Package eu.emi.security.authn.x509.impl

Class X500NameUtils

  • public class X500NameUtils
extends java.lang.Object
    Contains utility static methods which are helpful in manipulating X.500 Distinguished Names, especially encoded in String form using RFC 2253.
    Author:
    K. Benedyczak

    • Constructor Summary

      Constructors 
      Constructor Description
      X500NameUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static boolean equal​(java.lang.String rfc2253dn1, java.lang.String rfc2253dn2)
      Convenience method, based on the standard JDK algorithm for DNs comparison.
      static boolean equal​(javax.security.auth.x500.X500Principal dn, java.lang.String rfc2253dn2)
      Convenience method for DN comparison.
      static java.util.Set<org.bouncycastle.asn1.ASN1ObjectIdentifier> getAttributeNames​(java.lang.String srcDn)
      Returns a set with all attribute identifiers which are present in the passed DN.
      static java.util.Set<org.bouncycastle.asn1.ASN1ObjectIdentifier> getAttributeNames​(javax.security.auth.x500.X500Principal srcDn)
      Returns a set with all attribute identifiers which are present in the passed DN.
      static java.lang.String[] getAttributeValues​(java.lang.String srcDn, org.bouncycastle.asn1.ASN1ObjectIdentifier attribute)
      Returns an array of values of a provided attribute from the DN.
      static java.lang.String[] getAttributeValues​(javax.security.auth.x500.X500Principal srcDn, org.bouncycastle.asn1.ASN1ObjectIdentifier attribute)
      Returns an array of values of a provided attribute from the DN.
      static java.lang.String getComparableForm​(java.lang.String srcDn)
      Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is suitable for string comparison.
      static java.lang.String getPortableRFC2253Form​(java.lang.String srcDn)
      Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is strictly RFC2253 and is guaranteed to be correctly parsed by the JDK methods.
      static java.lang.String getReadableForm​(java.lang.String srcDn)
      Returns a human-readable representation of this DN.
      static java.lang.String getReadableForm​(javax.security.auth.x500.X500Principal srcDn)
      Returns a human-readable representation of this DN.
      static javax.security.auth.x500.X500Principal getX500Principal​(java.lang.String rfcDn)
      Constructs a X500Principal object from a RFC 2253 string.
      static boolean rfc3280Equal​(javax.security.auth.x500.X500Principal dn, javax.security.auth.x500.X500Principal dn2)
      Uses the strict RFC 3280 algorithm to compare two DNs.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • X500NameUtils

        public X500NameUtils()

    • Method Detail

      • equal

        public static boolean equal​(java.lang.String rfc2253dn1,
                            java.lang.String rfc2253dn2)
                     throws java.lang.IllegalArgumentException
        Convenience method, based on the standard JDK algorithm for DNs comparison. However this method is less strict then the original: it compares DC and EMAIL attributes in a case insensitive way. Input arguments with values encoded in hex are also correctly handled. What is more it supports DNs with attribute names normally not recognized by the X500Principial class.
        Parameters:
        rfc2253dn1 - to be compared (need not to strictly follow the RFC encoding)
        rfc2253dn2 - to be compared (need not to strictly follow the RFC encoding)
        Returns:
        true if DNs are equivalent
        Throws:
        java.lang.IllegalArgumentException - if at least one of the DNs can not be parsed

      • equal

        public static boolean equal​(javax.security.auth.x500.X500Principal dn,
                            java.lang.String rfc2253dn2)
                     throws java.lang.IllegalArgumentException
        Convenience method for DN comparison. Is is equivalent to usage of the equal(String, String), after retrieving a String representation of the first argument.
        Parameters:
        dn - to be compared
        rfc2253dn2 - to be compared
        Returns:
        true if DNs are equivalent
        Throws:
        java.lang.IllegalArgumentException - if the String DN can not be parsed

      • rfc3280Equal

        public static boolean rfc3280Equal​(javax.security.auth.x500.X500Principal dn,
                                   javax.security.auth.x500.X500Principal dn2)
        Uses the strict RFC 3280 algorithm to compare two DNs. This method should be used when both arguments were retrieved directly from the certificate, and therefore possess the full type information for the attributes forming the DNs.

        Note 1: that in certain situations it is possible to get a false answer when comparing DNs with this method, while other DN equality tests from this class (operating on String DN representations) return true.

        Note 2: it is nearly always wrong to convert a string representation of a DN to the X500Principal object and then to compare it against another using this method. In such a case always use the other equal methods from this class with one or two String arguments.

        Note 3: this implementation is actually delegating to the JDK's X500Principal equals method, which seems to follow (one of the versions of) the rules of the RFC.

