Update the certificate's subject attributes

CHANGELOG.md

@@ -13,6 +13,16 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [Unreleased]
+
+### Added
+- The `pkcs9_email_address`, `postal_address` and `postal_code` subject attributes has been added.
+
+### Changed
+- The `friendly_name` and `pseudonym` subject attributes has been removed.
+- The `street_address` subject attribute has been renamed `street`.
+
+
 ## [0.15.0] - 2020-11-03
 
 ### Added

acme_common/src/crypto.rs

@@ -25,19 +25,20 @@ pub const CRT_NB_DAYS_VALIDITY: u32 = 7;
 #[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)]
 pub enum BaseSubjectAttribute {
     CountryName,
+    GenerationQualifier,
+    GivenName,
+    Initials,
     LocalityName,
-    StateOrProvinceName,
-    StreetAddress,
+    Name,
     OrganizationName,
     OrganizationalUnitName,
-    Name,
-    GivenName,
-    Initials,
-    Title,
+    Pkcs9EmailAddress,
+    PostalAddress,
+    PostalCode,
+    StateOrProvinceName,
+    Street,
     Surname,
-    Pseudonym,
-    GenerationQualifier,
-    FriendlyName,
+    Title,
 }
 
 #[derive(Clone, Copy, Debug, PartialEq)]

acme_common/src/crypto/openssl_subject_attribute.rs

@@ -6,19 +6,20 @@ impl SubjectAttribute {
     pub fn get_nid(&self) -> Nid {
         match self {
             SubjectAttribute::CountryName => Nid::COUNTRYNAME,
+            SubjectAttribute::GenerationQualifier => Nid::GENERATIONQUALIFIER,
+            SubjectAttribute::GivenName => Nid::GIVENNAME,
+            SubjectAttribute::Initials => Nid::INITIALS,
             SubjectAttribute::LocalityName => Nid::LOCALITYNAME,
-            SubjectAttribute::StateOrProvinceName => Nid::STATEORPROVINCENAME,
-            SubjectAttribute::StreetAddress => Nid::STREETADDRESS,
+            SubjectAttribute::Name => Nid::NAME,
             SubjectAttribute::OrganizationName => Nid::ORGANIZATIONNAME,
             SubjectAttribute::OrganizationalUnitName => Nid::ORGANIZATIONALUNITNAME,
-            SubjectAttribute::Name => Nid::NAME,
-            SubjectAttribute::GivenName => Nid::GIVENNAME,
-            SubjectAttribute::Initials => Nid::INITIALS,
-            SubjectAttribute::Title => Nid::TITLE,
+            SubjectAttribute::Pkcs9EmailAddress => Nid::PKCS9_EMAILADDRESS,
+            SubjectAttribute::PostalAddress => Nid::POSTALADDRESS,
+            SubjectAttribute::PostalCode => Nid::POSTALCODE,
+            SubjectAttribute::StateOrProvinceName => Nid::STATEORPROVINCENAME,
+            SubjectAttribute::Street => Nid::STREETADDRESS,
             SubjectAttribute::Surname => Nid::SURNAME,
-            SubjectAttribute::Pseudonym => Nid::PSEUDONYM,
-            SubjectAttribute::GenerationQualifier => Nid::GENERATIONQUALIFIER,
-            SubjectAttribute::FriendlyName => Nid::FRIENDLYNAME,
+            SubjectAttribute::Title => Nid::TITLE,
         }
     }
 }

acmed/src/config.rs

@@ -607,38 +607,40 @@ impl Identifier {
 #[serde(deny_unknown_fields)]
 pub struct SubjectAttributes {
     pub country_name: Option<String>,
+    pub generation_qualifier: Option<String>,
+    pub given_name: Option<String>,
+    pub initials: Option<String>,
     pub locality_name: Option<String>,
-    pub state_or_province_name: Option<String>,
-    pub street_address: Option<String>,
+    pub name: Option<String>,
     pub organization_name: Option<String>,
     pub organizational_unit_name: Option<String>,
-    pub name: Option<String>,
-    pub given_name: Option<String>,
-    pub initials: Option<String>,
-    pub title: Option<String>,
+    pub pkcs9_email_address: Option<String>,
+    pub postal_address: Option<String>,
+    pub postal_code: Option<String>,
+    pub state_or_province_name: Option<String>,
+    pub street: Option<String>,
     pub surname: Option<String>,
-    pub pseudonym: Option<String>,
-    pub generation_qualifier: Option<String>,
-    pub friendly_name: Option<String>,
+    pub title: Option<String>,
 }
 
