Package eu.emi.security.authn.x509.impl

Class X500NameUtils

java.lang.Object
eu.emi.security.authn.x509.impl.X500NameUtils
public class X500NameUtils extends Object
Contains utility static methods which are helpful in manipulating X.500 Distinguished Names, especially encoded in String form using RFC 2253.
Author:
K. Benedyczak

  • Constructor Details

    • X500NameUtils

      public X500NameUtils()

  • Method Details

    • equal

      public static boolean equal(String rfc2253dn1, String rfc2253dn2) throws IllegalArgumentException
      Convenience method, based on the standard JDK algorithm for DNs comparison. However this method is less strict then the original: it compares DC and EMAIL attributes in a case insensitive way. Input arguments with values encoded in hex are also correctly handled. What is more it supports DNs with attribute names normally not recognized by the X500Principial class.
      Parameters:
      rfc2253dn1 - to be compared (need not to strictly follow the RFC encoding)
      rfc2253dn2 - to be compared (need not to strictly follow the RFC encoding)
      Returns:
      true if DNs are equivalent
      Throws:
      IllegalArgumentException - if at least one of the DNs can not be parsed

    • equal

      public static boolean equal(X500Principal dn, String rfc2253dn2) throws IllegalArgumentException
      Convenience method for DN comparison. Is is equivalent to usage of the equal(String, String), after retrieving a String representation of the first argument.
      Parameters:
      dn - to be compared
      rfc2253dn2 - to be compared
      Returns:
      true if DNs are equivalent
      Throws:
      IllegalArgumentException - if the String DN can not be parsed

    • rfc3280Equal

      public static boolean rfc3280Equal(X500Principal dn, X500Principal dn2)
      Uses the strict RFC 3280 algorithm to compare two DNs. This method should be used when both arguments were retrieved directly from the certificate, and therefore possess the full type information for the attributes forming the DNs.

      Note 1: that in certain situations it is possible to get a false answer when comparing DNs with this method, while other DN equality tests from this class (operating on String DN representations) return true.

      Note 2: it is nearly always wrong to convert a string representation of a DN to the X500Principal object and then to compare it against another using this method. In such a case always use the other equal methods from this class with one or two String arguments.

      Note 3: this implementation is actually delegating to the JDK's X500Principal equals method, which seems to follow (one of the versions of) the rules of the RFC.

      Parameters:
      dn - to be compared
      dn2 - to be compared
      Returns:
      if DNs are equivalent

    • getReadableForm

      public static String getReadableForm(String srcDn) throws IllegalArgumentException
      Returns a human-readable representation of this DN. The output is very similar to the output of X500Principial.getName() but additional attributes like EMAIL are recognized, correctly parsed and are not output as OIDs.

      Note: it may happen that output of this method won't be parseable by the X500Principal constructor.

      Parameters:
      srcDn - to be output
      Returns:
      human readable form
      Throws:
      IllegalArgumentException - if the source DN can not be parsed

    • getReadableForm

      public static String getReadableForm(X500Principal srcDn)
      Returns a human-readable representation of this DN. The output is very similar to the output of X500Principial.toString() but additional attributes like EMAIL are recognized and are not output as OIDs.

      Note: it may happen that output of this method won't be parseable by the X500Principal constructor.

      Parameters:
      srcDn - to be output
      Returns:
      human readable form

    • getPortableRFC2253Form

      public static String getPortableRFC2253Form(String srcDn)
      Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is strictly RFC2253 and is guaranteed to be correctly parsed by the JDK methods. What is more it should be correctly parsed by other implementations. However this form can be not human readable.
      Parameters:
      srcDn - to be reformatted
      Returns:
      portable, RFC 2253 form

    • getComparableForm

      public static String getComparableForm(String srcDn)
      Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is suitable for string comparison. I.e. it is guaranteed that all equivalent DNs will result in the same string. This method do not guarantee that always two non equivalent DNs produce a different output: this can not be guaranteed as there is no information on attribute type in the source DN. However this is unlikely.
      Parameters:
      srcDn - input to be reformatted
      Returns:
      string-comparable form
      Since:
      1.1.0

    • getAttributeValues

      public static String[] getAttributeValues(String srcDn, org.bouncycastle.asn1.ASN1ObjectIdentifier attribute) throws IllegalArgumentException
      Returns an array of values of a provided attribute from the DN. Usually the returned array contains only a single value. 0-length array is returned if the attribute is not present. If attribute is present in multiple RDNs all values are returned. Note that values which are returned are converted to String. Values which can't be string encoded, are returned as HEX string (starting with '#'). Note that it may happen that even if you passed a DN with attribute encoded in HEX you will get its string representation - if it is only possible to retrieve it for the attribute.
      Parameters:
      srcDn - DN to be parsed in RFC 2253 form
      attribute - to be retrieved. JavaAndBCStyle class and its parent contain useful constants.
      Returns:
      array of attribute values, decoded
      Throws:
      IllegalArgumentException - if the provided DN can not be parsed

    • getAttributeValues

      public static String[] getAttributeValues(X500Principal srcDn, org.bouncycastle.asn1.ASN1ObjectIdentifier attribute)
      Returns an array of values of a provided attribute from the DN. See getAttributeValues(String, ASN1ObjectIdentifier) for details.
      Parameters:
      srcDn - DN to be parsed in RFC 2253 form
      attribute - to be retrieved JavaAndBCStyle class and its parent contain useful constants.
      Returns:
      array of attribute values, decoded

    • getAttributeNames

      public static Set<org.bouncycastle.asn1.ASN1ObjectIdentifier> getAttributeNames(String srcDn)
      Returns a set with all attribute identifiers which are present in the passed DN.
      Parameters:
      srcDn - DN to be examined
      Returns:
      array of all attribute ids

    • getAttributeNames

      public static Set<org.bouncycastle.asn1.ASN1ObjectIdentifier> getAttributeNames(X500Principal srcDn)
      Returns a set with all attribute identifiers which are present in the passed DN.
      Parameters:
      srcDn - DN to be examined
      Returns:
      array of all attribute ids

    • getX500Principal

      public static X500Principal getX500Principal(String rfcDn) throws IOException
      Constructs a X500Principal object from a RFC 2253 string. This method can handle DNs with attributes not supported by the X500Principal constructor.
      Parameters:
      rfcDn - RFC 2253 DN
      Returns:
      the created object
      Throws:
      IOException - IO exception