x509-cert: fixup RDN string representation

x509-cert/src/name.rs

@@ -47,10 +47,11 @@ impl FromStr for RdnSequence {
     type Err = der::Error;
 
     fn from_str(s: &str) -> der::Result<Self> {
-        split(s, b',')
+        let mut parts = split(s, b',')
             .map(RelativeDistinguishedName::from_str)
-            .collect::<der::Result<Vec<_>>>()
-            .map(Self)
+            .collect::<der::Result<Vec<_>>>()?;
+        parts.reverse();
+        Ok(Self(parts))
     }
 }
 
@@ -59,7 +60,8 @@ impl FromStr for RdnSequence {
 /// [RFC 4514]: https://datatracker.ietf.org/doc/html/rfc4514
 impl fmt::Display for RdnSequence {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        for (i, atv) in self.0.iter().enumerate() {
+        // As per RFC 4514 Section 2.1, the elements are reversed
+        for (i, atv) in self.0.iter().rev().enumerate() {
             match i {
                 0 => write!(f, "{}", atv)?,
                 _ => write!(f, ",{}", atv)?,

x509-cert/tests/name.rs

@@ -66,6 +66,27 @@ fn decode_name() {
             counter += 1;
         }
     }
+
+    #[cfg(feature = "std")]
+    {
+        // https://datatracker.ietf.org/doc/html/rfc4514.html#section-2.1
+        // If the RDNSequence is an empty sequence, the result is the empty or
+        // zero-length string.
+        // Otherwise, the output consists of the string encodings of each
+        // RelativeDistinguishedName in the RDNSequence (according to Section 2.2),
+        // starting with the last element of the sequence and moving backwards
+        // toward the first.
+        // The encodings of adjoining RelativeDistinguishedNames are separated by
+        // a comma (',' U+002C) character.
+        let name = rdn1a.to_string();
+        assert_eq!(name, "CN=Good CA,O=Test Certificates 2011,C=US");
+
+        // https://github.com/RustCrypto/formats/issues/1121
+        let rdn1 = Name::from_der(&hex!("3081c0310b30090603550406130255533113301106035504080c0a43616c69666f726e69613116301406035504070c0d4d6f756e7461696e205669657731133011060355040a0c0a476f6f676c65204c4c43311e301c06035504030c154f51464176444e4457732e676f6f676c652e636f6d31243022060355040b0c1b6d616e6167656d656e743a64732e67726f75702e3338393131313131293027060a0992268993f22c6401010c196964656e746974793a64732e67726f75702e33383931313131")[..]);
+        let rdn1a = rdn1.unwrap();
+        let name = rdn1a.to_string();
+        assert_eq!(name, "UID=identity:ds.group.3891111,OU=management:ds.group.3891111,CN=OQFAvDNDWs.google.com,O=Google LLC,L=Mountain View,STATEORPROVINCENAME=California,C=US");
+    }
 }
 
 #[test]
@@ -205,14 +226,6 @@ fn rdns_serde() {
             ],
             "CN=foo,SN=bar,C=baz+L=bat",
             &[
-                &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::CN,
-                    value: Any::from(Utf8StringRef::new("foo").unwrap()),
-                }],
-                &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::SN,
-                    value: Any::from(Utf8StringRef::new("bar").unwrap()),
-                }],
                 &[
                     AttributeTypeAndValue {
                         oid: const_oid::db::rfc4519::C,
@@ -223,30 +236,46 @@ fn rdns_serde() {
                         value: Any::from(Utf8StringRef::new("bat").unwrap()),
                     },
                 ],
+                &[AttributeTypeAndValue {
+                    oid: const_oid::db::rfc4519::SN,
+                    value: Any::from(Utf8StringRef::new("bar").unwrap()),
+                }],
+                &[AttributeTypeAndValue {
+                    oid: const_oid::db::rfc4519::CN,
+                    value: Any::from(Utf8StringRef::new("foo").unwrap()),
+                }],
             ],
         ),
         (
             &["UID=jsmith,DC=example,DC=net"],
             "UID=jsmith,DC=example,DC=net",
             &[
                 &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::UID,
-                    value: Any::from(Utf8StringRef::new("jsmith").unwrap()),
+                    oid: const_oid::db::rfc4519::DC,
+                    value: Any::from(Ia5StringRef::new("net").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
                     value: Any::from(Ia5StringRef::new("example").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::DC,
-                    value: Any::from(Ia5StringRef::new("net").unwrap()),
+                    oid: const_oid::db::rfc4519::UID,
+                    value: Any::from(Utf8StringRef::new("jsmith").unwrap()),
                 }],
             ],
         ),
         (
             &["OU=Sales+CN=J.  Smith,DC=example,DC=net"],
             "OU=Sales+CN=J.  Smith,DC=example,DC=net",
             &[
+                &[AttributeTypeAndValue {
+                    oid: const_oid::db::rfc4519::DC,
+                    value: Any::from(Ia5StringRef::new("net").unwrap()),
+                }],
+                &[AttributeTypeAndValue {
+                    oid: const_oid::db::rfc4519::DC,
+                    value: Any::from(Ia5StringRef::new("example").unwrap()),
+                }],
                 &[
                     AttributeTypeAndValue {
                         oid: const_oid::db::rfc4519::OU,
@@ -257,31 +286,23 @@ fn rdns_serde() {
                         value: Any::from(Utf8StringRef::new("J.  Smith").unwrap()),
                     },
                 ],
-                &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::DC,
-                    value: Any::from(Ia5StringRef::new("example").unwrap()),
-                }],
-                &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::DC,
-                    value: Any::from(Ia5StringRef::new("net").unwrap()),
-                }],
             ],
         ),
         (
             &["CN=James \\\"Jim\\\" Smith\\, III,DC=example,DC=net"],
             "CN=James \\\"Jim\\\" Smith\\, III,DC=example,DC=net",
             &[
                 &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::CN,
-                    value: Any::from(Utf8StringRef::new(r#"James "Jim" Smith, III"#).unwrap()),
+                    oid: const_oid::db::rfc4519::DC,
+                    value: Any::from(Ia5StringRef::new("net").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
                     value: Any::from(Ia5StringRef::new("example").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::DC,
-                    value: Any::from(Ia5StringRef::new("net").unwrap()),
+                    oid: const_oid::db::rfc4519::CN,
+                    value: Any::from(Utf8StringRef::new(r#"James "Jim" Smith, III"#).unwrap()),
                 }],
             ],
         ),
@@ -290,16 +311,16 @@ fn rdns_serde() {
             "CN=Before\\0dAfter,DC=example,DC=net",
             &[
                 &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::CN,
-                    value: Any::from(Utf8StringRef::new("Before\rAfter").unwrap()),
+                    oid: const_oid::db::rfc4519::DC,
+                    value: Any::from(Ia5StringRef::new("net").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
                     oid: const_oid::db::rfc4519::DC,
                     value: Any::from(Ia5StringRef::new("example").unwrap()),
                 }],
                 &[AttributeTypeAndValue {
-                    oid: const_oid::db::rfc4519::DC,
-                    value: Any::from(Ia5StringRef::new("net").unwrap()),
+                    oid: const_oid::db::rfc4519::CN,
+                    value: Any::from(Utf8StringRef::new("Before\rAfter").unwrap()),
                 }],
             ],
         ),