com.tencent.kona.sun.security.x509

Class X500Name

java.lang.Object

com.tencent.kona.sun.security.x509.X500Name

All Implemented Interfaces:

com.tencent.kona.sun.security.util.DerEncoder, GeneralNameInterface, java.security.Principal

public class X500Name
extends java.lang.Object
implements GeneralNameInterface, java.security.Principal

Note: As of 1.4, the public class, javax.security.auth.x500.X500Principal, should be used when parsing, generating, and comparing X.500 DNs. This class contains other useful methods for checking name constraints and retrieving DNs by keyword.

X.500 names are used to identify entities, such as those which are identified by X.509 certificates. They are world-wide, hierarchical, and descriptive. Entities can be identified by attributes, and in some systems can be searched for according to those attributes.

The ASN.1 for this is:

 GeneralName ::= CHOICE {
 ....
     directoryName                   [4]     Name,
 ....
 Name ::= CHOICE {
   RDNSequence }

 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

 RelativeDistinguishedName ::=
   SET OF AttributeTypeAndValue

 AttributeTypeAndValue ::= SEQUENCE {
   type     AttributeType,
   value    AttributeValue }

 AttributeType ::= OBJECT IDENTIFIER

 AttributeValue ::= ANY DEFINED BY AttributeType
 ....
 DirectoryString ::= CHOICE {
       teletexString           TeletexString (SIZE (1..MAX)),
       printableString         PrintableString (SIZE (1..MAX)),
       universalString         UniversalString (SIZE (1..MAX)),
       utf8String              UTF8String (SIZE (1.. MAX)),
       bmpString               BMPString (SIZE (1..MAX)) }
 

This specification requires only a subset of the name comparison functionality specified in the X.500 series of specifications. The requirements for conforming implementations are as follows:

1. attribute values encoded in different types (e.g., PrintableString and BMPString) may be assumed to represent different strings;
2. attribute values in types other than PrintableString are case sensitive (this permits matching of attribute values as binary objects);
3. attribute values in PrintableString are not case sensitive (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and
4. attribute values in PrintableString are compared after removing leading and trailing white space and converting internal substrings of one or more consecutive white space characters to a single space.

These name comparison rules permit a certificate user to validate certificates issued using languages or encodings unfamiliar to the certificate user.

In addition, implementations of this specification MAY use these comparison rules to process unfamiliar attribute types for name chaining. This allows implementations to process certificates with unfamiliar attributes in the issuer name.

Note that the comparison rules defined in the X.500 series of specifications indicate that the character sets used to encode data in distinguished names are irrelevant. The characters themselves are compared without regard to encoding. Implementations of the profile are permitted to use the comparison algorithm defined in the X.500 series. Such an implementation will recognize a superset of name matches recognized by the algorithm specified above.

Note that instances of this class are immutable.

See Also:

GeneralName, GeneralNames, GeneralNameInterface

Field Summary

Fields

Modifier and Type	Field and Description
static com.tencent.kona.sun.security.util.ObjectIdentifier	commonName_oid
static com.tencent.kona.sun.security.util.ObjectIdentifier	countryName_oid
static com.tencent.kona.sun.security.util.ObjectIdentifier	DNQUALIFIER_OID
static com.tencent.kona.sun.security.util.ObjectIdentifier	DOMAIN_COMPONENT_OID
static com.tencent.kona.sun.security.util.ObjectIdentifier	GENERATIONQUALIFIER_OID
static com.tencent.kona.sun.security.util.ObjectIdentifier	GIVENNAME_OID
static com.tencent.kona.sun.security.util.ObjectIdentifier	INITIALS_OID
static com.tencent.kona.sun.security.util.ObjectIdentifier	ipAddress_oid
static com.tencent.kona.sun.security.util.ObjectIdentifier	localityName_oid
static com.tencent.kona.sun.security.util.ObjectIdentifier	orgName_oid
static com.tencent.kona.sun.security.util.ObjectIdentifier	orgUnitName_oid
static com.tencent.kona.sun.security.util.ObjectIdentifier	SERIALNUMBER_OID
static com.tencent.kona.sun.security.util.ObjectIdentifier	stateName_oid
static com.tencent.kona.sun.security.util.ObjectIdentifier	streetAddress_oid
static com.tencent.kona.sun.security.util.ObjectIdentifier	SURNAME_OID
static com.tencent.kona.sun.security.util.ObjectIdentifier	title_oid
static com.tencent.kona.sun.security.util.ObjectIdentifier	userid_oid

