/* * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package javax.security.auth.x500; import java.io.*; import java.security.Principal; import java.util.Collections; import java.util.Map; import sun.security.x509.X500Name; import sun.security.util.*; /** *

This class represents an X.500 Principal. * X500Principals are represented by distinguished names such as * "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US". * *

This class can be instantiated by using a string representation * of the distinguished name, or by using the ASN.1 DER encoded byte * representation of the distinguished name. The current specification * for the string representation of a distinguished name is defined in * RFC 2253: Lightweight * Directory Access Protocol (v3): UTF-8 String Representation of * Distinguished Names. This class, however, accepts string formats from * both RFC 2253 and RFC 1779: * A String Representation of Distinguished Names, and also recognizes * attribute type keywords whose OIDs (Object Identifiers) are defined in * RFC 3280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. * *

The string representation for this X500Principal * can be obtained by calling the getName methods. * *

Note that the getSubjectX500Principal and * getIssuerX500Principal methods of * X509Certificate return X500Principals representing the * issuer and subject fields of the certificate. * * @see java.security.cert.X509Certificate * @since 1.4 */ public final class X500Principal implements Principal, java.io.Serializable { private static final long serialVersionUID = -500463348111345721L; /** * RFC 1779 String format of Distinguished Names. */ public static final String RFC1779 = "RFC1779"; /** * RFC 2253 String format of Distinguished Names. */ public static final String RFC2253 = "RFC2253"; /** * Canonical String format of Distinguished Names. */ public static final String CANONICAL = "CANONICAL"; /** * The X500Name representing this principal. * * NOTE: this field is reflectively accessed from within X500Name. */ private transient X500Name thisX500Name; /** * Creates an X500Principal by wrapping an X500Name. * * NOTE: The constructor is package private. It is intended to be accessed * using privileged reflection from classes in sun.security.*. * Currently referenced from sun.security.x509.X500Name.asX500Principal(). */ X500Principal(X500Name x500Name) { thisX500Name = x500Name; } /** * Creates an X500Principal from a string representation of * an X.500 distinguished name (ex: * "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"). * The distinguished name must be specified using the grammar defined in * RFC 1779 or RFC 2253 (either format is acceptable). * *

This constructor recognizes the attribute type keywords * defined in RFC 1779 and RFC 2253 * (and listed in {@link #getName(String format) getName(String format)}), * as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS, * GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose OIDs are * defined in RFC 3280 and its successor. * Any other attribute type must be specified as an OID. * * @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format * @exception NullPointerException if the name * is null * @exception IllegalArgumentException if the name * is improperly specified */ public X500Principal(String name) { this(name, (Map) Collections.EMPTY_MAP); } /** * Creates an X500Principal from a string representation of * an X.500 distinguished name (ex: * "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"). * The distinguished name must be specified using the grammar defined in * RFC 1779 or RFC 2253 (either format is acceptable). * *

This constructor recognizes the attribute type keywords specified * in {@link #X500Principal(String)} and also recognizes additional * keywords that have entries in the keywordMap parameter. * Keyword entries in the keywordMap take precedence over the default * keywords recognized by X500Principal(String). Keywords * MUST be specified in all upper-case, otherwise they will be ignored. * Improperly specified keywords are ignored; however if a keyword in the * name maps to an improperly specified OID, an * IllegalArgumentException is thrown. It is permissible to * have 2 different keywords that map to the same OID. * * @param name an X.500 distinguished name in RFC 1779 or RFC 2253 format * @param keywordMap an attribute type keyword map, where each key is a * keyword String that maps to a corresponding object identifier in String * form (a sequence of nonnegative integers separated by periods). The map * may be empty but never null. * @exception NullPointerException if name or * keywordMap is null * @exception IllegalArgumentException if the name is * improperly specified or a keyword in the name maps to an * OID that is not in the correct form * @since 1.6 */ public X500Principal(String name, Map keywordMap) { if (name == null) { throw new NullPointerException (sun.security.util.ResourcesMgr.getString ("provided.null.name")); } if (keywordMap == null) { throw new NullPointerException (sun.security.util.ResourcesMgr.getString ("provided.null.keyword.map")); } try { thisX500Name = new X500Name(name, keywordMap); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException ("improperly specified input name: " + name); iae.initCause(e); throw iae; } } /** * Creates an X500Principal from a distinguished name in * ASN.1 DER encoded form. The ASN.1 notation for this structure is as * follows. * 


