public class ProxyInfo extends V3Extension
ProxyInfo attribute certificate extension.
 
 When included in an attribute certificate, the ProxyInfo extension MUST 
 be marked as being critical.
 
 Each extension is associated with a specific certificateExtension
 object identifier. The OID for the ProxyInfo
 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
              dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
 id-pe   OBJECT IDENTIFIER ::= { id-pkix 1 }
 
 id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 }
 which corresponds to the OID string "1.3.6.1.5.5.7.1.10".
 The X.509 Attribute Certificate profile presented in
 RFC 5755 specifies the ProxyInfo
 extension to be used for proxying an attribute certificate from one server to
 another. Chains of proxies (where a number of servers is involved) are possible.
 
 The ProxyInfo extension is defined as an ASN.1 SEQUENCE of Targets objects. Each Targets object can hold any
 number of Target elements of type TargetName, TargetGroup
 or TargetCert, however, the TargetCert
 choice must not be used (see RFC 5755):
 
 ProxyInfo ::= SEQUENCE OF Targets
 
 Targets ::= SEQUENCE OF Target
 Target  ::= CHOICE {
   targetName          [0] GeneralName,
   targetGroup         [1] GeneralName,
   targetCert          [2] TargetCert
 }
 TargetCert  ::= SEQUENCE {
   targetCertificate    IssuerSerial,
   targetName           GeneralName OPTIONAL,
   certDigestInfo       ObjectDigestInfo OPTIONAL
 }
 
 
 When receiving an attribute certificate where the ProxyInfo extension is 
 included, the AC verifier has to check if the sender -- which may be the  
 AC holder or an intermediate server (proxy) -- was entitled to send the
 attribute certificate, and if the attribute certificate can be accepted
 by the AC verifier. This proxy check
 is successful if either the sender of the AC is the holder itself (in 
 which case the current server must "match" the target 
 condition of any of the included ProxySets (i.e. Targets objects), or if the sender of
 the AC and the current server are referred by the same ProxySet (i.e.
 sender and current server "match" the target condition of the same
 Targets object). "Matching" to a Targets object means that
 the sender/server must be one of the targetName elements of the 
 Targets object, or that it must be a member of one of the targetGroup
 elements of the Targets object. How group membership may be verified, 
 may depend on application specific settings. For instance, if a 
 targetGroup specifies a DNS domain the AC verifier will have to
 know the DNS domain to which it belongs. Or, for instance, if a 
 targetGroup specified "PRINTERS" the AC verifier must know if it is
 a, e.g., printer or print server (see RFC 5755).
 
 If the attribute certificate has been proxied several times, the AC
 verifier must check that all targets
 on the path belong to the same proxySet (Targets object).
 
 After having created a ProxyInfo extension
 object and having added any Targets objects as required, the ProxyInfo
 object has to be set
 as an extension for the AttributeCertificate
 object in mind, e.g.:
 
 // create ProxyInfo
 ProxyInfo proxyInfo = new ProxyInfo();
 // add two Targets
 TargetName targetName1 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.tugraz.at"));
 TargetName targetName2 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at"));
 // first Targets (ProxySet)
 Targets targets1 = new Targets();
 targets1.setTargets(new Target[] { targetName1, targetName2 });
 proxyInfo.addTargets(targets1);
 TargetName targetName3 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.iaik.at"));
 TargetName targetName4 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.tugraz.at"));
 // second Targets (ProxySet)
 Targets targets2 = new Targets();
 targets2.addTarget(targetName3);
 targets2.addTarget(targetName4);
 proxyInfo.addTargets(targets2);
 ...
 // add any further Targets objects if required
 ...
 // create attribute certificate
 AttributeCertificate ac = new AttributeCertificate();
 ...
 // set holder
 X509Certificate baseCert = ...;
 Holder holder = new Holder();
 holder.setBaseCertificateID(baseCert);
 ac.setHolder(holder);
 ...
 // set issuer, validity,...
 ...
 // add ProxyInfo extension
 ac.addExtension(proxyInfo);
 // sign and encode certificate
 ac.sign(...);
 byte[] encodedAc = ac.getEncoded();
 
 On the receiving end use method getExtension
 of the AttributeCertificate to get a ProxyInfo
 extension -- if included -- from an Attribute Certificate:
 
