Update PKCS10Client by including ability to control encoding of some subject name components. Some subject name components like CN, L, ST, O, OU, ... are defined as choice of TeletexString?, PrintableString?, UniversalString?, UTF8String, and BMPString. PKCS10Client should provide ability to control choice for above subject name components.
This enhancement is require to test solution for ticket #448 aka https://bugzilla.redhat.com/show_bug.cgi?id=883122
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Command-Line_Tools_Guide/PKCS_10_Client.html
Here is a sample of PKCS10Client command:
PKCS10Client -p password -d '.' -o 'req.txt' -n 'cn=aa,ou=bb,o=cc'
Option '-n' specifies subject name included in generated certificate request.[[BR]] All subject name components are encoded with preselected default types.[[BR]] PKCS10Client tool for components like: CN, UID, L, ST, OU, and O sets default encoding type to PrintableString.[[BR]]
PrintableString
To keep backwards compatibility with current set of PKCS10Client parameters, encoding types can be introduced as a prefix to component name value separated by colon from component name value.[[BR]]
Here is an updated PKCS10Client command sample with subject name including specific encodings for two of its components.
PKCS10Client -p password -d '.' -k true -o 'req.txt' -n 'cn=UTF8String:aa,ou=BMPString:bb,o=cc'
Above sample command will generate certificate request with subject name 'cn=aa,ou=bb,o=cc', where aa will be encoded as UTF8String, bb as BMPString, and cc as PrintableString.
aa
UTF8String
bb
BMPString
cc
Here is how to test new option to control encoding of subject name components in request generated by PKCS10Client:
certutil -N -d .
PKCS10Client -p <password> -d '.' -k true -o 'req.txt' -n 'cn=UTF8String:aa,ou=BMPString:bb,o=cc'
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
AtoB req1.txt req1.bin
dumpasn1
dumpasn1 req.bin
[[BR]] Here is a sample result matching PKCS10Client test command line included in above procedure and also listed below:[[BR]] PKCS10Client -p <password> -d '.' -o 'req.txt' -n 'cn=UTF8String:aa,ou=BMPString:bb,o=cc' [[BR]]
dumpasn1 req.bin 0 658: SEQUENCE { 4 378: SEQUENCE { 8 1: INTEGER 0 11 41: SEQUENCE { 13 11: SET { 15 9: SEQUENCE { 17 3: OBJECT IDENTIFIER organizationName (2 5 4 10) 22 2: PrintableString 'cc' : } : } 26 13: SET { 28 11: SEQUENCE { 30 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 11) 35 4: BMPString 'bb' : } : } 41 11: SET { 43 9: SEQUENCE { 45 3: OBJECT IDENTIFIER commonName (2 5 4 3) 50 2: UTF8String 'aa' : } : } : } . . .
attachment PKCS10Client-enhancement.patch
git push Counting objects: 17, done. Delta compression using up to 4 threads. Compressing objects: 100% (7/7), done. Writing objects: 100% (9/9), 1.76 KiB, done. Total 9 (delta 5), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/pki.git 8c101dc..b60f640 master -> master
attachment PKCS10Client-update.patch
Metadata Update from @awnuk: - Issue assigned to awnuk - Issue set to the milestone: 10.1 - 08/13 (August)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1246
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.