Class X500Principal
- java.lang.Object
-
- javax.security.auth.x500.X500Principal
-
- All Implemented Interfaces:
- java.io.Serializable, java.security.Principal
public final class X500Principal extends java.lang.Object implements java.security.Principal, java.io.Serializable
This class represents an X.500
Principal
.X500Principal
s are represented by distinguished names such as "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US".This class can be instantiated by using a string representation of the distinguished name, or by using the ASN.1 DER encoded byte representation of the distinguished name. The current specification for the string representation of a distinguished name is defined in RFC 2253. This class, however, accepts string formats from both RFC 2253 and RFC 1779, and also recognizes attribute type keywords whose OIDs (Object Identifiers) are defined in RFC 2459.
The string representation for this
X500Principal
can be obtained by calling thegetName
methods.Note that the
getSubjectX500Principal
andgetIssuerX500Principal
methods ofX509Certificate
return X500Principals representing the issuer and subject fields of the certificate.- Since:
- 1.4
- See Also:
X509Certificate
, Serialized Form
-
-
Field Summary
Fields Modifier and Type Field and Description static java.lang.String
CANONICAL
Canonical String format of Distinguished Names.static java.lang.String
RFC1779
RFC 1779 String format of Distinguished Names.static java.lang.String
RFC2253
RFC 2253 String format of Distinguished Names.
-
Constructor Summary
Constructors Constructor and Description X500Principal(byte[] name)
Creates anX500Principal
from a distinguished name in ASN.1 DER encoded form.X500Principal(java.io.InputStream is)
Creates anX500Principal
from anInputStream
containing the distinguished name in ASN.1 DER encoded form.X500Principal(java.lang.String name)
Creates anX500Principal
from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").X500Principal(java.lang.String name, java.util.Map<java.lang.String,java.lang.String> keywordMap)
Creates anX500Principal
from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method and Description boolean
equals(java.lang.Object o)
Compares the specifiedObject
with thisX500Principal
for equality.byte[]
getEncoded()
Returns the distinguished name in ASN.1 DER encoded form.java.lang.String
getName()
Returns a string representation of the X.500 distinguished name using the format defined in RFC 2253.java.lang.String
getName(java.lang.String format)
Returns a string representation of the X.500 distinguished name using the specified format.java.lang.String
getName(java.lang.String format, java.util.Map<java.lang.String,java.lang.String> oidMap)
Returns a string representation of the X.500 distinguished name using the specified format.int
hashCode()
Return a hash code for thisX500Principal
.java.lang.String
toString()
Return a user-friendly string representation of thisX500Principal
.
-
-
-
Field Detail
-
RFC1779
public static final java.lang.String RFC1779
RFC 1779 String format of Distinguished Names.- See Also:
- Constant Field Values
-
RFC2253
public static final java.lang.String RFC2253
RFC 2253 String format of Distinguished Names.- See Also:
- Constant Field Values
-
CANONICAL
public static final java.lang.String CANONICAL
Canonical String format of Distinguished Names.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
X500Principal
public X500Principal(java.lang.String name)
Creates anX500Principal
from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"). The distinguished name must be specified using the grammar defined in RFC 1779 or RFC 2253 (either format is acceptable).This constructor recognizes the attribute type keywords defined in RFC 1779 and RFC 2253 (and listed in
getName(String format)
), as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS, GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object Identifiers (OIDs) are defined in RFC 3280 and its successor. Any other attribute type must be specified as an OID.This implementation enforces a more restrictive OID syntax than defined in RFC 1779 and 2253. It uses the more correct syntax defined in RFC 4512, which specifies that OIDs contain at least 2 digits:
numericoid = number 1*( DOT number )
- Parameters:
name
