crypto: fallback when no SAN values are given
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
e390f5b2d1
commit
a302a72379
|
@ -58,7 +58,7 @@ class CertificateBuilder:
|
|||
self.__private_key = self.generate_private_key()
|
||||
self.__public_key = self.__private_key.public_key()
|
||||
alt_names: list[x509.GeneralName] = []
|
||||
for alt_name in subject_alt_names:
|
||||
for alt_name in subject_alt_names or []:
|
||||
if alt_name.strip() != "":
|
||||
alt_names.append(x509.DNSName(alt_name))
|
||||
self.__builder = (
|
||||
|
|
|
@ -96,14 +96,16 @@ class JWKSView(View):
|
|||
else:
|
||||
return key_data
|
||||
key_data["x5c"] = [b64encode(key.certificate.public_bytes(Encoding.DER)).decode("utf-8")]
|
||||
key_data["x5t"] = urlsafe_b64encode(
|
||||
key.certificate.fingerprint(hashes.SHA1())
|
||||
).decode( # nosec
|
||||
"utf-8"
|
||||
).rstrip("=")
|
||||
key_data["x5t#S256"] = urlsafe_b64encode(
|
||||
key.certificate.fingerprint(hashes.SHA256())
|
||||
).decode("utf-8").rstrip("=")
|
||||
key_data["x5t"] = (
|
||||
urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA1())) # nosec
|
||||
.decode("utf-8")
|
||||
.rstrip("=")
|
||||
)
|
||||
key_data["x5t#S256"] = (
|
||||
urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA256()))
|
||||
.decode("utf-8")
|
||||
.rstrip("=")
|
||||
)
|
||||
return key_data
|
||||
|
||||
def get(self, request: HttpRequest, application_slug: str) -> HttpResponse:
|
||||
|
|
Reference in a new issue