From 187e91f9ae00f013e9592e2e576df8d9df772bdf Mon Sep 17 00:00:00 2001
From: James Munnelly <james.munnelly@jetstack.io>
Date: Fri, 13 Oct 2017 12:35:25 +0100
Subject: [PATCH] Default commonName to first altName if not specified

---
 pkg/issuer/ca/issue.go | 12 +++++++-----
 pkg/util/pki/csr.go    |  3 +++
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/pkg/issuer/ca/issue.go b/pkg/issuer/ca/issue.go
index 379b30810..183fee11b 100644
--- a/pkg/issuer/ca/issue.go
+++ b/pkg/issuer/ca/issue.go
@@ -85,13 +85,15 @@ func (c *CA) obtainCertificate(crt *v1alpha1.Certificate, signeeKey interface{})
 	return crtPem, nil
 }
 
-func createCertificateTemplate(crt *v1alpha1.Certificate, publicKey interface{}) (*x509.Certificate, error) {
+func createCertificateTemplate(publicKey interface{}, commonName string, altNames ...string) (*x509.Certificate, error) {
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate serial number: %s", err.Error())
 	}
-
+	if len(commonName) == 0 && len(altNames) > 0 {
+		commonName = altNames[0]
+	}
 	cert := &x509.Certificate{
 		Version:               3,
 		BasicConstraintsValid: true,
@@ -100,13 +102,13 @@ func createCertificateTemplate(crt *v1alpha1.Certificate, publicKey interface{})
 		PublicKey:             publicKey,
 		Subject: pkix.Name{
 			Organization: []string{defaultOrganization},
-			CommonName:   crt.Spec.CommonName,
+			CommonName:   commonName,
 		},
 		NotBefore: time.Now(),
 		NotAfter:  time.Now().Add(certificateDuration),
 		// see http://golang.org/pkg/crypto/x509/#KeyUsage
 		KeyUsage: x509.KeyUsageDigitalSignature,
-		DNSNames: crt.Spec.AltNames,
+		DNSNames: altNames,
 	}
 	return cert, nil
 }
@@ -116,7 +118,7 @@ func createCertificateTemplate(crt *v1alpha1.Certificate, publicKey interface{})
 // publicKey is the public key of the signee, and signerKey is the private
 // key of the signer.
 func signCertificate(crt *v1alpha1.Certificate, issuerCert *x509.Certificate, publicKey interface{}, signerKey interface{}) ([]byte, *x509.Certificate, error) {
-	template, err := createCertificateTemplate(crt, publicKey)
+	template, err := createCertificateTemplate(publicKey, crt.Spec.CommonName, crt.Spec.AltNames...)
 	if err != nil {
 		return nil, nil, fmt.Errorf("error creating x509 certificate template: %s", err.Error())
 	}
diff --git a/pkg/util/pki/csr.go b/pkg/util/pki/csr.go
index e8fb07634..a4caaf5e1 100644
--- a/pkg/util/pki/csr.go
+++ b/pkg/util/pki/csr.go
@@ -6,6 +6,9 @@ import (
 )
 
 func GenerateCSR(commonName string, altNames ...string) *x509.CertificateRequest {
+	if commonName == "" && len(altNames) > 0 {
+		commonName = altNames[0]
+	}
 	template := x509.CertificateRequest{
 		Subject: pkix.Name{
 			CommonName: commonName,