Fields inherited from interface com.tencent.kona.sun.security.x509.GeneralNameInterface

NAME_ANY, NAME_DIFF_TYPE, NAME_DIRECTORY, NAME_DNS, NAME_EDI, NAME_IP, NAME_MATCH, NAME_NARROWS, NAME_OID, NAME_RFC822, NAME_SAME_TYPE, NAME_URI, NAME_WIDENS, NAME_X400

Constructor Summary

Constructors

Constructor and Description
X500Name(byte[] name) Constructs a name from an ASN.1 encoded byte array.
X500Name(com.tencent.kona.sun.security.util.DerInputStream in) Constructs a name from an ASN.1 encoded input stream.
X500Name(com.tencent.kona.sun.security.util.DerValue value) Constructs a name from an ASN.1 encoded value.
X500Name(RDN[] rdnArray) Constructs a name from an array of relative distinguished names
X500Name(java.lang.String dname) Constructs a name from a conventionally formatted string, such as "CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US".
X500Name(java.lang.String dname, java.util.Map<java.lang.String,java.lang.String> keywordMap) Constructs a name from a conventionally formatted string, such as "CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US".
X500Name(java.lang.String dname, java.lang.String format) Constructs a name from a string formatted according to format.
X500Name(java.lang.String commonName, java.lang.String organizationUnit, java.lang.String organizationName, java.lang.String country) Constructs a name from fields common in enterprise application environments.
X500Name(java.lang.String commonName, java.lang.String organizationUnit, java.lang.String organizationName, java.lang.String localityName, java.lang.String stateName, java.lang.String country) Constructs a name from fields common in Internet application environments.

Method Summary

Modifier and Type	Method and Description
java.util.List<AVA>	allAvas() Return an immutable List of the AVAs contained in all the RDNs of this X500Name.
static X500Name	asX500Name(javax.security.auth.x500.X500Principal p) Get the X500Name contained in the given X500Principal.
javax.security.auth.x500.X500Principal	asX500Principal() Get an X500Principal backed by this X500Name.
int	avaSize() Return the total number of AVAs contained in all the RDNs of this X500Name.
X500Name	commonAncestor(X500Name other) Return lowest common ancestor of this name and other name
int	constrains(GeneralNameInterface inputName) Return constraint type: NAME_DIFF_TYPE = -1: input name is different type from this name (i.e.
void	emit(com.tencent.kona.sun.security.util.DerOutputStream out) Deprecated. Use encode() instead
void	encode(com.tencent.kona.sun.security.util.DerOutputStream out) Encodes the name in DER-encoded form.
boolean	equals(java.lang.Object obj) Compares this name with another, for equality.
com.tencent.kona.sun.security.util.DerValue	findMostSpecificAttribute(com.tencent.kona.sun.security.util.ObjectIdentifier attribute) Find the most specific ("last") attribute of the given type.
java.lang.String	getCommonName() Returns a "Common Name" component.
java.lang.String	getCountry() Returns a "Country" name component.
java.lang.String	getDNQualifier() Returns a "DN Qualifier" name component.
java.lang.String	getDomain() Returns a "Domain" name component.
byte[]	getEncoded() Gets the name in DER-encoded form.
byte[]	getEncodedInternal() Returned the encoding as an uncloned byte array.
java.lang.String	getGeneration() Returns a "Generation Qualifier" name component.
java.lang.String	getGivenName() Returns a "Given Name" name component.
java.lang.String	getInitials() Returns an "Initials" name component.
java.lang.String	getIP() Returns an "IP address" name component.
java.lang.String	getLocality() Returns a "Locality" name component.
java.lang.String	getName() Returns the value of toString().
java.lang.String	getOrganization() Returns an "Organization" name component.
java.lang.String	getOrganizationalUnit() Returns an "Organizational Unit" name component.
java.lang.String	getRFC1779Name() Returns a string form of the X.500 distinguished name using the algorithm defined in RFC 1779.
java.lang.String	getRFC1779Name(java.util.Map<java.lang.String,java.lang.String> oidMap) Returns a string form of the X.500 distinguished name using the algorithm defined in RFC 1779.
java.lang.String	getRFC2253CanonicalName()
java.lang.String	getRFC2253Name() Returns a string form of the X.500 distinguished name using the algorithm defined in RFC 2253.
java.lang.String	getRFC2253Name(java.util.Map<java.lang.String,java.lang.String> oidMap) Returns a string form of the X.500 distinguished name using the algorithm defined in RFC 2253.
java.lang.String	getState() Returns a "State" name component.
java.lang.String	getSurname() Returns a "Surname" name component.
int	getType() Return type of GeneralName.
int	hashCode() Calculates a hash code value for the object.
boolean	isEmpty() Return whether this X500Name is empty.
java.util.List<RDN>	rdns() Return an immutable List of all RDNs in this X500Name.
int	size() Return the number of RDNs in this X500Name.
int	subtreeDepth() Return subtree depth of this name for purposes of determining NameConstraints minimum and maximum bounds and for calculating path lengths in name subtrees.
java.lang.String	toString() Returns a string form of the X.500 distinguished name.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Field Detail