     * Name ::= CHOICE {
     *   RDNSequence }
     *
     * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
     *
     * RelativeDistinguishedName ::=
     *   SET SIZE (1 .. MAX) OF AttributeTypeAndValue
     *
     * AttributeTypeAndValue ::= SEQUENCE {
     *   type     AttributeType,
     *   value    AttributeValue }
     *
     * AttributeType ::= OBJECT IDENTIFIER
     *
     * AttributeValue ::= ANY DEFINED BY AttributeType
     * ....
     * DirectoryString ::= CHOICE {
     *       teletexString           TeletexString (SIZE (1..MAX)),
     *       printableString         PrintableString (SIZE (1..MAX)),
     *       universalString         UniversalString (SIZE (1..MAX)),
     *       utf8String              UTF8String (SIZE (1.. MAX)),
     *       bmpString               BMPString (SIZE (1..MAX)) }
     *
* * @param name a byte array containing the distinguished name in ASN.1 * DER encoded form * @throws IllegalArgumentException if an encoding error occurs * (incorrect form for DN) */ public X500Principal(byte[] name) { try { thisX500Name = new X500Name(name); } catch (Exception e) { IllegalArgumentException iae = new IllegalArgumentException ("improperly specified input name"); iae.initCause(e); throw iae; } } /** * Creates an X500Principal from an InputStream * containing the distinguished name in ASN.1 DER encoded form. * The ASN.1 notation for this structure is supplied in the * documentation for * {@link #X500Principal(byte[] name) X500Principal(byte[] name)}. * *

The read position of the input stream is positioned * to the next available byte after the encoded distinguished name. * * @param is an InputStream containing the distinguished * name in ASN.1 DER encoded form * * @exception NullPointerException if the InputStream * is null * @exception IllegalArgumentException if an encoding error occurs * (incorrect form for DN) */ public X500Principal(InputStream is) { if (is == null) { throw new NullPointerException("provided null input stream"); } try { if (is.markSupported()) is.mark(is.available() + 1); DerValue der = new DerValue(is); thisX500Name = new X500Name(der.data); } catch (Exception e) { if (is.markSupported()) { try { is.reset(); } catch (IOException ioe) { IllegalArgumentException iae = new IllegalArgumentException ("improperly specified input stream " + ("and unable to reset input stream")); iae.initCause(e); throw iae; } } IllegalArgumentException iae = new IllegalArgumentException ("improperly specified input stream"); iae.initCause(e); throw iae; } } /** * Returns a string representation of the X.500 distinguished name using * the format defined in RFC 2253. * *

This method is equivalent to calling * getName(X500Principal.RFC2253). * * @return the distinguished name of this X500Principal */ public String getName() { return getName(X500Principal.RFC2253); } /** * Returns a string representation of the X.500 distinguished name * using the specified format. Valid values for the format are * "RFC1779", "RFC2253", and "CANONICAL" (case insensitive). * *

If "RFC1779" is specified as the format, * this method emits the attribute type keywords defined in * RFC 1779 (CN, L, ST, O, OU, C, STREET). * Any other attribute type is emitted as an OID. * *

If "RFC2253" is specified as the format, * this method emits the attribute type keywords defined in * RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID). * Any other attribute type is emitted as an OID. * Under a strict reading, RFC 2253 only specifies a UTF-8 string * representation. The String returned by this method is the * Unicode string achieved by decoding this UTF-8 representation. * *

If "CANONICAL" is specified as the format, * this method returns an RFC 2253 conformant string representation * with the following additional canonicalizations: * *

    *
  1. Leading zeros are removed from attribute types * that are encoded as dotted decimal OIDs *
  2. DirectoryString attribute values of type * PrintableString and UTF8String are not * output in hexadecimal format *
  3. DirectoryString attribute values of types * other than PrintableString and UTF8String * are output in hexadecimal format *
  4. Leading and trailing white space characters * are removed from non-hexadecimal attribute values * (unless the value consists entirely of white space characters) *
  5. Internal substrings of one or more white space characters are * converted to a single space in non-hexadecimal * attribute values *
  6. Relative Distinguished Names containing more than one * Attribute Value Assertion (AVA) are output in the * following order: an alphabetical ordering of AVAs * containing standard keywords, followed by a numeric * ordering of AVAs containing OID keywords. *
  7. The only characters in attribute values that are escaped are * those which section 2.4 of RFC 2253 states must be escaped * (they are escaped using a preceding backslash character) *
  8. The entire name is converted to upper case * using String.toUpperCase(Locale.US) *
  9. The entire name is converted to lower case * using String.toLowerCase(Locale.US) *
  10. The name is finally normalized using normalization form KD, * as described in the Unicode Standard and UAX #15 *
* *

