Allow duplicates in flat_distinguished_name

pe_bliss2/include/pe_bliss2/security/x500/flat_distinguished_name.h

@@ -19,8 +19,7 @@ namespace pe_bliss::security::x500
 
 enum class distinguished_name_errc
 {
-	duplicate_dn_attributes = 1,
-	invalid_rdn_attribute_value
+	invalid_rdn_attribute_value = 1
 };
 
 std::error_code make_error_code(distinguished_name_errc) noexcept;
@@ -32,6 +31,16 @@ class [[nodiscard]] flat_distinguished_name
 	using range_type = RangeType;
 	using directory_string_type = std::variant<std::string, std::u16string, std::u32string>;
 
+	struct comparer final
+	{
+		using is_transparent = void;
+
+		template<typename T1, typename T2>
+		constexpr bool operator()(const T1& l, const T2& r) const noexcept;
+	};
+
+	using map_type = std::multimap<std::vector<std::uint32_t>, range_type, comparer>;
+
 public:
 	explicit flat_distinguished_name(
 		const security::pkcs7::signer_info_ref_pkcs7<range_type>& ref);
@@ -64,6 +73,8 @@ class [[nodiscard]] flat_distinguished_name
 	}
 
 public:
+	// Methods below return the first found attribute value.
+	// Duplicates are allowed.
 	[[nodiscard]]
 	std::optional<directory_string_type> get_common_name() const;
 	[[nodiscard]]
@@ -93,19 +104,17 @@ class [[nodiscard]] flat_distinguished_name
 	[[nodiscard]]
 	std::optional<directory_string_type> get_pseudonim() const;
 
+public:
+	[[nodiscard]]
+	const map_type& get_map() const noexcept
+	{
+		return parts_;
+	}
+
 private:
 	void build(const std::vector<asn1::crypto::relative_distinguished_name_type<range_type>>& dn);
 
 private:
-	struct comparer final
-	{
-		using is_transparent = void;
-
-		template<typename T1, typename T2>
-		constexpr bool operator()(const T1& l, const T2& r) const noexcept;
-	};
-
-	using map_type = std::map<std::vector<std::uint32_t>, range_type, comparer>;
 	map_type parts_;
 };
 

pe_bliss2/src/security/x500/flat_distinguished_name.cpp

@@ -26,8 +26,6 @@ struct distinguished_name_error_category : std::error_category
 		using enum pe_bliss::security::x500::distinguished_name_errc;
 		switch (static_cast<pe_bliss::security::x500::distinguished_name_errc>(ev))
 		{
-		case duplicate_dn_attributes:
-			return "Distinguished name has duplicate attributes";
 		case invalid_rdn_attribute_value:
 			return "Relative distinguished name attribute value ASN.1 DER is not valid";
 		default:
@@ -120,10 +118,7 @@ void flat_distinguished_name<RangeType>::build(
 	for (const asn1::crypto::relative_distinguished_name_type<range_type>& rdn : dn)
 	{
 		for (const asn1::crypto::attribute_value_assertion<range_type>& attr : rdn)
-		{
-			if (!parts_.try_emplace(attr.attribute_type.container, attr.attribute_value).second)
-				throw pe_error(distinguished_name_errc::duplicate_dn_attributes);
-		}
+			parts_.emplace(attr.attribute_type.container, attr.attribute_value);
 	}
 }
 

tests/tests/pe_bliss2/directories/security/flat_distinguished_name_tests.cpp

@@ -22,10 +22,10 @@ class FlatDistinguishedNameTests : public testing::Test
 
 public:
 	template<typename DN>
-	void test(const DN& dn) const
+	void test(const DN& dn, bool with_duplicates = false) const
 	{
 		ASSERT_FALSE(dn.empty());
-		ASSERT_EQ(dn.size(), 4u);
+		ASSERT_EQ(dn.size(), 4u + with_duplicates);
 
 		std::optional<std::string> country_name;
 		ASSERT_NO_THROW(country_name = dn.get_country_name());
@@ -69,7 +69,7 @@ class FlatDistinguishedNameTests : public testing::Test
 			auto& level = issuer.emplace_back();
 			level.push_back({
 				.attribute_type = asn1::crypto::object_identifier_type {
-					.container = {2,5,4,8}
+					.container = {2,5,4,10}
 				}
 			});
 		}
@@ -148,5 +148,6 @@ TYPED_TEST(FlatDistinguishedNameTests, FromCmsWithDuplicates)
 		.issuer.value;
 	this->fill(issuer, true);
 
-	ASSERT_THROW((void)(typename TestFixture::dn_type{ info }), pe_bliss::pe_error);
+	const typename TestFixture::dn_type dn{ info };
+	this->test(dn, true);
 }