// the AttributeCertificate: AttributeCertificate ac = new AttributeCertificate(encodedAc); ... // verify signature, check validity,... ... // query for ProxyInfo extension: ProxyInfo proxyInfo = (ProxyInfo)ac.getExtension(ProxyInfo.oid);Now you can use method
checkProxy to check
 if you can accept the attribute certificate. When calling method checkProxy
 you have to specify the sender (from which you have received the attribute certificate)
 and the current server identity (to see if it matches the target condition).
 The targeting check is controlled by the TargetChecker. By default the TargetChecker performs an equality check; i.e.
 if the sender/server is given as Target object, it is checked of being equal to
 any of the included Target elements. For Target elements of type  TargetName or TargetGroup the server object alternatively can be given as GeneralName object. For AC TargetGroup elements
 that contain a GeneralName of type dNSName a server GeneralName
 of type dNSName, uniformResourceIdentifier or
 rfc822Name also maybe checked of being in the domain specified
 by the AC TargetGroup dNSName. However, an application may @link 
 iaik.x509.attr.Target#setTargetChecker plug-in} its own TargetChecker
 implementation for enforcing a more sophisticated target checking policy which
 may be tailored to application specific requirements that cannot be considered
 by a general default implementation.
 checkProxy the sender may
 be specified as Holder object (to be compared to 
 the holder of the attribute certificate), or as Target or 
 GeneralName object (to be searched of matching the target
 condition of any included ProxySets (Targets objects)). The server identity
 has to be specified as Target or GeneralName object
 (as long as the application has not plugged in its own TargetChecker).
 Holder 
 object with the same base certificate and the current server is given as
 GeneralName ("http://jce.iaik.at"), the proxy check will succeed because the
 sender is equal to the holder and the current server is named by the first
 Targets element:
 
 // sender
 X509Certificate baseCert = ...;
 Holder sender = new Holder();
 sender.setBaseCertificateID(baseCert);
 // current server
 GeneralName server = new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at");
 // proxy check is successful:
 if (proxyInfo.checkProxy(sender, server)) {
    // success
 } else {
   // handle error condition
 }
     
 The proxy check will also be successful for server names "http://jce.iaik.tugraz.at",
 "http://www.iaik.at" and "http://www.tugraz.at" (since named in the included Targets), but
 not for any other server name or if the sender is given as Holder that is not equal to the AC
 holder.
 Holder object, but as GeneralName or
 Target, the proxy check will accept any of the names "http://jce.iaik.tugraz.at",
 "http://jce.iaik.at","http://www.iaik.at", "http://www.tugraz.at". However, since in this case
 sender and server must belong to the same ProxySet (Targets object), a sender-server pair like
 ("http://jce.iaik.at", "http://jce.iaik.tugraz.at") will be accepted, but a sender-server pair
 like ("http://jce.iaik.at", "http://www.tugraz.at") will be rejected:
 
 // sender
 GeneralName sender = new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at");
 // current server
 GeneralName server = new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.tugraz.at");
 // proxy check is successful (sender and server in same proxy set):
 if (proxyInfo.checkProxy(sender, server)) {
    // success
 } 
 
 but:
 
 // sender
 GeneralName sender = new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at");
 // current server
 GeneralName server = new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.tugraz.at");
 // proxy check fails (sender and server in different proxy sets):
 if (!proxyInfo.checkProxy(sender, server)) {
    // reject
 } 
 
 A proxy chain (where the attribute certificate has been proxied over a number of servers) may
 be checked by calling method checkProxyChain and specifying
 the proxy chain as array of Target elements. For instance, in
 the example above a proxy chain like "http://jce.iaik.at" - "http://jce.iaik.tugraz.at" will be
 accepted (since belonging to the same ProxySet), but the chain "http://jce.iaik.at" -
 "http://www.tugraz.at" will be rejected:
 
 TargetName proxyTarget1 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at"));
 TargetName proxyTarget2 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.tugraz.at"));
 Target[] proxyChain1 = { proxyTarget1, proxyTarget2 }
 // proxy chain check is successful (all in same proxy set):
 if (proxyInfo.checkProxyChain(proxyChain1)) {
    // success
 } 
 
 but:
 
