crypto: fallback when no SAN values are given
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
e390f5b2d1
commit
a302a72379
|
@ -58,7 +58,7 @@ class CertificateBuilder:
|
||||||
self.__private_key = self.generate_private_key()
|
self.__private_key = self.generate_private_key()
|
||||||
self.__public_key = self.__private_key.public_key()
|
self.__public_key = self.__private_key.public_key()
|
||||||
alt_names: list[x509.GeneralName] = []
|
alt_names: list[x509.GeneralName] = []
|
||||||
for alt_name in subject_alt_names:
|
for alt_name in subject_alt_names or []:
|
||||||
if alt_name.strip() != "":
|
if alt_name.strip() != "":
|
||||||
alt_names.append(x509.DNSName(alt_name))
|
alt_names.append(x509.DNSName(alt_name))
|
||||||
self.__builder = (
|
self.__builder = (
|
||||||
|
|
|
@ -96,14 +96,16 @@ class JWKSView(View):
|
||||||
else:
|
else:
|
||||||
return key_data
|
return key_data
|
||||||
key_data["x5c"] = [b64encode(key.certificate.public_bytes(Encoding.DER)).decode("utf-8")]
|
key_data["x5c"] = [b64encode(key.certificate.public_bytes(Encoding.DER)).decode("utf-8")]
|
||||||
key_data["x5t"] = urlsafe_b64encode(
|
key_data["x5t"] = (
|
||||||
key.certificate.fingerprint(hashes.SHA1())
|
urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA1())) # nosec
|
||||||
).decode( # nosec
|
.decode("utf-8")
|
||||||
"utf-8"
|
.rstrip("=")
|
||||||
).rstrip("=")
|
)
|
||||||
key_data["x5t#S256"] = urlsafe_b64encode(
|
key_data["x5t#S256"] = (
|
||||||
key.certificate.fingerprint(hashes.SHA256())
|
urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA256()))
|
||||||
).decode("utf-8").rstrip("=")
|
.decode("utf-8")
|
||||||
|
.rstrip("=")
|
||||||
|
)
|
||||||
return key_data
|
return key_data
|
||||||
|
|
||||||
def get(self, request: HttpRequest, application_slug: str) -> HttpResponse:
|
def get(self, request: HttpRequest, application_slug: str) -> HttpResponse:
|
||||||
|
|
Reference in a new issue