Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test 2.2 - subject change is not reflected in resulting request #3

Open
bensprin opened this issue Nov 12, 2020 · 7 comments
Open

Test 2.2 - subject change is not reflected in resulting request #3

bensprin opened this issue Nov 12, 2020 · 7 comments
Labels
question Further information is requested

Comments

@bensprin
Copy link

DEVL_VM (@192.168.1.172/24) ~/pest/prebuild/pest-0.0.3/test $> ./test run 2.2
./test:DBG: Action 'run'
./test:OUT[test/2.2]: Running test 'Void whitelist, no enrollments' repeating it from a previous failure state (Once normalized, they still do not match (RSN '/CN=fail.testca/O=testca/C=ES', ESN '/CN=SN00000001/O=Electric/C=ES')).
./test:MSG: Running step '0'
./test:MSG: Running step/enroll '0/1'
./test:MSG: Command: ../pest -C /usr/share/ca-certificates/local/xxx.local.crt -l https://xxx.local:8443xxx -O -v -D -o out/rfc/test-2.2/step-0/in-1 -b 2048 -u xxx:xxx -c certs/dec001.pem -k certs/dec001.key -s /CN=SN00000001/O=Electric/C=ES -S /CN=fail.testca/O=testca/C=ES simpleenroll
../pest:MSG: Parameters:
../pest:MSG: - ca_file = </usr/share/ca-certificates/local/xxx.local.crt>
../pest:MSG: - client_key = <certs/dec001.key>
../pest:MSG: - client_pem = <certs/dec001.pem>
../pest:MSG: - creds = xxx:xxx
../pest:MSG: - est_url = https://xxx.local:8443xxx
../pest:MSG: - est_proto =
../pest:MSG: - est_host = <xxx.local>
../pest:MSG: - est_port = <8443>
../pest:MSG: - est_path =
../pest:MSG: - http_basic_username =
../pest:MSG: - http_basic_password =
../pest:MSG: - rsa_bits = <2048>
../pest:MSG: - subject = </CN=SN00000001/O=Electric/C=ES>
../pest:MSG: - subject_alt = not defined
../pest:MSG: - change_subject = </CN=fail.testca/O=testca/C=ES>
../pest:MSG: - change_subject_alt = not defined
../pest:MSG: - output_directory = <out/rfc/test-2.2/step-0/in-1>
../pest:MSG: - timestamp_prefix = not defined
../pest:MSG: - overwrite = <1>
../pest:DBG: Action 'simpleenroll'
../pest:MSG: Building a RSA key (2048 bits)
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/public.key' (application/pkcs8)
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/private.key' (application/pkcs8)
../pest:MSG: Building certificate signing request
../pest:MSG: - Requiring subject change '/CN=fail.testca/O=testca/C=ES'
../pest:DBG: ChangeSubject ASN.1 dump:
../pest:DBG: 0000 54: SEQUENCE {
../pest:DBG: 0002 52: SEQUENCE {
../pest:DBG: 0004 20: SET {
../pest:DBG: 0006 18: SEQUENCE {
../pest:DBG: 0008 3: OBJECT ID = 2.5.4.3
../pest:DBG: 000D 11: [UNIVERSAL 12]
../pest:DBG: 000F : 66 61 69 6C 2E 74 65 73 74 63 61 __ __ __ __ __ fail.testca
../pest:DBG: 001A : }
../pest:DBG: 001A : }
../pest:DBG: 001A 15: SET {
../pest:DBG: 001C 13: SEQUENCE {
../pest:DBG: 001E 3: OBJECT ID = 2.5.4.10
../pest:DBG: 0023 6: [UNIVERSAL 12]
../pest:DBG: 0025 : 74 65 73 74 63 61 __ __ __ __ __ __ __ __ __ __ testca
../pest:DBG: 002B : }
../pest:DBG: 002B : }
../pest:DBG: 002B 11: SET {
../pest:DBG: 002D 9: SEQUENCE {
../pest:DBG: 002F 3: OBJECT ID = 2.5.4.6
../pest:DBG: 0034 2: [UNIVERSAL 19]
../pest:DBG: 0036 : 45 53 __ __ __ __ __ __ __ __ __ __ __ __ __ __ ES
../pest:DBG: 0038 : }
../pest:DBG: 0038 : }
../pest:DBG: 0038 : }
../pest:DBG: 0038 : }
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/request.csr' (application/pkcs10)
../pest:DBG: Certificate Signing Request dump:
../pest:DBG: Certificate Request:
../pest:DBG: Data:
../pest:DBG: Version: 1 (0x0)
../pest:DBG: Subject: CN = SN00000001, O = Electric, C = ES
../pest:DBG: Subject Public Key Info:
../pest:DBG: Public Key Algorithm: rsaEncryption
../pest:DBG: RSA Public-Key: (2048 bit)
../pest:DBG: Modulus:
../pest:DBG: 00:b7:12:70:b0:c8:42:b9:10:91:08:86:d3:6f:e1:
../pest:DBG: 51:0a:d2:75:7f:5b:52:a6:b5:41:6f:f5:a4:6f:42:
../pest:DBG: 5f:f9:dc:98:9e:90:4c:af:ef:89:e0:0f:97:5e:d2:
../pest:DBG: 0c:3c:98:76:7b:92:68:39:3e:a6:38:e9:ce:62:5b:
../pest:DBG: 95:a5:fd:88:e4:55:21:64:62:ce:c2:f5:5c:8b:bc:
../pest:DBG: 50:a6:21:1a:d6:cc:63:9a:b6:15:75:40:ad:0a:b5:
../pest:DBG: c3:85:44:40:29:0c:f0:87:29:6a:7b:73:48:29:4c:
../pest:DBG: fc:52:cc:0b:94:d3:e6:59:9a:ea:c1:9b:e1:3d:d5:
../pest:DBG: 39:4b:28:d0:43:1c:c2:bc:85:7b:bb:27:8d:12:82:
../pest:DBG: 9a:1b:10:52:3e:42:c4:c3:78:c2:63:4a:03:71:0c:
../pest:DBG: 6d:72:d7:df:e5:4d:1c:1e:67:61:3f:82:4d:d6:ef:
../pest:DBG: ae:05:1b:24:b0:79:5d:c2:b9:c4:be:9d:bd:83:cc:
../pest:DBG: 2e:c4:a1:25:d7:12:9f:ce:1b:d4:d3:37:b7:4d:2f:
../pest:DBG: f6:86:ce:3d:64:1a:df:10:d5:16:a9:fe:54:f3:57:
../pest:DBG: c7:6c:4d:03:4f:f4:bf:64:95:c0:93:8a:c0:33:54:
../pest:DBG: e2:66:f3:87:99:93:27:08:20:ff:c8:2e:12:32:9d:
../pest:DBG: 94:cc:2e:08:bc:dd:63:e0:2d:bc:61:81:b1:3b:3e:
../pest:DBG: 47:85
../pest:DBG: Exponent: 65537 (0x10001)
../pest:DBG: Attributes:
../pest:DBG: Requested Extensions:
../pest:DBG: 1.3.6.1.5.5.7.7.36:
..U.est:DBG: 06041.0...U....fail.testca1.0
../pest:DBG: ..testca1.0...U....ES
../pest:DBG: Signature Algorithm: sha256WithRSAEncryption
../pest:DBG: 4f:5d:c1:d7:da:9e:0d:60:58:ea:2b:07:25:e4:cd:04:2b:09:
../pest:DBG: 28:6a:46:6e:ae:dd:0b:23:6d:f3:f3:d3:18:6a:2f:4d:75:ca:
../pest:DBG: 88:ac:cd:c5:3b:3c:88:ce:a9:bf:e3:dd:f1:1e:9d:70:81:47:
../pest:DBG: 6c:39:0d:95:91:3d:ae:34:22:2e:cf:df:5c:2d:9e:a1:cc:de:
../pest:DBG: fb:26:ec:48:fb:c1:d0:2d:ba:a9:dc:2c:33:84:d4:06:66:cf:
../pest:DBG: ba:65:6a:18:a8:fd:c8:c0:0e:e1:f8:eb:f9:25:a0:3c:99:38:
../pest:DBG: 41:2a:6c:d0:48:44:a7:6d:a6:8f:e9:c2:85:45:e5:96:89:f4:
../pest:DBG: 60:22:f6:28:b8:db:ef:f0:95:c9:cf:4a:14:d9:92:9c:47:33:
../pest:DBG: 1d:5c:71:c8:44:0c:71:d3:58:86:b1:71:e6:ec:50:1b:5c:39:
../pest:DBG: 76:de:50:9a:e5:71:86:42:a2:ac:60:bd:3f:20:8a:f8:b3:a2:
../pest:DBG: 73:20:1c:48:8d:1a:ad:36:d3:06:4d:14:1b:2e:61:c5:d6:35:
../pest:DBG: 74:ed:7a:85:d7:88:e7:2d:40:fd:55:91:08:c7:4e:85:e9:15:
../pest:DBG: 1f:a4:fd:3c:61:56:c4:39:05:c2:e1:86:38:70:d0:de:49:d0:
../pest:DBG: 16:6e:a5:4e:d4:41:6e:d8:d2:58:d5:d2:ef:82:5b:3a:61:a8:
../pest:DBG: 73:41:65:91
../pest:DBG: -----BEGIN CERTIFICATE REQUEST-----
../pest:DBG: MIIC0TCCAbkCAQAwNTETMBEGA1UEAwwKU04wMDAwMDAwMTERMA8GA1UECgwIRWxl
../pest:DBG: Y3RyaWMxCzAJBgNVBAYTAkVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
../pest:DBG: AQEAtxJwsMhCuRCRCIbTb+FRCtJ1f1tSprVBb/Wkb0Jf+dyYnpBMr++J4A+XXtIM
../pest:DBG: PJh2e5JoOT6mOOnOYluVpf2I5FUhZGLOwvVci7xQpiEa1sxjmrYVdUCtCrXDhURA
../pest:DBG: KQzwhylqe3NIKUz8UswLlNPmWZrqwZvhPdU5SyjQQxzCvIV7uyeNEoKaGxBSPkLE
../pest:DBG: w3jCY0oDcQxtctff5U0cHmdhP4JN1u+uBRsksHldwrnEvp29g8wuxKEl1xKfzhvU
../pest:DBG: 0ze3TS/2hs49ZBrfENUWqf5U81fHbE0DT/S/ZJXAk4rAM1TiZvOHmZMnCCD/yC4S
../pest:DBG: Mp2UzC4IvN1j4C28YYGxOz5HhQIDAQABoFcwVQYJKoZIhvcNAQkOMUgwRjBEBggr
../pest:DBG: BgEFBQcHJAQ4MDYwNDEUMBIGA1UEAwwLZmFpbC50ZXN0Y2ExDzANBgNVBAoMBnRl
../pest:DBG: c3RjYTELMAkGA1UEBhMCRVMwDQYJKoZIhvcNAQELBQADggEBAE9dwdfang1gWOor
../pest:DBG: ByXkzQQrCShqRm6u3QsjbfPz0xhqL011yoiszcU7PIjOqb/j3fEenXCBR2w5DZWR
../pest:DBG: Pa40Ii7P31wtnqHM3vsm7Ej7wdAtuqncLDOE1AZmz7plahio/cjADuH46/kloDyZ
../pest:DBG: OEEqbNBIRKdtpo/pwoVF5ZaJ9GAi9ii42+/wlcnPShTZkpxHMx1ccchEDHHTWIax
../pest:DBG: cebsUBtcOXbeUJrlcYZCoqxgvT8givizonMgHEiNGq020wZNFBsuYcXWNXTteoXX
../pest:DBG: iOctQP1VkQjHToXpFR+k/TxhVsQ5BcLhhjhw0N5J0BZupU7UQW7Y0ljV0u+CWzph
../pest:DBG: qHNBZZE=
../pest:DBG: -----END CERTIFICATE REQUEST-----
../pest:MSG: Pushing HTTP BASIC credentials
../pest:MSG: Performing EST request
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/http-request.raw' (unknown type)
../pest:DBG: === HTTP REQUEST ====
../pest:DBG: POST https://xxx.local:8443xxx/simpleenroll
../pest:DBG: Authorization: Basic bmV4dXM6bmV4dXM=
../pest:DBG: User-Agent: libwww-perl/6.49
../pest:DBG: Content-Length: 1054
../pest:DBG: Content-Type: application/pkcs10
../pest:DBG:
../pest:DBG: -----BEGIN CERTIFICATE REQUEST-----
../pest:DBG: MIIC0TCCAbkCAQAwNTETMBEGA1UEAwwKU04wMDAwMDAwMTERMA8GA1UECgwIRWxl
../pest:DBG: Y3RyaWMxCzAJBgNVBAYTAkVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
../pest:DBG: AQEAtxJwsMhCuRCRCIbTb+FRCtJ1f1tSprVBb/Wkb0Jf+dyYnpBMr++J4A+XXtIM
../pest:DBG: PJh2e5JoOT6mOOnOYluVpf2I5FUhZGLOwvVci7xQpiEa1sxjmrYVdUCtCrXDhURA
../pest:DBG: KQzwhylqe3NIKUz8UswLlNPmWZrqwZvhPdU5SyjQQxzCvIV7uyeNEoKaGxBSPkLE
../pest:DBG: w3jCY0oDcQxtctff5U0cHmdhP4JN1u+uBRsksHldwrnEvp29g8wuxKEl1xKfzhvU
../pest:DBG: 0ze3TS/2hs49ZBrfENUWqf5U81fHbE0DT/S/ZJXAk4rAM1TiZvOHmZMnCCD/yC4S
../pest:DBG: Mp2UzC4IvN1j4C28YYGxOz5HhQIDAQABoFcwVQYJKoZIhvcNAQkOMUgwRjBEBggr
../pest:DBG: BgEFBQcHJAQ4MDYwNDEUMBIGA1UEAwwLZmFpbC50ZXN0Y2ExDzANBgNVBAoMBnRl
../pest:DBG: c3RjYTELMAkGA1UEBhMCRVMwDQYJKoZIhvcNAQELBQADggEBAE9dwdfang1gWOor
../pest:DBG: ByXkzQQrCShqRm6u3QsjbfPz0xhqL011yoiszcU7PIjOqb/j3fEenXCBR2w5DZWR
../pest:DBG: Pa40Ii7P31wtnqHM3vsm7Ej7wdAtuqncLDOE1AZmz7plahio/cjADuH46/kloDyZ
../pest:DBG: OEEqbNBIRKdtpo/pwoVF5ZaJ9GAi9ii42+/wlcnPShTZkpxHMx1ccchEDHHTWIax
../pest:DBG: cebsUBtcOXbeUJrlcYZCoqxgvT8givizonMgHEiNGq020wZNFBsuYcXWNXTteoXX
../pest:DBG: iOctQP1VkQjHToXpFR+k/TxhVsQ5BcLhhjhw0N5J0BZupU7UQW7Y0ljV0u+CWzph
../pest:DBG: qHNBZZE=
../pest:DBG: -----END CERTIFICATE REQUEST-----
DEBUG: .../IO/Socket/SSL.pm:3010: new ctx 140736416768464
DEBUG: .../IO/Socket/SSL.pm:762: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:1177: global error: Undefined SSL object
DEBUG: .../IO/Socket/SSL.pm:1177: global error: Undefined SSL object
DEBUG: .../IO/Socket/SSL.pm:764: socket connected
DEBUG: .../IO/Socket/SSL.pm:787: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:829: using SNI with hostname xxx.local
DEBUG: .../IO/Socket/SSL.pm:864: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:880: set socket to non-blocking to enforce timeout=180
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:917: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:937: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:907: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:917: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:937: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:894: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:2864: ok=1 [1] /C=DE/O=xxx Technology GmbH/OU=Sales/CN=Standalone CA/C=DE/O=xxx Technology GmbH/OU=Sales/CN=Standalone CA
