[BUG] Empty CertificatePolicy.EnhancedKeyUsage skips serialization #53762
Description
Library name and version
Azure.Security.KeyVault.Certificates 4.8.0
Describe the bug
Using the library there is no way to create a certificate that would not have any EKUs, while using the Azure Portal UI or Rest API directly it is possible.
Library skips serialization of the CertificatePolicy.EnhancedKeyUsage property if it is null or empty (code).
null and empty array EKU in the KeyVault service are interpreted differently. In the service, null (or missing json property) results in a default of 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2 EKUs getting added to the certificate. Empty array results in no EKUs. With Azure.Security.KeyVault.Certificates library both of these cases result in 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2 EKUs on certificate.
Expected behavior
Having empty list in CertificatePolicy.EnhancedKeyUsage should result in no EKUs on the certificate.
Assigning null to CertificatePolicy.EnhancedKeyUsage should result in default list of EKUs (as defined by the KeyVault Rest API).
Actual behavior
Clearing the list in CertificatePolicy.EnhancedKeyUsage and creating a certificate with it results in a certificate with 2 EKUs - 1.3.6.1.5.5.7.3.1 and 1.3.6.1.5.5.7.3.2.
Reproduction Steps
var client = new CertificateClient(keyVaultUri, credentials);
var newPolicy = new CertificatePolicy(WellKnownIssuerNames.Self, "CN=TestSubject");
newPolicy.EnhancedKeyUsage.Clear();
var certificateOperation = await client.StartCreateCertificateAsync("TestCertificate", newPolicy);
await certificateOperation.WaitForCompletionAsync();
Debug.Assert(certificateOperation.Value.Policy.EnhancedKeyUsage.Count == 0); // FailsEnvironment
No response