OpenJDK 1.23 · javax.security.auth.x500.X500Principal

Modifier and Type	Field and Description
public static final String	CANONICAL Canonical String format of Distinguished Names.
public static final String	RFC1779 RFC 1779 String format of Distinguished Names.
public static final String	RFC2253 RFC 2253 String format of Distinguished Names.
private static final long	serialVersionUID
private transient X500Name	thisX500Name The X500Name representing this principal.

Access	Constructor and Description
pack-priv	X500Principal(X500Name x500Name) Creates an X500Principal by wrapping an X500Name.
public	X500Principal(String an X.500 distinguished name in RFC 1779 or RFC 2253 format name) Creates an `X500Principal` from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").
public	X500Principal(String an X.500 distinguished name in RFC 1779 or RFC 2253 format name, Map<String, String> an attribute type keyword map, where each key is a keyword String that maps to a corresponding object identifier in String form (a sequence of nonnegative integers separated by periods). The map may be empty but never `null`. keywordMap) Creates an `X500Principal` from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US").
public	X500Principal(byte[] a byte array containing the distinguished name in ASN.1 DER encoded form name) Creates an `X500Principal` from a distinguished name in ASN.1 DER encoded form.
public	X500Principal(InputStream an `InputStream` containing the distinguished name in ASN.1 DER encoded form is) Creates an `X500Principal` from an `InputStream` containing the distinguished name in ASN.1 DER encoded form.

Method Summary

Modifier and Type	Method and Description
public boolean	Returns: `true` if the specified `Object` is equal to this `X500Principal`, `false` otherwise equals(Object Object to be compared for equality with this `X500Principal` o) Overrides java.lang.Object.equals. Implements java.security.Principal.equals. Compares the specified `Object` with this `X500Principal` for equality.
public byte[]	Returns: a byte array containing the distinguished name in ASN.1 DER encoded form getEncoded() Returns the distinguished name in ASN.1 DER encoded form.
public String	Returns: the distinguished name of this `X500Principal` getName() Implements java.security.Principal.getName. Returns a string representation of the X.500 distinguished name using the format defined in RFC 2253.
public String	Returns: a string representation of this `X500Principal` using the specified format getName(String the format to use format) Returns a string representation of the X.500 distinguished name using the specified format.
public String	Returns: a string representation of this `X500Principal` using the specified format getName(String the format to use format, Map<String, String> an OID map, where each key is an object identifier in String form (a sequence of nonnegative integers separated by periods) that maps to a corresponding attribute type keyword String. The map may be empty but never `null`. oidMap) Returns a string representation of the X.500 distinguished name using the specified format.
public int	Returns: a hash code for this `X500Principal` hashCode() Overrides java.lang.Object.hashCode. Implements java.security.Principal.hashCode. Returns a hash code for this `X500Principal`.
private void	readObject(ObjectInputStream the `ObjectInputStream` from which data is read s) Reads this object from a stream (i.e., deserializes it).
public String	Returns: a string representation of this `X500Principal` toString() Overrides java.lang.Object.toString. Implements java.security.Principal.toString. Return a user-friendly string representation of this `X500Principal`.
private void	writeObject(ObjectOutputStream the `ObjectOutputStream` to which data is written s) Save the X500Principal object to a stream.

Inherited from java.lang.Object:: clone finalize getClass notify notifyAll wait wait wait

Field Detail

CANONICAL	back to summary
public static final String CANONICAL Canonical String format of Distinguished Names.

RFC1779	back to summary
public static final String RFC1779 RFC 1779 String format of Distinguished Names.

RFC2253	back to summary
public static final String RFC2253 RFC 2253 String format of Distinguished Names.

serialVersionUID	back to summary
private static final long serialVersionUID Annotations @Serial

thisX500Name	back to summary
private transient X500Name thisX500Name The X500Name representing this principal. Note this field is accessed using shared secrets from within X500Name.

