/* * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package javax.security.auth.x500; import java.io.*; import java.security.Principal; import java.util.Collections; import java.util.Map; import sun.security.x509.X500Name; import sun.security.util.*; /** *
This class represents an X.500 Principal
.
* X500Principal
s are represented by distinguished names such as
* "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US".
*
*
This class can be instantiated by using a string representation * of the distinguished name, or by using the ASN.1 DER encoded byte * representation of the distinguished name. The current specification * for the string representation of a distinguished name is defined in * RFC 2253: Lightweight * Directory Access Protocol (v3): UTF-8 String Representation of * Distinguished Names. This class, however, accepts string formats from * both RFC 2253 and RFC 1779: * A String Representation of Distinguished Names, and also recognizes * attribute type keywords whose OIDs (Object Identifiers) are defined in * RFC 3280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. * *
The string representation for this X500Principal
* can be obtained by calling the getName
methods.
*
*
Note that the getSubjectX500Principal
and
* getIssuerX500Principal
methods of
* X509Certificate
return X500Principals representing the
* issuer and subject fields of the certificate.
*
* @see java.security.cert.X509Certificate
* @since 1.4
*/
public final class X500Principal implements Principal, java.io.Serializable {
private static final long serialVersionUID = -500463348111345721L;
/**
* RFC 1779 String format of Distinguished Names.
*/
public static final String RFC1779 = "RFC1779";
/**
* RFC 2253 String format of Distinguished Names.
*/
public static final String RFC2253 = "RFC2253";
/**
* Canonical String format of Distinguished Names.
*/
public static final String CANONICAL = "CANONICAL";
/**
* The X500Name representing this principal.
*
* NOTE: this field is reflectively accessed from within X500Name.
*/
private transient X500Name thisX500Name;
/**
* Creates an X500Principal by wrapping an X500Name.
*
* NOTE: The constructor is package private. It is intended to be accessed
* using privileged reflection from classes in sun.security.*.
* Currently referenced from sun.security.x509.X500Name.asX500Principal().
*/
X500Principal(X500Name x500Name) {
thisX500Name = x500Name;
}
/**
* Creates an X500Principal
from a string representation of
* an X.500 distinguished name (ex:
* "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").
* The distinguished name must be specified using the grammar defined in
* RFC 1779 or RFC 2253 (either format is acceptable).
*
*
This constructor recognizes the attribute type keywords
* defined in RFC 1779 and RFC 2253
* (and listed in {@link #getName(String format) getName(String format)}),
* as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS,
* GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose OIDs are
* defined in RFC 3280 and its successor.
* Any other attribute type must be specified as an OID.
*
* @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format
* @exception NullPointerException if the This constructor recognizes the attribute type keywords specified
* in {@link #X500Principal(String)} and also recognizes additional
* keywords that have entries in the The read position of the input stream is positioned
* to the next available byte after the encoded distinguished name.
*
* @param is an This method is equivalent to calling
* If "RFC1779" is specified as the format,
* this method emits the attribute type keywords defined in
* RFC 1779 (CN, L, ST, O, OU, C, STREET).
* Any other attribute type is emitted as an OID.
*
* If "RFC2253" is specified as the format,
* this method emits the attribute type keywords defined in
* RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID).
* Any other attribute type is emitted as an OID.
* Under a strict reading, RFC 2253 only specifies a UTF-8 string
* representation. The String returned by this method is the
* Unicode string achieved by decoding this UTF-8 representation.
*
* If "CANONICAL" is specified as the format,
* this method returns an RFC 2253 conformant string representation
* with the following additional canonicalizations:
*
* Additional standard formats may be introduced in the future.
*
* @param format the format to use
*
* @return a string representation of this This method returns Strings in the format as specified in
* {@link #getName(String)} and also emits additional attribute type
* keywords for OIDs that have entries in the Additional standard formats may be introduced in the future.
*
* Warning: additional attribute type keywords may not be recognized
* by other implementations; therefore do not use this method if
* you are unsure if these keywords will be recognized by other
* implementations.
