From fb0da0712b2b2af1598890c2272d8a4e32788eb3 Mon Sep 17 00:00:00 2001
From: Steve Munene <stevenyaga2014@gmail.com>
Date: Mon, 27 Jan 2025 11:40:46 +0300
Subject: [PATCH] NOISSUE - Fix SANs (#71)

* fix ipaddress

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* fix options parameter

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* remove ipaddress in dns names

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

* add check during ip parse

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>

---------

Signed-off-by: nyagamunene <stevenyaga2014@gmail.com>
---
 certs.go   |  1 +
 sdk/sdk.go |  1 +
 service.go | 14 +++++++++++++-
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/certs.go b/certs.go
index 3d2ea0e..7cc149d 100644
--- a/certs.go
+++ b/certs.go
@@ -117,6 +117,7 @@ type SubjectOptions struct {
 	Locality           []string `json:"locality"`
 	StreetAddress      []string `json:"street_address"`
 	PostalCode         []string `json:"postal_code"`
+	DnsNames           []string `json:"dns_names"`
 }
 
 type Config struct {
diff --git a/sdk/sdk.go b/sdk/sdk.go
index 3ffe060..dcffcf4 100644
--- a/sdk/sdk.go
+++ b/sdk/sdk.go
@@ -105,6 +105,7 @@ type Options struct {
 	Locality           []string `json:"locality"`
 	StreetAddress      []string `json:"street_address"`
 	PostalCode         []string `json:"postal_code"`
+	DnsNames           []string `json:"dns_names"`
 }
 
 type Token struct {
diff --git a/service.go b/service.go
index 59c35de..ae37d5d 100644
--- a/service.go
+++ b/service.go
@@ -15,6 +15,7 @@ import (
 	"encoding/asn1"
 	"encoding/pem"
 	"math/big"
+	"net"
 	"time"
 
 	"github.com/absmach/certs/errors"
@@ -57,6 +58,7 @@ var (
 	ErrPrivKeyType            = errors.New("unsupported private key type")
 	ErrPubKeyType             = errors.New("unsupported public key type")
 	ErrFailedParse            = errors.New("failed to parse key PEM")
+	ErrInvalidIP              = errors.New("invalid IP address")
 )
 
 type service struct {
@@ -146,6 +148,15 @@ func (s *service) issue(ctx context.Context, entityID, ttl string, ipAddrs []str
 		}
 	}
 
+	var ipArray []net.IP
+	for _, ip := range ipAddrs {
+		parsedIP := net.ParseIP(ip)
+		if parsedIP == nil {
+			return Certificate{}, errors.Wrap(ErrMalformedEntity, ErrInvalidIP)
+		}
+		ipArray = append(ipArray, parsedIP)
+	}
+
 	template := x509.Certificate{
 		SerialNumber:          serialNumber,
 		Subject:               subject,
@@ -155,7 +166,8 @@ func (s *service) issue(ctx context.Context, entityID, ttl string, ipAddrs []str
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
 		IsCA:                  false,
-		DNSNames:              append(s.intermediateCA.Certificate.DNSNames, ipAddrs...),
+		DNSNames:              append(s.intermediateCA.Certificate.DNSNames, options.DnsNames...),
+		IPAddresses:           ipArray,
 	}
 
 	var privKeyBytes []byte