Add more comments to print_dn()

This commit adds some more explanatory comments to the code in print_dn()
This commit is contained in:
David Cooper 2021-02-05 13:35:54 -05:00
parent 9dbb629154
commit f829c8ebf0

View File

@ -20387,7 +20387,12 @@ print_dn() {
# Use $OPENSSL to print the DN by creating a certificate containing the DN # Use $OPENSSL to print the DN by creating a certificate containing the DN
# as the issuer and then having $OPENSSL print the issuer field in the # as the issuer and then having $OPENSSL print the issuer field in the
# resulting certificate. # resulting certificate.
# Create the to-be-signed portion of the certificate: version || serialNumber || signature || issuer || validity || subject || subjectPublicKeyInfo
# with the DN to be printed being the issuer.
cert="A003020102020100300A06082A8648CE3D040302${dn}301E170D3139303830353038333030305A170D3139303830353038333030305A30003019301306072A8648CE3D020106082A8648CE3D030107030200FF" cert="A003020102020100300A06082A8648CE3D040302${dn}301E170D3139303830353038333030305A170D3139303830353038333030305A30003019301306072A8648CE3D020106082A8648CE3D030107030200FF"
# Make a SEQUENCE of the to-be-signed portion of the certificate.
len=$((${#cert}/2)) len=$((${#cert}/2))
if [[ $len -lt 128 ]]; then if [[ $len -lt 128 ]]; then
cert="30$(printf "%02x" $len)$cert" cert="30$(printf "%02x" $len)$cert"
@ -20396,6 +20401,10 @@ print_dn() {
else else
cert="3082$(printf "%04x" $len)$cert" cert="3082$(printf "%04x" $len)$cert"
fi fi
# Append a signature algorithm and signature value to the end of the
# to-be-signed portion of the certificate and then make a SEQUENCE of
# the result.
cert+="300A06082A8648CE3D040302030200FF" cert+="300A06082A8648CE3D040302030200FF"
len=$((${#cert}/2)) len=$((${#cert}/2))
if [[ $len -lt 128 ]]; then if [[ $len -lt 128 ]]; then
@ -20405,6 +20414,8 @@ print_dn() {
else else
cert="3082$(printf "%04x" $len)$cert" cert="3082$(printf "%04x" $len)$cert"
fi fi
# Use the LDAP String Representation of Distinguished Names (RFC 2253),
# The current specification is in RFC 4514.
name="$(asciihex_to_binary "$cert" | $OPENSSL x509 -issuer -noout -inform DER -nameopt RFC2253 2>/dev/null)" name="$(asciihex_to_binary "$cert" | $OPENSSL x509 -issuer -noout -inform DER -nameopt RFC2253 2>/dev/null)"
name="${name#issuer=}" name="${name#issuer=}"
tm_out "$(strip_leading_space "$name")" tm_out "$(strip_leading_space "$name")"