Remove redundant otherName match tests

* We do not need to include otherName in fuzzy certificate detection checks Signed-off-by: SpectralHiss <houssem.elfekih@jetstack.io>
2024-01-09 17:02:24 +00:00 · 2024-01-09 17:02:24 +00:00 · 0b83f78fff
commit 0b83f78fff
parent 3dad3f320b
1 changed files with 0 additions and 67 deletions
--- a/pkg/util/pki/match_test.go
+++ b/pkg/util/pki/match_test.go
@ -346,73 +346,6 @@ func TestSecretDataAltNamesMatchSpec(t *testing.T) {
 			}),
 			violations: []string{"spec.ipAddresses"},
 		},
-		"should match if otherNames are equal": {
-			spec: cmapi.CertificateSpec{
-				OtherNames: []cmapi.OtherName{
-					{
-						OID:       "1.3.6.1.4.1.311.20.2.3",
-						UTF8Value: "upn2@testdomain.local",
-					},
-					{
-						OID:       "1.3.6.1.4.1.311.20.2.3",
-						UTF8Value: "upn@testdomain.local",
-					},
-				},
-			}, // openssl req -nodes -newkey rsa:2048 -subj "/CN=someCN" \
-			// -addext 'subjectAltName=otherName:msUPN;UTF8:upn@testdomain.local,otherName:msUPN;UTF8:upn2@testdomain.local' -x509 |
-			data: []byte(`-----BEGIN CERTIFICATE-----
-MIIDOzCCAiOgAwIBAgIUJGyXr7GsoPVGC9PkG/QR5NQ3doQwDQYJKoZIhvcNAQEL
-BQAwADAeFw0yNDAxMDkxMzQwNDZaFw0yNDAyMDgxMzQwNDZaMAAwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFVLGrwoVnLaVERh5l6/+Wc1bDrEOCrsZz
-FUYOBJNpoJmbcl6Cp3DLyqrgkzAXWusUft77DmOpMz5C/2IWtI0Ju/NBg2wCwu6U
-+NcL70WTx2h1v7fN0YHdzElGcO018bPpA9QEfzoB07G+G8dqTwUMrCq6qE5vbmY3
-PywXfvCKbES4AFvQAcrm8qBOs4RPMlHp59gTAh9G3oVp1xJBoAHJr4CWbg65+ed9
-d2YbVZjZ3aNbVGGc2Qp2vr9p/pcTtb1oyioCmryQmm3fIOMef6smn/LpFhnFoHUN
-bJkBICG2JfHfygYkqukrhGFGv/UnVx7nmkeU5nooh7e0t5/cFbxzAgMBAAGjgaww
-gakwHQYDVR0OBBYEFDIkbk6FammEuY6X2HODbctYOIHTMB8GA1UdIwQYMBaAFDIk
-bk6FammEuY6X2HODbctYOIHTMA8GA1UdEwEB/wQFMAMBAf8wVgYDVR0RBE8wTaAk
-BgorBgEEAYI3FAIDoBYMFHVwbkB0ZXN0ZG9tYWluLmxvY2FsoCUGCisGAQQBgjcU
-AgOgFwwVdXBuMkB0ZXN0ZG9tYWluLmxvY2FsMA0GCSqGSIb3DQEBCwUAA4IBAQBq
-jj/eTo0ZN6rNYPFYW3Uw4nZLasf3bEQlHG7QPJLaBvg87Yrt+1kWEzDhjlIK1bWi
-ns56oLuaXIXjzF6KwkqBRLdqD/1bjPn7qX9uIhdncWs1Fi09mQMdI8Mnasx0IPOe
-kosmem3A/RnylWmbaCLON/APhAXrPPbW1abI8gXyH5104T0470PY1CvR4Q6MTbXH
-LCOnSiou3CO93H1Rnu9AWDXx5c6Fe1LO+AdaihdXLMAJN6NuMZRcXBChAo6d6/kh
-/O44u3tp/z6trRdH+D8D68nyx/xjFqq2BFCfyau9T3KmFjZacUWXQv6tTpElFUlZ
-7WkwZWxxkjzh9z529B9h
-----END CERTIFICATE-----`),
-		},
-		"should not match if OtherNames are not equal": {
-			spec: cmapi.CertificateSpec{
-				OtherNames: []cmapi.OtherName{
-					{
-						OID:       "1.3.6.1.4.1.311.20.2.3",
-						UTF8Value: "upn@testdomain.local",
-					},
-				},
-			},
-			// generated with openssl with:  openssl req -nodes -newkey rsa:2048 -subj "/" \
-			// -addext 'subjectAltName=otherName:msUPN;UTF8:ANOTHERUPN@testdomain.local' -x509
-			data: []byte(`-----BEGIN CERTIFICATE-----
-MIIDGzCCAgOgAwIBAgIULTMrWMewcF6XSc8hM6TnL9L8NrgwDQYJKoZIhvcNAQEL
-BQAwADAeFw0yNDAxMDkxMzQyMTVaFw0yNDAyMDgxMzQyMTVaMAAwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnIvWN7Nj/+bST7R1tmxu0olvjwgfPBhCp
-/6OiPuANxZtYkQiqIx4KxnA5KErpQHzp9zlExE2FJUd5Fn83V5+we8/tXRT4mdVg
-uOhVab8KHXciW2Ia0B6zdJakYL0qy6ol6kQDUansZi+0vBVbRzJIDAJLRSHGjXRT
-BlYuZxgyOawD19vdBKDg3zz2vszQprSONM5qefnk0S3nbsIN3rPprifwjCjn+GMc
-pcVXF1UizhyGFTxX7CiTNQg2sD6eAxvNHwyPfYo0cAWVXk1Ctoy+nGWX70zYQIw5
-PI9+hagoFBy8AMhg2MgwAJV3Iay8JRnItCkE5xrh6XxMaGzBDTybAgMBAAGjgYww
-gYkwHQYDVR0OBBYEFMjP9HapmDU06sI25oFVVX7h4mziMB8GA1UdIwQYMBaAFMjP
-9HapmDU06sI25oFVVX7h4mziMA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLaAr
-BgorBgEEAYI3FAIDoB0MG0FOT1RIRVJVUE5AdGVzdGRvbWFpbi5sb2NhbDANBgkq
-hkiG9w0BAQsFAAOCAQEAbQLZXPWqT78YmhWich59tiQ+3VStjamS/dI9qrgjo3CN
-phYWiTe5anIv1tp2MOFD0eueO+zDLtSfFWLTBq4Qce+fDZK4WEPJrj9A/77WP55R
-1IGvQVYhEAGVAiSFudp5loUx6LhcADcO45zWq/RBgWKDI4oUu744UZUJ5e68Vb/O
-43QVvRF9qkte8X7LCBr1lX1mElh1d+qD2BiTuLzkMJeDNonmBfD1JM1zCZgYXCoE
-20gLNilYVngZprTUOjjBYQMdrovC3XG2ByUTAXREyonQpmzRPKRnV+125kQooLXx
-PvQpPM/KS8XNIJZXrbaEw0feitL6Pb+8+W5BHVcDkQ==
-----END CERTIFICATE-----`),
-			violations: []string{"spec.otherNames"},
-		},
 		"should not match if ipAddresses has been made the commonName": {
 			spec: cmapi.CertificateSpec{
 				IPAddresses: []string{"127.0.0.1"},