Connection refused if T field exists in X509 credentials

[n-deliyski]

If an MQTT device is registered manually with X.509-cert credentials, where the certificate subject-DN has T field (e.g T=Test), the device connection is refused with "Bad username or password". This is not expected as title is valid attribute type - rfc4519

The device certificate is created via command: openssl req -key <device-key.pem> -new -out <device.csr> -subj "/title=Test/CN=..."

The analysis shows following:

1. During device manual provisioning the auth-id is normalized using call to new X500Principal(<auth-id-string>).getName(X500Principal.RFC2253). This call for T=Test gives OIDs mapping 2.5.4.12=#130454657374, where 0x13 is for PrintableString
2. During device connection the auth-id is retrieved from the certificate provided by the device using Certificate#getSubjectX500Principal().getName(X500Principal.RFC2253) See https://github.com/eclipse-hono/hono/blob/master/adapter-base/src/main/java/org/eclipse/hono/adapter/auth/device/x509/TenantServiceBasedX509Authentication.java#L170. This call gives 2.5.4.12=#0c0454657374, where 0x0c is for UTF8String
3. Inside the binary certificate the field value is 0c0454657374, where 0x0c is for UTF8String.
4. During connection attempt the auth-id 2.5.4.12=#0c0454657374 could not be found, thus the connection is refused.

This behavior seems a rear case only if the subject-DN has non standard rfc2253 fields.