Android cert SAN frontend

[getvictor]

Related issue: Resolves #41472

• Figma
• Needs to merge to main after Add support for SAN in Android certificate templates. #44690

Checklist for submitter

• Input data is properly validated, SELECT * is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters.

Testing

• Added/updated automated tests
• QA'd all new/changed functionality manually

Summary by CodeRabbit

• New Features

  • Added Subject Alternative Name (SAN) field to the certificate management modal with comprehensive validation support.

• Tests

  • Expanded test coverage for the certificate modal with enhanced validation scenarios and server response handling.

[getvictor]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[getvictor]

/agentic_review

[qodo-free-for-open-source-projects]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. SAN trim/limit mismatch ✓ Resolved 🐞 Bug ≡ Correctness

Description

The SAN max-length validation checks the raw subjectAlternativeName.length, but the API client
trims SAN and omits it when the trimmed value is empty. This can block form submission for SAN
values that would be trimmed down (or omitted) and accepted by the server (e.g., long
leading/trailing whitespace).

Code

frontend/pages/ManageControlsPage/OSSettings/cards/Certificates/components/AddCertificateModal/helpers.ts[R110-121]

+    subjectAlternativeName: {
+      // SAN is optional; format is validated server-side. Only enforce the
+      // server's length cap so the user gets fast feedback on pathological inputs.
+      validations: [
+        {
+          name: "maxLength",
+          isValid: (formData: IAddCertFormData) => {
+            return formData.subjectAlternativeName.length <= SAN_MAX_LENGTH;
+          },
+          message: SAN_TOO_LONG_MSG,
+        },
+      ],

Evidence

Client-side validation rejects SAN based on the untrimmed length, while the request builder trims
the SAN and conditionally excludes it when empty; this creates inconsistent behavior where
whitespace can make the UI reject an input that would not be sent (or would be shorter) on the wire.

frontend/pages/ManageControlsPage/OSSettings/cards/Certificates/components/AddCertificateModal/helpers.ts[110-121]
frontend/services/entities/certificates.ts[138-147]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The SAN field is validated against a 4096-character cap using the raw textarea value, but the API client trims SAN (and omits it entirely when the trimmed value is empty). This mismatch can cause the UI to block submissions that would result in an empty/short SAN on the request.
### Issue Context
- `validateFormData` enforces `subjectAlternativeName.length <= 4096`.
- `certificatesAPI.addCert` uses `subjectAlternativeName?.trim()` and omits `subject_alternative_name` when the trimmed string is empty.
### Fix Focus Areas
- frontend/pages/ManageControlsPage/OSSettings/cards/Certificates/components/AddCertificateModal/helpers.ts[110-121]
- frontend/services/entities/certificates.ts[138-147]
### Implementation notes
- Update the SAN max-length validation to apply to the same representation that will be sent (e.g., `formData.subjectAlternativeName.trim().length <= 4096`).
- Optionally, consider treating whitespace-only SAN as empty/valid since it will be omitted from the request.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[codecov]

Codecov Report

❌ Patch coverage is 90.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.70%. Comparing base (c79d33a) to head (a8f136a).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...onents/AddCertificateModal/AddCertificateModal.tsx	88.88%	2 Missing ⚠️
...ificates/components/AddCertificateModal/helpers.ts	88.88%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #44809      +/-   ##
==========================================
+ Coverage   66.66%   66.70%   +0.04%     
==========================================
  Files        2672     2673       +1     
  Lines      214700   215049     +349     
  Branches     9946     9800     -146     
==========================================
+ Hits       143137   143458     +321     
- Misses      58540    58563      +23     
- Partials    13023    13028       +5     

Flag	Coverage Δ
frontend	54.41% <90.00%> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Adds frontend support for Android certificate template SANs in the Manage Controls certificates flow, aligning the UI with the backend/API support for subject_alternative_name.

Changes:

• Adds an optional SAN textarea to the Add certificate modal and sends SAN data in certificate create requests.
• Refactors modal validation so required-field errors appear inline after submit attempts and SAN-specific 422 errors render on the SAN field.
• Expands modal tests and marks the related OpenSpec frontend tasks complete.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
openspec/changes/android-cert-san-attributes/tasks.md	Marks the frontend OpenSpec tasks as completed with implementation notes.
frontend/services/entities/certificates.ts	Extends certificate types and POST payload construction to include SAN.
frontend/pages/ManageControlsPage/OSSettings/cards/Certificates/components/AddCertificateModal/helpers.ts	Adds SAN validation plus required-field messages and submit-attempt-aware validation behavior.
frontend/pages/ManageControlsPage/OSSettings/cards/Certificates/components/AddCertificateModal/AddCertificateModal.tsx	Adds the SAN field, SAN server-error handling, and the always-enabled submit pattern.
frontend/pages/ManageControlsPage/OSSettings/cards/Certificates/components/AddCertificateModal/AddCertificateModal.tests.tsx	Adds SAN and validation-focused Jest coverage for the modal.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Walkthrough

This PR adds Subject Alternative Name (SAN) field support to the AddCertificateModal component for Android certificate management. Changes include adding a SAN input field with client-side and server-side validation, extending form data interfaces to include the SAN property, implementing validation gating with an attemptedSubmit flag, handling SAN-specific server errors, and comprehensive test coverage for new functionality including placeholder presence, validation errors, length limits, and full submission flows.

Possibly related PRs

• fleetdm/fleet#37765: Both PRs modify the AddCertificateModal form validation logic in helpers.ts, with the former adding SAN support and expanding validation/required-field behavior.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is incomplete and missing critical checklist items required by the repository template.	Complete the checklist by checking or removing irrelevant items. Specifically add: changes file confirmation, database migration checks (schema/collation/timestamps), manual QA confirmation, and clarify any new Fleet configuration settings or GitOps requirements.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	The PR implements frontend SAN support across the AddCertificateModal component, helpers, and certificate service entities, aligning with the issue's UI design and API contract requirements for SAN field inclusion.
Out of Scope Changes check	✅ Passed	All code changes are directly related to implementing SAN support in the certificate modal and form validation, with no unrelated modifications or scope creep detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title 'Android cert SAN frontend' directly reflects the main change: adding Subject Alternative Name (SAN) support to the certificate modal frontend component for Android.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch victor/41472-phase2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}