Merge pull request #1609 from smallstep/mariano/jwk-commonname

Change CommonName validator in JWK

authority/provisioner/jwk.go

@@ -190,7 +190,7 @@ func (p *JWK) AuthorizeSign(ctx context.Context, token string) ([]SignOption, er
 		newProvisionerExtensionOption(TypeJWK, p.Name, p.Key.KeyID).WithControllerOptions(p.ctl),
 		profileDefaultDuration(p.ctl.Claimer.DefaultTLSCertDuration()),
 		// validators
-		commonNameValidator(claims.Subject),
+		commonNameSliceValidator(append([]string{claims.Subject}, claims.SANs...)),
 		defaultPublicKeyValidator{},
 		newDefaultSANsValidator(ctx, claims.SANs),
 		newValidityValidator(p.ctl.Claimer.MinTLSCertDuration(), p.ctl.Claimer.MaxTLSCertDuration()),

authority/provisioner/jwk_test.go

@@ -309,8 +309,8 @@ func TestJWK_AuthorizeSign(t *testing.T) {
 							assert.Len(t, 0, v.KeyValuePairs)
 						case profileDefaultDuration:
 							assert.Equals(t, time.Duration(v), tt.prov.ctl.Claimer.DefaultTLSCertDuration())
-						case commonNameValidator:
-							assert.Equals(t, string(v), "subject")
+						case commonNameSliceValidator:
+							assert.Equals(t, []string(v), append([]string{"subject"}, tt.sans...))
 						case defaultPublicKeyValidator:
 						case *validityValidator:
 							assert.Equals(t, v.min, tt.prov.ctl.Claimer.MinTLSCertDuration())