 TargetName proxyTarget3 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at"));
 TargetName proxyTarget4 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.tugraz.at"));
 Target[] proxyChain2 = { proxyTarget1, proxyTarget2 }
 // proxy chain check fails (different proxy sets):
 if (!proxyInfo.checkProxyChain(proxyChain2)) {
    // reject
 } 
 GeneralName, 
V3Extension, 
AttributeCertificate, 
Target, 
Targets, 
TargetName, 
TargetGroup, 
TargetCert| Modifier and Type | Field and Description | 
|---|---|
| static ObjectID | oidThe object identifier of this ProxyInfo extension. | 
critical| Constructor and Description | 
|---|
| ProxyInfo()Default constructor. | 
| Modifier and Type | Method and Description | 
|---|---|
| boolean | addTargets(Targets targets)Adds the given Targets object. | 
| boolean | checkProxy(java.lang.Object sender,
          java.lang.Object server)Checks if the attribute certificate containing this ProxyInfo can be accepted for
 the given sender-server pair. | 
| boolean | checkProxyChain(Target[] proxyChain)Checks if the given proxy chain is valid for an attribute certificate
 containing this ProxyInfo extension. | 
| boolean | containsTargetElement(Target target)Checks if the given Target element is contained in this
 ProxyInfo extension. | 
| ObjectID | getObjectID()Returns the object ID of this  ProxyInfoextension | 
| Target[] | getTargetElements()Gets all Target elements included in the Targets objects 
 of this ProxyInfo extension. | 
| Targets[] | getTargets()Gets all Targets objects included in this ProxyInfo extension. | 
| Targets | getTargets(java.lang.Object server)Searches if any of the included Targets contains a Target
 that matches the given server object. | 
| int | hashCode()Returns a hashcode for this identity. | 
| void | init(ASN1Object obj)Inits this  ProxyInfoimplementation with an ASN1object
 representing the value of this extension. | 
| int | numberOfTargetElements()Returns the total number of Target elements that are
 contained in this ProxyInfo. | 
| int | numberOfTargets()Returns the number of Targets objects that are
 contained in this ProxyInfo. | 
| void | removeAllTargets()Removes all targets from this ProxyInfo. | 
| boolean | removeTargetElement(Target target)Removes the given Target element from this ProxyInfo. | 
| boolean | removeTargets(Targets targets)Removes the given Targets object from this ProxyInfo. | 
| void | setTargets(Targets[] targets)Sets all Targets objects. | 
| void | specifyHolder(Holder holder)Specifies the Holder of the attribute certificate to which this
 ProxyInfo extension belongs to. | 
| ASN1Object | toASN1Object()Returns an ASN1Object representing the value of this  ProxyInfoextension object. | 
| java.lang.String | toString()Returns a string that represents the contents of this
  ProxyInfoextension. | 
| java.lang.String | toString(boolean detailed)Returns a string that represents the contents of this
  ProxyInfoextension. | 
getName, isCritical, setCriticalpublic static final ObjectID oid
public ProxyInfo()
ProxyInfo object.
 Use method addTargets for adding
 Targets ProxySets (Targets objects) as required.public ObjectID getObjectID()
ProxyInfo extensiongetObjectID in class V3Extensionpublic void init(ASN1Object obj) throws X509ExtensionException
ProxyInfo implementation with an ASN1object
 representing the value of this extension.
 The given ASN1Object represents the SEQUENCE of Targets value of the ProxyInfo extension:
ProxyInfo ::= SEQUENCE OF Targets
When parsing the ASN.1 representation of an attribute certificate this method is used for properly initializing an included ProxyInfo extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.
init in class V3Extensionobj - the ProxyInfo as ASN1ObjectX509ExtensionException - If the extension value is not an ASN.1 SEQUENCE object
            or some error occurs when parsing the included Targets objectspublic ASN1Object toASN1Object() throws X509ExtensionException
ProxyInfo
 extension object.
 The returned ASN1Object is an ASN.1 SEQUENCE representing the value of this ProxyInfo extension:
ProxyInfo ::= SEQUENCE OF Targets
toASN1Object in class V3ExtensionProxyInfo as ASN1ObjectX509ExtensionException - if the extension could not be createdpublic int hashCode()
hashCode in class V3Extensionpublic boolean addTargets(Targets targets)
targets - the Targets object to be addedtrue if the Targets has been added,
         false if it has not been added because
         already contained in this ProxyInfo extensionpublic void setTargets(Targets[] targets)
targets - the Targets to be setpublic boolean removeTargets(Targets targets)
targets - the Targets object to be removedtrue if the Targets object has been removed, 
         false if no such Targets object was presentpublic boolean removeTargetElement(Target target)
target - the Target element to be removedtrue if the Target element has been removed, 
         false if no such Target was presentpublic void removeAllTargets()
public Targets[] getTargets()
public Target[] getTargetElements()
Targets
 objects and builds an array of all Target 
 elements that are contained in the several Targets objects.public int numberOfTargets()
public int numberOfTargetElements()
public Targets getTargets(java.lang.Object server) throws TargetException
 
 This method steps through all Target elements
 included in this ProxyInfo extension. If it detects a Targets
 object that contains a Target element that denotes the given
 server/service as a valid target, this Targets object is returned.
 
