Examples of sun.security.x509.X500Name

• sun.security.x509.X500Name
  Note: As of 1.4, the public class, javax.security.auth.x500.X500Principal, should be used when parsing, generating, and comparing X.500 DNs. This class contains other useful methods for checking name constraints and retrieving DNs by keyword.

  X.500 names are used to identify entities, such as those which are identified by X.509 certificates. They are world-wide, hierarchical, and descriptive. Entities can be identified by attributes, and in some systems can be searched for according to those attributes.

  The ASN.1 for this is:

   GeneralName ::= CHOICE { .... directoryName                   [4]     Name, .... Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type     AttributeType, value    AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType .... DirectoryString ::= CHOICE { teletexString           TeletexString (SIZE (1..MAX)), printableString         PrintableString (SIZE (1..MAX)), universalString         UniversalString (SIZE (1..MAX)), utf8String              UTF8String (SIZE (1.. MAX)), bmpString               BMPString (SIZE (1..MAX)) } 

  This specification requires only a subset of the name comparison functionality specified in the X.500 series of specifications. The requirements for conforming implementations are as follows:

  1. attribute values encoded in different types (e.g., PrintableString and BMPString) may be assumed to represent different strings;

  2. attribute values in types other than PrintableString are case sensitive (this permits matching of attribute values as binary objects);

  3. attribute values in PrintableString are not case sensitive (e.g., "Marianne Swanson" is the same as "MARIANNE SWANSON"); and

  4. attribute values in PrintableString are compared after removing leading and trailing white space and converting internal substrings of one or more consecutive white space characters to a single space.

  These name comparison rules permit a certificate user to validate certificates issued using languages or encodings unfamiliar to the certificate user.

  In addition, implementations of this specification MAY use these comparison rules to process unfamiliar attribute types for name chaining. This allows implementations to process certificates with unfamiliar attributes in the issuer name.

  Note that the comparison rules defined in the X.500 series of specifications indicate that the character sets used to encode data in distinguished names are irrelevant. The characters themselves are compared without regard to encoding. Implementations of the profile are permitted to use the comparison algorithm defined in the X.500 series. Such an implementation will recognize a superset of name matches recognized by the algorithm specified above.

  Note that instances of this class are immutable. @author David Brownell @author Amit Kapoor @author Hemma Prafullchandra @see GeneralName @see GeneralNames @see GeneralNameInterface

        boolean success = false;
        try {
            if (certs != null) {
                Subject subject = new Subject();
                X509Certificate certificate = certs[0];
                X500Name x500Name = (X500Name) certificate.getSubjectDN();
                subject.getPublicCredentials().add(x500Name);
                // Put the certificate chain as an List in the subject, to be accessed by user's LoginModule.
                final List<X509Certificate> certificateCred = Arrays.asList(certs);
                subject.getPublicCredentials().add(certificateCred);
                LoginContextDriver.doX500Login(subject, moduleID);

        boolean success = false;
        try {
            if (certs != null) {
                Subject subject = new Subject();
                X509Certificate certificate = certs[0];
                X500Name x500Name = (X500Name) certificate.getSubjectDN();
                subject.getPublicCredentials().add(x500Name);
                // Put the certificate chain as an List in the subject, to be accessed by user's LoginModule.
                final List<X509Certificate> certificateCred = Arrays.asList(certs);
                subject.getPublicCredentials().add(certificateCred);
                LoginContextDriver.doX500Login(subject, moduleID);

    /** Write a .RSA file with a digital signature. */
    private static void writeSignatureBlock(
            Signature signature, X509Certificate publicKey, OutputStream out)
            throws IOException, GeneralSecurityException {
        SignerInfo signerInfo = new SignerInfo(
                new X500Name(publicKey.getIssuerX500Principal().getName()),
                publicKey.getSerialNumber(),
                AlgorithmId.get("SHA1"),
                AlgorithmId.get("RSA"),
                signature.sign());

        final Subject fs = subject;

        String userName = "";
        try {
            final X500Name x500Name = new X500Name(
                x500Principal.getName(X500Principal.RFC1779));
            userName = x500Name.toString();

            AppservAccessController.doPrivileged(new PrivilegedAction(){
                public java.lang.Object run(){
                    fs.getPublicCredentials().add(x500Name);
                    return fs;

            _logger.fine("Processing X.500 name login.");
       }
       String user = null;
       String realm_name = null;
       try{
            X500Name x500name = (X500Name)getPublicCredentials(s, X500Name.class);
            user = x500name.getName();

            // In the RI-inherited implementation this directly creates
            // some credentials and sets the security context. This means
            // that the certificate realm does not get an opportunity to
            // process the request. While the realm will not do any

    * @throws IOException
    */
   public static X500Name createX500Name(
           String common, String orgUnit, String org, String country)
              throws IOException {
      return new X500Name(common, orgUnit, org, country);
   }

    * @throws IOException
    */
   public static X500Name createX500Name(
           String common, String orgUnit, String org, String locality, String state, String country)
              throws IOException {
      return new X500Name(common, orgUnit, org, locality, state, country);
   }

        Any  any = orb.create_any();
        idtok = new IdentityToken();

        if (X500Name.class.isAssignableFrom(cls)) {
                _logger.log(Level.FINE,"Constructing an X500 DN Identity Token");
            X500Name credname = (X500Name) cred;
            credname.encode(dos);  // ASN.1 encoding
            X501DistinguishedNameHelper.insert(any, dos.toByteArray());

            /* IdentityToken with CDR encoded X501 name */
            idtok.dn(codec.encode_value(any));
        } else if (X509CertificateCredential.class.isAssignableFrom(cls)) {

                return null;
            }  else {
                // Set the transport principal in subject and
                // return the X500Name class
                ssc = new SecurityContext();
                X500Name x500Name = (X500Name) certChain[0].getSubjectDN();
                ssc.subject = new Subject();
                ssc.subject.getPublicCredentials().add(x500Name);
                ssc.identcls = X500Name.class;
                ssc.authcls = null;
                return ssc;

        DirContext ctx = null;
        String srcFilter = null;
        try {
            ctx = new InitialDirContext(getLdapBindProps());

            X500Name name = new X500Name(userDN);
            String _username = name.getCommonName();
            if (_username == null && userDN != null && userDN.startsWith("uid")) {
                //handle uid=XXX here where cn is not present
                //TODO :maybe there is a better way to handle this??
                int first = userDN.indexOf("uid=");
                int last = userDN.indexOf(",");