iaik.x509.attr

Class Target

java.lang.Object

iaik.x509.attr.Target

All Implemented Interfaces:

ASN1Type

Direct Known Subclasses:

TargetCert, TargetGroup, TargetName

public abstract class Target
extends java.lang.Object
implements ASN1Type

This class implements the Target type specified by the X.509 Attribute Certificate profile (RFC 5755) to be used within TargetInformation or ProxyInfo attribute certificate extensions.

A Target, when included in a TargetInformation extension, specifies some server/service for which the attribute certificate that contains the TargetInformation can be used. The AC verifier that validates an attribute certificate on behalf of some specific server must check if the AC contains a TargetInformation extension. If yes, it only shall accept the AC if the current server/service is targeted by any of the Target elements that are included in the TargetInformation extension.
A Target, when included in a ProxyInfo extension, specifies some server/service which represents a valid sender (proxy) or recipient of the attribute certificate that contains the ProxyInfo extension.
Both, TargetInformation and ProxyInfo extensions are defined as an ASN.1 SEQUENCE OF Targets, where each Targets object itself can hold any number of Target elements:

 TargetInformation ::= SEQUENCE OF Targets
 
 ProxyInfo ::= SEQUENCE OF Targets
 
 Targets ::= SEQUENCE OF Target
 

A Target element can be a TargetName, TargetGroup or TargetCert:

   Target ::= CHOICE {
     targetName          [0] GeneralName
     targetGroup         [1] GeneralName
     targetCert          [2] TargetCert
 }
 

The targeting check is controlled by the TargetChecker. The default implementation performs the following checks (in this order):

1. If the server is given as Target object and is equal to this Target object, the check returns true.
2. If this Target object represents a TargetName or TargetGroup and the server is given as GeneralName, the check returns true if the GeneralName of this Target is equal to the server GeneralName.
3. If 1. and 2. have returned false and this Target is a TargetGroup containing a GeneralName of type dNSName the server maybe given as TargetGroup or GeneralName. In this case the server GeneralName is checked of being of type dNSName, uniformResourceIdentifier or rfc822Name. If the server GeneralName is of any of these three types the check returns true if the server name is in the domain specified by the dNSName of the TargetGroup (i.e. it is checked if the server name ends with the dNSName specified by the TargetGroup). If, for instance, the TargetGroup specifies a dNSName like "iaik.at" and the server name is "http://jce.iaik.at" the server is accepted as being a member of the TargetGroup.
4. The check returns false, if any of the steps above has not come to a positive result.

As seen from above the server can be given as Target object or -- if this Target represents a TargetName or TargetGroup -- as GeneralName. In any other case -- if the supplied server object is not given as Target or GeneralName -- a TargetException is thrown indicating that the server object cannot be handled by the TargetChecker. An application may plug-in its own TargetChecker implementation for enforcing a more sophisticated target checking policy which may be tailored to application specific requirements that cannot be considered by a general default implementation.

Version:

File Revision 12

See Also:

GeneralName, V3Extension, AttributeCertificate, Targets, TargetName, TargetGroup, TargetCert, TargetInformation, ProxyInfo

Field Summary

Fields

Modifier and Type	Field and Description
static int	TARGET_CERT Target type targetCert (2).
static int	TARGET_GROUP Target type targetGroup (1).
static int	TARGET_NAME Target type targetName (0).

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Target() Empty default cosntructor.
protected	Target(ASN1Object asn1Obj) Decodes/parses a Target object from its ASN.1 representation.

Method Summary

Methods

Modifier and Type	Method and Description
void	decode(ASN1Object obj) Decodes a Target from its ASN.1 representation.
abstract void	decodeUnTaggedASN1Object(ASN1Object obj) Decodes (parses) the untagged ASN.1 representation of this Target object.
abstract boolean	equals(java.lang.Object obj) Compares this Target with the specified object.
abstract int	getType() Returns the type this Target represents -- either TARGET_NAME (0) or TARGET_GROUP (1) or TARGET_CERT (2).
protected abstract java.lang.String	getTypeAsString() Returns the type (as String) this target represents -- either "TargetName" or "TargetGroup" or "TargetCert".
int	hashCode() Returns a hashcode for this Target.
boolean	isTargetFor(java.lang.Object server) Checks if the given server/service is a valid target for the attribute certificate containing an extension with this Target.
static Target	parseTarget(ASN1Object asn1Obj) Parses the given Target from its ASN.1 representation.
static void	setTargetChecker(TargetChecker targetChecker) Sets the TargetChecker to be used for checking if an AttributeCertificate that contains a TargetInformation or ProxyInfo extension is allowed to be used by some particular server/service.
ASN1Object	toASN1Object() Retruns this Target as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this Target object.
abstract ASN1Object	toUnTaggedASN1Object() Gets the untagged ASN.1 representation of this Target object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

TARGET_NAME

public static final int TARGET_NAME

Target type targetName (0). This Target type identifies the targeted server/service by its name.

