From 340d2725e7df995c3f2d3fc8a44665ae73ca56cc Mon Sep 17 00:00:00 2001
From: Max Ehrlich <max.ehr@gmail.com>
Date: Sat, 18 Aug 2018 17:02:34 -0400
Subject: [PATCH] Generate certificates with the new organization field

Signed-off-by: Max Ehrlich <max.ehr@gmail.com>
---
 pkg/util/pki/csr.go | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/pkg/util/pki/csr.go b/pkg/util/pki/csr.go
index 8e3a577f6..8042e3eaf 100644
--- a/pkg/util/pki/csr.go
+++ b/pkg/util/pki/csr.go
@@ -53,17 +53,26 @@ func DNSNamesForCertificate(crt *v1alpha1.Certificate) []string {
 	return crt.Spec.DNSNames
 }
 
-var serialNumberLimit = new(big.Int).Lsh(big.NewInt(1), 128)
-
-// TODO: allow this to be configurable
 const defaultOrganization = "cert-manager"
 
+func OrganizationForCertificate(crt *v1alpha1.Certificate) string {
+	if crt.Spec.Organization != "" {
+		return crt.Spec.Organization
+	}
+
+	return defaultOrganization
+}
+
+var serialNumberLimit = new(big.Int).Lsh(big.NewInt(1), 128)
+
 // default certification duration is 1 year
 const defaultNotAfter = time.Hour * 24 * 365
 
 func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x509.CertificateRequest, error) {
 	commonName := CommonNameForCertificate(crt)
 	dnsNames := DNSNamesForCertificate(crt)
+	organization := OrganizationForCertificate(crt)
+
 	if len(commonName) == 0 && len(dnsNames) == 0 {
 		return nil, fmt.Errorf("no domains specified on certificate")
 	}
@@ -77,7 +86,7 @@ func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x50
 		Version:            3,
 		SignatureAlgorithm: sigAlgo,
 		Subject: pkix.Name{
-			Organization: []string{defaultOrganization},
+			Organization: []string{organization},
 			CommonName:   commonName,
 		},
 		DNSNames: dnsNames,
@@ -93,6 +102,8 @@ func GenerateCSR(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate) (*x50
 func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate, serialNo *big.Int) (*x509.Certificate, error) {
 	commonName := CommonNameForCertificate(crt)
 	dnsNames := DNSNamesForCertificate(crt)
+	organization := OrganizationForCertificate(crt)
+
 	if len(commonName) == 0 && len(dnsNames) == 0 {
 		return nil, fmt.Errorf("no domains specified on certificate")
 	}
@@ -118,7 +129,7 @@ func GenerateTemplate(issuer v1alpha1.GenericIssuer, crt *v1alpha1.Certificate,
 		SignatureAlgorithm:    sigAlgo,
 		IsCA:                  crt.Spec.IsCA,
 		Subject: pkix.Name{
-			Organization: []string{defaultOrganization},
+			Organization: []string{organization},
 			CommonName:   commonName,
 		},
 		NotBefore: time.Now(),