Constructor Detail

X500Principal	back to summary
pack-priv X500Principal(X500Name x500Name) Creates an X500Principal by wrapping an X500Name. Note The constructor is package private. It is intended to be accessed using shared secrets from classes in sun.security.*. Currently, it is referenced from sun.security.x509.X500Name.asX500Principal().

X500Principal back to summary

X500Principal	back to summary
public X500Principal(String name) Creates an `X500Principal` from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"). The distinguished name must be specified using the grammar defined in RFC 1779 or RFC 2253 (either format is acceptable). This constructor recognizes the attribute type keywords defined in RFC 1779 and RFC 2253 (and listed in `getName(String format)`), as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS, GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object Identifiers (OIDs) are defined in RFC 5280. Any other attribute type must be specified as an OID. This implementation enforces a more restrictive OID syntax than defined in RFC 1779 and 2253. It uses the more correct syntax defined in RFC 4512, which specifies that OIDs contain at least 2 digits: `numericoid = number 1*( DOT number )` Parameters name:String an X.500 distinguished name in RFC 1779 or RFC 2253 format Exceptions NullPointerException: if the `name` is `null` IllegalArgumentException: if the `name` is improperly specified

public X500Principal(String name)

Creates an X500Principal from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"). The distinguished name must be specified using the grammar defined in RFC 1779 or RFC 2253 (either format is acceptable).

This constructor recognizes the attribute type keywords defined in RFC 1779 and RFC 2253 (and listed in getName(String format)), as well as the T, DNQ or DNQUALIFIER, SURNAME, GIVENNAME, INITIALS, GENERATION, EMAILADDRESS, and SERIALNUMBER keywords whose Object Identifiers (OIDs) are defined in RFC 5280. Any other attribute type must be specified as an OID.

This implementation enforces a more restrictive OID syntax than defined in RFC 1779 and 2253. It uses the more correct syntax defined in RFC 4512, which specifies that OIDs contain at least 2 digits:

numericoid = number 1*( DOT number )

Parameters

name:String: an X.500 distinguished name in RFC 1779 or RFC 2253 format

Exceptions

NullPointerException:: if the name is null
IllegalArgumentException:: if the name is improperly specified

X500Principal back to summary

X500Principal	back to summary
public X500Principal(String name, Map<String, String> keywordMap) Creates an `X500Principal` from a string representation of an X.500 distinguished name (ex: "CN=Duke, OU=JavaSoft, O=Sun Microsystems, C=US"). The distinguished name must be specified using the grammar defined in RFC 1779 or RFC 2253 (either format is acceptable). This constructor recognizes the attribute type keywords specified in `X500Principal(String)` and also recognizes additional keywords that have entries in the `keywordMap` parameter. Keyword entries in the keywordMap take precedence over the default keywords recognized by `X500Principal(String)`. Keywords MUST be specified in all upper-case, otherwise they will be ignored. Improperly specified keywords are ignored; however if a keyword in the name maps to an improperly specified Object Identifier (OID), an `IllegalArgumentException` is thrown. It is permissible to have 2 different keywords that map to the same OID. This implementation enforces a more restrictive OID syntax than defined in RFC 1779 and 2253. It uses the more correct syntax defined in RFC 4512, which specifies that OIDs contain at least 2 digits: `numericoid = number 1*( DOT number )` Parameters name:String an X.500 distinguished name in RFC 1779 or RFC 2253 format keywordMap:Map<String, String> an attribute type keyword map, where each key is a keyword String that maps to a corresponding object identifier in String form (a sequence of nonnegative integers separated by periods). The map may be empty but never `null`. Exceptions NullPointerException: if `name` or `keywordMap` is `null` IllegalArgumentException: if the `name` is improperly specified or a keyword in the `name` maps to an OID that is not in the correct form Since 1.6

public X500Principal(String name, Map<String, String> keywordMap)

This constructor recognizes the attribute type keywords specified in X500Principal(String) and also recognizes additional keywords that have entries in the keywordMap parameter. Keyword entries in the keywordMap take precedence over the default keywords recognized by X500Principal(String). Keywords MUST be specified in all upper-case, otherwise they will be ignored. Improperly specified keywords are ignored; however if a keyword in the name maps to an improperly specified Object Identifier (OID), an IllegalArgumentException is thrown. It is permissible to have 2 different keywords that map to the same OID.

