:51:26 -0800 (PST)

Date: Tue, 2 Mar 1999 11:51:26 -0800 (PST)
From: Jeff Nisewanger <jdn@puuoo.eng.sun.com>
Subject: Re: Certificate classes in java.security.cert vs.javax.security.cert
To: java-security@java.Sun.COM, VGOENKA@novell.com

> The certificate classes in java.security.cert and javax.security.cert
> have no common inheritance and are almost identical. The
> java.security.cert package seems to be more complete (in the sense of
> having more classes) than the javax.security.cert, so what is the point
> of javax.security.cert. How is one supposed to bridge the two separate
> classes. For example, if I want to use a
> java.security.cert.X509Certificate (retrived from a keystore) with the
> SSL package which accepts only javax.security.cert.X509Certificate.

The javax.security.cert package was created to provide a
minimal X.509 certificate api for use on JDK1.1.x platforms. The new
java.security.cert api in Java 2 is a superset of the javax api. Although
intentionally similar to use, they are seperate certificate class hierarchies
and there are some differences in how certificate instances can be
created.

In both apis it is easy to get the raw ASN.1 encoding of the
certificate via the getEncoded() method. This can then be used
to trivially construct a new certificate instance of the preferred type.
The javax.security.cert package will eventually be deprecated in favor
of the certificate support in the Java 2 core api.

Jeff