DEBUG: .../IO/Socket/SSL.pm:2864: ok=1 [0] /C=DE/O=xxx Technology GmbH/OU=Sales/CN=Standalone CA/C=DE/O=xxx Technology GmbH/OU=Sales/CN=xxx.local/L=Berlin/ST=Berlin
DEBUG: .../IO/Socket/SSL.pm:1840: scheme=www cert=140736415374432
DEBUG: .../IO/Socket/SSL.pm:1850: identity=xxx.local cn=xxx.local alt=2 xxx.local
DEBUG: .../IO/Socket/SSL.pm:2911: did not get stapled OCSP response
DEBUG: .../IO/Socket/SSL.pm:897: done Net::SSLeay::connect -> 1
DEBUG: .../IO/Socket/SSL.pm:952: ssl handshake done
DEBUG: .../IO/Socket/SSL.pm:3059: free ctx 140736416768464 open=140736416768464
DEBUG: .../IO/Socket/SSL.pm:3063: free ctx 140736416768464 callback
DEBUG: .../IO/Socket/SSL.pm:3070: OK free ctx 140736416768464
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/http-response.raw' (unknown type)
../pest:DBG: === HTTP RESPONSE ====
../pest:DBG: HTTP/1.1 200 OK
../pest:DBG: Connection: close
../pest:DBG: Date: Thu, 12 Nov 2020 14:19:57 GMT
../pest:DBG: Content-Length: 4466
../pest:DBG: Content-Type: application/pkcs7-mime; smime-type=certs-only
../pest:DBG: Client-Date: Thu, 12 Nov 2020 14:19:41 GMT
../pest:DBG: Client-Peer: 192.168.56.201:8443
../pest:DBG: Client-Response-Num: 1
../pest:DBG: Client-SSL-Cert-Issuer: /C=DE/O=xxx Technology GmbH/OU=Sales/CN=Standalone CA
../pest:DBG: Client-SSL-Cert-Subject: /C=DE/O=xxx Technology GmbH/OU=Sales/CN=xxx.local/L=Berlin/ST=Berlin
../pest:DBG: Client-SSL-Cipher: TLS_AES_256_GCM_SHA384
../pest:DBG: Client-SSL-Socket-Class: IO::Socket::SSL
../pest:DBG: Client-SSL-Version: TLSv1_3
../pest:DBG: Content-Transfer-Encoding: base64
../pest:DBG:
../pest:DBG: MIIMugYJKoZIhvcNAQcCoIIMqzCCDKcCAQExADALBgkqhkiG9w0BBwGgggyPMIIDcjCCAxigAwIB
../pest:DBG: AgIQVknYzLrWf/Tjc4uNb4mtyjAKBggqhkjOPQQDAjBaMQswCQYDVQQGEwJERTEeMBwGA1UEChMV
../pest:DBG: TmV4dXMgVGVjaG5vbG9neSBHbWJIMQ4wDAYDVQQLEwVTYWxlczEbMBkGA1UEAxMSTmV4dXMgSXNz
../pest:DBG: dWluZyBDQSAxMB4XDTIwMTExMjE0MTk1NloXDTIwMTExMzE0MTk1NlowNTELMAkGA1UEBhMCRVMx
../pest:DBG: ETAPBgNVBAoTCEVsZWN0cmljMRMwEQYDVQQDEwpTTjAwMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEF
../pest:DBG: AAOCAQ8AMIIBCgKCAQEAtxJwsMhCuRCRCIbTb+FRCtJ1f1tSprVBb/Wkb0Jf+dyYnpBMr++J4A+X
../pest:DBG: XtIMPJh2e5JoOT6mOOnOYluVpf2I5FUhZGLOwvVci7xQpiEa1sxjmrYVdUCtCrXDhURAKQzwhylq
../pest:DBG: e3NIKUz8UswLlNPmWZrqwZvhPdU5SyjQQxzCvIV7uyeNEoKaGxBSPkLEw3jCY0oDcQxtctff5U0c
../pest:DBG: HmdhP4JN1u+uBRsksHldwrnEvp29g8wuxKEl1xKfzhvU0ze3TS/2hs49ZBrfENUWqf5U81fHbE0D
../pest:DBG: T/S/ZJXAk4rAM1TiZvOHmZMnCCD/yC4SMp2UzC4IvN1j4C28YYGxOz5HhQIDAQABo4IBGDCCARQw
../pest:DBG: EwYDVR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKU04wMDAwMDAwMTBEBggrBgEFBQcHJAQ4
../pest:DBG: MDYwNDEUMBIGA1UEAwwLZmFpbC50ZXN0Y2ExDzANBgNVBAoMBnRlc3RjYTELMAkGA1UEBhMCRVMw
../pest:DBG: EwYDVR0jBAwwCoAIS/1sQvmzUQYwCwYDVR0PBAQDAgWgMH4GA1UdHwR3MHUwc6BxoG+GbWxkYXA6
../pest:DBG: Ly9jbTgubG9jYWwvQ049TmV4dXMlMjBJc3N1aW5nJTIwQ0ElMjAxLGNuPWNybCxjbj1wa2ksZGM9
../pest:DBG: bmV4dXMsZGM9bG9jYWw/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwCgYIKoZIzj0E
../pest:DBG: AwIDSAAwRQIhAPdybEZckXU/7BggEQAJy/XcA5Nj3B/go95nw5VemKG2AiBD5uHzJKNX2cyPDK4S
../pest:DBG: 8B3VZbmyDgYZAr+pJeLGwc3RFzCCAt0wggI+oAMCAQICEFQNV13RSFiTPaVFQds7xYcwCgYIKoZI
../pest:DBG: zj0EAwIwVTELMAkGA1UEBhMCREUxHjAcBgNVBAoTFU5leHVzIFRlY2hub2xvZ3kgR21iSDEOMAwG
../pest:DBG: A1UECxMFU2FsZXMxFjAUBgNVBAMTDU5leHVzIFJvb3QgQ0EwIBcNMjAwMjE5MTYxNDE5WhgPMjA1
../pest:DBG: NTAyMTkxNjE0MTlaMFUxCzAJBgNVBAYTAkRFMR4wHAYDVQQKExVOZXh1cyBUZWNobm9sb2d5IEdt
../pest:DBG: YkgxDjAMBgNVBAsTBVNhbGVzMRYwFAYDVQQDEw1OZXh1cyBSb290IENBMIGbMBAGByqGSM49AgEG
../pest:DBG: BSuBBAAjA4GGAAQB5Sgi4IJljaowqukcvhqDmx7iCF0zcHmUEWhoh0HTq1py0eilHYkLga60p2+l
../pest:DBG: PbM6m6F6kTxBVI19wuSAQZyRGXoA97EMpWKCOiQLiRqwk932r1z9i3P0m2y0J218gmmoZTf8WEgx
../pest:DBG: 3xFoTPPMhSn9kQhEpG0Re7PwlH4w6nYkvrsbFdujgaowgacwDwYDVR0TAQH/BAUwAwEB/zARBgNV
../pest:DBG: HQ4ECgQIQ7jcWO02k9cwcQYDVR0gBGowaDA2Bg4rBgEEAe9DAQEBAgEEATAkMCIGCCsGAQUFBwIB
../pest:DBG: FhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMC4GDisGAQQB70MBAQECAQQBMBwwGgYIKwYBBQUHAgIw
../pest:DBG: DgwMRXhhbXBsZSB0ZXh0MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAgOBjAAwgYgCQgHys2af
../pest:DBG: VNAUuOPfyyY977iXBdf4LQhsEoPd+1LmJ/V2My6XiZ2fVx3GRk6rZtN2w19c8CKXLwFUjFKiixeJ
../pest:DBG: lojcdAJCAdWX/hMQkjxP8mhuNW1HxbpGLyyNxjkSZJOJKPUgGhEl17MXSYjtDAjeGApoanuKCuO0
../pest:DBG: GUMmAhlM9STCR1NclmmtMIIDMTCCApOgAwIBAgIQeeph2+kYQApRbfjcuZatazAKBggqhkjOPQQD
../pest:DBG: AjBVMQswCQYDVQQGEwJERTEeMBwGA1UEChMVTmV4dXMgVGVjaG5vbG9neSBHbWJIMQ4wDAYDVQQL
../pest:DBG: EwVTYWxlczEWMBQGA1UEAxMNTmV4dXMgUm9vdCBDQTAeFw0yMDAyMTkxNzAyNDJaFw0zNzAyMTkx
../pest:DBG: NzAyNDJaMF8xCzAJBgNVBAYTAkRFMR4wHAYDVQQKExVOZXh1cyBUZWNobm9sb2d5IEdtYkgxDjAM
../pest:DBG: BgNVBAsTBVNhbGVzMSAwHgYDVQQDExdOZXh1cyBJbnRlcm1lZGlhdGUgQ0EgMTBZMBMGByqGSM49
../pest:DBG: AgEGCCqGSM49AwEHA0IABFvGDviflkuGjRLyJ27z0BhZM3d8SpTbPWt7a+ukn39Xm4cUCIL5SUh6
../pest:DBG: P81FrtGYEnDFZltdIlLn+hMgQmwSFuGjggE5MIIBNTAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQK
../pest:DBG: BAhCi8y2YNf5pjBxBgNVHSAEajBoMDYGDisGAQQB70MBAQECAQQBMCQwIgYIKwYBBQUHAgEWFmh0
../pest:DBG: dHA6Ly9leGFtcGxlLmNvbS9jcHMwLgYOKwYBBAHvQwEBAQIBBAEwHDAaBggrBgEFBQcCAjAODAxF
../pest:DBG: eGFtcGxlIHRleHQwEwYDVR0jBAwwCoAIQ7jcWO02k9cwDgYDVR0PAQH/BAQDAgEGMHcGA1UdHwRw
../pest:DBG: MG4wbKBqoGiGZmxkYXA6Ly9jbTgubG9jYWwvQ049TmV4dXMlMjBSb290JTIwQ0EsY249Y3JsLGNu
../pest:DBG: PXBraSxkYz1uZXh1cyxkYz1sb2NhbD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0O2JpbmFyeTAK
../pest:DBG: BggqhkjOPQQDAgOBiwAwgYcCQTsy3zO7kz5PPM7u6tCZW8RuiPi1q3IisINw2xmIgt8E5ypAhBmG
../pest:DBG: FkHV7vBEC56CHa9OSTdCqDlve/GSYMt7d+4bAkIAuurnLhUVX6q1XSrwX8zj36cjFCr0yA+AQPmd
../pest:DBG: mqeQuMetloMFaLkCXZEzisr4ktN5glVTd6FFOaVdtqHXEnVgL5UwggL/MIICpaADAgECAhBynFjK
../pest:DBG: m8Qx+JkamZADzHbdMAoGCCqGSM49BAMCMF8xCzAJBgNVBAYTAkRFMR4wHAYDVQQKExVOZXh1cyBU
../pest:DBG: ZWNobm9sb2d5IEdtYkgxDjAMBgNVBAsTBVNhbGVzMSAwHgYDVQQDExdOZXh1cyBJbnRlcm1lZGlh
../pest:DBG: dGUgQ0EgMTAeFw0yMDAyMTkyMTA5MzBaFw0yODAyMTkyMTA5MzBaMFoxCzAJBgNVBAYTAkRFMR4w
../pest:DBG: HAYDVQQKExVOZXh1cyBUZWNobm9sb2d5IEdtYkgxDjAMBgNVBAsTBVNhbGVzMRswGQYDVQQDExJO
../pest:DBG: ZXh1cyBJc3N1aW5nIENBIDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARLuXDNiYCcYQttFDPc
../pest:DBG: n01tFuGE4DM2qj1nbKYLQBhwrF7tL1wck2Sar25Fb5CWVc4wSH+D2Q0H2RVXyXNZ2btIo4IBRjCC
../pest:DBG: AUIwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIS/1sQvmzUQYwcQYDVR0gBGowaDA2Bg4rBgEE
../pest:DBG: Ae9DAQEBAgEEATAkMCIGCCsGAQUFBwIBFhZodHRwOi8vZXhhbXBsZS5jb20vY3BzMC4GDisGAQQB
../pest:DBG: 70MBAQECAQQBMBwwGgYIKwYBBQUHAgIwDgwMRXhhbXBsZSB0ZXh0MBMGA1UdIwQMMAqACEKLzLZg
../pest:DBG: 1/mmMA4GA1UdDwEB/wQEAwIBBjCBgwYDVR0fBHwwejB4oHagdIZybGRhcDovL2NtOC5sb2NhbC9D
../pest:DBG: Tj1OZXh1cyUyMEludGVybWVkaWF0ZSUyMENBJTIwMSxjbj1jcmwsY249cGtpLGRjPW5leHVzLGRj
../pest:DBG: PWxvY2FsP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5MAoGCCqGSM49BAMCA0gAMEUC
../pest:DBG: IQDCwE5VPyDnKm4RrQC+2DZlen/ENLsMGlNb0w7zqfaWCQIgC5rgbPOxr1gGynEKKV19lcqVwYqu
../pest:DBG: TuFmTUvPtw+W3hMxAA==
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/response.pk7' (unknown type)
../pest:DBG: Got certificate!
../pest:DBG: Certificate:
../pest:DBG: Data:
../pest:DBG: Version: 3 (0x2)
../pest:DBG: Serial Number:
../pest:DBG: 56:49:d8:cc:ba:d6:7f:f4:e3:73:8b:8d:6f:89:ad:ca
../pest:DBG: Signature Algorithm: ecdsa-with-SHA256
../pest:DBG: Issuer: C = DE, O = xxx Technology GmbH, OU = Sales, CN = xxx Issuing CA 1
../pest:DBG: Validity
../pest:DBG: Not Before: Nov 12 14:19:56 2020 GMT
../pest:DBG: Not After : Nov 13 14:19:56 2020 GMT
../pest:DBG: Subject: C = ES, O = Electric, CN = SN00000001
../pest:DBG: Subject Public Key Info:
../pest:DBG: Public Key Algorithm: rsaEncryption
../pest:DBG: RSA Public-Key: (2048 bit)
../pest:DBG: Modulus:
../pest:DBG: 00:b7:12:70:b0:c8:42:b9:10:91:08:86:d3:6f:e1:
../pest:DBG: 51:0a:d2:75:7f:5b:52:a6:b5:41:6f:f5:a4:6f:42:
../pest:DBG: 5f:f9:dc:98:9e:90:4c:af:ef:89:e0:0f:97:5e:d2:
../pest:DBG: 0c:3c:98:76:7b:92:68:39:3e:a6:38:e9:ce:62:5b:
../pest:DBG: 95:a5:fd:88:e4:55:21:64:62:ce:c2:f5:5c:8b:bc:
../pest:DBG: 50:a6:21:1a:d6:cc:63:9a:b6:15:75:40:ad:0a:b5:
../pest:DBG: c3:85:44:40:29:0c:f0:87:29:6a:7b:73:48:29:4c:
../pest:DBG: fc:52:cc:0b:94:d3:e6:59:9a:ea:c1:9b:e1:3d:d5:
../pest:DBG: 39:4b:28:d0:43:1c:c2:bc:85:7b:bb:27:8d:12:82:
../pest:DBG: 9a:1b:10:52:3e:42:c4:c3:78:c2:63:4a:03:71:0c:
../pest:DBG: 6d:72:d7:df:e5:4d:1c:1e:67:61:3f:82:4d:d6:ef:
../pest:DBG: ae:05:1b:24:b0:79:5d:c2:b9:c4:be:9d:bd:83:cc:
../pest:DBG: 2e:c4:a1:25:d7:12:9f:ce:1b:d4:d3:37:b7:4d:2f:
../pest:DBG: f6:86:ce:3d:64:1a:df:10:d5:16:a9:fe:54:f3:57:
../pest:DBG: c7:6c:4d:03:4f:f4:bf:64:95:c0:93:8a:c0:33:54:
../pest:DBG: e2:66:f3:87:99:93:27:08:20:ff:c8:2e:12:32:9d:
../pest:DBG: 94:cc:2e:08:bc:dd:63:e0:2d:bc:61:81:b1:3b:3e:
../pest:DBG: 47:85
../pest:DBG: Exponent: 65537 (0x10001)
../pest:DBG: X509v3 extensions:
../pest:DBG: X509v3 Extended Key Usage:
../pest:DBG: TLS Web Server Authentication
../pest:DBG: X509v3 Subject Alternative Name:
../pest:DBG: DNS:SN00000001
../pest:DBG: 1.3.6.1.5.5.7.7.36:
..U.est:DBG: 06041.0...U....fail.testca1.0
../pest:DBG: ..testca1.0...U....ES
../pest:DBG: X509v3 Authority Key Identifier:
../pest:DBG: keyid:4B:FD:6C:42:F9:B3:51:06
../pest:DBG:
../pest:DBG: X509v3 Key Usage:
../pest:DBG: Digital Signature, Key Encipherment
../pest:DBG: X509v3 CRL Distribution Points:
../pest:DBG:
../pest:DBG: Full Name:
../pest:DBG: URI:ldap://xxx.local/CN=xxx%20Issuing%20CA%201,cn=crl,cn=pki,dc=xxx,dc=local?certificateRevocationList;binary
../pest:DBG:
../pest:DBG: Signature Algorithm: ecdsa-with-SHA256
../pest:DBG: 30:45:02:21:00:f7:72:6c:46:5c:91:75:3f:ec:18:20:11:00:
../pest:DBG: 09:cb:f5:dc:03:93:63:dc:1f:e0:a3:de:67:c3:95:5e:98:a1:
../pest:DBG: b6:02:20:43:e6:e1:f3:24:a3:57:d9:cc:8f:0c:ae:12:f0:1d:
../pest:DBG: d5:65:b9:b2:0e:06:19:02:bf:a9:25:e2:c6:c1:cd:d1:17
../pest:DBG: -----BEGIN CERTIFICATE-----
../pest:DBG: MIIDcjCCAxigAwIBAgIQVknYzLrWf/Tjc4uNb4mtyjAKBggqhkjOPQQDAjBaMQsw
../pest:DBG: CQYDVQQGEwJERTEeMBwGA1UEChMVTmV4dXMgVGVjaG5vbG9neSBHbWJIMQ4wDAYD
../pest:DBG: VQQLEwVTYWxlczEbMBkGA1UEAxMSTmV4dXMgSXNzdWluZyBDQSAxMB4XDTIwMTEx
../pest:DBG: MjE0MTk1NloXDTIwMTExMzE0MTk1NlowNTELMAkGA1UEBhMCRVMxETAPBgNVBAoT