This implementation enforces a more restrictive OID syntax than defined in RFC 1779 and 2253. It uses the more correct syntax defined in RFC 4512, which specifies that OIDs contain at least 2 digits:

numericoid = number 1*( DOT number )

Parameters

name:String: an X.500 distinguished name in RFC 1779 or RFC 2253 format
keywordMap:Map<String, String>: an attribute type keyword map, where each key is a keyword String that maps to a corresponding object identifier in String form (a sequence of nonnegative integers separated by periods). The map may be empty but never null.

Exceptions

NullPointerException:: if name or keywordMap is null
IllegalArgumentException:: if the name is improperly specified or a keyword in the name maps to an OID that is not in the correct form

Since

1.6

X500Principal back to summary

X500Principal	back to summary
public X500Principal(byte[] name) Creates an `X500Principal` from a distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is as follows. Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType .... DirectoryString ::= CHOICE { teletexString TeletexString (SIZE (1..MAX)), printableString PrintableString (SIZE (1..MAX)), universalString UniversalString (SIZE (1..MAX)), utf8String UTF8String (SIZE (1.. MAX)), bmpString BMPString (SIZE (1..MAX)) } Parameters name:byte[] a byte array containing the distinguished name in ASN.1 DER encoded form Exceptions IllegalArgumentException: if an encoding error occurs (incorrect form for DN)

public X500Principal(byte[] name)

Creates an X500Principal from a distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is as follows.

Name ::= CHOICE {
  RDNSequence }

RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

RelativeDistinguishedName ::=
  SET SIZE (1 .. MAX) OF AttributeTypeAndValue

AttributeTypeAndValue ::= SEQUENCE {
  type     AttributeType,
  value    AttributeValue }

AttributeType ::= OBJECT IDENTIFIER

AttributeValue ::= ANY DEFINED BY AttributeType
....
DirectoryString ::= CHOICE {
      teletexString           TeletexString (SIZE (1..MAX)),
      printableString         PrintableString (SIZE (1..MAX)),
      universalString         UniversalString (SIZE (1..MAX)),
      utf8String              UTF8String (SIZE (1.. MAX)),
      bmpString               BMPString (SIZE (1..MAX)) }

Parameters

name:byte[]: a byte array containing the distinguished name in ASN.1 DER encoded form

Exceptions

IllegalArgumentException:: if an encoding error occurs (incorrect form for DN)

X500Principal back to summary

X500Principal	back to summary
public X500Principal(InputStream is) Creates an `X500Principal` from an `InputStream` containing the distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is supplied in the documentation for `X500Principal(byte[] name)`. The read position of the input stream is positioned to the next available byte after the encoded distinguished name. Parameters is:InputStream an `InputStream` containing the distinguished name in ASN.1 DER encoded form Exceptions NullPointerException: if the `InputStream` is `null` IllegalArgumentException: if an encoding error occurs (incorrect form for DN)

public X500Principal(InputStream is)

Creates an X500Principal from an InputStream containing the distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is supplied in the documentation for X500Principal(byte[] name).

The read position of the input stream is positioned to the next available byte after the encoded distinguished name.

