[Ejbca-develop] MultiRDN Distinguished Name String to X500Name conversion

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

I did modification to string to X500Name conversion for DN creation.
My patch rewrite stringToBcX500Name and supports MultiRDN features in order
to complains National rules in DN generation.
It can generate DN using + syntax for MultiRDN and maintains ordering
features. Additional + chars in DN names can be written using
the standard \+ syntax. Current ordering feature take account for the first
attribute in MultiRDN attribute.
MultiRDN content respects RFC ASN1 SET ordering rules.
Attached a modified version of CertTools.java for MultiRDN.

For example
"DN=200590 + givenName=Enrico Maria + serialNumber=IT:MEZCAL86T16H523D +
surname=Ciaffi,O=Test1,C=IT,O=Test

Results in
"SURNAME=Ciaffi+DN=200590+GIVENNAME=Enrico
Maria+SN=IT:MEZCAL86T16H523D,O=Test1,O=Test,C=IT"

   0 30  125: SEQUENCE {
   2 31   11:   SET {
   4 30    9:     SEQUENCE {
   6 06    3:       OBJECT IDENTIFIER countryName (2 5 4 6)
  11 13    2:       PrintableString 'IT'
            :       }
            :     }
  15 31   13:   SET {
  17 30   11:     SEQUENCE {
  19 06    3:       OBJECT IDENTIFIER organizationName (2 5 4 10)
  24 0C    4:       UTF8String 'Test'
            :       }
            :     }
  30 31   14:   SET {
  32 30   12:     SEQUENCE {
  34 06    3:       OBJECT IDENTIFIER organizationName (2 5 4 10)
  39 0C    5:       UTF8String 'Test1'
            :       }
            :     }
  46 31   79:   SET {
  48 30   13:     SEQUENCE {
  50 06    3:       OBJECT IDENTIFIER surname (2 5 4 4)
  55 0C    6:       UTF8String 'Ciaffi'
            :       }
  63 30   13:     SEQUENCE {
  65 06    3:       OBJECT IDENTIFIER dnQualifier (2 5 4 46)
  70 13    6:       PrintableString '200590'
            :       }
  78 30   19:     SEQUENCE {
  80 06    3:       OBJECT IDENTIFIER givenName (2 5 4 42)
  85 0C   12:       UTF8String 'Enrico Maria'
            :       }
  99 30   26:     SEQUENCE {
 101 06    3:       OBJECT IDENTIFIER serialNumber (2 5 4 5)
 106 13   19:       PrintableString 'IT:MEZCAL86T16H523D'
            :       }
            :     }
            :   }

I hope this contribution can be added to EjbCA for missing MultiRDN feature.
I test this patch in Italian Qualified Certification Authorities and CNS
certificate generation.

Regards,

Francesco Petruzzi
Innovery S.p.A. 
fra...@in...

---
Questa e-mail è stata controllata per individuare virus con Avast antivirus.
http://www.avast.com