Most visited

Recently visited

Added in API level 1

X500Principal

public final class X500Principal
extends Object implements Principal, Serializable

java.lang.Object
   ↳ javax.security.auth.x500.X500Principal


This class represents an X.500 Principal. X500Principals are represented by distinguished names such as "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US".

This class can be instantiated by using a string representation of the distinguished name, or by using the ASN.1 DER encoded byte representation of the distinguished name. The current specification for the string representation of a distinguished name is defined in RFC 2253: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names. This class, however, accepts string formats from both RFC 2253 and RFC 1779: A String Representation of Distinguished Names, and also recognizes attribute type keywords whose OIDs (Object Identifiers) are defined in RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile.

The string representation for this X500Principal can be obtained by calling the getName methods.

Note that the getSubjectX500Principal and getIssuerX500Principal methods of X509Certificate return X500Principals representing the issuer and subject fields of the certificate.

See also:

Summary

Constants

String CANONICAL

Canonical String format of Distinguished Names.

String RFC1779

RFC 1779 String format of Distinguished Names.

String RFC2253

RFC 2253 String format of Distinguished Names.

Public constructors

X500Principal(String name)

Creates an X500Principal from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").

X500Principal(String name, Map<StringString> keywordMap)

Creates an X500Principal from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").

X500Principal(byte[] name)

Creates an X500Principal from a distinguished name in ASN.1 DER encoded form.

X500Principal(InputStream is)

Creates an X500Principal from an InputStream containing the distinguished name in ASN.1 DER encoded form.

Public methods

boolean equals(Object o)

Compares the specified Object with this X500Principal for equality.

byte[] getEncoded()

Returns the distinguished name in ASN.1 DER encoded form.

String getName(String format)

Returns a string representation of the X.500 distinguished name using the specified format.

String getName()

Returns a string representation of the X.500 distinguished name using the format defined in RFC 2253.

String getName(String format, Map<StringString> oidMap)

Returns a string representation of the X.500 distinguished name using the specified format.

int hashCode()

Return a hash code for this X500Principal.

String toString()

Return a user-friendly string representation of this X500Principal.

Inherited methods

From class java.lang.Object
From interface java.security.Principal

Constants

CANONICAL

Added in API level 1
String CANONICAL

Canonical String format of Distinguished Names.

Constant Value: "CANONICAL"

RFC1779

Added in API level 1
String RFC1779

RFC 1779 String format of Distinguished Names.

Constant Value: "RFC1779"

RFC2253

Added in API level 1
String RFC2253

RFC 2253 String format of Distinguished Names.

Constant Value: "RFC2253"

Public constructors

X500Principal

Added in API level 1
X500Principal (String name)

Creates an X500Principal from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"). The distinguished name must be specified using the grammar defined in RFC 1779 or RFC 2253 (either format is acceptable).

This constructor recognizes the attribute type keywords defined in RFC 1779 and RFC 2253 (and listed in getName(String format)), as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS, GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose OIDs are defined in RFC 3280 and its successor. Any other attribute type must be specified as an OID.

Parameters
name String: an X.500 distinguished name in RFC 1779 or RFC 2253 format
Throws
NullPointerException if the name is null
IllegalArgumentException if the name is improperly specified

X500Principal

Added in API level 9
X500Principal (String name, 
                Map<StringString> keywordMap)

Creates an X500Principal from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"). The distinguished name must be specified using the grammar defined in RFC 1779 or RFC 2253 (either format is acceptable).

This constructor recognizes the attribute type keywords specified in X500Principal(String) and also recognizes additional keywords that have entries in the keywordMap parameter. Keyword entries in the keywordMap take precedence over the default keywords recognized by X500Principal(String). Keywords MUST be specified in all upper-case, otherwise they will be ignored. Improperly specified keywords are ignored; however if a keyword in the name maps to an improperly specified OID, an IllegalArgumentException is thrown. It is permissible to have 2 different keywords that map to the same OID.

Parameters
name String: an X.500 distinguished name in RFC 1779 or RFC 2253 format
keywordMap Map: an attribute type keyword map, where each key is a keyword String that maps to a corresponding object identifier in String form (a sequence of nonnegative integers separated by periods). The map may be empty but never null.
Throws
NullPointerException if name or keywordMap is null
IllegalArgumentException if the name is improperly specified or a keyword in the name maps to an OID that is not in the correct form

X500Principal

Added in API level 1
X500Principal (byte[] name)

Creates an X500Principal from a distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is as follows.


 Name ::= CHOICE {
   RDNSequence }

 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

 RelativeDistinguishedName ::=
   SET SIZE (1 .. MAX) OF AttributeTypeAndValue

 AttributeTypeAndValue ::= SEQUENCE {
   type     AttributeType,
   value    AttributeValue }

 AttributeType ::= OBJECT IDENTIFIER

 AttributeValue ::= ANY DEFINED BY AttributeType
 ....
 DirectoryString ::= CHOICE {
       teletexString           TeletexString (SIZE (1..MAX)),
       printableString         PrintableString (SIZE (1..MAX)),
       universalString         UniversalString (SIZE (1..MAX)),
       utf8String              UTF8String (SIZE (1.. MAX)),
       bmpString               BMPString (SIZE (1..MAX)) }
 

Parameters
name byte: a byte array containing the distinguished name in ASN.1 DER encoded form
Throws
IllegalArgumentException if an encoding error occurs (incorrect form for DN)

X500Principal

Added in API level 1
X500Principal (InputStream is)

Creates an X500Principal from an InputStream containing the distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is supplied in the documentation for X500Principal(byte[] name).

The read position of the input stream is positioned to the next available byte after the encoded distinguished name.

Parameters
is InputStream: an InputStream containing the distinguished name in ASN.1 DER encoded form
Throws
NullPointerException if the InputStream is null
IllegalArgumentException if an encoding error occurs (incorrect form for DN)

Public methods

equals

Added in API level 1
boolean equals (Object o)

Compares the specified Object with this X500Principal for equality.

Specifically, this method returns true if the Object o is an X500Principal and if the respective canonical string representations (obtained via the getName(X500Principal.CANONICAL) method) of this object and o are equal.

This implementation is compliant with the requirements of RFC 3280.

Parameters
o Object: Object to be compared for equality with this X500Principal
Returns
boolean true if the specified Object is equal to this X500Principal, false otherwise

getEncoded

Added in API level 1
byte[] getEncoded ()

Returns the distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is supplied in the documentation for X500Principal(byte[] name).

Note that the byte array returned is cloned to protect against subsequent modifications.

Returns
byte[] a byte array containing the distinguished name in ASN.1 DER encoded form

getName

Added in API level 1
String getName (String format)

Returns a string representation of the X.500 distinguished name using the specified format. Valid values for the format are "RFC1779", "RFC2253", and "CANONICAL" (case insensitive).

If "RFC1779" is specified as the format, this method emits the attribute type keywords defined in RFC 1779 (CN, L, ST, O, OU, C, STREET). Any other attribute type is emitted as an OID.

If "RFC2253" is specified as the format, this method emits the attribute type keywords defined in RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID). Any other attribute type is emitted as an OID. Under a strict reading, RFC 2253 only specifies a UTF-8 string representation. The String returned by this method is the Unicode string achieved by decoding this UTF-8 representation.

If "CANONICAL" is specified as the format, this method returns an RFC 2253 conformant string representation with the following additional canonicalizations:

  1. Leading zeros are removed from attribute types that are encoded as dotted decimal OIDs
  2. DirectoryString attribute values of type PrintableString and UTF8String are not output in hexadecimal format
  3. DirectoryString attribute values of types other than PrintableString and UTF8String are output in hexadecimal format
  4. Leading and trailing white space characters are removed from non-hexadecimal attribute values (unless the value consists entirely of white space characters)
  5. Internal substrings of one or more white space characters are converted to a single space in non-hexadecimal attribute values
  6. Relative Distinguished Names containing more than one Attribute Value Assertion (AVA) are output in the following order: an alphabetical ordering of AVAs containing standard keywords, followed by a numeric ordering of AVAs containing OID keywords.
  7. The only characters in attribute values that are escaped are those which section 2.4 of RFC 2253 states must be escaped (they are escaped using a preceding backslash character)
  8. The entire name is converted to upper case using String.toUpperCase(Locale.US)
  9. The entire name is converted to lower case using String.toLowerCase(Locale.US)
  10. The name is finally normalized using normalization form KD, as described in the Unicode Standard and UAX #15

Additional standard formats may be introduced in the future.

Parameters
format String: the format to use
Returns
String a string representation of this X500Principal using the specified format
Throws
IllegalArgumentException if the specified format is invalid or null

getName

Added in API level 1
String getName ()

Returns a string representation of the X.500 distinguished name using the format defined in RFC 2253.

This method is equivalent to calling getName(X500Principal.RFC2253).

Returns
String the distinguished name of this X500Principal

getName

Added in API level 9
String getName (String format, 
                Map<StringString> oidMap)

Returns a string representation of the X.500 distinguished name using the specified format. Valid values for the format are "RFC1779" and "RFC2253" (case insensitive). "CANONICAL" is not permitted and an IllegalArgumentException will be thrown.

This method returns Strings in the format as specified in getName(String) and also emits additional attribute type keywords for OIDs that have entries in the oidMap parameter. OID entries in the oidMap take precedence over the default OIDs recognized by getName(String). Improperly specified OIDs are ignored; however if an OID in the name maps to an improperly specified keyword, an IllegalArgumentException is thrown.

Additional standard formats may be introduced in the future.

Warning: additional attribute type keywords may not be recognized by other implementations; therefore do not use this method if you are unsure if these keywords will be recognized by other implementations.

Parameters
format String: the format to use
oidMap Map: an OID map, where each key is an object identifier in String form (a sequence of nonnegative integers separated by periods) that maps to a corresponding attribute type keyword String. The map may be empty but never null.
Returns
String a string representation of this X500Principal using the specified format
Throws
IllegalArgumentException if the specified format is invalid, null, or an OID in the name maps to an improperly specified keyword
NullPointerException if oidMap is null

hashCode

Added in API level 1
int hashCode ()

Return a hash code for this X500Principal.

The hash code is calculated via: getName(X500Principal.CANONICAL).hashCode()

Returns
int a hash code for this X500Principal

toString

Added in API level 1
String toString ()

Return a user-friendly string representation of this X500Principal.

Returns
String a string representation of this X500Principal

Hooray!