Add duplicate removal for Common Names

hslatman · hslatman · commit cf9eb769d430 · 2022-05-05T15:19:33.000+02:00
diff --git a/policy.go b/policy.go
@@ -11,12 +11,14 @@ func (p *Policy) Deduplicate() {
 			allow.Ips = removeDuplicates(allow.Ips)
 			allow.Emails = removeDuplicates(allow.Emails)
 			allow.Uris = removeDuplicates(allow.Uris)
+			allow.CommonNames = removeDuplicates(allow.CommonNames)
 		}
 		if deny := p.GetX509().GetDeny(); deny != nil {
 			deny.Dns = removeDuplicates(deny.Dns)
 			deny.Ips = removeDuplicates(deny.Ips)
 			deny.Emails = removeDuplicates(deny.Emails)
 			deny.Uris = removeDuplicates(deny.Uris)
+			deny.CommonNames = removeDuplicates(deny.CommonNames)
 		}
 	}
 	if ssh := p.GetSsh(); ssh != nil {
diff --git a/policy_test.go b/policy_test.go
@@ -54,32 +54,36 @@ func TestPolicy_Deduplicate(t *testing.T) {
 			policy: &Policy{
 				X509: &X509Policy{
 					Allow: &X509Names{
-						Dns:    []string{"*.local", "*.example.com", "*.local"},
-						Ips:    []string{"192.168.0.0/24", "10.10.10.0/24", "192.168.0.0/24"},
-						Emails: []string{"@example.com", "@local", "@example.com"},
-						Uris:   []string{"*.local", "*.example.com", "*.local"},
+						Dns:         []string{"*.local", "*.example.com", "*.local"},
+						Ips:         []string{"192.168.0.0/24", "10.10.10.0/24", "192.168.0.0/24"},
+						Emails:      []string{"@example.com", "@local", "@example.com"},
+						Uris:        []string{"*.local", "*.example.com", "*.local"},
+						CommonNames: []string{"bla", "host", "bla"},
 					},
 					Deny: &X509Names{
-						Dns:    []string{"*.local", "*.example.com", "*.local"},
-						Ips:    []string{"192.168.0.0/24", "10.10.10.0/24", "192.168.0.0/24"},
-						Emails: []string{"@example.com", "@local", "@example.com"},
-						Uris:   []string{"*.local", "*.example.com", "*.local"},
+						Dns:         []string{"*.local", "*.example.com", "*.local"},
+						Ips:         []string{"192.168.0.0/24", "10.10.10.0/24", "192.168.0.0/24"},
+						Emails:      []string{"@example.com", "@local", "@example.com"},
+						Uris:        []string{"*.local", "*.example.com", "*.local"},
+						CommonNames: []string{"bla", "host", "bla"},
 					},
 				},
 			},
 			expected: &Policy{
 				X509: &X509Policy{
 					Allow: &X509Names{
-						Dns:    []string{"*.local", "*.example.com"},
-						Ips:    []string{"192.168.0.0/24", "10.10.10.0/24"},
-						Emails: []string{"@example.com", "@local"},
-						Uris:   []string{"*.local", "*.example.com"},
+						Dns:         []string{"*.local", "*.example.com"},
+						Ips:         []string{"192.168.0.0/24", "10.10.10.0/24"},
+						Emails:      []string{"@example.com", "@local"},
+						Uris:        []string{"*.local", "*.example.com"},
+						CommonNames: []string{"bla", "host"},
 					},
 					Deny: &X509Names{
-						Dns:    []string{"*.local", "*.example.com"},
-						Ips:    []string{"192.168.0.0/24", "10.10.10.0/24"},
-						Emails: []string{"@example.com", "@local"},
-						Uris:   []string{"*.local", "*.example.com"},
+						Dns:         []string{"*.local", "*.example.com"},
+						Ips:         []string{"192.168.0.0/24", "10.10.10.0/24"},
+						Emails:      []string{"@example.com", "@local"},
+						Uris:        []string{"*.local", "*.example.com"},
+						CommonNames: []string{"bla", "host"},
 					},
 				},
 			},

Original file line number	Diff line number	Diff line change
`@@ -11,12 +11,14 @@ func (p *Policy) Deduplicate() {`
`11`	`11`	`allow.Ips = removeDuplicates(allow.Ips)`
`12`	`12`	`allow.Emails = removeDuplicates(allow.Emails)`
`13`	`13`	`allow.Uris = removeDuplicates(allow.Uris)`
	`14`	`+ allow.CommonNames = removeDuplicates(allow.CommonNames)`
`14`	`15`	`}`
`15`	`16`	`if deny := p.GetX509().GetDeny(); deny != nil {`
`16`	`17`	`deny.Dns = removeDuplicates(deny.Dns)`
`17`	`18`	`deny.Ips = removeDuplicates(deny.Ips)`
`18`	`19`	`deny.Emails = removeDuplicates(deny.Emails)`
`19`	`20`	`deny.Uris = removeDuplicates(deny.Uris)`
	`21`	`+ deny.CommonNames = removeDuplicates(deny.CommonNames)`
`20`	`22`	`}`
`21`	`23`	`}`
`22`	`24`	`if ssh := p.GetSsh(); ssh != nil {`