iaik.x509.attr

Class TargetGroup

java.lang.Object

iaik.x509.attr.Target

iaik.x509.attr.TargetGroup

All Implemented Interfaces:

ASN1Type

public class TargetGroup
extends Target

This class implements the TargetGroup type specified by the X.509 Attribute Certificate profile (RFC 5755) to be used within TargetInformation or ProxyInfo attribute certificate extensions.

A TargetGroup, when included in a TargetInformation extension, may specify a group of which some server/service may be a member so that the attribute certificate that contains the TargetInformation can be used by this server/service.
A TargetGroup, when included in a ProxyInfo extension, may specify a group of which some server/service may be a member so that this server/sender represents a valid sender (proxy) or recipient of the attribute certificate that contains the ProxyInfo extension.
Both, TargetInformation and ProxyInfo extensions are defined as an ASN.1 SEQUENCE OF Targets, where each Targets object itself can hold any number of Target elements:

 TargetInformation ::= SEQUENCE OF Targets
 
 ProxyInfo ::= SEQUENCE OF Targets
 
 Targets ::= SEQUENCE OF Target
 

A Target element can be a TargetName, TargetGroup or TargetCert:

   Target ::= CHOICE {
     targetName          [0] GeneralName
     targetGroup         [1] GeneralName
     targetCert          [2] TargetCert
   }
 

As seen from above a TargetGroup is specified as GeneralName. Thus a GeneralName object has to be specified when creating a TargetGroup for defining a group of which some specific server/service may be a member so that it can be accepted as valid target for an attribute certificate, e.g.:

 GeneralName name = new GeneralName(GeneralName.dNSName, "iaik.at");
 TargetGroup targetGroup = new TargetGroup(name);
 

After having created a TargetGroup element it typically may be added to a Targets object to then be included into a TargetInformation or ProxyInfo extension, e.g.:

 Targets targets = new Targets();
 targets.addTarget(targetGroup);
 ProxyInfo proxyInfo = new ProxyInfo();
 proxyInfo.addTargets(targets);
 

For a TargetInformation (which shall contain one single Targets object only) it is also possible to immediately add the TargetGroup element:

 TargetInformation targetInformation = new TargetInformation();
 targetInformation.addTargetElement(targetGroup);
 

An AC verifier, when receiving an attribute certificate that contains a TargetInformation or ProxyInfo extension, may query for the included Target elements, e.g.:

 ...
 TargetInformation targetInformation = (TargetInformation)attributeCertificate.getExtension(TargetInformation.oid);
 if (targetInformation != null) {
   Target[] targetElements = targetInformation.getTargetElements();
   for (int i = 0; i < targetElements; i++) {
     if (targetElements[i].getType() == Target.TARGET_NAME) {
       TargetGroup targetGroup = (TargetGroup)targetElements[i];
       ...
     }
   }
 }
 

However, typically the AC verifier only will call the TargetInformation isTargetFor or ProxyInfo checkProxy methods to check if the received attribute certificate can be accepted by the current server, e.g.:

 GeneralName serverName = new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at");
 if (targetInformation.isTargetFor(serverName) {
   // ok; accept ac
 } else {
   // reject ac
 }
 

When calling TargetInformation.isTargetFor or ProxyInfo.checkProxy the targeting check is controlled by the TargetChecker. When checking a server if it is referenced by a TargetGroup contained in an attribute certificate, the default TargetChecker implementation requires that the server object is given as TargetGroup or GeneralName. If the server is given as TargetGroup it is checked if it is equal to the AC TargetGroup. If the server is given as GeneralName it is checked if it is equal to the GeneralName of the AC TargetGroup. If the equality check fails and the AC TargetGroup contains a GeneralName of type dNSName, the server GeneralName maybe of type dNSName, uniformResourceIdentifier or rfc822Name. If the server GeneralName is of any of these three types the default TargetChecker looks if the server name is in the domain specified by the dNSName of the AC TargetGroup (i.e. it is checked if the server name ends with the dNSName specified by the TargetGroup). For instance, in the example above the server name ("http://jce.iaik.at") is accepted because it is in the "iaik.at" domain.
In any other case -- if the server object is not given as TargetGroup or GeneralName -- a TargetException is thrown indicating that the server object cannot be handled by the TargetChecker. An application may plug-in its own TargetChecker implementation for enforcing a more sophisticated target checking policy which may be tailored to application specific requirements that cannot be considered by a general default implementation.

See Also:

GeneralName, V3Extension, AttributeCertificate, Target, Targets, TargetName, TargetCert, TargetInformation, ProxyInfo

Field Summary

Fields inherited from class iaik.x509.attr.Target

TARGET_CERT, TARGET_GROUP, TARGET_NAME

Constructor Summary

Constructors

Constructor and Description
TargetGroup(ASN1Object asn1Obj) Creates a TargetGroup form its ASN.1 representation.
TargetGroup(GeneralName group) Creates a new TargetGroup with the given value.