../pest:DBG: CEVsZWN0cmljMRMwEQYDVQQDEwpTTjAwMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEF
../pest:DBG: AAOCAQ8AMIIBCgKCAQEAtxJwsMhCuRCRCIbTb+FRCtJ1f1tSprVBb/Wkb0Jf+dyY
../pest:DBG: npBMr++J4A+XXtIMPJh2e5JoOT6mOOnOYluVpf2I5FUhZGLOwvVci7xQpiEa1sxj
../pest:DBG: mrYVdUCtCrXDhURAKQzwhylqe3NIKUz8UswLlNPmWZrqwZvhPdU5SyjQQxzCvIV7
../pest:DBG: uyeNEoKaGxBSPkLEw3jCY0oDcQxtctff5U0cHmdhP4JN1u+uBRsksHldwrnEvp29
../pest:DBG: g8wuxKEl1xKfzhvU0ze3TS/2hs49ZBrfENUWqf5U81fHbE0DT/S/ZJXAk4rAM1Ti
../pest:DBG: ZvOHmZMnCCD/yC4SMp2UzC4IvN1j4C28YYGxOz5HhQIDAQABo4IBGDCCARQwEwYD
../pest:DBG: VR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKU04wMDAwMDAwMTBEBggrBgEF
../pest:DBG: BQcHJAQ4MDYwNDEUMBIGA1UEAwwLZmFpbC50ZXN0Y2ExDzANBgNVBAoMBnRlc3Rj
../pest:DBG: YTELMAkGA1UEBhMCRVMwEwYDVR0jBAwwCoAIS/1sQvmzUQYwCwYDVR0PBAQDAgWg
../pest:DBG: MH4GA1UdHwR3MHUwc6BxoG+GbWxkYXA6Ly9jbTgubG9jYWwvQ049TmV4dXMlMjBJ
../pest:DBG: c3N1aW5nJTIwQ0ElMjAxLGNuPWNybCxjbj1wa2ksZGM9bmV4dXMsZGM9bG9jYWw/
../pest:DBG: Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwCgYIKoZIzj0EAwIDSAAw
../pest:DBG: RQIhAPdybEZckXU/7BggEQAJy/XcA5Nj3B/go95nw5VemKG2AiBD5uHzJKNX2cyP
../pest:DBG: DK4S8B3VZbmyDgYZAr+pJeLGwc3RFw==
../pest:DBG: -----END CERTIFICATE-----
../pest:DBG: Got certificate!
../pest:DBG: Certificate:
../pest:DBG: Data:
../pest:DBG: Version: 3 (0x2)
../pest:DBG: Serial Number:
../pest:DBG: 56:49:d8:cc:ba:d6:7f:f4:e3:73:8b:8d:6f:89:ad:ca
../pest:DBG: Signature Algorithm: ecdsa-with-SHA256
../pest:DBG: Issuer: C = DE, O = xxx Technology GmbH, OU = Sales, CN = xxx Issuing CA 1
../pest:DBG: Validity
../pest:DBG: Not Before: Nov 12 14:19:56 2020 GMT
../pest:DBG: Not After : Nov 13 14:19:56 2020 GMT
../pest:DBG: Subject: C = ES, O = Electric, CN = SN00000001
../pest:DBG: Subject Public Key Info:
../pest:DBG: Public Key Algorithm: rsaEncryption
../pest:DBG: RSA Public-Key: (2048 bit)
../pest:DBG: Modulus:
../pest:DBG: 00:b7:12:70:b0:c8:42:b9:10:91:08:86:d3:6f:e1:
../pest:DBG: 51:0a:d2:75:7f:5b:52:a6:b5:41:6f:f5:a4:6f:42:
../pest:DBG: 5f:f9:dc:98:9e:90:4c:af:ef:89:e0:0f:97:5e:d2:
../pest:DBG: 0c:3c:98:76:7b:92:68:39:3e:a6:38:e9:ce:62:5b:
../pest:DBG: 95:a5:fd:88:e4:55:21:64:62:ce:c2:f5:5c:8b:bc:
../pest:DBG: 50:a6:21:1a:d6:cc:63:9a:b6:15:75:40:ad:0a:b5:
../pest:DBG: c3:85:44:40:29:0c:f0:87:29:6a:7b:73:48:29:4c:
../pest:DBG: fc:52:cc:0b:94:d3:e6:59:9a:ea:c1:9b:e1:3d:d5:
../pest:DBG: 39:4b:28:d0:43:1c:c2:bc:85:7b:bb:27:8d:12:82:
../pest:DBG: 9a:1b:10:52:3e:42:c4:c3:78:c2:63:4a:03:71:0c:
../pest:DBG: 6d:72:d7:df:e5:4d:1c:1e:67:61:3f:82:4d:d6:ef:
../pest:DBG: ae:05:1b:24:b0:79:5d:c2:b9:c4:be:9d:bd:83:cc:
../pest:DBG: 2e:c4:a1:25:d7:12:9f:ce:1b:d4:d3:37:b7:4d:2f:
../pest:DBG: f6:86:ce:3d:64:1a:df:10:d5:16:a9:fe:54:f3:57:
../pest:DBG: c7:6c:4d:03:4f:f4:bf:64:95:c0:93:8a:c0:33:54:
../pest:DBG: e2:66:f3:87:99:93:27:08:20:ff:c8:2e:12:32:9d:
../pest:DBG: 94:cc:2e:08:bc:dd:63:e0:2d:bc:61:81:b1:3b:3e:
../pest:DBG: 47:85
../pest:DBG: Exponent: 65537 (0x10001)
../pest:DBG: X509v3 extensions:
../pest:DBG: X509v3 Extended Key Usage:
../pest:DBG: TLS Web Server Authentication
../pest:DBG: X509v3 Subject Alternative Name:
../pest:DBG: DNS:SN00000001
../pest:DBG: 1.3.6.1.5.5.7.7.36:
..U.est:DBG: 06041.0...U....fail.testca1.0
../pest:DBG: ..testca1.0...U....ES
../pest:DBG: X509v3 Authority Key Identifier:
../pest:DBG: keyid:4B:FD:6C:42:F9:B3:51:06
../pest:DBG:
../pest:DBG: X509v3 Key Usage:
../pest:DBG: Digital Signature, Key Encipherment
../pest:DBG: X509v3 CRL Distribution Points:
../pest:DBG:
../pest:DBG: Full Name:
../pest:DBG: URI:ldap://xxx.local/CN=xxx%20Issuing%20CA%201,cn=crl,cn=pki,dc=xxx,dc=local?certificateRevocationList;binary
../pest:DBG:
../pest:DBG: Signature Algorithm: ecdsa-with-SHA256
../pest:DBG: 30:45:02:21:00:f7:72:6c:46:5c:91:75:3f:ec:18:20:11:00:
../pest:DBG: 09:cb:f5:dc:03:93:63:dc:1f:e0:a3:de:67:c3:95:5e:98:a1:
../pest:DBG: b6:02:20:43:e6:e1:f3:24:a3:57:d9:cc:8f:0c:ae:12:f0:1d:
../pest:DBG: d5:65:b9:b2:0e:06:19:02:bf:a9:25:e2:c6:c1:cd:d1:17
../pest:DBG: -----BEGIN CERTIFICATE-----
../pest:DBG: MIIDcjCCAxigAwIBAgIQVknYzLrWf/Tjc4uNb4mtyjAKBggqhkjOPQQDAjBaMQsw
../pest:DBG: CQYDVQQGEwJERTEeMBwGA1UEChMVTmV4dXMgVGVjaG5vbG9neSBHbWJIMQ4wDAYD
../pest:DBG: VQQLEwVTYWxlczEbMBkGA1UEAxMSTmV4dXMgSXNzdWluZyBDQSAxMB4XDTIwMTEx
../pest:DBG: MjE0MTk1NloXDTIwMTExMzE0MTk1NlowNTELMAkGA1UEBhMCRVMxETAPBgNVBAoT
../pest:DBG: CEVsZWN0cmljMRMwEQYDVQQDEwpTTjAwMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEF
../pest:DBG: AAOCAQ8AMIIBCgKCAQEAtxJwsMhCuRCRCIbTb+FRCtJ1f1tSprVBb/Wkb0Jf+dyY
../pest:DBG: npBMr++J4A+XXtIMPJh2e5JoOT6mOOnOYluVpf2I5FUhZGLOwvVci7xQpiEa1sxj
../pest:DBG: mrYVdUCtCrXDhURAKQzwhylqe3NIKUz8UswLlNPmWZrqwZvhPdU5SyjQQxzCvIV7
../pest:DBG: uyeNEoKaGxBSPkLEw3jCY0oDcQxtctff5U0cHmdhP4JN1u+uBRsksHldwrnEvp29
../pest:DBG: g8wuxKEl1xKfzhvU0ze3TS/2hs49ZBrfENUWqf5U81fHbE0DT/S/ZJXAk4rAM1Ti
../pest:DBG: ZvOHmZMnCCD/yC4SMp2UzC4IvN1j4C28YYGxOz5HhQIDAQABo4IBGDCCARQwEwYD
../pest:DBG: VR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKU04wMDAwMDAwMTBEBggrBgEF
../pest:DBG: BQcHJAQ4MDYwNDEUMBIGA1UEAwwLZmFpbC50ZXN0Y2ExDzANBgNVBAoMBnRlc3Rj
