crypto: fallback when no SAN values are given

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-18 19:40:24 +01:00 · 2023-01-18 19:40:24 +01:00 · a302a72379
parent e390f5b2d1
commit a302a72379
2 changed files with 11 additions and 9 deletions
--- a/authentik/crypto/builder.py
+++ b/authentik/crypto/builder.py
@ -58,7 +58,7 @@ class CertificateBuilder:
        self.__private_key = self.generate_private_key()
        self.__public_key = self.__private_key.public_key()
        alt_names: list[x509.GeneralName] = []
-        for alt_name in subject_alt_names:
+        for alt_name in subject_alt_names or []:
            if alt_name.strip() != "":
                alt_names.append(x509.DNSName(alt_name))
        self.__builder = (
--- a/authentik/providers/oauth2/views/jwks.py
+++ b/authentik/providers/oauth2/views/jwks.py
@ -96,14 +96,16 @@ class JWKSView(View):
        else:
            return key_data
        key_data["x5c"] = [b64encode(key.certificate.public_bytes(Encoding.DER)).decode("utf-8")]
-        key_data["x5t"] = urlsafe_b64encode(
-            key.certificate.fingerprint(hashes.SHA1())
-        ).decode(  # nosec
-            "utf-8"
-        ).rstrip("=")
-        key_data["x5t#S256"] = urlsafe_b64encode(
-            key.certificate.fingerprint(hashes.SHA256())
-        ).decode("utf-8").rstrip("=")
+        key_data["x5t"] = (
+            urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA1()))  # nosec
+            .decode("utf-8")
+            .rstrip("=")
+        )
+        key_data["x5t#S256"] = (
+            urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA256()))
+            .decode("utf-8")
+            .rstrip("=")
+        )
        return key_data

    def get(self, request: HttpRequest, application_slug: str) -> HttpResponse: