eu.emi.security.authn.x509.impl
Class X500NameUtils

java.lang.Object
  extended by eu.emi.security.authn.x509.impl.X500NameUtils

public class X500NameUtils
extends Object

Contains utility static methods which are helpful in manipulating X.500 Distinguished Names, especially encoded in String form using RFC 2253.

Author:
K. Benedyczak

Constructor Summary
X500NameUtils()
           
 
Method Summary
static boolean equal(String rfc2253dn1, String rfc2253dn2)
          Convenience method, based on the standard JDK algorithm for DNs comparison.
static boolean equal(X500Principal dn, String rfc2253dn2)
          Convenience method for DN comparison.
static Set<ASN1ObjectIdentifier> getAttributeNames(String srcDn)
          Returns a set with all attribute identifiers which are present in the passed DN.
static Set<ASN1ObjectIdentifier> getAttributeNames(X500Principal srcDn)
          Returns a set with all attribute identifiers which are present in the passed DN.
static String[] getAttributeValues(String srcDn, ASN1ObjectIdentifier attribute)
          Returns an array of values of a provided attribute from the DN.
static String[] getAttributeValues(X500Principal srcDn, ASN1ObjectIdentifier attribute)
          Returns an array of values of a provided attribute from the DN.
static String getComparableForm(String srcDn)
          Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is suitable for string comparison.
static String getPortableRFC2253Form(String srcDn)
          Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is strictly RFC2253 and is guaranteed to be correctly parsed by the JDK methods.
static String getReadableForm(String srcDn)
          Returns a human-readable representation of this DN.
static String getReadableForm(X500Principal srcDn)
          Returns a human-readable representation of this DN.
static X500Principal getX500Principal(String rfcDn)
          Constructs a X500Principal object from a RFC 2253 string.
static boolean rfc3280Equal(X500Principal dn, X500Principal dn2)
          Uses the strict RFC 3280 algorithm to compare two DNs.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

X500NameUtils

public X500NameUtils()
Method Detail

equal

public static boolean equal(String rfc2253dn1,
                            String rfc2253dn2)
                     throws IllegalArgumentException
Convenience method, based on the standard JDK algorithm for DNs comparison. However this method is less strict then the original: it compares DC and EMAIL attributes in a case insensitive way. Input arguments with values encoded in hex are also correctly handled. What is more it supports DNs with attribute names normally not recognized by the X500Principial class.

Parameters:
rfc2253dn1 - to be compared (need not to strictly follow the RFC encoding)
rfc2253dn2 - to be compared (need not to strictly follow the RFC encoding)
Returns:
true if DNs are equivalent
Throws:
IllegalArgumentException - if at least one of the DNs can not be parsed

equal

public static boolean equal(X500Principal dn,
                            String rfc2253dn2)
                     throws IllegalArgumentException
Convenience method for DN comparison. Is is equivalent to usage of the equal(String, String), after retrieving a String representation of the first argument.

Parameters:
dn - to be compared
rfc2253dn2 - to be compared
Returns:
true if DNs are equivalent
Throws:
IllegalArgumentException - if the String DN can not be parsed

rfc3280Equal

public static boolean rfc3280Equal(X500Principal dn,
                                   X500Principal dn2)
Uses the strict RFC 3280 algorithm to compare two DNs. This method should be used when both arguments were retrieved directly from the certificate, and therefore possess the full type information for the attributes forming the DNs.

Note 1: that in certain situations it is possible to get a false answer when comparing DNs with this method, while other DN equality tests from this class (operating on String DN representations) return true.

Note 2: it is nearly always wrong to convert a string representation of a DN to the X500Principal object and then to compare it against another using this method. In such a case always use the other equal methods from this class with one or two String arguments.

Note 3: this implementation is actually delegating to the JDK's X500Principal equals method, which seems to follow (one of the versions of) the rules of the RFC.

Parameters:
dn - to be compared
dn2 - to be compared
Returns:
if DNs are equivalent

getReadableForm

public static String getReadableForm(String srcDn)
                              throws IllegalArgumentException
Returns a human-readable representation of this DN. The output is very similar to the output of X500Principial.getName() but additional attributes like EMAIL are recognized, correctly parsed and are not output as OIDs.

Note: it may happen that output of this method won't be parseable by the X500Principal constructor.

Parameters:
srcDn - to be output
Returns:
human readable form
Throws:
IllegalArgumentException - if the source DN can not be parsed

getReadableForm

public static String getReadableForm(X500Principal srcDn)
Returns a human-readable representation of this DN. The output is very similar to the output of X500Principial.toString() but additional attributes like EMAIL are recognized and are not output as OIDs.

Note: it may happen that output of this method won't be parseable by the X500Principal constructor.

Parameters:
srcDn - to be output
Returns:
human readable form

getPortableRFC2253Form

public static String getPortableRFC2253Form(String srcDn)
Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is strictly RFC2253 and is guaranteed to be correctly parsed by the JDK methods. What is more it should be correctly parsed by other implementations. However this form can be not human readable.

Parameters:
srcDn - to be reformatted
Returns:
portable, RFC 2253 form

getComparableForm

public static String getComparableForm(String srcDn)
Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is suitable for string comparison. I.e. it is guaranteed that all equivalent DNs will result in the same string. This method do not guarantee that always two non equivalent DNs produce a different output: this can not be guaranteed as there is no information on attribute type in the source DN. However this is unlikely.

Parameters:
srcDn - input to be reformatted
Returns:
string-comparable form
Since:
1.1.0

getAttributeValues

public static String[] getAttributeValues(String srcDn,
                                          ASN1ObjectIdentifier attribute)
                                   throws IllegalArgumentException
Returns an array of values of a provided attribute from the DN. Usually the returned array contains only a single value. 0-length array is returned if the attribute is not present. If attribute is present in multiple RDNs all values are returned. Note that values which are returned are converted to String. Values which can't be string encoded, are returned as HEX string (starting with '#'). Note that it may happen that even if you passed a DN with attribute encoded in HEX you will get its string representation - if it is only possible to retrieve it for the attribute.

Parameters:
srcDn - DN to be parsed in RFC 2253 form
attribute - to be retrieved. JavaAndBCStyle class and its parent contain useful constants.
Returns:
array of attribute values, decoded
Throws:
IllegalArgumentException - if the provided DN can not be parsed

getAttributeValues

public static String[] getAttributeValues(X500Principal srcDn,
                                          ASN1ObjectIdentifier attribute)
Returns an array of values of a provided attribute from the DN. See getAttributeValues(String, ASN1ObjectIdentifier) for details.

Parameters:
srcDn - DN to be parsed in RFC 2253 form
attribute - to be retrieved JavaAndBCStyle class and its parent contain useful constants.
Returns:
array of attribute values, decoded

getAttributeNames

public static Set<ASN1ObjectIdentifier> getAttributeNames(String srcDn)
Returns a set with all attribute identifiers which are present in the passed DN.

Parameters:
srcDn - DN to be examined
Returns:
array of all attribute ids

getAttributeNames

public static Set<ASN1ObjectIdentifier> getAttributeNames(X500Principal srcDn)
Returns a set with all attribute identifiers which are present in the passed DN.

Parameters:
srcDn - DN to be examined
Returns:
array of all attribute ids

getX500Principal

public static X500Principal getX500Principal(String rfcDn)
                                      throws IOException
Constructs a X500Principal object from a RFC 2253 string. This method can handle DNs with attributes not supported by the X500Principal constructor.

Parameters:
rfcDn - RFC 2253 DN
Returns:
the created object
Throws:
IOException


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.