Add comparison methods for DN/RDN/AttributeTypeAndValue

[liggitt]

Adds Equal method to DN, RelativeDN, and AttributeTypeAndValue types
Adds AncestorOf method to DN

Based on rfc4517 4.2.15 (distinguishedNameMatch):

4.2.15.  distinguishedNameMatch

   The distinguishedNameMatch rule compares an assertion value of the DN
   syntax to an attribute value of a syntax (e.g., the DN syntax) whose
   corresponding ASN.1 type is DistinguishedName.

   The rule evaluates to TRUE if and only if the attribute value and the
   assertion value have the same number of relative distinguished names
   and corresponding relative distinguished names (by position) are the
   same.  A relative distinguished name (RDN) of the assertion value is
   the same as an RDN of the attribute value if and only if they have
   the same number of attribute value assertions and each attribute
   value assertion (AVA) of the first RDN is the same as the AVA of the
   second RDN with the same attribute type.  The order of the AVAs is
   not significant.  Also note that a particular attribute type may
   appear in at most one AVA in an RDN.  Two AVAs with the same
   attribute type are the same if their values are equal according to
   the equality matching rule of the attribute type.  If one or more of
   the AVA comparisons evaluate to Undefined and the remaining AVA
   comparisons return TRUE then the distinguishedNameMatch rule
   evaluates to Undefined.

[johnweldon]

Nice

[liggitt]

trying to think of a better name for AncestorOf... it returns true for exact matches, which is weird (with that name)

[johnweldon]

Yeah, can't think of anything too compelling...

• AncestorOrSelf
• PrefixMatch
• EqualOrAncestorOf

¯\_(ツ)_/¯

[liggitt]

decided it made more sense to keep the functionality separate. if you want ancestor or self, do d.AncestorOf(other) || d.Equal(other)