NOISSUE - Fix SANs (#71)

* fix ipaddress Signed-off-by: nyagamunene <[email protected]> * fix options parameter Signed-off-by: nyagamunene <[email protected]> * remove ipaddress in dns names Signed-off-by: nyagamunene <[email protected]> * add check during ip parse Signed-off-by: nyagamunene <[email protected]> --------- Signed-off-by: nyagamunene <[email protected]>
absmach · Jan 27, 2025 · fb0da07 · fb0da07
1 parent 91270de
commit fb0da07
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/certs.go b/certs.go
@@ -117,6 +117,7 @@ type SubjectOptions struct {
 	Locality           []string `json:"locality"`
 	StreetAddress      []string `json:"street_address"`
 	PostalCode         []string `json:"postal_code"`
+	DnsNames           []string `json:"dns_names"`
 }
 
 type Config struct {

diff --git a/sdk/sdk.go b/sdk/sdk.go
@@ -105,6 +105,7 @@ type Options struct {
 	Locality           []string `json:"locality"`
 	StreetAddress      []string `json:"street_address"`
 	PostalCode         []string `json:"postal_code"`
+	DnsNames           []string `json:"dns_names"`
 }
 
 type Token struct {

diff --git a/service.go b/service.go
@@ -15,6 +15,7 @@ import (
 	"encoding/asn1"
 	"encoding/pem"
 	"math/big"
+	"net"
 	"time"
 
 	"github.com/absmach/certs/errors"
@@ -57,6 +58,7 @@ var (
 	ErrPrivKeyType            = errors.New("unsupported private key type")
 	ErrPubKeyType             = errors.New("unsupported public key type")
 	ErrFailedParse            = errors.New("failed to parse key PEM")
+	ErrInvalidIP              = errors.New("invalid IP address")
 )
 
 type service struct {
@@ -146,6 +148,15 @@ func (s *service) issue(ctx context.Context, entityID, ttl string, ipAddrs []str
 		}
 	}
 
+	var ipArray []net.IP
+	for _, ip := range ipAddrs {
+		parsedIP := net.ParseIP(ip)
+		if parsedIP == nil {
+			return Certificate{}, errors.Wrap(ErrMalformedEntity, ErrInvalidIP)
+		}
+		ipArray = append(ipArray, parsedIP)
+	}
+
 	template := x509.Certificate{
 		SerialNumber:          serialNumber,
 		Subject:               subject,
@@ -155,7 +166,8 @@ func (s *service) issue(ctx context.Context, entityID, ttl string, ipAddrs []str
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		IsCA:                  false,
-		DNSNames:              append(s.intermediateCA.Certificate.DNSNames, ipAddrs...),
+		DNSNames:              append(s.intermediateCA.Certificate.DNSNames, options.DnsNames...),
+		IPAddresses:           ipArray,
 	}
 
 	var privKeyBytes []byte