From 67a90df47f9e2297483e39d1e03769642dc165e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Richard=20K=C3=B6rber?= <github@shredzone.org>
Date: Fri, 24 Nov 2023 11:38:29 +0100
Subject: [PATCH] Do not set two CNs

---
 .../src/main/java/org/shredzone/acme4j/util/CSRBuilder.java  | 5 +++++
 .../test/java/org/shredzone/acme4j/util/CSRBuilderTest.java  | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java b/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
index 49688da0..eb810c53 100644
--- a/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
+++ b/acme4j-client/src/main/java/org/shredzone/acme4j/util/CSRBuilder.java
@@ -64,6 +64,7 @@ public class CSRBuilder {
     private final List<String> namelist = new ArrayList<>();
     private final List<InetAddress> iplist = new ArrayList<>();
     private @Nullable PKCS10CertificationRequest csr = null;
+    private boolean hasCnSet = false;
 
     /**
      * Adds a domain name to the CSR. All domain names will be added as <em>Subject
@@ -212,6 +213,10 @@ public class CSRBuilder {
     public void addValue(ASN1ObjectIdentifier oid, String value) {
         if (requireNonNull(oid, "OID must not be null").equals(BCStyle.CN)) {
             addDomain(value);
+            if (hasCnSet) {
+                return;
+            }
+            hasCnSet = true;
         }
         namebuilder.addRDN(oid, requireNonNull(value, "attribute value must not be null"));
     }
diff --git a/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java b/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java
index a5cf5b50..071e9c16 100644
--- a/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java
+++ b/acme4j-client/src/test/java/org/shredzone/acme4j/util/CSRBuilderTest.java
@@ -189,7 +189,7 @@ public class CSRBuilderTest {
         builder.addValue("CN", "firstcn.example.com");
         assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,DNS=firstcn.example.com");
         builder.addValue("CN", "scnd.example.com");
-        assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,CN=scnd.example.com,DNS=firstcn.example.com,DNS=scnd.example.com");
+        assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,DNS=firstcn.example.com,DNS=scnd.example.com");
         
         builder = new CSRBuilder();
         builder.addValue(BCStyle.C, "DE");
@@ -199,7 +199,7 @@ public class CSRBuilderTest {
         builder.addValue(BCStyle.CN, "firstcn.example.com");
         assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,DNS=firstcn.example.com");
         builder.addValue(BCStyle.CN, "scnd.example.com");
-        assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,CN=scnd.example.com,DNS=firstcn.example.com,DNS=scnd.example.com");
+        assertThat(builder.toString()).isEqualTo("C=DE,E=contact@example.com,CN=firstcn.example.com,DNS=firstcn.example.com,DNS=scnd.example.com");
     }
 
     private CSRBuilder createBuilderWithValues() throws UnknownHostException {