Method Summary

Methods

Modifier and Type	Method and Description
void	decodeUnTaggedASN1Object(ASN1Object obj) Decodes (parses) the untagged ASN.1 representation of this TargetGroup object.
boolean	equals(java.lang.Object obj) Compares this TargetGroup with the specified object.
GeneralName	getGroup() Gets the value (group) of this TargetGroup object.
int	getType() Returns the type this Target represents.
protected java.lang.String	getTypeAsString() Gets the type (as String "TargetGroup") this target represents.
int	hashCode() Returns a hashcode for this TargetGroup
java.lang.String	toString() Gets a string giving some information about this TargetGroup object.
ASN1Object	toUnTaggedASN1Object() Gets the untagged ASN.1 representation of this TargetGroup object.

Methods inherited from class iaik.x509.attr.Target

decode, isTargetFor, parseTarget, setTargetChecker, toASN1Object

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

TargetGroup

public TargetGroup(GeneralName group)

Creates a new TargetGroup with the given value.

Parameters:

group - the value (group) of the TargetGroup

TargetGroup

public TargetGroup(ASN1Object asn1Obj)
            throws CodingException

Creates a TargetGroup form its ASN.1 representation. The ASN1Object supplied to this constructor must represent an already (context specific [1]) tagged GeneralName CHOICE:

   Target ::= CHOICE {
     targetName          [0] GeneralName
     targetGroup         [1] GeneralName
     targetCert          [2] TargetCert
 }
 

Parameters:

asn1Obj - the TargetGroup as ASN1Object (context specific tagged CHOICE with tag number 1)

Throws:

CodingException - if an error occurs when parsing the ASN1Object

Method Detail

getType

public int getType()

Returns the type this Target represents.

Specified by:

getType in class Target

Returns:

the Target type (1 -- TARGET_GROUP)

getTypeAsString

protected java.lang.String getTypeAsString()

Gets the type (as String "TargetGroup") this target represents.

Specified by:

getTypeAsString in class Target

Returns:

"TargetGroup"

getGroup

public GeneralName getGroup()

Gets the value (group) of this TargetGroup object.

Returns:

the TargetGroup value

equals

public boolean equals(java.lang.Object obj)

Compares this TargetGroup with the specified object.

Specified by:

equals in class Target

Parameters:

obj - the object to which to compare this TargetGroup

Returns:

true, if the given object is equal to this TargetGroup; false otherwise

hashCode

public int hashCode()

Returns a hashcode for this TargetGroup

Overrides:

hashCode in class Target

Returns:

a hashcode for this TargetGroup

decodeUnTaggedASN1Object

public void decodeUnTaggedASN1Object(ASN1Object obj)
                              throws CodingException

Decodes (parses) the untagged ASN.1 representation of this TargetGroup object.

A Target is defined as ASN.1 CHOICE of targetName, targetGroup or targetCert, which are context specific tagged with tag number 0, 1, 2, respectively (see RFC 5755):

 Target ::= CHOICE {
   targetName         [0] GeneralName,
   targetGroup        [1] GeneralName,
   targetCert         [2] TargetCert
 }
 

This method decodes/parses the untagged ASN.1 representation of an ASN.1 TargetGroup; thus the given ASN1Object must represent an ASN.1 GeneralName. For decoding the tagged ASN.1 representation (a CHOICE with tag number [1]), method decode is used.

Specified by:

decodeUnTaggedASN1Object in class Target

Parameters:

obj - the untagged ASN.1 TargetGroup to be decoded/parsed

Throws:

CodingException - if a decoding/parsing error occurs

toUnTaggedASN1Object

public ASN1Object toUnTaggedASN1Object()
                                throws CodingException

Gets the untagged ASN.1 representation of this TargetGroup object.
A Target is defined as ASN.1 CHOICE of targetName, targetGroup or targetCert, which are context specific tagged with tag number 0, 1, 2, respectively (see RFC 5755):

 Target ::= CHOICE {
   targetName         [0] GeneralName,
   targetGroup        [1] GeneralName,
   targetCert         [2] TargetCert
 }
 

This method returns the untagged ASN.1 representation of this TargetGroup (i.e. an ASN.1 GeneralName representing the value of this TargetGroup). The tagged ASN.1 representation (i.e. a CHOICE with tag number [1], is returned by method toASN1Object.

Specified by:

toUnTaggedASN1Object in class Target

Returns:

the untagged ASN.1 representation of this TargetGroup object

Throws:

CodingException - if an error occurs when creating the ASN.1 object

toString

public java.lang.String toString()

Gets a string giving some information about this TargetGroup object.

Overrides:

toString in class Target

Returns:

the string representation