public class X509CertificateFactory
This class is the X509 CertificateFactory that ensures tries to
convert PKCS#7 to ordered cert paths that can be passed to the
CLV validator, which only accepts ordered X509 cert paths.
We wrote this implementation because the SUN X509 CertificateFactory
does not order CertPaths that come from PKCS#7, which is an unordered
This implementation delegates all the work to the SUN X509 CertificateFactory,
then orders CertPaths that were decoded from PKCS#7. Rather than reject
un-orderable PKCS#7 certificates, it returns them in their original order.
This was done so that we would not restrict the PKCS#7 cert paths that
could be decoded by this JDK (since this provider will be installed as the
default X509 CertificateFactory for this JDK).
This doesn't create a hole for the CLV validator since it detects if the
cert path is either unordered or non-X509, and if so, throws an
IllegalArgumentException. This means that CLV providers can rely on
only receiving ordered, X509 cert paths.