DName test cases

I found 2 more potential incompatibilities with respect to RFC 2253 and 
RFC 4514 so I would like to add test cases for them. RFC 4514 does not 
require escaping of equals sign ('=' U+003D) and non-leading number sign 
('#' U+0023) characters in attribute values.

Also, I would like to change how the test cases are specified in section 
3.5.1 and 3.5.2 [1]. In particular:

The input to each test case will be an XML Signature containing a 
KeyInfo element, containing an X509Data element, containing an 
X509SubjectName (or X509IssuerSerial) element with a DistinguishedName 
in RFC 4514 format (specified according to the test input details section).

Implementations will be required to parse the distinguished name and 
find a corresponding certificate (with the same SubjectDN (or 
Issuer/Serial)). This certificate will contain the public key needed to 
verify the signature. I will supply the certificates in the test 
directory (or a sub-directory).

These changes confirm that implementations can properly parse and use 
RFC 4514 DNs which is what I think we should be testing. There is no 
need to test RFC 2253 DNs.

Please let me know within the next day if you have any objections to 
these changes. (Time is of the essence :).

Thanks,
Sean

[1] 
http://www.w3.org/2007/xmlsec/interop/xmlsig-interop-doc/testcases.html#TestCases-DistinguishedName

Received on Wednesday, 12 September 2007 20:23:42 UTC