From 1673591dee1735b066c71305161c4c6bc42bb0bc Mon Sep 17 00:00:00 2001
From: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
Date: Tue, 30 Sep 2025 16:20:15 -0300
Subject: [PATCH] chore: handle error and cover with tests

Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
---
 .../CertificateEngine/OpenSslHandler.php      |  6 +++-
 .../CertificateEngine/OpenSslHandlerTest.php  | 30 +++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/lib/Handler/CertificateEngine/OpenSslHandler.php b/lib/Handler/CertificateEngine/OpenSslHandler.php
index 91abd08eee..82c4da1f3d 100644
--- a/lib/Handler/CertificateEngine/OpenSslHandler.php
+++ b/lib/Handler/CertificateEngine/OpenSslHandler.php
@@ -88,7 +88,11 @@ public function generateCertificate(): string {
 			'private_key_type' => OPENSSL_KEYTYPE_RSA,
 		]);
 
-		$csr = openssl_csr_new($this->getCsrNames(), $privateKey);
+		$csr = @openssl_csr_new($this->getCsrNames(), $privateKey);
+		if ($csr === false) {
+			$message = openssl_error_string();
+			throw new LibresignException('OpenSSL error: ' . $message);
+		}
 
 		$x509 = openssl_csr_sign($csr, $rootCertificate, $rootPrivateKey, $this->expirity(), [
 			'config' => $this->getFilenameToLeafCert(),
diff --git a/tests/php/Unit/Handler/CertificateEngine/OpenSslHandlerTest.php b/tests/php/Unit/Handler/CertificateEngine/OpenSslHandlerTest.php
index 658ec822d4..f810851b6e 100644
--- a/tests/php/Unit/Handler/CertificateEngine/OpenSslHandlerTest.php
+++ b/tests/php/Unit/Handler/CertificateEngine/OpenSslHandlerTest.php
@@ -8,6 +8,7 @@
 
 use OCA\Libresign\Exception\EmptyCertificateException;
 use OCA\Libresign\Exception\InvalidPasswordException;
+use OCA\Libresign\Exception\LibresignException;
 use OCA\Libresign\Handler\CertificateEngine\OpenSslHandler;
 use OCA\Libresign\Service\CertificatePolicyService;
 use OCP\Files\AppData\IAppDataFactory;
@@ -72,6 +73,35 @@ public function testInvalidPassword(): void {
 		$signerInstance->readCertificate($certificateContent, 'invalid password');
 	}
 
+	public function testMaxLengthOfDistinguishedNamesWithSuccess(): void {
+		// Create root cert
+		$rootInstance = $this->getInstance();
+		$rootInstance->generateRootCert('', []);
+
+		// Create signer cert
+		$signerInstance = $this->getInstance();
+		$longName = str_repeat('a', 64);
+		$signerInstance->setCommonName($longName);
+		$signerInstance->setPassword('123456');
+		$certificateContent = $signerInstance->generateCertificate();
+		$parsed = $signerInstance->readCertificate($certificateContent, '123456');
+		$this->assertEquals($longName, $parsed['subject']['CN']);
+	}
+
+	public function testBiggerThanMaxLengthOfDistinguishedNamesWithError(): void {
+		// Create root cert
+		$rootInstance = $this->getInstance();
+		$rootInstance->generateRootCert('', []);
+
+		// Create signer cert
+		$signerInstance = $this->getInstance();
+		$longName = str_repeat('a', 65);
+		$signerInstance->setCommonName($longName);
+		$signerInstance->setPassword('123456');
+		$this->expectException(LibresignException::class);
+		$signerInstance->generateCertificate();
+	}
+
 	/**
 	 * @dataProvider dataReadCertificate
 	 */