public class TargetInformation extends V3Extension
TargetInformation attribute certificate extension.
 
 When included in an attribute certificate, the TargetInformation extension MUST 
 be marked as being critical.
 
 Each extension is associated with a specific certificateExtension
 object identifier. The OID for the TargetInformation
 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 
 id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 }
 which corresponds to the OID string "2.5.29.55".
 The X.509 Attribute Certificate profile presented in
 RFC 5755 specifies the TargetInformation
 extension to be used for targeting an attribute certificate to be 
 accepted only by a specified number of servers/services. If no 
 TargetInformation extension is present in an attribute certificate, 
 the certificate may be accepted by any service/server.
 
 The TargetInformation extension is defined as an ASN.1 SEQUENCE of Targets objects. Each Targets object can hold any
 number of Target elements of type TargetName, TargetGroup
 or TargetCert, however, the TargetCert
 choice must not be used (see RFC 5755):
 
 TargetInformation ::= SEQUENCE OF Targets
 
 Targets ::= SEQUENCE OF Target
 Target  ::= CHOICE {
   targetName          [0] GeneralName,
   targetGroup         [1] GeneralName,
   targetCert          [2] TargetCert
 }
 TargetCert  ::= SEQUENCE {
   targetCertificate    IssuerSerial,
   targetName           GeneralName OPTIONAL,
   certDigestInfo       ObjectDigestInfo OPTIONAL
 }
 
 Although TargetInformation is defined as SEQUENCE of Targets
 RFC 5755 requires AC issuers to only issue attribute certificates
 with TargetInformation extensions that do contain only one Targets 
 object. If a TargetInformation contains more than one Targets object,
 all included Target elements must be treated as belonging to one single 
 Targets object.
 Based on the presence of the TargetInformation extension a server/service may decide whether to accept the attribute certificate or not. If no TargetInformation is present the attribute certificate is not targeted and may be accepted by any server/service. If a TargetInformation is present the included Target elements have to be checked to see if the current server "matches" the target condition: the server can accept the attribute certificate if the server is one of the included targetName elements, or if it is a member of one of the included targetGroup elements. How group membership may be verified, may depend on application specific settings. For instance, if a targetGroup specifies a DNS domain the AC verifier will have to know the DNS domain to which it belongs. Or, for instance, if a targetGroup specified "PRINTERS" the AC verifier must know if it is a, e.g., printer or print server (see RFC 5755).
 After having created a TargetInformation extension
 object and having added any Target elements as required, the TargetInformation
 object has to be set
 as an extension for the AttributeCertificate
 object in mind, e.g.:
 
// create TargetInformation TargetInformation targetInformation = new TargetInformation(); // add a TargetName element GeneralName name = new GeneralName(GeneralName.uniformResourceIdentifier, "jce.iaik.tugraz.at"); TargetName targetName = new TargetName(name); targetInformation.addTargetElement(targetName); ... // add any further Target element if required ... // create attribute certificate AttributeCertificate ac = new AttributeCertificate(); ... // set holder, issuer, validity,... ... // add TargetInformation extension ac.addExtension(targetInformation); // sign and encode certificate ac.sign(...); byte[] encodedAc = ac.getEncoded();
 On the receiving end use method getExtension
 of the AttributeCertificate to get a TargetInformation
 extension -- if included -- from an Attribute Certificate:
 
 // the AttributeCertificate:
 AttributeCertificate ac = new AttributeCertificate(encodedAc);
 ...
 // verify signature, check validity,...
 ...
 // query for TargetInformation extension:
 TargetInformation targetInformation = (TargetInformation)ac.getExtension(TargetInformation.oid);
 if (TargetInformation != null) {
   GeneralName serverName = new GeneralName(GeneralName.uniformResourceIdentifier, "jce.iaik.tugraz.at");
   if (targetInformation.isTargetFor(serverName)) {
     // accept attribute certificate 
   }
 } else {
   // no TargetInformation extension included; accept the certificate
 }  
 
 The code sample above uses method isTargetFor to check
 if the AC verifying server/recipient is a valid target for the attribute certificate.
 The targeting check is controlled by the TargetChecker. For each single Target element included in this TargetInformation
 extension, the default TargetChecker implementation performs the following checks
 (in this order):
 Target object and is equal
        to the AC Target element, the check returns true.
    TargetName or TargetGroup and the server
        is given as GeneralName, the check
        returns true if the GeneralName of the AC Target is equal to the server
        GeneralName.
    dNSName the server maybe given as
        TargetGroup or GeneralName. In this case the server GeneralName is checked of 
        being of type dNSName, uniformResourceIdentifier or
        rfc822Name. If the server GeneralName is of any of these three
        types the check returns true if the server name is in the domain specified by the
        dNSName of the AC TargetGroup (i.e. it is checked if the server name ends
        with the dNSName specified by the AC TargetGroup). If, for instance, the
        AC TargetGroup specifies a dNSName like "iaik.at" and the 
        server name is "http://jce.iaik.at" the server is accepted as being a member
        of the AC TargetGroup.
    plug-in its own TargetChecker implementation for enforcing a more sophisticated target checking policy which
 may be tailored to application specific requirements that cannot be considered
 by a general default implementation.GeneralName, 
V3Extension, 
AttributeCertificate, 
Target, 
Targets, 
TargetName, 
TargetGroup, 
TargetCert| Modifier and Type | Field and Description | 
|---|---|
| static ObjectID | oidThe object identifier of this TargetInformation extension. | 
critical| Constructor and Description | 
|---|
| TargetInformation()Default constructor. | 
| Modifier and Type | Method and Description | 
|---|---|
| boolean | addTargetElement(Target target)Adds the given Target. | 
| boolean | containsTargetElement(Target target)Checks if the given Target element is contained in this
 TargetInformation extension. | 
| ObjectID | getObjectID()Returns the object ID of this  TargetInformationextension | 
| Target[] | getTargetElements()Gets all Target elements included in the Targets objects 
 of this TargetInformation extension. | 
| Targets[] | getTargets()Gets all Targets objects included in this TargetInformation extension. | 
| int | hashCode()Returns a hashcode for this identity. | 
| void | init(ASN1Object obj)Inits this  TargetInformationimplementation with an ASN1object
 representing the value of this extension. | 
| boolean | isTargetFor(java.lang.Object server)Checks if the given server/service is a valid target for
 the attribute certificate containing this TargetInformation
 extension. | 
| int | numberOfTargetElements()Returns the total number of Target elements that are
 contained in this TargetInformation. | 
| int | numberOfTargets()Returns the number of Targets objects that are
 contained in this TargetInformation. | 
| void | removeAllTargets()Removes all targets from this TargetInformation. | 
| boolean | removeTargetElement(Target target)Removes the given Target element from this TargetInformation. | 
| boolean | removeTargets(Targets targets)Removes the given Targets object from this TargetInformation. | 
| void | setTargetElements(Target[] targets)Sets all Target elements. | 
| void | setTargets(Targets[] targets)Sets all Targets objects. | 
| ASN1Object | toASN1Object()Returns an ASN1Object representing the value of this  TargetInformationextension object. | 
| java.lang.String | toString()Returns a string that represents the contents of this
  TargetInformationextension. | 
| java.lang.String | toString(boolean detailed)Returns a string that represents the contents of this
  TargetInformationextension. | 
getName, isCritical, setCriticalpublic static final ObjectID oid
public TargetInformation()
TargetInformation object.
 Use method addTargetElement for adding
 Target elements as required.public ObjectID getObjectID()
TargetInformation extensiongetObjectID in class V3Extensionpublic void init(ASN1Object obj) throws X509ExtensionException
TargetInformation implementation with an ASN1object
 representing the value of this extension.
 The given ASN1Object represents the SEQUENCE of Targets value of the TargetInformation extension:
TargetInformation ::= SEQUENCE OF Targets
When parsing the ASN.1 representation of an attribute certificate this method is used for properly initializing an included TargetInformation extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.
init in class V3Extensionobj - the TargetInformation as ASN1ObjectX509ExtensionException - If the extension value is not an ASN.1 SEQUENCE object
            or some error occurs when parsing the included Targets objectspublic ASN1Object toASN1Object() throws X509ExtensionException
TargetInformation
 extension object.
 The returned ASN1Object is an ASN.1 SEQUENCE representing the value of this TargetInformation extension:
TargetInformation ::= SEQUENCE OF Targets
toASN1Object in class V3ExtensionTargetInformation as ASN1ObjectX509ExtensionException - if the extension could not be createdpublic int hashCode()
hashCode in class V3Extensionpublic boolean addTargetElement(Target target)
 The given Target element is added
 to the first (and maybe only) Targets
 object in the list: Although the TargetInformation value is defined
 as SEQUENCE OF Targets, the X.509 Attribute Certificate 
 profile (RFC 5755) 
 requires that a TargetInformation has to contain only one Targets 
 object. If more than one Targets object are present, all Target
 elements that are included in the serveral Targets objects have to
 be treated as belonging to one single Targets object only.
target - the Target element to be addedtrue if the Target element has been added
         false if it has not been added because it is 
         already includedpublic void setTargetElements(Target[] targets)
Targets objects are 
 removed and one new single Targets object is created. All the given 
 Target elements are added to the
 one and only Targets object just created: Although the TargetInformation
 value is defined as SEQUENCE OF Targets, the X.509 Attribute 
 Certificate profile (RFC 5755)
 requires that a TargetInformation has to contain only one Targets object.targets - the Target elements to be setpublic void setTargets(Targets[] targets)
SEQUENCE OF Targets, the X.509 Attribute Certificate profile 
 (RFC 5755) requires
 that a TargetInformation has to contain only one Targets object. If more than one Targets object is present, all
 Target elements that are included in
 the serveral Targets objects have to be treated as belonging to
 one single Targets object. Nevertheless this method provides the
 possibility to set more than only one Targets object. Thus an
 application may not be fully RFC 5755 compliant when calling this
 method with more than only one Targets object.targets - the Targets to be set (the supplied array may contain
                only one Targets object as requested by the X.509 
                attribute profile).public boolean removeTargets(Targets targets)
targets - the Targets object to be removedtrue if the Targets object has been removed, 
         false if no such Targets object was presentpublic boolean removeTargetElement(Target target)
target - the Target element to be removedtrue if the Target element has been removed, 
         false if no such Target was presentpublic void removeAllTargets()
public Targets[] getTargets()
SEQUENCE OF Targets, the X.509 Attribute Certificate profile 
 (RFC 5755) requires
 that a TargetInformation has to contain only one Targets object. Nevertheless a TargetInformation may contain more than only
 one Targets objects. In this case all Targets objects are returned by
 this method, and all the Target elements that 
 are included in the serveral Targets objects shall be treated as belonging to
 one single Targets object only.public Target[] getTargetElements()
Targets
 objects and builds an array of all Target 
 elements that are contained in the several Targets objects. If more
 than only one Targets object is included in this TargetInformation
 extension, all the Target elements returned by this method may be
 treated as belonging to one and only Targets object as required by
 the X.509 Attribute Certificate profile RFC 5755).public int numberOfTargets()
public int numberOfTargetElements()
public boolean isTargetFor(java.lang.Object server)
                    throws TargetException
 
 This method steps through all Target elements
 included in this TargetInformation extension. It returns true 
 if it detects a Target element that denotes the given server/service
 as a valid target. It returns also true if this
 TargetInformation does not contain any Target elements at all (in which
 case the corresponding attribute certificate is not specially
 targeted and can be accepted by any server). It returns false 
 if none of the included Target elements denotes the server/service
 as valid target. It throws a TargetException
 if it cannot find a Target element that accepts the server/service
 as valid Target but some of the Target elements cannot handle the 
 server/service and thus cannot provide a reliable information.
 
 The targeting check is controlled by the TargetChecker. For each single Target element included in this TargetInformation
 extension, the default TargetChecker implementation performs the following checks
 (in this order):
 
Target object and is equal
        to the AC Target element, the check returns true.
    TargetName or TargetGroup and the server
        is given as GeneralName, the check
        returns true if the GeneralName of the AC Target is equal to the server
        GeneralName.
    dNSName the server maybe given as
        TargetGroup or GeneralName. In this case the server GeneralName is checked of 
        being of type dNSName, uniformResourceIdentifier or
        rfc822Name. If the server GeneralName is of any of these three
        types the check returns true if the server name is in the domain specified by the
        dNSName of the AC TargetGroup (i.e. it is checked if the server name ends
        with the dNSName specified by the AC TargetGroup). If, for instance, the
        AC TargetGroup specifies a dNSName like "iaik.at" and the 
        server name is "http://jce.iaik.at" the server is accepted as being a member
        of the AC TargetGroup.
    plug-in its own TargetChecker implementation for enforcing a more sophisticated target checking policy which
 may be tailored to application specific requirements that cannot be considered
 by a general default implementation.
 MyTargetChecker myTargetChecker = ...; Target.setTargetChecker(myTargetChecker);
server - the server/service to be checked for being
               a target of the ACtrue if this TargetInformation extension does not 
         contain any Target element or if it contains a Target element 
         that denotes the given server/service as a valid target;
         false if none of the included Target elements denotes
         the server/service as valid targetTargetException - if none of the Target elements in this TargetInformation
            extension accepts the server/service as valid target, but some of 
            the Target elements cannot handle the server/service and thus 
            cannot provide a reliable information. For instance, checking if a 
            server/service belongs to some specific TargetGroup cannot be done in a general way because membership
            of a target to a TargetGroup only can be handled in application 
            specfic manner, e.g. (see 
            RFC 5755): a TargetGroup may specify "PRINTERS," and the AC verifier
            knows if it is a printer or print server or not). In such cases the 
            isTargetFor check must be done in a different, application specific way
            by implementing and plugging-in a special TargetChecker.public boolean containsTargetElement(Target target)
target - the Target element to be checked if includedtrue if the given Target is included,
         false if it is not includedpublic java.lang.String toString()
TargetInformation extension.toString in class java.lang.Objectpublic java.lang.String toString(boolean detailed)
TargetInformation extension.detailed - whether to give some detailed information 
        about the included Targets objects