See Also:

Constant Field Values

TARGET_GROUP

public static final int TARGET_GROUP

Target type targetGroup (1). This Target type identifies the targeted server/service by membership to some particular target group (a TargetGroup, e.g., may specify a DNS domain and the AC verifier knows the DNS domain to which it belongs; or the TargetGroup specifies "PRINTERS," and the AC verifier knows if it is a printer or print server or not (see RFC 5755)).

See Also:

Constant Field Values

TARGET_CERT

public static final int TARGET_CERT

Target type targetCert (2). This Target type is only included for completeness. It MUST NOT be used by applications conforming to the Attribute Certificate Profile presented in RFC 5755.

See Also:

Constant Field Values

Constructor Detail

Target

protected Target()

Empty default cosntructor.

Target

protected Target(ASN1Object asn1Obj)
          throws CodingException

Decodes/parses a Target object from its ASN.1 representation.

Parameters:

asn1Obj - the ASN.1 representation of the Target object to be decoded/parsed

Throws:

CodingException - if a decoding/parsing error occurs

Method Detail

setTargetChecker

public static void setTargetChecker(TargetChecker targetChecker)

Sets the TargetChecker to be used for checking if an AttributeCertificate that contains a TargetInformation or ProxyInfo extension is allowed to be used by some particular server/service.
By default the TargetChecker performs an equality check; i.e. if the sender/server is given as Target object, it is checked of being equal to the Target element contained in the attribute certificate. For Target elements of type TargetName or TargetGroup the server object alternatively can be given as GeneralName object. An application may use this method to pug-in its own TargetChecker implementation for enforcing a more sophisticated target checking policy which may be tailored to application specific requirements that cannot be considered by a general default implementation:

 public class MyTargetChecker implements TargetChecker {
 
    public MyTargetChecker() {
    }
    ...
    
    public boolean isTargetFor(Target target, Object server) throws TargetException {
      ...
    }
   
    ...
 } 
 
 
 MyTargetChecker myTargetChecker = new MyTargetChecker();
 Target.setTargetChecker(myTargetChecker);
 
 

Parameters:

targetChecker - the TargetChecker to be used

parseTarget

public static Target parseTarget(ASN1Object asn1Obj)
                          throws CodingException

Parses the given Target from its ASN.1 representation.

Parameters:

asn1Obj - the Target to be parsed, as ASN.1 object

Returns:

the parsed Target object, either a TargetName, TargetGroup or TargetCert object

Throws:

CodingException - if an error occurs when parsing the Target (e.g. the parsed Target type is invalid)

getType

public abstract int getType()

Returns the type this Target represents -- either TARGET_NAME (0) or TARGET_GROUP (1) or TARGET_CERT (2).

Returns:

the Target type -- either TARGET_NAME (0) or TARGET_GROUP (1) or TARGET_CERT (2)

getTypeAsString

protected abstract java.lang.String getTypeAsString()

Returns the type (as String) this target represents -- either "TargetName" or "TargetGroup" or "TargetCert".

Returns:

the Target type as String

equals

public abstract boolean equals(java.lang.Object obj)

Compares this Target with the specified object.

Overrides:

equals in class java.lang.Object

Parameters:

obj - the object to which to compare this Target

Returns:

true, if the given object is equal to this Target false otherwise

hashCode

public int hashCode()

Returns a hashcode for this Target.

Overrides:

hashCode in class java.lang.Object

Returns:

a hashcode for this Target

isTargetFor

public boolean isTargetFor(java.lang.Object server)
                    throws TargetException

Checks if the given server/service is a valid target for the attribute certificate containing an extension with this Target. Target checking may depend on application-specific requirements which cannot be known by this general default implementation. The default implementation of this method performs the following checks (in this order):

1. If the server is given as Target object and is equal to this Target object, the check returns true..
2. If this Target object represents a TargetName or TargetGroup and the server is given as GeneralName, the check returns true if the GeneralName of this Target is equal to the server GeneralName.
3. If 1. and 2. have returned false and this Target is a TargetGroup containing a GeneralName of type dNSName the server maybe given as TargetGroup or GeneralName. In this case the server GeneralName is checked of being of type dNSName, uniformResourceIdentifier or rfc822Name. If the server GeneralName is of any of these three types the check returns true if the server name is in the domain specified by the dNSName of the TargetGroup (i.e. it is checked if the server name ends with the dNSName specified by the TargetGroup). If, for instance, the TargetGroup specifies a dNSName like "iaik.at" and the server name is "http://jce.iaik.at" the server is accepted as being a member of the TargetGroup.
4. This method returns false, if any of the checks above has not come to a positive result.