- an X.500 distinguished name in RFC 1779 or RFC 2253 format- Throws:
java.lang.NullPointerException
- if thename
isnull
java.lang.IllegalArgumentException
- if thename
is improperly specified
-
X500Principal
public X500Principal(java.lang.String name, java.util.Map<java.lang.String,java.lang.String> keywordMap)
Creates anX500Principal
from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"). The distinguished name must be specified using the grammar defined in RFC 1779 or RFC 2253 (either format is acceptable).This constructor recognizes the attribute type keywords specified in
X500Principal(String)
and also recognizes additional keywords that have entries in thekeywordMap
parameter. Keyword entries in the keywordMap take precedence over the default keywords recognized byX500Principal(String)
. Keywords MUST be specified in all upper-case, otherwise they will be ignored. Improperly specified keywords are ignored; however if a keyword in the name maps to an improperly specified Object Identifier (OID), anIllegalArgumentException
is thrown. It is permissible to have 2 different keywords that map to the same OID.This implementation enforces a more restrictive OID syntax than defined in RFC 1779 and 2253. It uses the more correct syntax defined in RFC 4512, which specifies that OIDs contain at least 2 digits:
numericoid = number 1*( DOT number )
- Parameters:
name
- an X.500 distinguished name in RFC 1779 or RFC 2253 formatkeywordMap
- an attribute type keyword map, where each key is a keyword String that maps to a corresponding object identifier in String form (a sequence of nonnegative integers separated by periods). The map may be empty but nevernull
.- Throws:
java.lang.NullPointerException
- ifname
orkeywordMap
isnull
java.lang.IllegalArgumentException
- if thename
is improperly specified or a keyword in thename
maps to an OID that is not in the correct form- Since:
- 1.6
-
X500Principal
public X500Principal(byte[] name)
Creates anX500Principal
from a distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is as follows.Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType .... DirectoryString ::= CHOICE { teletexString TeletexString (SIZE (1..MAX)), printableString PrintableString (SIZE (1..MAX)), universalString UniversalString (SIZE (1..MAX)), utf8String UTF8String (SIZE (1.. MAX)), bmpString BMPString (SIZE (1..MAX)) }
- Parameters:
name
- a byte array containing the distinguished name in ASN.1 DER encoded form- Throws:
java.lang.IllegalArgumentException
- if an encoding error occurs (incorrect form for DN)
-
X500Principal
public X500Principal(java.io.InputStream is)
Creates anX500Principal
from anInputStream
containing the distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is supplied in the documentation forX500Principal(byte[] name)
.The read position of the input stream is positioned to the next available byte after the encoded distinguished name.
- Parameters:
is
- anInputStream
containing the distinguished name in ASN.1 DER encoded form- Throws:
java.lang.NullPointerException
- if theInputStream
isnull
java.lang.IllegalArgumentException
- if an encoding error occurs (incorrect form for DN)
-
-
Method Detail
-
getName
public java.lang.String getName()
Returns a string representation of the X.500 distinguished name using the format defined in RFC 2253.This method is equivalent to calling
getName(X500Principal.RFC2253)
.- Specified by:
getName
in interfacejava.security.Principal
- Returns:
- the distinguished name of this
X500Principal
-
getName
public java.lang.String getName(java.lang.String format)
Returns a string representation of the X.500 distinguished name using the specified format. Valid values for the format are "RFC1779", "RFC2253", and "CANONICAL" (case insensitive).If "RFC1779" is specified as the format, this method emits the attribute type keywords defined in RFC 1779 (CN, L, ST, O, OU, C, STREET). Any other attribute type is emitted as an OID.
If "RFC2253" is specified as the format, this method emits the attribute type keywords defined in RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID). Any other attribute type is emitted as an OID. Under a strict reading, RFC 2253 only specifies a UTF-8 string representation. The String returned by this method is the Unicode string achieved by decoding this UTF-8 representation.