 impl SubjectAttributes {
     pub fn to_generic(&self) -> HashMap<SubjectAttribute, String> {
         let mut ret = HashMap::new();
         push_subject_attr!(ret, self.country_name, CountryName);
+        push_subject_attr!(ret, self.generation_qualifier, GenerationQualifier);
+        push_subject_attr!(ret, self.given_name, GivenName);
+        push_subject_attr!(ret, self.initials, Initials);
         push_subject_attr!(ret, self.locality_name, LocalityName);
-        push_subject_attr!(ret, self.state_or_province_name, StateOrProvinceName);
-        push_subject_attr!(ret, self.street_address, StreetAddress);
+        push_subject_attr!(ret, self.name, Name);
         push_subject_attr!(ret, self.organization_name, OrganizationName);
         push_subject_attr!(ret, self.organizational_unit_name, OrganizationalUnitName);
-        push_subject_attr!(ret, self.name, Name);
-        push_subject_attr!(ret, self.given_name, GivenName);
-        push_subject_attr!(ret, self.initials, Initials);
-        push_subject_attr!(ret, self.title, Title);
+        push_subject_attr!(ret, self.pkcs9_email_address, Pkcs9EmailAddress);
+        push_subject_attr!(ret, self.postal_address, PostalAddress);
+        push_subject_attr!(ret, self.postal_code, PostalCode);
+        push_subject_attr!(ret, self.state_or_province_name, StateOrProvinceName);
+        push_subject_attr!(ret, self.street, Street);
         push_subject_attr!(ret, self.surname, Surname);
-        push_subject_attr!(ret, self.pseudonym, Pseudonym);
-        push_subject_attr!(ret, self.generation_qualifier, GenerationQualifier);
-        push_subject_attr!(ret, self.friendly_name, FriendlyName);
+        push_subject_attr!(ret, self.title, Title);
         ret
     }
 }

man/en/acmed.toml.5

@@ -203,36 +203,24 @@ Period of time between the certificate renewal and its expiration date. The form
 .Sx TIME PERIODS
 section. Default is the value defined in the associated endpoint.
 .It Ic subject_attributes Ar table
-Table where the certificate's subject attributes are specified. Possible keys are:
-.Bl -dash -compact
-.It
-country_name
-.It
-friendly_name
-.It
-generation_qualifier
-.It
-given_name
-.It
-initials
-.It
-locality_name
-.It
-name
-.It
-organization_name
-.It
-organizational_unit_name
-.It
-pseudonym
-.It
-state_or_province_name
-.It
-street_address
-.It
-surname
-.It
-title
+Table where the certificate's subject attributes are specified. Possible keys, with their RFC 4519 and X.500 equivalents, are:
+.Bl -column -offset indent ".Sy organizational_unit_name" ".Sy generationQualifier" ".Sy organizationalUnitName"
+.It Sy ACMEd key Ta Sy RFC 4519 Ta Sy X.500
+.It Li country_name Ta c Ta countryName
+.It Li generation_qualifier Ta generationQualifier Ta
+.It Li given_name Ta givenName Ta
+.It Li initials Ta initials Ta
+.It Li locality_name Ta l Ta localityName
+.It Li name Ta name Ta
+.It Li organization_name Ta o Ta organizationName
+.It Li organizational_unit_name Ta ou Ta organizationalUnitName
+.It Li pkcs9_email_address Ta Ta
+.It Li postal_address Ta postalAddress Ta
+.It Li postal_code Ta postalCode Ta
+.It Li state_or_province_name Ta st Ta stateOrProvinceName
+.It Li street Ta street Ta streetAddress
+.It Li surname Ta sn Ta surname
+.It Li title Ta title Ta
 .El
 .El
 .It Ic endpoint