killabytenow
commented
3 years ago Hi,
Commit 83279eed1bfe45939fc1cfdb67ca72482b945621 (v0.0.2) should fix this. Now, the requested and the issued subject name are compared twice,
- A first direct comparison, char by char, is done. If they match, test is passed directly.
- If they don't match in the previous step, they are normalized using the
normalize_subjectsub. This sub escapes special chars and sort most of the Subject Name fields. If both subject names match then the test is considered passed, elsewhere it fails.
With this fix your test should pass at step 1. Thanks for you feedback!
Test results:
test:OUT[list]: TEST LIST FOR MODE
test:OUT[list]:
test:OUT[list]: id steps status title
test:OUT[list]: ----- ------ -------- --------------------------------------------------------
test:OUT[list]: 1.1 1 ok Get CA certs
test:OUT[list]: 1.2 1 ok Get CSR attributes
test:OUT[list]: 2.1 1 ok No credentials, No enroll
test:OUT[list]: 2.2 1 ok Void whitelist, no enrollments
test:OUT[list]: 2.3 1 failed Enrolling a new device from a ManufA
test:OUT[list]: 2.4 1 failed Enrolling a new device from a ManufB
test:OUT[list]: 2.5 1 failed Enrolling a new device from a ManufC
test:OUT[list]: 2.6 2 failed Enrolling two devices (ManufA, ManufC)
test:OUT[list]: 2.7 2 failed Reenrolling with the same certificate
test:OUT[list]: 2.8 1 ok Try enrolling with an incorrect subject
test:OUT[list]: 3.1 3 failed Renrolling device dec001@ManufA
test:OUT[list]: 3.2 2 failed Reenrolling a device with the same cert twice
test:OUT[list]: 3.3 2 failed Renrolling device and changing the Subject (should not be allowed)
All failed tests share the same error:
test:OUT[test/3.3]: WRITING STATUS: failed(Requested SN '/CN=dec001.testca/O=testca/C=ES' does not match with got SN '/C=ES/O=testca/CN=dec001.testca')
I am running Version 0.0.1
Subject looks good, it is only the reverse order that is taken into account when comparing it to the request subject.