Allow to set a complete X500Name to CSRBuilder in addition to the single set-methods

[kimmerin]

Hi,

is there a reason why there are only methods to set a select list of RDN-entries for the requested certificate-subject? If not, is it possible to add a setX500Name that allows to set all "RDN-parts" at once? Alternatively a setRND(RDN rdn)?

[shred]

Hi @kimmerin!

The CSRBuilder was designed for simplicity. acme4j itself does not care much about where the CSR comes from, it just expects a binary encoded CSR document. So you could also implement your own CSR generator if you have further demands on its contents.

Internally BouncyCastle's X500NameBuilder is used, so there is no way to offer a setX500Name() or setRDN() method without having to do major rewrites of the CSRBuilder.

However, what I could offer is to add a modifyX500Name(Consumer<X500NameBuilder> builder) method that permits to add further RDN to the X500NameBuilder, e.g.:

CSRBuilder csrb = new CSRBuilder();
csrb.addDomain("example.org");

// add a custom UID RDN
csrb.modifyX500Name(b -> b.addRDN(BCStyle.UID, "123456"));

csrb.sign(domainKeyPair);
byte[] csr = csrb.getEncoded();

Would that help you?

[kimmerin]

I was thinking of something like this:

public void addValue(String attName, String value) {
    ASN1ObjectIdentifier oid = X500Name.getDefaultStyle().attrNameToOID(attName);
    addValue(oid, value);
}

public void addValue(ASN1ObjectIdentifier oid, String value) {
    if (oid.equals(BCStyle.CN)) {
        addDomain(value);
        return;
    }
    namebuilder.addRDN(oid, value);
}

I can do this change, add javadocs, create unit tests around it and start a pull request if you want.

[shred]

Sure, a pull request would be fine! Thank you! :smile:

[shred]

Closed via #129.

[shred]

Sorry for the delay! Your change is now published in acme4j v2.14. It is available in the release section, and should be available at Maven Central within the next couple of hours.