 Since target checking may depend on application-specific
 requirements which cannot be known by this general default
 implementation, the default implementation of this method
 only can perform an equality check. 
 This ProxyInfo belongs to the AttributeCertificate
 in mind and may contain any number of Target
 elements that may represent a TargetName,
 a TargetGroup or a TargetCert. 
 The given server object only can be checked
 if it is given as Target object, too (in this case it is checked
 of being equal to any of the Target elements included in
 this ProxyInfo extension). If an included Target element
 represents a TargetName or a TargetGroup, the server object alternatively
 may be specified as GeneralName; in this case the TargetName/TargetGroup GeneralName
 is checked of being equal to the server GeneralName. 
 
 In any other case -- if the supplied server object is not given as 
 Target or GeneralName -- a TargetException is thrown indicating that
 the server object cannot be handled by this method. An application 
 may implement its own TargetChecker
 and install it as application-wide TargetChecker to be used by calling 
 method setTargetChecker:
 
MyTargetChecker myTargetChecker = ...; Target.setTargetChecker(myTargetChecker);
server - the server/service to be checked for being
               a target of the ACnull if no Target for the given server can
         be foundTargetException - if none of the Target element in this ProxyInfo
            extension accepts the server/service as valid target, but some of 
            the Target elements cannot handle the server/service and thus 
            cannot provide a reliable information. For instance, checking if a 
            server/service belongs to some specific TargetGroup cannot be done in a general way because membership
            of a target to a TargetGroup only can be handled in application 
            specfic manner, e.g. (see 
            RFC 5755): a TargetGroup may specify a DNS domain and the AC 
            verifier knows the DNS domain to which it belongs; or the TargetGroup
            specifies "PRINTERS," and the AC verifier knows if it is a printer
            or print server or not). In such cases the isTargetFor check must 
            be done in a different, application specific way.public boolean checkProxy(java.lang.Object sender,
                 java.lang.Object server)
                   throws TargetException
 When receiving an attribute certificate where the ProxyInfo extension is 
 included, the AC verifier has to check if the sender -- which may be the  
 AC holder or an intermediate server (proxy) -- was entitled to send the
 attribute certificate, and if the attribute certificate can be accepted
 by the AC verifier. This proxy check is successful if either the sender
 of the AC is the holder itself (in which case the current server must
 "match" the target condition of any of the included ProxySets 
 (i.e. Targets objects), or if the sender of
 the AC and the current server are refered by the same ProxySet (i.e.
 sender and current server "match" the target condition of the same
 Targets object). "Matching" to a Targets object means that
 the sender/server must be one of the targetName elements of the 
 Targets object, or that it must be a member of one of the targetGroup
 elements of the Targets object. How group membership may be verified, may
 depend on application specific settings. For instance, if a targetGroup
 specifies a DNS domain the AC verifier will have to know the DNS domain
 to which it belongs. Or, for instance, if a targetGroup specified "PRINTERS" 
 the AC verifier must know if it is a, e.g., printer or print server (see RFC 5755).
 
 When calling this method you have to specify the sender (from which you have 
 received the attribute certificate) and the current server identity (to see
 if it matches the target condition). The targeting check is controlled by the
 TargetChecker. When comaparing a given
 sender/server object against a Target element included in this ProxyInfo
 extension, the default TargetChecker implementation performs the following checks
 (in this order):
 
Target object and is equal
        to the AC Target element, the check returns true.
    TargetName or TargetGroup and the server
        is given as GeneralName, the check
        returns true if the GeneralName of the AC Target is equal to the server
        GeneralName.
    dNSName the server maybe given as
        TargetGroup or GeneralName. In this case the server GeneralName is checked of 
        being of type dNSName, uniformResourceIdentifier or
        rfc822Name. If the server GeneralName is of any of these three
        types the check returns true if the server name is in the domain specified by the
        dNSName of the AC TargetGroup (i.e. it is checked if the server name ends
        with the dNSName specified by the AC TargetGroup). If, for instance, the
        AC TargetGroup specifies a dNSName like "iaik.at" and the 
        server name is "http://jce.iaik.at" the server is accepted as being a member
        of the AC TargetGroup.
    plug-in its own TargetChecker implementation for enforcing a more sophisticated target checking policy which
 may be tailored to application specific requirements that cannot be considered
 by a general default implementation. 
 
