Merge pull request #6723 from inteon/add_generate_csr_test

Add new testcase that generates a non-critical SAN extension to the GenerateCSR tests
2024-03-22 21:51:34 +01:00 · 2024-03-22 21:51:34 +01:00 · 99fc8fb5f8
commit 99fc8fb5f8
parent 953d8b5478 ed80c5be90
1 changed files with 27 additions and 0 deletions
--- a/pkg/util/pki/csr_test.go
+++ b/pkg/util/pki/csr_test.go
@ -435,6 +435,33 @@ func TestGenerateCSR(t *testing.T) {
 				RawSubject: subjectGenerator(t, pkix.Name{}),
 			},
 		},
+		{
+			name: "Generate CSR from certificate with subject and DNS",
+			crt: &cmapi.Certificate{Spec: cmapi.CertificateSpec{
+				Subject:  &cmapi.X509Subject{Organizations: []string{"example inc."}},
+				DNSNames: []string{"example.org"},
+			}},
+			want: &x509.CertificateRequest{
+				Version:            0,
+				SignatureAlgorithm: x509.SHA256WithRSA,
+				PublicKeyAlgorithm: x509.RSA,
+				ExtraExtensions: []pkix.Extension{
+					sansGenerator(
+						t,
+						[]asn1.RawValue{
+							{Tag: nameTypeDNSName, Class: 2, Bytes: []byte("example.org")},
+						},
+						false, // SAN is NOT critical as the Subject is not empty
+					),
+					{
+						Id:       OIDExtensionKeyUsage,
+						Value:    asn1DefaultKeyUsage,
+						Critical: true,
+					},
+				},
+				RawSubject: subjectGenerator(t, pkix.Name{Organization: []string{"example inc."}}),
+			},
+		},
 		{
 			name: "Generate CSR from certificate with only CN",
 			crt:  &cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.org"}},