commonName_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier commonName_oid

SURNAME_OID

public static final com.tencent.kona.sun.security.util.ObjectIdentifier SURNAME_OID

SERIALNUMBER_OID

public static final com.tencent.kona.sun.security.util.ObjectIdentifier SERIALNUMBER_OID

countryName_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier countryName_oid

localityName_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier localityName_oid

stateName_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier stateName_oid

streetAddress_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier streetAddress_oid

orgName_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier orgName_oid

orgUnitName_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier orgUnitName_oid

title_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier title_oid

GIVENNAME_OID

public static final com.tencent.kona.sun.security.util.ObjectIdentifier GIVENNAME_OID

INITIALS_OID

public static final com.tencent.kona.sun.security.util.ObjectIdentifier INITIALS_OID

GENERATIONQUALIFIER_OID

public static final com.tencent.kona.sun.security.util.ObjectIdentifier GENERATIONQUALIFIER_OID

DNQUALIFIER_OID

public static final com.tencent.kona.sun.security.util.ObjectIdentifier DNQUALIFIER_OID

ipAddress_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier ipAddress_oid

DOMAIN_COMPONENT_OID

public static final com.tencent.kona.sun.security.util.ObjectIdentifier DOMAIN_COMPONENT_OID

userid_oid

public static final com.tencent.kona.sun.security.util.ObjectIdentifier userid_oid

Constructor Detail

X500Name

public X500Name(java.lang.String dname)
         throws java.io.IOException

Constructs a name from a conventionally formatted string, such as "CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US". (RFC 1779, 2253, or 4514 style).

Parameters:

dname - the X.500 Distinguished Name

Throws:

java.io.IOException

X500Name

public X500Name(java.lang.String dname,
                java.util.Map<java.lang.String,java.lang.String> keywordMap)
         throws java.io.IOException

Constructs a name from a conventionally formatted string, such as "CN=Dave, OU=JavaSoft, O=Sun Microsystems, C=US". (RFC 1779, 2253, or 4514 style).