As seen from above the server can be given as Target object or -- if this Target represents a TargetName or TargetGroup -- as GeneralName. In any other case -- if the supplied server object is not given as Target or GeneralName -- a TargetException is thrown indicating that the server object cannot be handled by this method. An application may plug-in its own TargetChecker implementation for enforcing a more sophisticated target checking policy which may be tailored to application specific requirements that cannot be considered by a general default implementation.

Parameters:

server - the server/service to be checked for being a target of the AC

Returns:

true if the given server/service matches to this Target, false if it does not match to it

Throws:

TargetException - if a Target implementation is not be able to determine whether a given server/service matches to this Target. For instance, checking if a server/service belongs to some specific TargetGroup cannot be done in a general way because membership of a target to a TargetGroup only may be handled in application specfic manner, e.g. (see RFC 5755): a TargetGroup may specify "PRINTERS," and the AC verifier knows if it is a printer or print server or not). In such cases the isTargetFor check must be done in a different, application specific way.

See Also:

GeneralName, TargetChecker, TargetName, TargetCert, TargetGroup

decodeUnTaggedASN1Object

public abstract void decodeUnTaggedASN1Object(ASN1Object obj)
                                       throws CodingException

Decodes (parses) the untagged ASN.1 representation of this Target object.

A Target is defined as ASN.1 CHOICE of targetName, targetGroup or targetCert, which are context specific tagged with tag number 0, 1, 2, respectively (see RFC 5755):

 Target ::= CHOICE {
   targetName         [0] GeneralName,
   targetGroup        [1] GeneralName,
   targetCert         [2] TargetCert
 }
 

This method decodes/parses the untagged ASN.1 representation of the particular Target type (e.g. an ASN.1 GeneralName for the targetName choice). For decoding the tagged ASN.1 representation (e.g. a CHOICE with tag number [0], method decode is used.

Parameters:

obj - the untagged ASN.1 Target to be decoded/parsed

Throws:

CodingException - if a decoding/parsing error occurs

toUnTaggedASN1Object

public abstract ASN1Object toUnTaggedASN1Object()
                                         throws CodingException

Gets the untagged ASN.1 representation of this Target object.
A Target is defined as ASN.1 CHOICE of targetName, targetGroup or targetCert, which are context specific tagged with tag number 0, 1, 2, respectively (see RFC 5755):

 Target ::= CHOICE {
   targetName         [0] GeneralName,
   targetGroup        [1] GeneralName,
   targetCert         [2] TargetCert
 }
 

This method returns the untagged ASN.1 representation of the particular Target type (e.g. an ASN.1 GeneralName for the targetName choice). The tagged ASN.1 representation (e.g. a CHOICE with tag number [0], is returned by method toASN1Object.

Returns:

the untagged ASN.1 representation of this Target object

Throws:

CodingException - if an error occurs when creating the ASN.1 object

decode

public void decode(ASN1Object obj)
            throws CodingException

Decodes a Target from its ASN.1 representation.

Specified by:

decode in interface ASN1Type

Parameters:

obj - the Target as ASN1Object

Throws:

CodingException - if an error occurs when parsing the ASN.1 Target, e.g. the Target type is invalid

toASN1Object

public ASN1Object toASN1Object()
                        throws CodingException

Retruns this Target as ASN1Object. According to RFC 5755 where Target is defined as ASN.1 CHOICE of TargetName, TargetGroup or TargetCert, this method returns an (implicitly tagged) CON_SPEC which holds a TargetName, TargetGroup or TargetCert, depending on which option has been used for this Target object:

 Target ::= CHOICE {
   targetName         [0] GeneralName,
   targetGroup        [1] GeneralName,
   targetCert         [2] TargetCert
 }
 

Specified by:

toASN1Object in interface ASN1Type

Returns:

the created ASN1Object (CON_SPEC)

Throws:

CodingException - if an de/encoding error occurs

toString

public java.lang.String toString()

Returns a string giving some information about this Target object.

Overrides:

toString in class java.lang.Object

Returns:

the string representation