        Parameters:
        dn - to be compared
        dn2 - to be compared
        Returns:
        if DNs are equivalent

      • getReadableForm

        public static java.lang.String getReadableForm​(java.lang.String srcDn)
                                        throws java.lang.IllegalArgumentException
        Returns a human-readable representation of this DN. The output is very similar to the output of X500Principial.getName() but additional attributes like EMAIL are recognized, correctly parsed and are not output as OIDs.

        Note: it may happen that output of this method won't be parseable by the X500Principal constructor.

        Parameters:
        srcDn - to be output
        Returns:
        human readable form
        Throws:
        java.lang.IllegalArgumentException - if the source DN can not be parsed

      • getReadableForm

        public static java.lang.String getReadableForm​(javax.security.auth.x500.X500Principal srcDn)
        Returns a human-readable representation of this DN. The output is very similar to the output of X500Principial.toString() but additional attributes like EMAIL are recognized and are not output as OIDs.

        Note: it may happen that output of this method won't be parseable by the X500Principal constructor.

        Parameters:
        srcDn - to be output
        Returns:
        human readable form

      • getPortableRFC2253Form

        public static java.lang.String getPortableRFC2253Form​(java.lang.String srcDn)
        Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is strictly RFC2253 and is guaranteed to be correctly parsed by the JDK methods. What is more it should be correctly parsed by other implementations. However this form can be not human readable.
        Parameters:
        srcDn - to be reformatted
        Returns:
        portable, RFC 2253 form

      • getComparableForm

        public static java.lang.String getComparableForm​(java.lang.String srcDn)
        Returns a form of the source DN in RFC 2253 form (or similar - some minor format violations are properly handled) which is suitable for string comparison. I.e. it is guaranteed that all equivalent DNs will result in the same string. This method do not guarantee that always two non equivalent DNs produce a different output: this can not be guaranteed as there is no information on attribute type in the source DN. However this is unlikely.
        Parameters:
        srcDn - input to be reformatted
        Returns:
        string-comparable form
        Since:
        1.1.0

      • getAttributeValues

        public static java.lang.String[] getAttributeValues​(java.lang.String srcDn,
                                                    org.bouncycastle.asn1.ASN1ObjectIdentifier attribute)
                                             throws java.lang.IllegalArgumentException
        Returns an array of values of a provided attribute from the DN. Usually the returned array contains only a single value. 0-length array is returned if the attribute is not present. If attribute is present in multiple RDNs all values are returned. Note that values which are returned are converted to String. Values which can't be string encoded, are returned as HEX string (starting with '#'). Note that it may happen that even if you passed a DN with attribute encoded in HEX you will get its string representation - if it is only possible to retrieve it for the attribute.
        Parameters:
        srcDn - DN to be parsed in RFC 2253 form
        attribute - to be retrieved. JavaAndBCStyle class and its parent contain useful constants.
        Returns:
        array of attribute values, decoded
        Throws:
        java.lang.IllegalArgumentException - if the provided DN can not be parsed

      • getAttributeValues

        public static java.lang.String[] getAttributeValues​(javax.security.auth.x500.X500Principal srcDn,
                                                    org.bouncycastle.asn1.ASN1ObjectIdentifier attribute)
        Returns an array of values of a provided attribute from the DN. See getAttributeValues(String, ASN1ObjectIdentifier) for details.
        Parameters:
        srcDn - DN to be parsed in RFC 2253 form
        attribute - to be retrieved JavaAndBCStyle class and its parent contain useful constants.
        Returns:
        array of attribute values, decoded

      • getAttributeNames

        public static java.util.Set<org.bouncycastle.asn1.ASN1ObjectIdentifier> getAttributeNames​(java.lang.String srcDn)
        Returns a set with all attribute identifiers which are present in the passed DN.
        Parameters:
        srcDn - DN to be examined
        Returns:
        array of all attribute ids

      • getAttributeNames

        public static java.util.Set<org.bouncycastle.asn1.ASN1ObjectIdentifier> getAttributeNames​(javax.security.auth.x500.X500Principal srcDn)
        Returns a set with all attribute identifiers which are present in the passed DN.
        Parameters:
        srcDn - DN to be examined
        Returns:
        array of all attribute ids

      • getX500Principal

        public static javax.security.auth.x500.X500Principal getX500Principal​(java.lang.String rfcDn)
                                                               throws java.io.IOException
        Constructs a X500Principal object from a RFC 2253 string. This method can handle DNs with attributes not supported by the X500Principal constructor.
        Parameters:
        rfcDn - RFC 2253 DN
        Returns:
        the created object
        Throws:
        java.io.IOException - IO exception