Parameters:

dname - the X.500 Distinguished Name

keywordMap - an additional keyword/OID map

Throws:

java.io.IOException

X500Name

public X500Name(java.lang.String dname,
                java.lang.String format)
         throws java.io.IOException

Constructs a name from a string formatted according to format. Currently, the formats DEFAULT and RFC2253 are supported. DEFAULT is the default format used by the X500Name(String) constructor. RFC2253 is the format strictly according to RFC2253 without extensions.

Parameters:

dname - the X.500 Distinguished Name

format - the specified format of the String DN

Throws:

java.io.IOException

X500Name

public X500Name(java.lang.String commonName,
                java.lang.String organizationUnit,
                java.lang.String organizationName,
                java.lang.String country)
         throws java.io.IOException

Constructs a name from fields common in enterprise application environments.

NOTE: The behaviour when any of these strings contain characters outside the ASCII range is unspecified in currently relevant standards.

Parameters:

commonName - common name of a person, e.g. "Vivette Davis"

organizationUnit - small organization name, e.g. "Purchasing"

organizationName - large organization name, e.g. "Onizuka, Inc."

country - two-letter country code, e.g. "CH"

Throws:

java.io.IOException

X500Name

public X500Name(java.lang.String commonName,
                java.lang.String organizationUnit,
                java.lang.String organizationName,
                java.lang.String localityName,
                java.lang.String stateName,
                java.lang.String country)
         throws java.io.IOException

Constructs a name from fields common in Internet application environments.

NOTE: The behaviour when any of these strings contain characters outside the ASCII range is unspecified in currently relevant standards.

Parameters:

commonName - common name of a person, e.g. "Vivette Davis"

organizationUnit - small organization name, e.g. "Purchasing"

organizationName - large organization name, e.g. "Onizuka, Inc."

localityName - locality (city) name, e.g. "Palo Alto"

stateName - state name, e.g. "California"

country - two-letter country code, e.g. "CH"

Throws:

java.io.IOException

X500Name

public X500Name(RDN[] rdnArray)
         throws java.io.IOException

Constructs a name from an array of relative distinguished names

Parameters:

rdnArray - array of relative distinguished names

Throws:

java.io.IOException - on error

X500Name

public X500Name(com.tencent.kona.sun.security.util.DerValue value)
         throws java.io.IOException

Constructs a name from an ASN.1 encoded value. The encoding of the name in the stream uses DER (a BER/1 subset).

Parameters:

value - a DER-encoded value holding an X.500 name.

Throws:

java.io.IOException

X500Name

public X500Name(com.tencent.kona.sun.security.util.DerInputStream in)
         throws java.io.IOException

Constructs a name from an ASN.1 encoded input stream. The encoding of the name in the stream uses DER (a BER/1 subset).

Parameters:

in - DER-encoded data holding an X.500 name.

Throws:

java.io.IOException

X500Name

public X500Name(byte[] name)
         throws java.io.IOException

Constructs a name from an ASN.1 encoded byte array.

Parameters:

name - DER-encoded byte array holding an X.500 name.

Throws:

java.io.IOException

Method Detail

rdns

public java.util.List<RDN> rdns()

Return an immutable List of all RDNs in this X500Name.

size

public int size()

Return the number of RDNs in this X500Name.

allAvas

public java.util.List<AVA> allAvas()

Return an immutable List of the AVAs contained in all the RDNs of this X500Name.

avaSize

public int avaSize()

Return the total number of AVAs contained in all the RDNs of this X500Name.

isEmpty

public boolean isEmpty()

Return whether this X500Name is empty. An X500Name is not empty if it has at least one RDN containing at least one AVA.

hashCode

public int hashCode()

Calculates a hash code value for the object. Objects which are equal will also have the same hashcode.

Specified by:

hashCode in interface java.security.Principal

Overrides:

hashCode in class java.lang.Object

equals

public boolean equals(java.lang.Object obj)

Compares this name with another, for equality.

Specified by:

equals in interface java.security.Principal

Overrides:

equals in class java.lang.Object

Returns:

true iff the names are identical.

getType

public int getType()

Return type of GeneralName.