Parameters

is:InputStream: an InputStream containing the distinguished name in ASN.1 DER encoded form

Exceptions

NullPointerException:: if the InputStream is null
IllegalArgumentException:: if an encoding error occurs (incorrect form for DN)

Method Detail

equals back to summary

equals	back to summary
public boolean equals(Object o) Overrides java.lang.Object.equals. Implements java.security.Principal.equals. Compares the specified `Object` with this `X500Principal` for equality. Specifically, this method returns `true` if the `Object` o is an `X500Principal` and if the respective canonical string representations (obtained via the `getName(X500Principal.CANONICAL)` method) of this object and o are equal. This implementation is compliant with the requirements of RFC 5280. Parameters o:Object Object to be compared for equality with this `X500Principal` Returns:boolean `true` if the specified `Object` is equal to this `X500Principal`, `false` otherwise Annotations @Override

public boolean equals(Object o)

Overrides java.lang.Object.equals.

Implements java.security.Principal.equals.

Compares the specified Object with this X500Principal for equality.

Specifically, this method returns true if the Object o is an X500Principal and if the respective canonical string representations (obtained via the getName(X500Principal.CANONICAL) method) of this object and o are equal.

This implementation is compliant with the requirements of RFC 5280.

Parameters

o:Object: Object to be compared for equality with this X500Principal

Returns:boolean

true if the specified Object is equal to this X500Principal, false otherwise

Annotations

@Override

getEncoded back to summary

getEncoded	back to summary
public byte[] getEncoded() Returns the distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is supplied in the documentation for `X500Principal(byte[] name)`. Note that the byte array returned is cloned to protect against subsequent modifications. Returns:byte[] a byte array containing the distinguished name in ASN.1 DER encoded form

public byte[] getEncoded()

Returns the distinguished name in ASN.1 DER encoded form. The ASN.1 notation for this structure is supplied in the documentation for X500Principal(byte[] name).

Note that the byte array returned is cloned to protect against subsequent modifications.

Returns:byte[]: a byte array containing the distinguished name in ASN.1 DER encoded form

getName back to summary

getName	back to summary
public String getName() Implements java.security.Principal.getName. Returns a string representation of the X.500 distinguished name using the format defined in RFC 2253. This method is equivalent to calling `getName(X500Principal.RFC2253)`. Returns:String the distinguished name of this `X500Principal`

public String getName()

Implements java.security.Principal.getName.

Returns a string representation of the X.500 distinguished name using the format defined in RFC 2253.

This method is equivalent to calling getName(X500Principal.RFC2253).

Returns:String: the distinguished name of this X500Principal

getName back to summary

getName	back to summary
public String getName(String format) Returns a string representation of the X.500 distinguished name using the specified format. Valid values for the format are "RFC1779", "RFC2253", and "CANONICAL" (case-insensitive). If "RFC1779" is specified as the format, this method emits the attribute type keywords defined in RFC 1779 (CN, L, ST, O, OU, C, STREET). Any other attribute type is emitted as an OID. If "RFC2253" is specified as the format, this method emits the attribute type keywords defined in RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID). Any other attribute type is emitted as an OID. Under a strict reading, RFC 2253 only specifies a UTF-8 string representation. The String returned by this method is the Unicode string achieved by decoding this UTF-8 representation. If "CANONICAL" is specified as the format, this method returns an RFC 2253 conformant string representation with the following additional canonicalizations: Leading zeros are removed from attribute types that are encoded as dotted decimal OIDs DirectoryString attribute values of type PrintableString and UTF8String are not output in hexadecimal format DirectoryString attribute values of types other than PrintableString and UTF8String are output in hexadecimal format Leading and trailing white space characters are removed from non-hexadecimal attribute values (unless the value consists entirely of white space characters) Internal substrings of one or more white space characters are converted to a single space in non-hexadecimal attribute values Relative Distinguished Names containing more than one Attribute Value Assertion (AVA) are output in the following order: an alphabetical ordering of AVAs containing standard keywords, followed by a numeric ordering of AVAs containing OID keywords. The only characters in attribute values that are escaped are those which section 2.4 of RFC 2253 states must be escaped (they are escaped using a preceding backslash character) The entire name is converted to upper case using `String.toUpperCase(Locale.US)` The entire name is converted to lower case using `String.toLowerCase(Locale.US)` The name is finally normalized using normalization form KD, as described in the Unicode Standard and UAX #15 Additional standard formats may be introduced in the future. Parameters format:String the format to use Returns:String a string representation of this `X500Principal` using the specified format Exceptions IllegalArgumentException: if the specified format is invalid or null

public String getName(String format)

Returns a string representation of the X.500 distinguished name using the specified format. Valid values for the format are "RFC1779", "RFC2253", and "CANONICAL" (case-insensitive).

