I have to work with digital signatures, and part of it is reading relative distingushed names.
The problem is that Subject Name contains names that are not common, because they are related to country specific identifiers.
For example, Subject Name can look like this (omitting sensitive data):
CN=<...>, SN=<...>, G=<...>, T=<...>, STREET=<...>, O=<...>, L=<...>, S=<...>, C=RU, E=<...>, ИНН=<...>, ОГРН=<...>, СНИЛС=<...>, ИНН ЮЛ=<...>
It’s not much of a problem if SubjectName is an X500DistinguishedName that was read from CAdES container using SignedCms class – I can define OID constants and compare OID values.
But it is a problem if SubjectName is provided as a string using friendly names, because
-
the names in question can be written in russian
On Windows locally they can be parsed, but they can’t be on production environment, in k8s, and the code throws an exception:<code>System.Security.Cryptography.CryptographicException: No OID value matches this name.</code><code>System.Security.Cryptography.CryptographicException: No OID value matches this name. </code>System.Security.Cryptography.CryptographicException: No OID value matches this name. -
the names can also be written in english
<code>ИНН=INN, ИНН ЮЛ=INNLE, ОГРН=OGRN, СНИЛС=SNILS</code><code>ИНН=INN, ИНН ЮЛ=INNLE, ОГРН=OGRN, СНИЛС=SNILS </code>ИНН=INN, ИНН ЮЛ=INNLE, ОГРН=OGRN, СНИЛС=SNILSthese aren’t parsed on a local machile because of different locale
-
OID friendly names are not guaranteed to be parsed at all
on some environments, some OIDs don’t have a friendly name at all
So, the question is:
Is there an api that allows to read X.500 Distinguished Names without automatically doing OID lookup, in an anti-strict way?
So that data can still be parsed with knowledge on how this format works (semicolons, quotes, new lines, etc), but without restrictions regarding the aspect with no guarantees.
Or maybe some other way around (I can parse it manually, of course, but that feels like reinventing the wheel) (I also tried replacing friendly names in a raw string with OID.<identifier>, before passing it to X500DistinguishedName, but that also feels like something can go wrong.)