Additional standard formats may be introduced in the future. * * @param format the format to use * * @return a string representation of this X500Principal * using the specified format * @throws IllegalArgumentException if the specified format is invalid * or null */ public String getName(String format) { if (format != null) { if (format.equalsIgnoreCase(RFC1779)) { return thisX500Name.getRFC1779Name(); } else if (format.equalsIgnoreCase(RFC2253)) { return thisX500Name.getRFC2253Name(); } else if (format.equalsIgnoreCase(CANONICAL)) { return thisX500Name.getRFC2253CanonicalName(); } } throw new IllegalArgumentException("invalid format specified"); } /** * Returns a string representation of the X.500 distinguished name * using the specified format. Valid values for the format are * "RFC1779" and "RFC2253" (case insensitive). "CANONICAL" is not * permitted and an IllegalArgumentException will be thrown. * *

This method returns Strings in the format as specified in * {@link #getName(String)} and also emits additional attribute type * keywords for OIDs that have entries in the oidMap * parameter. OID entries in the oidMap take precedence over the default * OIDs recognized by getName(String). * Improperly specified OIDs are ignored; however if an OID * in the name maps to an improperly specified keyword, an * IllegalArgumentException is thrown. * *

Additional standard formats may be introduced in the future. * *

Warning: additional attribute type keywords may not be recognized * by other implementations; therefore do not use this method if * you are unsure if these keywords will be recognized by other * implementations. * * @param format the format to use * @param oidMap an OID map, where each key is an object identifier in * String form (a sequence of nonnegative integers separated by periods) * that maps to a corresponding attribute type keyword String. * The map may be empty but never null. * @return a string representation of this X500Principal * using the specified format * @throws IllegalArgumentException if the specified format is invalid, * null, or an OID in the name maps to an improperly specified keyword * @throws NullPointerException if oidMap is null * @since 1.6 */ public String getName(String format, Map oidMap) { if (oidMap == null) { throw new NullPointerException (sun.security.util.ResourcesMgr.getString ("provided.null.OID.map")); } if (format != null) { if (format.equalsIgnoreCase(RFC1779)) { return thisX500Name.getRFC1779Name(oidMap); } else if (format.equalsIgnoreCase(RFC2253)) { return thisX500Name.getRFC2253Name(oidMap); } } throw new IllegalArgumentException("invalid format specified"); } /** * Returns the distinguished name in ASN.1 DER encoded form. The ASN.1 * notation for this structure is supplied in the documentation for * {@link #X500Principal(byte[] name) X500Principal(byte[] name)}. * *

Note that the byte array returned is cloned to protect against * subsequent modifications. * * @return a byte array containing the distinguished name in ASN.1 DER * encoded form */ public byte[] getEncoded() { try { return thisX500Name.getEncoded(); } catch (IOException e) { throw new RuntimeException("unable to get encoding", e); } } /** * Return a user-friendly string representation of this * X500Principal. * * @return a string representation of this X500Principal */ public String toString() { return thisX500Name.toString(); } /** * Compares the specified Object with this * X500Principal for equality. * *

Specifically, this method returns true if * the Object o is an X500Principal * and if the respective canonical string representations * (obtained via the getName(X500Principal.CANONICAL) method) * of this object and o are equal. * *

This implementation is compliant with the requirements of RFC 3280. * * @param o Object to be compared for equality with this * X500Principal * * @return true if the specified Object is equal * to this X500Principal, false otherwise */ public boolean equals(Object o) { if (this == o) { return true; } if (o instanceof X500Principal == false) { return false; } X500Principal other = (X500Principal)o; return this.thisX500Name.equals(other.thisX500Name); } /** * Return a hash code for this X500Principal. * *

The hash code is calculated via: * getName(X500Principal.CANONICAL).hashCode() * * @return a hash code for this X500Principal */ public int hashCode() { return thisX500Name.hashCode(); } /** * Save the X500Principal object to a stream. * * @serialData this X500Principal is serialized * by writing out its DER-encoded form * (the value of getEncoded is serialized). */ private void writeObject(java.io.ObjectOutputStream s) throws IOException { s.writeObject(thisX500Name.getEncodedInternal()); } /** * Reads this object from a stream (i.e., deserializes it). */ private void readObject(java.io.ObjectInputStream s) throws java.io.IOException, java.io.NotActiveException, ClassNotFoundException { // re-create thisX500Name thisX500Name = new X500Name((byte[])s.readObject()); } }