If "RFC1779" is specified as the format, this method emits the attribute type keywords defined in RFC 1779 (CN, L, ST, O, OU, C, STREET). Any other attribute type is emitted as an OID.

If "RFC2253" is specified as the format, this method emits the attribute type keywords defined in RFC 2253 (CN, L, ST, O, OU, C, STREET, DC, UID). Any other attribute type is emitted as an OID. Under a strict reading, RFC 2253 only specifies a UTF-8 string representation. The String returned by this method is the Unicode string achieved by decoding this UTF-8 representation.

If "CANONICAL" is specified as the format, this method returns an RFC 2253 conformant string representation with the following additional canonicalizations:

Leading zeros are removed from attribute types that are encoded as dotted decimal OIDs
DirectoryString attribute values of type PrintableString and UTF8String are not output in hexadecimal format
DirectoryString attribute values of types other than PrintableString and UTF8String are output in hexadecimal format
Leading and trailing white space characters are removed from non-hexadecimal attribute values (unless the value consists entirely of white space characters)
Internal substrings of one or more white space characters are converted to a single space in non-hexadecimal attribute values
Relative Distinguished Names containing more than one Attribute Value Assertion (AVA) are output in the following order: an alphabetical ordering of AVAs containing standard keywords, followed by a numeric ordering of AVAs containing OID keywords.
The only characters in attribute values that are escaped are those which section 2.4 of RFC 2253 states must be escaped (they are escaped using a preceding backslash character)
The entire name is converted to upper case using String.toUpperCase(Locale.US)
The entire name is converted to lower case using String.toLowerCase(Locale.US)
The name is finally normalized using normalization form KD, as described in the Unicode Standard and UAX #15

Additional standard formats may be introduced in the future.

Parameters

format:String: the format to use

Returns:String

a string representation of this X500Principal using the specified format

Exceptions

IllegalArgumentException:: if the specified format is invalid or null

getName back to summary

getName	back to summary
public String getName(String format, Map<String, String> oidMap) Returns a string representation of the X.500 distinguished name using the specified format. Valid values for the format are "RFC1779" and "RFC2253" (case-insensitive). "CANONICAL" is not permitted and an `IllegalArgumentException` will be thrown. This method returns Strings in the format as specified in `getName(String)` and also emits additional attribute type keywords for OIDs that have entries in the `oidMap` parameter. OID entries in the oidMap take precedence over the default OIDs recognized by `getName(String)`. Improperly specified OIDs are ignored; however if an OID in the name maps to an improperly specified keyword, an `IllegalArgumentException` is thrown. Additional standard formats may be introduced in the future. Warning additional attribute type keywords may not be recognized by other implementations; therefore do not use this method if you are unsure if these keywords will be recognized by other implementations. Parameters format:String the format to use oidMap:Map<String, String> an OID map, where each key is an object identifier in String form (a sequence of nonnegative integers separated by periods) that maps to a corresponding attribute type keyword String. The map may be empty but never `null`. Returns:String a string representation of this `X500Principal` using the specified format Exceptions IllegalArgumentException: if the specified format is invalid, null, or an OID in the name maps to an improperly specified keyword NullPointerException: if `oidMap` is `null` Since 1.6

public String getName(String format, Map<String, String> oidMap)

Returns a string representation of the X.500 distinguished name using the specified format. Valid values for the format are "RFC1779" and "RFC2253" (case-insensitive). "CANONICAL" is not permitted and an IllegalArgumentException will be thrown.

