Re: Parse x.500 DN and change order displayed

Re: Parse x.500 DN and change order displayed

am 31.03.2008 18:42:03 von szr

Hallvard B Furuseth wrote:
> SecureIT writes:
>> I am trying to change this
>> "cn=Bob Smith+serialNumber=CR013120080827,o=ICM,c=US"
>> to this:
>> "serialNumber=CR013120080827+cn=Bob Smith,o=ICM,c=US"
>
> Without escape sequences like "\," and "\+" in the DNs (if that's
> allowed anyway, I don't remember the details of X.500 Dn syntax), this
> moves serialNumber first in each RDN:
>
> s/(^|,)([^,]*)\+(serialNumber=[^+,]*)(?=[+,])/$1$3+$2/gi;
> die "didn't catch all 'foo+serialNumber's" if /\+serialNumber=/i;

Using this regex will take care of \, and \+ escapes:

s/(^|(?

Matches:

my $dn = "cn=Bob Smith+serialNumber=CR013120080827,o=ICM,c=US";
$dn =~ s/
(^|(? (serialNumber = (?:[^+,] | \\[+,])*)
(?=(? /$1$3+$2/gix;
print $dn;


__OUTPUT__
serialNumber=CR013120080827+cn=Bob Smith,o=ICM,c=US


And:

my $dn = "cn=Smith\\, Bob+serialNumber=CR01312\\+0080827,o=ICM,c=US";
$dn =~ s/
(^|(? (serialNumber = (?:[^+,] | \\[+,])*)
(?=(? /$1$3+$2/gix;
print $dn;


__OUTPUT__
serialNumber=CR01312\+0080827+cn=Smith\, Bob,o=ICM,c=US


Hope this helps.

--
szr

Re: Parse x.500 DN and change order displayed

am 02.04.2008 16:02:58 von Hallvard B Furuseth

szr writes:
>Hallvard B Furuseth wrote:
>>SecureIT writes:
>>> I am trying to change this
>>> "cn=Bob Smith+serialNumber=CR013120080827,o=ICM,c=US"
>>> to this:
>>> "serialNumber=CR013120080827+cn=Bob Smith,o=ICM,c=US"
>>
>> Without escape sequences like "\," and "\+" in the DNs (if that's
>> allowed anyway, I don't remember the details of X.500 Dn syntax), this
>> moves serialNumber first in each RDN:
>>
>> s/(^|,)([^,]*)\+(serialNumber=[^+,]*)(?=[+,])/$1$3+$2/gi;
>> die "didn't catch all 'foo+serialNumber's" if /\+serialNumber=/i;
>
> Using this regex will take care of \, and \+ escapes:
>
> s/(^|(?
Nope... not if I can create naughty "cn" values:

this: cn=a\\,cn=b+serialNumber=c,o=x
becomes serialNumber=c+cn=a\\,cn=b,o=x
instead of cn=a\\,serialNumber=c+cn=b,o=x

this: cn=b\+serialNumber=c,o=x
contains no serialNumber attribute but is modified anyway.

Not that it matters much when the OP's problem is solved anyway.
Just pointing out that once you are going to accept things that need
nontrivial parsing like escape sequences, you have to be careful to
parse it correctly. Though my variant missed out too, it should
have ended with (?=$|[+,]) to cover the last component as well.

--
Hallvard

Re: Parse x.500 DN and change order displayed

am 02.04.2008 18:23:53 von szr

Hallvard B Furuseth wrote:
> szr writes:
>> Hallvard B Furuseth wrote:
>>> SecureIT writes:
>>>> I am trying to change this
>>>> "cn=Bob Smith+serialNumber=CR013120080827,o=ICM,c=US"
>>>> to this:
>>>> "serialNumber=CR013120080827+cn=Bob Smith,o=ICM,c=US"
>>>
>>> Without escape sequences like "\," and "\+" in the DNs (if that's
>>> allowed anyway, I don't remember the details of X.500 Dn syntax),
>>> this moves serialNumber first in each RDN:
>>>
>>> s/(^|,)([^,]*)\+(serialNumber=[^+,]*)(?=[+,])/$1$3+$2/gi;
>>> die "didn't catch all 'foo+serialNumber's" if /\+serialNumber=/i;
>>
>> Using this regex will take care of \, and \+ escapes:
>>
>> s/(^|(? >
> Nope... not if I can create naughty "cn" values:
>
> this: cn=a\\,cn=b+serialNumber=c,o=x
> becomes serialNumber=c+cn=a\\,cn=b,o=x
> instead of cn=a\\,serialNumber=c+cn=b,o=x
>
> this: cn=b\+serialNumber=c,o=x
> contains no serialNumber attribute but is modified anyway.
>
> Not that it matters much when the OP's problem is solved anyway.
> Just pointing out that once you are going to accept things that need
> nontrivial parsing like escape sequences, you have to be careful to
> parse it correctly. Though my variant missed out too, it should
> have ended with (?=$|[+,]) to cover the last component as well.

Well, my example assumed proper checks would already by done by the time
it was invoked. But good points nonetheless.

--
szr