crypto: fallback when no SAN values are given

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-01-18 19:40:24 +01:00
parent e390f5b2d1
commit a302a72379
No known key found for this signature in database
2 changed files with 11 additions and 9 deletions

View File

@ -58,7 +58,7 @@ class CertificateBuilder:
self.__private_key = self.generate_private_key() self.__private_key = self.generate_private_key()
self.__public_key = self.__private_key.public_key() self.__public_key = self.__private_key.public_key()
alt_names: list[x509.GeneralName] = [] alt_names: list[x509.GeneralName] = []
for alt_name in subject_alt_names: for alt_name in subject_alt_names or []:
if alt_name.strip() != "": if alt_name.strip() != "":
alt_names.append(x509.DNSName(alt_name)) alt_names.append(x509.DNSName(alt_name))
self.__builder = ( self.__builder = (

View File

@ -96,14 +96,16 @@ class JWKSView(View):
else: else:
return key_data return key_data
key_data["x5c"] = [b64encode(key.certificate.public_bytes(Encoding.DER)).decode("utf-8")] key_data["x5c"] = [b64encode(key.certificate.public_bytes(Encoding.DER)).decode("utf-8")]
key_data["x5t"] = urlsafe_b64encode( key_data["x5t"] = (
key.certificate.fingerprint(hashes.SHA1()) urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA1())) # nosec
).decode( # nosec .decode("utf-8")
"utf-8" .rstrip("=")
).rstrip("=") )
key_data["x5t#S256"] = urlsafe_b64encode( key_data["x5t#S256"] = (
key.certificate.fingerprint(hashes.SHA256()) urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA256()))
).decode("utf-8").rstrip("=") .decode("utf-8")
.rstrip("=")
)
return key_data return key_data
def get(self, request: HttpRequest, application_slug: str) -> HttpResponse: def get(self, request: HttpRequest, application_slug: str) -> HttpResponse: