Condition to test if the signer of a bundle matches or does not match a
pattern. Since the bundle's signer can only change when the bundle is
updated, this condition is immutable.
The condition expressed using a single String that specifies a Distinguished
Name (DN) chain to match bundle signers against. DN's are encoded using IETF
RFC 2253. Usually signers use certificates that are issued by certificate
authorities, which also have a corresponding DN and certificate. The
certificate authorities can form a chain of trust where the last DN and
certificate is known by the framework. The signer of a bundle is expressed as
signers DN followed by the DN of its issuer followed by the DN of the next
issuer until the DN of the root certificate authority. Each DN is separated
by a semicolon.
A bundle can satisfy this condition if one of its signers has a DN chain that
matches the DN chain used to construct this condition. Wildcards (`*') can be
used to allow greater flexibility in specifying the DN chains. Wildcards can
be used in place of DNs, RDNs, or the value in an RDN. If a wildcard is used
for a value of an RDN, the value must be exactly "*" and will match any value
for the corresponding type in that RDN. If a wildcard is used for a RDN, it
must be the first RDN and will match any number of RDNs (including zero
RDNs).