Specified by:

getType in interface GeneralNameInterface

getCountry

public java.lang.String getCountry()
                            throws java.io.IOException

Returns a "Country" name component. If more than one such attribute exists, the topmost one is returned.

Returns:

"C=" component of the name, if any.

Throws:

java.io.IOException

getOrganization

public java.lang.String getOrganization()
                                 throws java.io.IOException

Returns an "Organization" name component. If more than one such attribute exists, the topmost one is returned.

Returns:

"O=" component of the name, if any.

Throws:

java.io.IOException

getOrganizationalUnit

public java.lang.String getOrganizationalUnit()
                                       throws java.io.IOException

Returns an "Organizational Unit" name component. If more than one such attribute exists, the topmost one is returned.

Returns:

"OU=" component of the name, if any.

Throws:

java.io.IOException

getCommonName

public java.lang.String getCommonName()
                               throws java.io.IOException

Returns a "Common Name" component. If more than one such attribute exists, the topmost one is returned.

Returns:

"CN=" component of the name, if any.

Throws:

java.io.IOException

getLocality

public java.lang.String getLocality()
                             throws java.io.IOException

Returns a "Locality" name component. If more than one such component exists, the topmost one is returned.

Returns:

"L=" component of the name, if any.

Throws:

java.io.IOException

getState

public java.lang.String getState()
                          throws java.io.IOException

Returns a "State" name component. If more than one such component exists, the topmost one is returned.

Returns:

"S=" component of the name, if any.

Throws:

java.io.IOException

getDomain

public java.lang.String getDomain()
                           throws java.io.IOException

Returns a "Domain" name component. If more than one such component exists, the topmost one is returned.

Returns:

"DC=" component of the name, if any.

Throws:

java.io.IOException

getDNQualifier

public java.lang.String getDNQualifier()
                                throws java.io.IOException

Returns a "DN Qualifier" name component. If more than one such component exists, the topmost one is returned.

Returns:

"DNQ=" component of the name, if any.

Throws:

java.io.IOException

getSurname

public java.lang.String getSurname()
                            throws java.io.IOException

Returns a "Surname" name component. If more than one such component exists, the topmost one is returned.

Returns:

"SURNAME=" component of the name, if any.

Throws:

java.io.IOException

getGivenName

public java.lang.String getGivenName()
                              throws java.io.IOException

Returns a "Given Name" name component. If more than one such component exists, the topmost one is returned.

Returns:

"GIVENNAME=" component of the name, if any.

Throws:

java.io.IOException

getInitials

public java.lang.String getInitials()
                             throws java.io.IOException

Returns an "Initials" name component. If more than one such component exists, the topmost one is returned.

Returns:

"INITIALS=" component of the name, if any.

Throws:

java.io.IOException

getGeneration

public java.lang.String getGeneration()
                               throws java.io.IOException

Returns a "Generation Qualifier" name component. If more than one such component exists, the topmost one is returned.

Returns:

"GENERATION=" component of the name, if any.

Throws:

java.io.IOException

getIP

public java.lang.String getIP()
                       throws java.io.IOException

Returns an "IP address" name component. If more than one such component exists, the topmost one is returned.

Returns:

"IP=" component of the name, if any.

Throws:

java.io.IOException

toString

public java.lang.String toString()

Returns a string form of the X.500 distinguished name. The format of the string is from RFC 1779. The returned string may contain non-standardised keywords for more readability (keywords from RFCs 1779, 2253, and 5280).

Specified by:

toString in interface java.security.Principal

Overrides:

toString in class java.lang.Object

getRFC1779Name

public java.lang.String getRFC1779Name()

Returns a string form of the X.500 distinguished name using the algorithm defined in RFC 1779. Only standard attribute type keywords defined in RFC 1779 are emitted.

getRFC1779Name

public java.lang.String getRFC1779Name(java.util.Map<java.lang.String,java.lang.String> oidMap)
                                throws java.lang.IllegalArgumentException

Returns a string form of the X.500 distinguished name using the algorithm defined in RFC 1779. Attribute type keywords defined in RFC 1779 are emitted, as well as additional keywords contained in the OID/keyword map.

