Hallvard B Furuseth wrote:
> SecureIT writes:
>> I am trying to change this
>> "cn=Bob Smith+serialNumber=CR013120080827,o=ICM,c=US"
>> to this:
>> "serialNumber=CR013120080827+cn=Bob Smith,o=ICM,c=US"
>
> Without escape sequences like "\," and "\+" in the DNs (if that's
> allowed anyway, I don't remember the details of X.500 Dn syntax), this
> moves serialNumber first in each RDN:
>
> s/(^|,)([^,]*)\+(serialNumber=[^+,]*)(?=[+,])/$1$3+$2/gi;
> die "didn't catch all 'foo+serialNumber's" if /\+serialNumber=/i;

Using this regex will take care of \, and \+ escapes:

s/(^|(?<!\\),)((?:[^,]|\\,)*)\+(serialNumber=(?:[^+,]|\\[+,])*)(?=(?<!\\)[+,])/$1$3+$2/gi;


Matches:

my $dn = "cn=Bob Smith+serialNumber=CR013120080827,o=ICM,c=US";
$dn =~ s/
(^|(?<!\\),) ((?:[^,]|\\,)*) \+
(serialNumber = (?:[^+,] | \\[+,])*)
(?=(?<!\\)[+,])
/$1$3+$2/gix;
print $dn;


__OUTPUT__
serialNumber=CR013120080827+cn=Bob Smith,o=ICM,c=US


And:

my $dn = "cn=Smith\\, Bob+serialNumber=CR01312\\+0080827,o=ICM,c=US";
$dn =~ s/
(^|(?<!\\),) ((?:[^,]|\\,)*) \+
(serialNumber = (?:[^+,] | \\[+,])*)
(?=(?<!\\)[+,])
/$1$3+$2/gix;
print $dn;


__OUTPUT__
serialNumber=CR01312\+0080827+cn=Smith\, Bob,o=ICM,c=US


Hope this helps.

--
szr

szr writes:
>Hallvard B Furuseth wrote:
>>SecureIT writes:
>>> I am trying to change this
>>> "cn=Bob Smith+serialNumber=CR013120080827,o=ICM,c=US"
>>> to this:
>>> "serialNumber=CR013120080827+cn=Bob Smith,o=ICM,c=US"
>>
>> Without escape sequences like "\," and "\+" in the DNs (if that's
>> allowed anyway, I don't remember the details of X.500 Dn syntax), this
>> moves serialNumber first in each RDN:
>>
>> s/(^|,)([^,]*)\+(serialNumber=[^+,]*)(?=[+,])/$1$3+$2/gi;
>> die "didn't catch all 'foo+serialNumber's" if /\+serialNumber=/i;
>
> Using this regex will take care of \, and \+ escapes:
>
> s/(^|(?<!\\),)((?:[^,]|\\,)*)\+(serialNumber=(?:[^+,]|\\[+,])*)(?=(?<!\\)[+,])/$1$3+$2/gi;

Nope... not if I can create naughty "cn" values:

this: cn=a\\,cn=b+serialNumber=c,o=x
becomes serialNumber=c+cn=a\\,cn=b,o=x
instead of cn=a\\,serialNumber=c+cn=b,o=x

this: cn=b\+serialNumber=c,o=x
contains no serialNumber attribute but is modified anyway.

Not that it matters much when the OP's problem is solved anyway.
Just pointing out that once you are going to accept things that need
nontrivial parsing like escape sequences, you have to be careful to
parse it correctly. Though my variant missed out too, it should
have ended with (?=$|[+,]) to cover the last component as well.

--
Hallvard

Hallvard B Furuseth wrote:
> szr writes:
>> Hallvard B Furuseth wrote:
>>> SecureIT writes:
>>>> I am trying to change this
>>>> "cn=Bob Smith+serialNumber=CR013120080827,o=ICM,c=US"
>>>> to this:
>>>> "serialNumber=CR013120080827+cn=Bob Smith,o=ICM,c=US"
>>>
>>> Without escape sequences like "\," and "\+" in the DNs (if that's
>>> allowed anyway, I don't remember the details of X.500 Dn syntax),
>>> this moves serialNumber first in each RDN:
>>>
>>> s/(^|,)([^,]*)\+(serialNumber=[^+,]*)(?=[+,])/$1$3+$2/gi;
>>> die "didn't catch all 'foo+serialNumber's" if /\+serialNumber=/i;
>>
>> Using this regex will take care of \, and \+ escapes:
>>
>> s/(^|(?<!\\),)((?:[^,]|\\,)*)\+(serialNumber=(?:[^+,]|\\[+,])*)(?=(?<!\\)[+,])/$1$3+$2/gi;
>
> Nope... not if I can create naughty "cn" values:
>
> this: cn=a\\,cn=b+serialNumber=c,o=x
> becomes serialNumber=c+cn=a\\,cn=b,o=x
> instead of cn=a\\,serialNumber=c+cn=b,o=x
>
> this: cn=b\+serialNumber=c,o=x
> contains no serialNumber attribute but is modified anyway.
>
> Not that it matters much when the OP's problem is solved anyway.
> Just pointing out that once you are going to accept things that need
> nontrivial parsing like escape sequences, you have to be careful to
> parse it correctly. Though my variant missed out too, it should
> have ended with (?=$|[+,]) to cover the last component as well.

Well, my example assumed proper checks would already by done by the time
it was invoked. But good points nonetheless.

--
szr