../pest:DBG: YTELMAkGA1UEBhMCRVMwEwYDVR0jBAwwCoAIS/1sQvmzUQYwCwYDVR0PBAQDAgWg
../pest:DBG: MH4GA1UdHwR3MHUwc6BxoG+GbWxkYXA6Ly9jbTgubG9jYWwvQ049TmV4dXMlMjBJ
../pest:DBG: c3N1aW5nJTIwQ0ElMjAxLGNuPWNybCxjbj1wa2ksZGM9bmV4dXMsZGM9bG9jYWw/
../pest:DBG: Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwCgYIKoZIzj0EAwIDSAAw
../pest:DBG: RQIhAPdybEZckXU/7BggEQAJy/XcA5Nj3B/go95nw5VemKG2AiBD5uHzJKNX2cyP
../pest:DBG: DK4S8B3VZbmyDgYZAr+pJeLGwc3RFw==
../pest:DBG: -----END CERTIFICATE-----
../pest:DBG: Got certificate!
../pest:DBG: Certificate:
../pest:DBG: Data:
../pest:DBG: Version: 3 (0x2)
../pest:DBG: Serial Number:
../pest:DBG: 56:49:d8:cc:ba:d6:7f:f4:e3:73:8b:8d:6f:89:ad:ca
../pest:DBG: Signature Algorithm: ecdsa-with-SHA256
../pest:DBG: Issuer: C = DE, O = xxx Technology GmbH, OU = Sales, CN = xxx Issuing CA 1
../pest:DBG: Validity
../pest:DBG: Not Before: Nov 12 14:19:56 2020 GMT
../pest:DBG: Not After : Nov 13 14:19:56 2020 GMT
../pest:DBG: Subject: C = ES, O = Electric, CN = SN00000001
../pest:DBG: Subject Public Key Info:
../pest:DBG: Public Key Algorithm: rsaEncryption
../pest:DBG: RSA Public-Key: (2048 bit)
../pest:DBG: Modulus:
../pest:DBG: 00:b7:12:70:b0:c8:42:b9:10:91:08:86:d3:6f:e1:
../pest:DBG: 51:0a:d2:75:7f:5b:52:a6:b5:41:6f:f5:a4:6f:42:
../pest:DBG: 5f:f9:dc:98:9e:90:4c:af:ef:89:e0:0f:97:5e:d2:
../pest:DBG: 0c:3c:98:76:7b:92:68:39:3e:a6:38:e9:ce:62:5b:
../pest:DBG: 95:a5:fd:88:e4:55:21:64:62:ce:c2:f5:5c:8b:bc:
../pest:DBG: 50:a6:21:1a:d6:cc:63:9a:b6:15:75:40:ad:0a:b5:
../pest:DBG: c3:85:44:40:29:0c:f0:87:29:6a:7b:73:48:29:4c:
../pest:DBG: fc:52:cc:0b:94:d3:e6:59:9a:ea:c1:9b:e1:3d:d5:
../pest:DBG: 39:4b:28:d0:43:1c:c2:bc:85:7b:bb:27:8d:12:82:
../pest:DBG: 9a:1b:10:52:3e:42:c4:c3:78:c2:63:4a:03:71:0c:
../pest:DBG: 6d:72:d7:df:e5:4d:1c:1e:67:61:3f:82:4d:d6:ef:
../pest:DBG: ae:05:1b:24:b0:79:5d:c2:b9:c4:be:9d:bd:83:cc:
../pest:DBG: 2e:c4:a1:25:d7:12:9f:ce:1b:d4:d3:37:b7:4d:2f:
../pest:DBG: f6:86:ce:3d:64:1a:df:10:d5:16:a9:fe:54:f3:57:
../pest:DBG: c7:6c:4d:03:4f:f4:bf:64:95:c0:93:8a:c0:33:54:
../pest:DBG: e2:66:f3:87:99:93:27:08:20:ff:c8:2e:12:32:9d:
../pest:DBG: 94:cc:2e:08:bc:dd:63:e0:2d:bc:61:81:b1:3b:3e:
../pest:DBG: 47:85
../pest:DBG: Exponent: 65537 (0x10001)
../pest:DBG: X509v3 extensions:
../pest:DBG: X509v3 Extended Key Usage:
../pest:DBG: TLS Web Server Authentication
../pest:DBG: X509v3 Subject Alternative Name:
../pest:DBG: DNS:SN00000001
../pest:DBG: 1.3.6.1.5.5.7.7.36:
..U.est:DBG: 06041.0...U....fail.testca1.0
../pest:DBG: ..testca1.0...U....ES
../pest:DBG: X509v3 Authority Key Identifier:
../pest:DBG: keyid:4B:FD:6C:42:F9:B3:51:06
../pest:DBG:
../pest:DBG: X509v3 Key Usage:
../pest:DBG: Digital Signature, Key Encipherment
../pest:DBG: X509v3 CRL Distribution Points:
../pest:DBG:
../pest:DBG: Full Name:
../pest:DBG: URI:ldap://xxx.local/CN=xxx%20Issuing%20CA%201,cn=crl,cn=pki,dc=xxx,dc=local?certificateRevocationList;binary
../pest:DBG:
../pest:DBG: Signature Algorithm: ecdsa-with-SHA256
../pest:DBG: 30:45:02:21:00:f7:72:6c:46:5c:91:75:3f:ec:18:20:11:00:
../pest:DBG: 09:cb:f5:dc:03:93:63:dc:1f:e0:a3:de:67:c3:95:5e:98:a1:
../pest:DBG: b6:02:20:43:e6:e1:f3:24:a3:57:d9:cc:8f:0c:ae:12:f0:1d:
../pest:DBG: d5:65:b9:b2:0e:06:19:02:bf:a9:25:e2:c6:c1:cd:d1:17
../pest:DBG: -----BEGIN CERTIFICATE-----
../pest:DBG: MIIDcjCCAxigAwIBAgIQVknYzLrWf/Tjc4uNb4mtyjAKBggqhkjOPQQDAjBaMQsw
../pest:DBG: CQYDVQQGEwJERTEeMBwGA1UEChMVTmV4dXMgVGVjaG5vbG9neSBHbWJIMQ4wDAYD
../pest:DBG: VQQLEwVTYWxlczEbMBkGA1UEAxMSTmV4dXMgSXNzdWluZyBDQSAxMB4XDTIwMTEx
../pest:DBG: MjE0MTk1NloXDTIwMTExMzE0MTk1NlowNTELMAkGA1UEBhMCRVMxETAPBgNVBAoT
../pest:DBG: CEVsZWN0cmljMRMwEQYDVQQDEwpTTjAwMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEF
../pest:DBG: AAOCAQ8AMIIBCgKCAQEAtxJwsMhCuRCRCIbTb+FRCtJ1f1tSprVBb/Wkb0Jf+dyY
../pest:DBG: npBMr++J4A+XXtIMPJh2e5JoOT6mOOnOYluVpf2I5FUhZGLOwvVci7xQpiEa1sxj
../pest:DBG: mrYVdUCtCrXDhURAKQzwhylqe3NIKUz8UswLlNPmWZrqwZvhPdU5SyjQQxzCvIV7
../pest:DBG: uyeNEoKaGxBSPkLEw3jCY0oDcQxtctff5U0cHmdhP4JN1u+uBRsksHldwrnEvp29
../pest:DBG: g8wuxKEl1xKfzhvU0ze3TS/2hs49ZBrfENUWqf5U81fHbE0DT/S/ZJXAk4rAM1Ti
../pest:DBG: ZvOHmZMnCCD/yC4SMp2UzC4IvN1j4C28YYGxOz5HhQIDAQABo4IBGDCCARQwEwYD
../pest:DBG: VR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKU04wMDAwMDAwMTBEBggrBgEF
../pest:DBG: BQcHJAQ4MDYwNDEUMBIGA1UEAwwLZmFpbC50ZXN0Y2ExDzANBgNVBAoMBnRlc3Rj
../pest:DBG: YTELMAkGA1UEBhMCRVMwEwYDVR0jBAwwCoAIS/1sQvmzUQYwCwYDVR0PBAQDAgWg
../pest:DBG: MH4GA1UdHwR3MHUwc6BxoG+GbWxkYXA6Ly9jbTgubG9jYWwvQ049TmV4dXMlMjBJ
../pest:DBG: c3N1aW5nJTIwQ0ElMjAxLGNuPWNybCxjbj1wa2ksZGM9bmV4dXMsZGM9bG9jYWw/
../pest:DBG: Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwCgYIKoZIzj0EAwIDSAAw
../pest:DBG: RQIhAPdybEZckXU/7BggEQAJy/XcA5Nj3B/go95nw5VemKG2AiBD5uHzJKNX2cyP
../pest:DBG: DK4S8B3VZbmyDgYZAr+pJeLGwc3RFw==
../pest:DBG: -----END CERTIFICATE-----
../pest:DBG: Got certificate!
../pest:DBG: Certificate:
../pest:DBG: Data:
../pest:DBG: Version: 3 (0x2)
../pest:DBG: Serial Number:
../pest:DBG: 56:49:d8:cc:ba:d6:7f:f4:e3:73:8b:8d:6f:89:ad:ca
