Array Type is Preserved in x509 Certificate with Array-Valued Properties
In MarkLogic 9.0-1, if you use xdmp.x509CertificateGenerate
to generate a certificate, and the configuration object includes array-valued properties, the array values were encoded as a single string. As of MarkLogic 9.0-2, the array type is preserved. This change applies to any Relative Distinguished Names (RDNs) within a Distinguished Name (DN), such as the issuer
and subject
DNs.
For example, in the following snippet, the issuer.organizationName
property has an array value.
var certObj = {
version: "2",
serialNumber: "BA0195369CD6B679",
issuer: {
countryName: "US",
stateOrProvinceName: "CA",
localityName: "San Carlos",
organizationName: ["MarkLogic", "Mark Logic"],
organizationalUnitName: "Eng",
emailAddress: "jdonner@marklogic.com",
commonName: "JGD Certificate Authority",
},...
};
var privateKey = ...;
xdmp.x509CertificatExtract(
xdmp.x509CertificateGenerate(certObj, privateKey)
);
If you round trip the generated certificate through xdmp.x509CertificateExtract
, you will see the following output for issuer.organizationName
in MarkLogic 9.0-1 vs. MarkLogic 9.0-2.
// Marklogic 9.0-1 organizationName: "[\"MarkLogic\", \"Mark Logic\"]" // MarkLogic 9.0-2 and later organizationName: ["MarkLogic", "Mark Logic"]
If you do not have a certificate containing a multi-valued property, you will not notice any difference in behavior.