This method returns Strings in the format as specified in getName(String) and also emits additional attribute type keywords for OIDs that have entries in the oidMap parameter. OID entries in the oidMap take precedence over the default OIDs recognized by getName(String). Improperly specified OIDs are ignored; however if an OID in the name maps to an improperly specified keyword, an IllegalArgumentException is thrown.

Additional standard formats may be introduced in the future.

Warning

additional attribute type keywords may not be recognized by other implementations; therefore do not use this method if you are unsure if these keywords will be recognized by other implementations.

Parameters

format:String: the format to use
oidMap:Map<String, String>: an OID map, where each key is an object identifier in String form (a sequence of nonnegative integers separated by periods) that maps to a corresponding attribute type keyword String. The map may be empty but never null.

Returns:String

a string representation of this X500Principal using the specified format

Exceptions

IllegalArgumentException:: if the specified format is invalid, null, or an OID in the name maps to an improperly specified keyword
NullPointerException:: if oidMap is null

Since

1.6

hashCode back to summary

hashCode	back to summary
public int hashCode() Overrides java.lang.Object.hashCode. Implements java.security.Principal.hashCode. Returns a hash code for this `X500Principal`. The hash code is calculated via: `getName(X500Principal.CANONICAL).hashCode()` Returns:int a hash code for this `X500Principal` Annotations @Override

public int hashCode()

Overrides java.lang.Object.hashCode.

Implements java.security.Principal.hashCode.

Returns a hash code for this X500Principal.

The hash code is calculated via: getName(X500Principal.CANONICAL).hashCode()

Returns:int

a hash code for this X500Principal

Annotations

@Override

readObject back to summary

readObject	back to summary
private void readObject(ObjectInputStream s) throws IOException, NotActiveException, ClassNotFoundException Reads this object from a stream (i.e., deserializes it). Parameters s:ObjectInputStream the `ObjectInputStream` from which data is read Annotations @Serial Exceptions IOException: if an I/O error occurs NotActiveException: if serialization is not active ClassNotFoundException: if a serialized class cannot be loaded

private void readObject(ObjectInputStream s) throws IOException, NotActiveException, ClassNotFoundException

Reads this object from a stream (i.e., deserializes it).

Parameters

s:ObjectInputStream: the ObjectInputStream from which data is read

Annotations

@Serial

Exceptions

IOException:: if an I/O error occurs
NotActiveException:: if serialization is not active
ClassNotFoundException:: if a serialized class cannot be loaded

toString back to summary

toString	back to summary
public String toString() Overrides java.lang.Object.toString. Implements java.security.Principal.toString. Return a user-friendly string representation of this `X500Principal`. Returns:String a string representation of this `X500Principal`

public String toString()

Overrides java.lang.Object.toString.

Implements java.security.Principal.toString.

Return a user-friendly string representation of this X500Principal.

Returns:String: a string representation of this X500Principal

writeObject back to summary

writeObject	back to summary
private void writeObject(ObjectOutputStream s) throws IOException Save the X500Principal object to a stream. Parameters s:ObjectOutputStream the `ObjectOutputStream` to which data is written Annotations @Serial Exceptions IOException: if an I/O error occurs Serial data this `X500Principal` is serialized by writing out its DER-encoded form (the value of `getEncoded` is serialized).

private void writeObject(ObjectOutputStream s) throws IOException

Save the X500Principal object to a stream.

Parameters

s:ObjectOutputStream: the ObjectOutputStream to which data is written

Annotations

@Serial

Exceptions

IOException:: if an I/O error occurs

Serial data

this X500Principal is serialized by writing out its DER-encoded form (the value of getEncoded is serialized).

public final Class X500Principal

Field Summary

Constructor Summary

Method Summary

Field Detail

Constructor Detail

Method Detail