*
* @param format the format to use
* @param oidMap an OID map, where each key is an object identifier in
* String form (a sequence of nonnegative integers separated by periods)
* that maps to a corresponding attribute type keyword String.
* The map may be empty but never Note that the byte array returned is cloned to protect against
* subsequent modifications.
*
* @return a byte array containing the distinguished name in ASN.1 DER
* encoded form
*/
public byte[] getEncoded() {
try {
return thisX500Name.getEncoded();
} catch (IOException e) {
throw new RuntimeException("unable to get encoding", e);
}
}
/**
* Return a user-friendly string representation of this
* Specifically, this method returns This implementation is compliant with the requirements of RFC 3280.
*
* @param o Object to be compared for equality with this
* The hash code is calculated via:
* name
* is null
* @exception IllegalArgumentException if the name
* is improperly specified
*/
public X500Principal(String name) {
this(name, (MapX500Principal
from a string representation of
* an X.500 distinguished name (ex:
* "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").
* The distinguished name must be specified using the grammar defined in
* RFC 1779 or RFC 2253 (either format is acceptable).
*
* keywordMap
parameter.
* Keyword entries in the keywordMap take precedence over the default
* keywords recognized by X500Principal(String)
. Keywords
* MUST be specified in all upper-case, otherwise they will be ignored.
* Improperly specified keywords are ignored; however if a keyword in the
* name maps to an improperly specified OID, an
* IllegalArgumentException
is thrown. It is permissible to
* have 2 different keywords that map to the same OID.
*
* @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format
* @param keywordMap an attribute type keyword map, where each key is a
* keyword String that maps to a corresponding object identifier in String
* form (a sequence of nonnegative integers separated by periods). The map
* may be empty but never null
.
* @exception NullPointerException if name
or
* keywordMap
is null
* @exception IllegalArgumentException if the name
is
* improperly specified or a keyword in the name
maps to an
* OID that is not in the correct form
* @since 1.6
*/
public X500Principal(String name, MapX500Principal
from a distinguished name in
* ASN.1 DER encoded form. The ASN.1 notation for this structure is as
* follows.
*
*
* @param name a byte array containing the distinguished name in ASN.1
* DER encoded form
* @throws IllegalArgumentException if an encoding error occurs
* (incorrect form for DN)
*/
public X500Principal(byte[] name) {
try {
thisX500Name = new X500Name(name);
} catch (Exception e) {
IllegalArgumentException iae = new IllegalArgumentException
("improperly specified input name");
iae.initCause(e);
throw iae;
}
}
/**
* Creates an
* Name ::= CHOICE {
* RDNSequence }
*
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
*
* RelativeDistinguishedName ::=
* SET SIZE (1 .. MAX) OF AttributeTypeAndValue
*
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
* value AttributeValue }
*
* AttributeType ::= OBJECT IDENTIFIER
*
* AttributeValue ::= ANY DEFINED BY AttributeType
* ....
* DirectoryString ::= CHOICE {
* teletexString TeletexString (SIZE (1..MAX)),
* printableString PrintableString (SIZE (1..MAX)),
* universalString UniversalString (SIZE (1..MAX)),
* utf8String UTF8String (SIZE (1.. MAX)),
* bmpString BMPString (SIZE (1..MAX)) }
*
X500Principal
from an InputStream
* containing the distinguished name in ASN.1 DER encoded form.
* The ASN.1 notation for this structure is supplied in the
* documentation for
* {@link #X500Principal(byte[] name) X500Principal(byte[] name)}.
