support URI SANs in local signer

2026-01-13 11:25:19 +00:00 · 2019-11-04 08:08:59 -08:00
parent fe51712288
commit 6a004d0c18
4 changed files with 30 additions and 2 deletions
--- a/pkg/controller/certificates/authority/authority_test.go
+++ b/pkg/controller/certificates/authority/authority_test.go
@@ -23,6 +23,7 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"math/big"
+	"net/url"
 	"testing"
 	"time"

@@ -59,6 +60,11 @@ func TestCertificateAuthority(t *testing.T) {
 		t.Fatal(err)
 	}

+	uri, err := url.Parse("help://me@what:8080/where/when?why=true")
+	if err != nil {
+		t.Fatal(err)
+	}
+
 	tests := []struct {
 		name     string
 		cr       x509.CertificateRequest
@@ -118,6 +124,19 @@ func TestCertificateAuthority(t *testing.T) {
 				BasicConstraintsValid: true,
 			},
 		},
+		{
+			name:   "uri sans",
+			policy: PermissiveSigningPolicy{TTL: time.Hour},
+			cr: x509.CertificateRequest{
+				URIs: []*url.URL{uri},
+			},
+			want: x509.Certificate{
+				URIs:                  []*url.URL{uri},
+				NotBefore:             now,
+				NotAfter:              now.Add(1 * time.Hour),
+				BasicConstraintsValid: true,
+			},
+		},
 	}

 	crKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
@@ -168,6 +187,9 @@ func TestCertificateAuthority(t *testing.T) {
 				cmp.Transformer("RoundTime", func(x time.Time) time.Time {
 					return x.Truncate(time.Second)
 				}),
+				cmp.Comparer(func(x, y *url.URL) bool {
+					return ((x == nil) && (y == nil)) || x.String() == y.String()
+				}),
 			}
 			if !cmp.Equal(*cert, test.want, opts) {
 				t.Errorf("unexpected diff: %v", cmp.Diff(*cert, test.want, opts))