If "CANONICAL" is specified as the format, this method returns an RFC 2253 conformant string representation with the following additional canonicalizations:
- Leading zeros are removed from attribute types that are encoded as dotted decimal OIDs
- DirectoryString attribute values of type PrintableString and UTF8String are not output in hexadecimal format
- DirectoryString attribute values of types other than PrintableString and UTF8String are output in hexadecimal format
- Leading and trailing white space characters are removed from non-hexadecimal attribute values (unless the value consists entirely of white space characters)
- Internal substrings of one or more white space characters are converted to a single space in non-hexadecimal attribute values
- Relative Distinguished Names containing more than one Attribute Value Assertion (AVA) are output in the following order: an alphabetical ordering of AVAs containing standard keywords, followed by a numeric ordering of AVAs containing OID keywords.
- The only characters in attribute values that are escaped are those which section 2.4 of RFC 2253 states must be escaped (they are escaped using a preceding backslash character)
- The entire name is converted to upper case
using
String.toUpperCase(Locale.US)
- The entire name is converted to lower case
using
String.toLowerCase(Locale.US)
- The name is finally normalized using normalization form KD, as described in the Unicode Standard and UAX #15
Additional standard formats may be introduced in the future.
- Parameters:
format
- the format to use- Returns:
- a string representation of this
X500Principal
using the specified format - Throws:
java.lang.IllegalArgumentException
- if the specified format is invalid or null
-
getName
public java.lang.String getName(java.lang.String format, java.util.Map<java.lang.String,java.lang.String> oidMap)
Returns a string representation of the X.500 distinguished name using the specified format. Valid values for the format are "RFC1779" and "RFC2253" (case insensitive). "CANONICAL" is not permitted and anIllegalArgumentException
will be thrown.This method returns Strings in the format as specified in
getName(String)
and also emits additional attribute type keywords for OIDs that have entries in theoidMap
parameter. OID entries in the oidMap take precedence over the default OIDs recognized bygetName(String)
. Improperly specified OIDs are ignored; however if an OID in the name maps to an improperly specified keyword, anIllegalArgumentException
is thrown.Additional standard formats may be introduced in the future.
Warning: additional attribute type keywords may not be recognized by other implementations; therefore do not use this method if you are unsure if these keywords will be recognized by other implementations.
- Parameters:
format
- the format to useoidMap
- an OID map, where each key is an object identifier in String form (a sequence of nonnegative integers separated by periods) that maps to a corresponding attribute type keyword String. The map may be empty but nevernull
.- Returns:
- a string representation of this
X500Principal
using the specified format - Throws:
java.lang.IllegalArgumentException
- if the specified format is invalid, null, or an OID in the name maps to an improperly specified keywordjava.lang.NullPointerException
- ifoidMap
isnull
- Since:
- 1.6
-
getEncoded
public byte[] getEncoded()
Returns the distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is supplied in the documentation forX500Principal(byte[] name)
.Note that the byte array returned is cloned to protect against subsequent modifications.
- Returns:
- a byte array containing the distinguished name in ASN.1 DER encoded form
-
toString
public java.lang.String toString()
Return a user-friendly string representation of thisX500Principal
.- Specified by:
toString
in interfacejava.security.Principal
- Overrides:
toString
in classjava.lang.Object
- Returns:
- a string representation of this
X500Principal
-
equals
public boolean equals(java.lang.Object o)
Compares the specifiedObject
with thisX500Principal
for equality.Specifically, this method returns
true
if theObject
o is anX500Principal
and if the respective canonical string representations (obtained via thegetName(X500Principal.CANONICAL)
method) of this object and o are equal.This implementation is compliant with the requirements of RFC 2459.
- Specified by:
equals
in interfacejava.security.Principal
- Overrides:
equals
in classjava.lang.Object
- Parameters:
o
- Object to be compared for equality with thisX500Principal
- Returns:
true
if the specifiedObject
is equal to thisX500Principal
,false
otherwise
-
hashCode
public int hashCode()
Return a hash code for thisX500Principal
.The hash code is calculated via:
getName(X500Principal.CANONICAL).hashCode()
- Specified by:
hashCode
in interfacejava.security.Principal
- Overrides:
hashCode
in classjava.lang.Object
- Returns:
- a hash code for this
X500Principal
-
-