There are certain use cases where it would be more efficient to use a lazy X509Certificate implementation; that is one which the parsing of the certificate is delayed until a method is called that accesses a field or extension in the certificate (ex: getSubjectX500Principal). Some use cases never actually need to parse the contents of the certificate, or only need to instantiate the Certificate for a subsequent byte array comparison (ex: CodeSource.equals).