Re: Certificate classes in java.security.certvs.javax.security.cert

David Brownell (db@Eng)
Tue, 02 Mar 1999 09:36:37 -0800

Date: Tue, 02 Mar 1999 09:36:37 -0800
From: David Brownell <db@Eng>
To: Vishal Goenka <VGOENKA@novell.com>
Subject: Re: Certificate classes in java.security.certvs.javax.security.cert

The "javax" classes works on JDK 1.1, and have been public
longer than the similar JDK 1.2 "java" versions. There's
also a functionality difference -- the original X509 support
in JDK 1.1 exposed X509v1 functionality, and in JDK 1.2 it
also exposes X509v3 functionality.

Arguably, the whole cert package should have been in "javax"
so that both versions of the Java Platform could support the
same apps without forcing an API switch, but that's not how
it was done.

The plan of record has been to update the SSL APIs so they also
support JDK 1.2, as well as to expose the certificate and trust
management APIs needed to self-authenticate using SSL, but I
don't know that such updates have been provided yet. You
should be able to use the binary (DER) form of a cert as an
interchange format, readable by both packages.

- Dave

Vishal Goenka wrote:
>
> The certificate classes in java.security.cert and javax.security.cert have no common inheritance and are almost identical. The java.security.cert package seems to be more complete (in the sense of having more classes) than the javax.security.cert, so what is the point of javax.security.cert. How is one supposed to bridge the two separate classes. For example, if I want to use a java.security.cert.X509Certificate (retrived from a keystore) with the SSL package which accepts only javax.security.cert.X509Certificate
>
> Thanks in advance,
> Vishal