dn

Overview ¶

Package dn implements comparison of distinguished name described in RFC 5280( Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile) section-7

Comparison algorithm is following:

1) Check two distinguished names have the same number of RDNs, for each RDN in DN1 there is a matching RDN in DN2, and the matching RDNs appear in the same order in both DNs.

2) Check two relative distinguished names have the same number of naming attributes and for each naming attribute in RDN1 there is a matching naming attribute in RDN2.

3. Check two naming attributes are the same types and the values of the attributes are matched. The rules for value of the attribute matching are: 3-1. If two naming attributes are domain component, then they are compared by case-insensitive exact match( RFC5280-section7.2, 7.3). 3-2. If both two naming attributes of values are encoded in UTF8String or PrintableString, then they are compared by caseIgnoreMatch( RFC4517section-4.2.11) after processing with the string preparation algorithm( RFC4518, RFC5280-section7.1). 3-3. If any other cases, then two naming attributes of values are compared by binary comparison( RFC5280-section7.1).