../pest:DBG: Signature Algorithm: ecdsa-with-SHA256
../pest:DBG: Issuer: C = DE, O = xxx Technology GmbH, OU = Sales, CN = xxx Issuing CA 1
../pest:DBG: Validity
../pest:DBG: Not Before: Nov 12 14:19:56 2020 GMT
../pest:DBG: Not After : Nov 13 14:19:56 2020 GMT
../pest:DBG: Subject: C = ES, O = Electric, CN = SN00000001
../pest:DBG: Subject Public Key Info:
../pest:DBG: Public Key Algorithm: rsaEncryption
../pest:DBG: RSA Public-Key: (2048 bit)
../pest:DBG: Modulus:
../pest:DBG: 00:b7:12:70:b0:c8:42:b9:10:91:08:86:d3:6f:e1:
../pest:DBG: 51:0a:d2:75:7f:5b:52:a6:b5:41:6f:f5:a4:6f:42:
../pest:DBG: 5f:f9:dc:98:9e:90:4c:af:ef:89:e0:0f:97:5e:d2:
../pest:DBG: 0c:3c:98:76:7b:92:68:39:3e:a6:38:e9:ce:62:5b:
../pest:DBG: 95:a5:fd:88:e4:55:21:64:62:ce:c2:f5:5c:8b:bc:
../pest:DBG: 50:a6:21:1a:d6:cc:63:9a:b6:15:75:40:ad:0a:b5:
../pest:DBG: c3:85:44:40:29:0c:f0:87:29:6a:7b:73:48:29:4c:
../pest:DBG: fc:52:cc:0b:94:d3:e6:59:9a:ea:c1:9b:e1:3d:d5:
../pest:DBG: 39:4b:28:d0:43:1c:c2:bc:85:7b:bb:27:8d:12:82:
../pest:DBG: 9a:1b:10:52:3e:42:c4:c3:78:c2:63:4a:03:71:0c:
../pest:DBG: 6d:72:d7:df:e5:4d:1c:1e:67:61:3f:82:4d:d6:ef:
../pest:DBG: ae:05:1b:24:b0:79:5d:c2:b9:c4:be:9d:bd:83:cc:
../pest:DBG: 2e:c4:a1:25:d7:12:9f:ce:1b:d4:d3:37:b7:4d:2f:
../pest:DBG: f6:86:ce:3d:64:1a:df:10:d5:16:a9:fe:54:f3:57:
../pest:DBG: c7:6c:4d:03:4f:f4:bf:64:95:c0:93:8a:c0:33:54:
../pest:DBG: e2:66:f3:87:99:93:27:08:20:ff:c8:2e:12:32:9d:
../pest:DBG: 94:cc:2e:08:bc:dd:63:e0:2d:bc:61:81:b1:3b:3e:
../pest:DBG: 47:85
../pest:DBG: Exponent: 65537 (0x10001)
../pest:DBG: X509v3 extensions:
../pest:DBG: X509v3 Extended Key Usage:
../pest:DBG: TLS Web Server Authentication
../pest:DBG: X509v3 Subject Alternative Name:
../pest:DBG: DNS:SN00000001
../pest:DBG: 1.3.6.1.5.5.7.7.36:
..U.est:DBG: 06041.0...U....fail.testca1.0
../pest:DBG: ..testca1.0...U....ES
../pest:DBG: X509v3 Authority Key Identifier:
../pest:DBG: keyid:4B:FD:6C:42:F9:B3:51:06
../pest:DBG:
../pest:DBG: X509v3 Key Usage:
../pest:DBG: Digital Signature, Key Encipherment
../pest:DBG: X509v3 CRL Distribution Points:
../pest:DBG:
../pest:DBG: Full Name:
../pest:DBG: URI:ldap://xxx.local/CN=xxx%20Issuing%20CA%201,cn=crl,cn=pki,dc=xxx,dc=local?certificateRevocationList;binary
../pest:DBG:
../pest:DBG: Signature Algorithm: ecdsa-with-SHA256
../pest:DBG: 30:45:02:21:00:f7:72:6c:46:5c:91:75:3f:ec:18:20:11:00:
../pest:DBG: 09:cb:f5:dc:03:93:63:dc:1f:e0:a3:de:67:c3:95:5e:98:a1:
../pest:DBG: b6:02:20:43:e6:e1:f3:24:a3:57:d9:cc:8f:0c:ae:12:f0:1d:
../pest:DBG: d5:65:b9:b2:0e:06:19:02:bf:a9:25:e2:c6:c1:cd:d1:17
../pest:DBG: -----BEGIN CERTIFICATE-----
../pest:DBG: MIIDcjCCAxigAwIBAgIQVknYzLrWf/Tjc4uNb4mtyjAKBggqhkjOPQQDAjBaMQsw
../pest:DBG: CQYDVQQGEwJERTEeMBwGA1UEChMVTmV4dXMgVGVjaG5vbG9neSBHbWJIMQ4wDAYD
../pest:DBG: VQQLEwVTYWxlczEbMBkGA1UEAxMSTmV4dXMgSXNzdWluZyBDQSAxMB4XDTIwMTEx
../pest:DBG: MjE0MTk1NloXDTIwMTExMzE0MTk1NlowNTELMAkGA1UEBhMCRVMxETAPBgNVBAoT
../pest:DBG: CEVsZWN0cmljMRMwEQYDVQQDEwpTTjAwMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEF
../pest:DBG: AAOCAQ8AMIIBCgKCAQEAtxJwsMhCuRCRCIbTb+FRCtJ1f1tSprVBb/Wkb0Jf+dyY
../pest:DBG: npBMr++J4A+XXtIMPJh2e5JoOT6mOOnOYluVpf2I5FUhZGLOwvVci7xQpiEa1sxj
../pest:DBG: mrYVdUCtCrXDhURAKQzwhylqe3NIKUz8UswLlNPmWZrqwZvhPdU5SyjQQxzCvIV7
../pest:DBG: uyeNEoKaGxBSPkLEw3jCY0oDcQxtctff5U0cHmdhP4JN1u+uBRsksHldwrnEvp29
../pest:DBG: g8wuxKEl1xKfzhvU0ze3TS/2hs49ZBrfENUWqf5U81fHbE0DT/S/ZJXAk4rAM1Ti
../pest:DBG: ZvOHmZMnCCD/yC4SMp2UzC4IvN1j4C28YYGxOz5HhQIDAQABo4IBGDCCARQwEwYD
../pest:DBG: VR0lBAwwCgYIKwYBBQUHAwEwFQYDVR0RBA4wDIIKU04wMDAwMDAwMTBEBggrBgEF
../pest:DBG: BQcHJAQ4MDYwNDEUMBIGA1UEAwwLZmFpbC50ZXN0Y2ExDzANBgNVBAoMBnRlc3Rj
../pest:DBG: YTELMAkGA1UEBhMCRVMwEwYDVR0jBAwwCoAIS/1sQvmzUQYwCwYDVR0PBAQDAgWg
../pest:DBG: MH4GA1UdHwR3MHUwc6BxoG+GbWxkYXA6Ly9jbTgubG9jYWwvQ049TmV4dXMlMjBJ
../pest:DBG: c3N1aW5nJTIwQ0ElMjAxLGNuPWNybCxjbj1wa2ksZGM9bmV4dXMsZGM9bG9jYWw/
../pest:DBG: Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnkwCgYIKoZIzj0EAwIDSAAw
../pest:DBG: RQIhAPdybEZckXU/7BggEQAJy/XcA5Nj3B/go95nw5VemKG2AiBD5uHzJKNX2cyP
../pest:DBG: DK4S8B3VZbmyDgYZAr+pJeLGwc3RFw==
../pest:DBG: -----END CERTIFICATE-----
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/enroll-001.pem' (application/pkix-cert)
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/enroll-002.pem' (application/pkix-cert)
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/enroll-003.pem' (application/pkix-cert)
../pest:MSG: Writing file 'out/rfc/test-2.2/step-0/in-1/enroll-004.pem' (application/pkix-cert)
./test:WRN: Requested SN '/CN=fail.testca/O=testca/C=ES' and obtained SN '/C=ES/O=Electric/CN=SN00000001' are not exactly equal.
./test:OUT[test/2.2]: WRITING STATUS: failed(Once normalized, they still do not match (RSN '/CN=fail.testca/O=testca/C=ES', ESN '/CN=SN00000001/O=Electric/C=ES'))
./test:MSG: Creating file 'out/rfc/test-2.2/status'
./test:DBG: Writing in out/rfc/test-2.2/status:
./test:DBG: >>failed Once normalized, they still do not match (RSN '/CN=fail.testca/O=testca/C=ES', ESN '/CN=SN00000001/O=Electric/C=ES')
./test:OUT[test/2.2]: TEST FAILED.