*
* InputStream
containing the distinguished
* name in ASN.1 DER encoded form
*
* @exception NullPointerException if the InputStream
* is null
* @exception IllegalArgumentException if an encoding error occurs
* (incorrect form for DN)
*/
public X500Principal(InputStream is) {
if (is == null) {
throw new NullPointerException("provided null input stream");
}
try {
if (is.markSupported())
is.mark(is.available() + 1);
DerValue der = new DerValue(is);
thisX500Name = new X500Name(der.data);
} catch (Exception e) {
if (is.markSupported()) {
try {
is.reset();
} catch (IOException ioe) {
IllegalArgumentException iae = new IllegalArgumentException
("improperly specified input stream " +
("and unable to reset input stream"));
iae.initCause(e);
throw iae;
}
}
IllegalArgumentException iae = new IllegalArgumentException
("improperly specified input stream");
iae.initCause(e);
throw iae;
}
}
/**
* Returns a string representation of the X.500 distinguished name using
* the format defined in RFC 2253.
*
* getName(X500Principal.RFC2253)
.
*
* @return the distinguished name of this X500Principal
*/
public String getName() {
return getName(X500Principal.RFC2253);
}
/**
* Returns a string representation of the X.500 distinguished name
* using the specified format. Valid values for the format are
* "RFC1779", "RFC2253", and "CANONICAL" (case insensitive).
*
*
*
*
* String.toUpperCase(Locale.US)
* String.toLowerCase(Locale.US)
* X500Principal
* using the specified format
* @throws IllegalArgumentException if the specified format is invalid
* or null
*/
public String getName(String format) {
if (format != null) {
if (format.equalsIgnoreCase(RFC1779)) {
return thisX500Name.getRFC1779Name();
} else if (format.equalsIgnoreCase(RFC2253)) {
return thisX500Name.getRFC2253Name();
} else if (format.equalsIgnoreCase(CANONICAL)) {
return thisX500Name.getRFC2253CanonicalName();
}
}
throw new IllegalArgumentException("invalid format specified");
}
/**
* Returns a string representation of the X.500 distinguished name
* using the specified format. Valid values for the format are
* "RFC1779" and "RFC2253" (case insensitive). "CANONICAL" is not
* permitted and an IllegalArgumentException
will be thrown.
*
* oidMap
* parameter. OID entries in the oidMap take precedence over the default
* OIDs recognized by getName(String)
.
* Improperly specified OIDs are ignored; however if an OID
* in the name maps to an improperly specified keyword, an
* IllegalArgumentException
is thrown.
*
* null
.
* @return a string representation of this X500Principal
* using the specified format
* @throws IllegalArgumentException if the specified format is invalid,
* null, or an OID in the name maps to an improperly specified keyword
* @throws NullPointerException if oidMap
is null
* @since 1.6
*/
public String getName(String format, MapX500Principal
.
*
* @return a string representation of this X500Principal
*/
public String toString() {
return thisX500Name.toString();
}
/**
* Compares the specified Object
with this
* X500Principal
for equality.
*
* true
if
* the Object
o is an X500Principal
* and if the respective canonical string representations
* (obtained via the getName(X500Principal.CANONICAL)
method)
* of this object and o are equal.
*
* X500Principal
*
* @return true
if the specified Object
is equal
* to this X500Principal
, false
otherwise
*/
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (o instanceof X500Principal == false) {
return false;
}
X500Principal other = (X500Principal)o;
return this.thisX500Name.equals(other.thisX500Name);
}
/**
* Return a hash code for this X500Principal
.
*
* getName(X500Principal.CANONICAL).hashCode()
*
* @return a hash code for this X500Principal
*/
public int hashCode() {
return thisX500Name.hashCode();
}
/**
* Save the X500Principal object to a stream.
*
* @serialData this X500Principal
is serialized
* by writing out its DER-encoded form
* (the value of getEncoded
is serialized).
*/
private void writeObject(java.io.ObjectOutputStream s)
throws IOException {
s.writeObject(thisX500Name.getEncodedInternal());
}
/**
* Reads this object from a stream (i.e., deserializes it).
*/
private void readObject(java.io.ObjectInputStream s)
throws java.io.IOException,
java.io.NotActiveException,
ClassNotFoundException {
// re-create thisX500Name
thisX500Name = new X500Name((byte[])s.readObject());
}
}