Adds proper checking for common name in e2e tests

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
2019-09-23 16:19:16 +01:00 · 2019-09-23 16:19:16 +01:00 · 88cadca433
commit 88cadca433
parent 5cdad4eed3
3 changed files with 24 additions and 4 deletions
--- a/pkg/util/pki/csr.go
+++ b/pkg/util/pki/csr.go
@ -188,6 +188,7 @@ func GenerateCSR(crt *v1alpha2.Certificate) (*x509.CertificateRequest, error) {
 		},
 		DNSNames:    dnsNames,
 		IPAddresses: iPAddresses,
+		URIs:        uriNames,
 		// TODO: work out how best to handle extensions/key usages here
 		ExtraExtensions: []pkix.Extension{},
 	}, nil
--- a/test/e2e/framework/helper/certificaterequests.go
+++ b/test/e2e/framework/helper/certificaterequests.go
@ -96,7 +96,6 @@ func (h *Helper) ValidateIssuedCertificateRequest(cr *v1alpha2.CertificateReques
 	// TODO: validate private key KeySize

 	// check the provided certificate is valid
-	expectedCN := csr.Subject.CommonName
 	expectedOrganization := csr.Subject.Organization
 	expectedDNSNames := csr.DNSNames
 	expectedIPAddresses := csr.IPAddresses
@ -107,7 +106,17 @@ func (h *Helper) ValidateIssuedCertificateRequest(cr *v1alpha2.CertificateReques
 		return nil, err
 	}

-	if expectedCN != cert.Subject.CommonName ||
+	commonNameCorrect := true
+	expectedCN := csr.Subject.CommonName
+	if len(expectedCN) == 0 && len(cert.Subject.CommonName) > 0 {
+		if !util.Contains(cert.DNSNames, cert.Subject.CommonName) {
+			commonNameCorrect = false
+		}
+	} else if expectedCN != cert.Subject.CommonName {
+		commonNameCorrect = false
+	}
+
+	if !commonNameCorrect ||
 		!util.EqualUnsorted(cert.DNSNames, expectedDNSNames) ||
 		!util.EqualUnsorted(cert.Subject.Organization, expectedOrganization) ||
 		!util.EqualIPsUnsorted(cert.IPAddresses, expectedIPAddresses) ||
--- a/test/e2e/framework/helper/certificates.go
+++ b/test/e2e/framework/helper/certificates.go
@ -140,7 +140,6 @@ func (h *Helper) ValidateIssuedCertificate(certificate *v1alpha2.Certificate, ro
 	// TODO: validate private key KeySize

 	// check the provided certificate is valid
-	expectedCN := certificate.Spec.CommonName
 	expectedOrganization := pki.OrganizationForCertificate(certificate)
 	expectedDNSNames := pki.DNSNamesForCertificate(certificate)
 	uris, err := pki.URIsForCertificate(certificate)
@ -159,7 +158,18 @@ func (h *Helper) ValidateIssuedCertificate(certificate *v1alpha2.Certificate, ro
 	if err != nil {
 		return nil, err
 	}
-	if expectedCN != cert.Subject.CommonName || !util.EqualUnsorted(cert.DNSNames, expectedDNSNames) || !util.EqualUnsorted(pki.URLsToString(cert.URIs), expectedURIs) ||
+
+	commonNameCorrect := true
+	expectedCN := certificate.Spec.CommonName
+	if len(expectedCN) == 0 && len(cert.Subject.CommonName) > 0 {
+		if !util.Contains(cert.DNSNames, cert.Subject.CommonName) {
+			commonNameCorrect = false
+		}
+	} else if expectedCN != cert.Subject.CommonName {
+		commonNameCorrect = false
+	}
+
+	if !commonNameCorrect || !util.EqualUnsorted(cert.DNSNames, expectedDNSNames) || !util.EqualUnsorted(pki.URLsToString(cert.URIs), expectedURIs) ||
 		!(len(cert.Subject.Organization) == 0 || util.EqualUnsorted(cert.Subject.Organization, expectedOrganization)) {
 		return nil, fmt.Errorf("Expected certificate valid for CN %q, O %v, dnsNames %v, uriSANs %v,but got a certificate valid for CN %q, O %v, dnsNames %v, uriSANs %v",
 			expectedCN, expectedOrganization, expectedDNSNames, expectedURIs, cert.Subject.CommonName, cert.Subject.Organization, cert.DNSNames, cert.URIs)