What we do see is that the subject is NOT changed. Can you please check?
@killabytenow
Copy link
Owner

killabytenow commented Nov 13, 2020
edited
Loading

It is true that the subject is not changed, the subject used during authentication, is used again in the CSR instead of proposing the new one. But actually, the new subject is proposed using the ChangeSubjectName attribute attached as a x509v3 attribute extension.

In this execution you have activated the RFC 7030 STRICT MODE (parameter strict=1 in the configuration file, or the flag --strict in command line).

When a client is authenticating using a shared secret, the RFC 7030 says that the client is free to ask for any subject name during the enrollment: it only has to set the requested subject name in the Subject attribute in the CSR passed to the EST server. But things get a bit more complicated when authentication is based on client certificates.

In section 4.2.2 of the RFC 7030 (https://tools.ietf.org/html/rfc7030#section-4.2.2) we can read the following requirement/nightmare:

4.2.2.  Simple Re-enrollment of Clients

   EST clients renew/rekey certificates with an HTTPS POST using the
   operation path value of "/simplereenroll".

   A certificate request employs the same format as the "simpleenroll"
   request, using the same HTTP content-type.  The request Subject field
   and SubjectAltName extension MUST be identical to the corresponding
   fields in the certificate being renewed/rekeyed.  The
   ChangeSubjectName attribute, as defined in [RFC6402], MAY be included
   in the CSR to request that these fields be changed in the new
   certificate.

   If the Subject Public Key Info in the certification request is the
   same as the current client certificate, then the EST server renews
   the client certificate.  If the public key information in the
   certification request is different than the current client
   certificate, then the EST server rekeys the client certificate.

Maybe we are wrong, but we have interpreted the RFC in this way: if a EST client wants to request a new and different subject name,

  1. the subject name provided during authentication (by the birth or manufacturer certificate) must be presented again in the SubjectName field in the CSR, and

  2. the new (requested) operational subject name must be inserted in a ChangeSubjectName attribute attached as an x509v3 extension in the CSR.

You can observe that the ASN.1 dump found in the debug output above is the ChangeSubjectName x509v3 attribute extension forged and inserted into the CSR. It can be observed also that both, the ChangeSubjectName and the authentication SubjectName, in the following openssl output decoding the PKCS#10 (CSR) requested above:

$ sed 's#^.*: \+##' | grep -vE '^\s*$' | openssl req -text -noout
../pest:DBG:     -----BEGIN CERTIFICATE REQUEST-----
../pest:DBG:     MIIC0TCCAbkCAQAwNTETMBEGA1UEAwwKU04wMDAwMDAwMTERMA8GA1UECgwIRWxl
    ... some lines removed
../pest:DBG:     qHNBZZE=
../pest:DBG:     -----END CERTIFICATE REQUEST-----
Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: CN = SN00000001, O = Electric, C = ES
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:12:70:b0:c8:42:b9:10:91:08:86:d3:6f:e1:
                    ... some hexa lines removed ...
                    94:cc:2e:08:bc:dd:63:e0:2d:bc:61:81:b1:3b:3e:
                    47:85
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            1.3.6.1.5.5.7.7.36:
..U.            06041.0...U....fail.testca1.0
..testca1.0...U....ES
    Signature Algorithm: sha256WithRSAEncryption
         4f:5d:c1:d7:da:9e:0d:60:58:ea:2b:07:25:e4:cd:04:2b:09:
           ... more hexa lines removed ...
         73:41:65:91

In this strict (and painful) mode, note that the invocation to the pest tool is performed in this way:

../pest -C /xxx.crt \
        -l https://xxx:8443/xxx/est -O -v -D -o out/rfc/test-2.2/step-0/in-1 \
        -b 2048 -u xxx:xxx -c certs/dec001.pem -k certs/dec001.key \
        -s /CN=SN00000001/O=Electric/C=ES \
        -S /CN=fail.testca/O=testca/C=ES \
        simpleenroll

In the non-strict mode (request subject is inserted directly in the Subject Name attribute in the CSR), invocation is done in this way:

../pest -C /xxx.crt \
        -l https://XXX:8443/XXX/est -O -v -D -o out/rfc/test-2.2/step-0/in-1 \
        -b 2048 -u xxx:xxx -c certs/dec001.pem -k certs/dec001.key \
        -s /CN=fail.testca/O=testca/C=ES \
        simpleenroll

In both cases/invocations, the returned X.509 certificate should have the subject /CN=fail.testca/O=testca/C=ES.

I will not close this issue because in spite of not seeming a bug. I am really interested on your feedback about our interpretation of the RFC. It is a pretty dark point on the RFC and we are not completely confident of our implementation.

PD: The extended attribute ChangeSubjectName is not common. We have not found any implementation honoring this feature and following strictly the RFC 7030. There is nearly not any reference in Internet of the use of this feature, and less related to the use of this feature in EST. All EST implementations we have checked do not support this attribute. Maybe this test EST client is the first implementation using it.

@killabytenow killabytenow added the question Further information is requested label Nov 13, 2020
@primetomas
Copy link

primetomas commented Aug 25, 2021
edited
Loading

Hi,

I think that "the new (requested) operational subject name must be inserted in a ChangeSubjectName attribute attached as an x509v3 extension in the CSR." is not correct.
RFC6402, section 2.8 says:

The attribute is designed to be used as an ATTRIBUTE object. As
such, the attribute is placed in one of the following two places:

The attributes field in a CertificationRequest.

When inserted as an extension request, it is added inside an pkcs_9_at_extensionRequest sequence in the attribute sequence, but it should be directly in the attribute sequence.

Here is an example CSR where we put the ChangeSubjectName as an Attribute in the CSR.

-----BEGIN CERTIFICATE REQUEST-----
MIIBWDCB/gIBADBFMSUwIwYDVQQDDBxFc3RWZW5kb3JNb2RlVGVzdC52ZW5kb3Jj
ZXJ0MQ8wDQYDVQQKDAZWZW5kb3IxCzAJBgNVBAYTAkVTMFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAEXRs45D9nVWkWzKhQumqxq0gxbZ5zc54fG9u3kuNRBGIQPadF
iXHS7MLotnc5feuEDwsqiWxHurob+6FcL0G8NqBXMFUGCCsGAQUFBwckMUkwRzBF
MSUwIwYDVQQDDBxFc3RWZW5kb3JNb2RlVGVzdC52ZW5kb3JjZXJ0MQ8wDQYDVQQK
DAZWZW5kb3IxCzAJBgNVBAYTAkVTMAoGCCqGSM49BAMCA0kAMEYCIQC60dCqSVov
gPkR39chclHbxBFOWI7/HtHn3gXwdv2mQAIhAPmTG6ghliKIMSPj5zooksH+ejza
19Bc5CoeNs3p7c0R
-----END CERTIFICATE REQUEST-----

It seems that Crypt::OpenSSL::PKCS10 does not have a method to add a raw attribute perhaps?
This perl module seems to be able to create attributes as well as extension request, https://metacpan.org/pod/Crypt::Perl::PKCS10.

@hablutzel1
Copy link

Hi @primetomas , just a small typo, it is RFC 6402, not RFC 6408.

@Simkiw
Copy link

Simkiw commented Apr 2, 2024

Hi @primetomas

Can you share an example on how you wrote your OpenSSL config file to generate that CSR? (particularly the sections related to ChangeSubjectName attribute)
It appears the example above does not print any data, where the OID stands for the attribute we're talking about

Attributes:
            1.3.6.1.5.5.7.7.36       :unable to print attribute
            Requested Extensions:
    Signature Algorithm: ecdsa-with-SHA256

I was expecting to see the SAN or the subject under Attributes

And yes, agreed, it should be attached to Attributes and not v3_extensions of the CSR

@gerardo-betika
Copy link

@primetomas I agree, after reading that it is clear that the ChangeSubjectName data should be placed in the Attributes section. Maybe it could be done editing manually the CSR with a more low-level library like Convert::ASN1, or even inserting the binary data directly in the CSR as a hack.

PD: sorry for the nearly 3 year delay. I forgot to handle this notification, and now I am in sync again with 2021 xD

@Simkiw I suppose that you are getting this results because openssl does not know this attribute. However, note that it succesfully identify it.

@primetomas
Copy link

I didn't use OpenSSL to generate the CSR, but did it in Java using Bouncy Castle.

Something like this (not runnable code):

// ChangeSubjectName, RFC7030 section 4.2.1, RFC6402, section 2.8
final ASN1EncodableVector changesubjectnameattr = new ASN1EncodableVector(); // Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
final ASN1EncodableVector changeSubjectName = new ASN1EncodableVector();
// ChangeSubjectName attribute
// The actual ChangeSubjectName value
// ChangeSubjectName ::= SEQUENCE {
//    subject             Name OPTIONAL,
//    subjectAlt          SubjectAltName OPTIONAL
//}
//(WITH COMPONENTS {..., subject PRESENT} |
//      COMPONENTS {..., subjectAlt PRESENT} )
changesubjectnameattr.add(EstConfiguration.id_cmc_changeSubjectName); // Type
final X500Name changenameValue = new X500Name(CeSecoreNameStyle.INSTANCE, changeToSubjectDN);
changeSubjectName.add(changenameValue);
final ASN1EncodableVector changevalues = new ASN1EncodableVector();    
changevalues.add(new DERSequence(changeSubjectName));
final DERSet values = new DERSet(changevalues); // values
changesubjectnameattr.add(values);
attributesVec.add(new DERSequence(changesubjectnameattr));
// Complete the Attribute section of the request, the set (Attributes) contains two sequences (Attribute)
DERSet attributes = new DERSet(attributesVec);
// Create PKCS#10 certificate request
final PKCS10CertificationRequest p10request = CertTools.genPKCS10CertificationRequest("SHA256WithECDSA",
DnComponents.stringToBcX500Name(dn), keys.getPublic(), attributes, keys.getPrivate(), null);

@mobe1
Copy link

mobe1 commented Apr 2, 2024

Oh, that's another way of doing things :)
Ok thanks, I might go with your approach as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@hablutzel1 @killabytenow @primetomas @Simkiw @bensprin @gerardo-betika @mobe1