 As mentioned above the proxy check succeeds if either the sender of the AC is the 
 holder itself (in which case the current server must "match" the target 
 condition of any of the included ProxySets (Targets objects), or if the sender of
 the AC and the current server are refered by the same ProxySet (i.e. sender and
 current server "match" the target condition of the same Targets object).
 Following this, when calling method checkProxy the sender may
 be specified as Holder object (to be compared to 
 the holder of the attribute certificate), or as Target or 
 GeneralName object (to be searched of matching the target
 condition of any included ProxySets (Targets objects)). The server identity
 has to be specified as Target or GeneralName object
 (as long as the application has not plugged in its own TargetChecker).
 
 For example, the holder field and ProxyInfo extension of an attribute certificate
 may have been created to contain the following values:
 
 // create ProxyInfo
 ProxyInfo proxyInfo = new ProxyInfo();
 // add two Targets
 TargetName targetName1 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.tugraz.at"));
 TargetName targetName2 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at"));
 // first Targets (ProxySet)
 Targets targets1 = new Targets();
 targets1.setTargets(new Target[] { targetName1, targetName2 });
 proxyInfo.addTargets(targets1);
 TargetName targetName3 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.iaik.at"));
 TargetName targetName4 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.tugraz.at"));
 // second Targets (ProxySet)
 Targets targets2 = new Targets();
 targets2.addTarget(targetName3);
 targets2.addTarget(targetName4);
 proxyInfo.addTargets(targets2);
 ...
 // add any further Targets objects if required
 ...
 // create attribute certificate
 AttributeCertificate ac = new AttributeCertificate();
 ...
 // set holder
 X509Certificate baseCert = ...;
 Holder holder = new Holder();
 holder.setBaseCertificateID(baseCert);
 ac.setHolder(holder);
 ...
 // set issuer, validity,...
 ...
 // add ProxyInfo extension
 ac.addExtension(proxyInfo);
 // sign and encode certificate
 ac.sign(...);
 byte[] encodedAc = ac.getEncoded();
 
 When the receiving this attribute certificate and using method checkProxy
 to validate the proxy information, the proxy check will succeed if the sender is given 
 as Holder object with the same base certificate and the current server 
 is given as GeneralName ("http://jce.iaik.at"): the sender is equal to the holder 
 and the current server is named by the first Targets element:
 
 // sender
 X509Certificate baseCert = ...;
 Holder sender = new Holder();
 sender.setBaseCertificateID(baseCert);
 // current server
 GeneralName server = new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at");
 // proxy check is successful:
 if (proxyInfo.checkProxy(sender, server)) {
    // success
 } else {
   // handle error condition
 }
     
 The proxy check will also be successful for server names "http://jce.iaik.tugraz.at",
 "http://www.iaik.at" and "http://www.tugraz.at" (since named in the included Targets), but
 not for any other server name or if the sender is given as Holder that is not equal to the AC
 holder.
 Holder object, but as GeneralName or
 Target, the proxy check will accept any of the names "http://jce.iaik.tugraz.at",
 "http://jce.iaik.at","http://www.iaik.at", "http://www.tugraz.at". However, since in this case
 sender and server must belong to the same ProxySet (Targets object), a sender-server pair like
 ("http://jce.iaik.at", "http://jce.iaik.tugraz.at") will be accepted, but a sender-server pair
 like ("http://jce.iaik.at", "http://www.tugraz.at") will be rejected:
 
 // sender
 GeneralName sender = new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at");
 // current server
 GeneralName server = new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.tugraz.at");
 // proxy check is successful (sender and server in same proxy set):
 if (proxyInfo.checkProxy(sender, server)) {
    // success
 } 
 
 but:
 
 // sender
 GeneralName sender = new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at");
 // current server
 GeneralName server = new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.tugraz.at");
 // proxy check fails (sender and server in different proxy sets):
 if (!proxyInfo.checkProxy(sender, server)) {
    // reject
 } 
 sender - the entity that has sent the attribute certificate containging this 
               ProxyInfo extensionserver - the current server that has to be checked if it can accept the attribute 
               certificate containing this ProxyInfo extensiontrue if the proxy check is successful,
         false otherwiseTargetException - if the proxy check cannot give a reliable answer (true/false) because
                         any of the included Target elements cannot check the given 
                         sender/server object. For instance, checking if a 
                         sender/server belongs to some specific TargetGroup cannot be done in a general way because membership
                         of a target to a TargetGroup only can be handled in application 
                         specfic manner, e.g. (see 
                         RFC 5755): a TargetGroup may specify a DNS domain and the AC 
                         verifier knows the DNS domain to which it belongs; or the TargetGroup
                         specifies "PRINTERS," and the AC verifier knows if it is a printer
                         or print server or not). In such cases the target condition check must 
                         be done in a different, application specific way by implementing 
                         and plugging-in a special TargetChecker.public boolean checkProxyChain(Target[] proxyChain) throws TargetException
Target elements. The proxy
 chain check succeeds if this ProxyInfo extension consists a Targets object to which all the given Target
 elements belong to.  
 TargetChecker. By default the TargetChecker performs an equality check; 
 i.e. any of the Target elements of the given proxy chain is checked of
 being equal to any of the Target elements included in the reference
 Targets object of this ProxyInfo. An application may plug-in its own TargetChecker
 implementation for enforcing a more sophisticated target checking policy
 which may be tailored to application specific requirements that cannot 
 be considered by a general default implementation.
 For example, the holder field and ProxyInfo extension of an attribute certificate may have been created to contain the following values:
 // create ProxyInfo
 ProxyInfo proxyInfo = new ProxyInfo();
 // add two Targets
 TargetName targetName1 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.tugraz.at"));
 TargetName targetName2 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at"));
 // first Targets (ProxySet)
 Targets targets1 = new Targets();
 targets1.setTargets(new Target[] { targetName1, targetName2 });
 proxyInfo.addTargets(targets1);
 TargetName targetName3 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.iaik.at"));
 TargetName targetName4 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.tugraz.at"));
 // second Targets (ProxySet)
 Targets targets2 = new Targets();
 targets2.addTarget(targetName3);
 targets2.addTarget(targetName4);
 proxyInfo.addTargets(targets2);
 ...
 // add any further Targets objects if required
 ...
 // create attribute certificate
 AttributeCertificate ac = new AttributeCertificate();
 ...
 // set holder
 X509Certificate baseCert = ...;
 Holder holder = new Holder();
 holder.setBaseCertificateID(baseCert);
 ac.setHolder(holder);
 ...
 // set issuer, validity,...
 ...
 // add ProxyInfo extension
 ac.addExtension(proxyInfo);
 // sign and encode certificate
 ac.sign(...);
 byte[] encodedAc = ac.getEncoded();
 
 When the receiving this attribute certificate and using method checkProxyChain
 to validate a proxy chain, a chain like "http://jce.iaik.at" - "http://jce.iaik.tugraz.at" will be
 accepted (since belonging to the same ProxySet), but the chain "http://jce.iaik.at" -
 "http://www.tugraz.at" will be rejected:
 
 TargetName proxyTarget1 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at"));
 TargetName proxyTarget2 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.tugraz.at"));
 Target[] proxyChain1 = { proxyTarget1, proxyTarget2 }
 // proxy chain check is successful (all in same proxy set):
 if (proxyInfo.checkProxyChain(proxyChain1)) {
   // success
 } 
 
 but:
 
 TargetName proxyTarget3 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://jce.iaik.at"));
 TargetName proxyTarget4 = new TargetName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.tugraz.at"));
 Target[] proxyChain2 = { proxyTarget1, proxyTarget2 }
 // proxy chain check fails (different proxy sets):
 if (!proxyInfo.checkProxyChain(proxyChain2)) {
    // reject
 } 
 proxyChain - the proxy chain (array of Targets) to be checkedtrue if this ProxyInfo contains a Targets objects
         to which all Target elements of the given ProxyChain belong toTargetException - if the proxy chain check cannot give a reliable answer 
                         (true/false) because any of the included Target elements
                         cannot be checked by the installed TargetCheckerpublic boolean containsTargetElement(Target target)
target - the Target element to be checked if includedtrue if the given Target is included,
         false if it is not includedpublic void specifyHolder(Holder holder)
AttributeCertificate
 object to provide a reference to its Holder field which may 
 be required for proxy checking.holder - the Holder of the attribute certificate to which this
               ProxyInfo extension belongs topublic java.lang.String toString()
ProxyInfo extension.toString in class java.lang.Objectpublic java.lang.String toString(boolean detailed)
ProxyInfo extension.detailed - whether to give some detailed information 
        about the included Targets objects