From ed80c5be9018ff0355ad2177cb1c5808ac0a6b92 Mon Sep 17 00:00:00 2001
From: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Date: Wed, 7 Feb 2024 09:39:36 +0100
Subject: [PATCH] add new testcase that generates a non-critical SAN extension
 to the GenerateCSR tests

Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
---
 pkg/util/pki/csr_test.go | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/pkg/util/pki/csr_test.go b/pkg/util/pki/csr_test.go
index 6ad2f2279..033649629 100644
--- a/pkg/util/pki/csr_test.go
+++ b/pkg/util/pki/csr_test.go
@@ -435,6 +435,33 @@ func TestGenerateCSR(t *testing.T) {
 				RawSubject: subjectGenerator(t, pkix.Name{}),
 			},
 		},
+		{
+			name: "Generate CSR from certificate with subject and DNS",
+			crt: &cmapi.Certificate{Spec: cmapi.CertificateSpec{
+				Subject:  &cmapi.X509Subject{Organizations: []string{"example inc."}},
+				DNSNames: []string{"example.org"},
+			}},
+			want: &x509.CertificateRequest{
+				Version:            0,
+				SignatureAlgorithm: x509.SHA256WithRSA,
+				PublicKeyAlgorithm: x509.RSA,
+				ExtraExtensions: []pkix.Extension{
+					sansGenerator(
+						t,
+						[]asn1.RawValue{
+							{Tag: nameTypeDNSName, Class: 2, Bytes: []byte("example.org")},
+						},
+						false, // SAN is NOT critical as the Subject is not empty
+					),
+					{
+						Id:       OIDExtensionKeyUsage,
+						Value:    asn1DefaultKeyUsage,
+						Critical: true,
+					},
+				},
+				RawSubject: subjectGenerator(t, pkix.Name{Organization: []string{"example inc."}}),
+			},
+		},
 		{
 			name: "Generate CSR from certificate with only CN",
 			crt:  &cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.org"}},