Throws:

java.lang.IllegalArgumentException

getRFC2253Name

public java.lang.String getRFC2253Name()

Returns a string form of the X.500 distinguished name using the algorithm defined in RFC 2253. Only standard attribute type keywords defined in RFC 2253 are emitted.

getRFC2253Name

public java.lang.String getRFC2253Name(java.util.Map<java.lang.String,java.lang.String> oidMap)

Returns a string form of the X.500 distinguished name using the algorithm defined in RFC 2253. Attribute type keywords defined in RFC 2253 are emitted, as well as additional keywords contained in the OID/keyword map.

getRFC2253CanonicalName

public java.lang.String getRFC2253CanonicalName()

getName

public java.lang.String getName()

Returns the value of toString(). This call is needed to implement the java.security.Principal interface.

Specified by:

getName in interface java.security.Principal

findMostSpecificAttribute

public com.tencent.kona.sun.security.util.DerValue findMostSpecificAttribute(com.tencent.kona.sun.security.util.ObjectIdentifier attribute)

Find the most specific ("last") attribute of the given type.

emit

@Deprecated
public void emit(com.tencent.kona.sun.security.util.DerOutputStream out)
                      throws java.io.IOException

Deprecated. Use encode() instead

Encodes the name in DER-encoded form.

Parameters:

out - where to put the DER-encoded X.500 name

Throws:

java.io.IOException

encode

public void encode(com.tencent.kona.sun.security.util.DerOutputStream out)

Encodes the name in DER-encoded form.

Specified by:

encode in interface com.tencent.kona.sun.security.util.DerEncoder

Parameters:

out - where to put the DER-encoded X.500 name

getEncodedInternal

public byte[] getEncodedInternal()
                          throws java.io.IOException

Returned the encoding as an uncloned byte array. Callers must guarantee that they neither modify it not expose it to untrusted code.

Throws:

java.io.IOException

getEncoded

public byte[] getEncoded()
                  throws java.io.IOException

Gets the name in DER-encoded form.

Returns:

the DER encoded byte array of this name.

Throws:

java.io.IOException

constrains

public int constrains(GeneralNameInterface inputName)
               throws java.lang.UnsupportedOperationException

Return constraint type:

• NAME_DIFF_TYPE = -1: input name is different type from this name (i.e. does not constrain)
• NAME_MATCH = 0: input name matches this name
• NAME_NARROWS = 1: input name narrows this name
• NAME_WIDENS = 2: input name widens this name
• NAME_SAME_TYPE = 3: input name does not match or narrow this name, but is same type.

These results are used in checking NameConstraints during certification path verification.

Specified by:

constrains in interface GeneralNameInterface

Parameters:

inputName - to be checked for being constrained

Returns:

constraint type above

Throws:

java.lang.UnsupportedOperationException - if name is not exact match, but narrowing and widening are not supported for this name type.

subtreeDepth

public int subtreeDepth()
                 throws java.lang.UnsupportedOperationException

Return subtree depth of this name for purposes of determining NameConstraints minimum and maximum bounds and for calculating path lengths in name subtrees.

Specified by:

subtreeDepth in interface GeneralNameInterface

Returns:

distance of name from root

Throws:

java.lang.UnsupportedOperationException - if not supported for this name type

commonAncestor

public X500Name commonAncestor(X500Name other)

Return lowest common ancestor of this name and other name

Parameters:

other - another X500Name

Returns:

X500Name of lowest common ancestor; null if none

asX500Principal

public javax.security.auth.x500.X500Principal asX500Principal()

Get an X500Principal backed by this X500Name. Note that we are using privileged reflection to access the hidden package private constructor in X500Principal.

asX500Name

public static X500Name asX500Name(javax.security.auth.x500.X500Principal p)

Get the X500Name contained in the given X500Principal. Note that the X500Name is retrieved using reflection.