crypto: fallback when no SAN values are given

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/crypto/builder.py

@@ -58,7 +58,7 @@ class CertificateBuilder:
         self.__private_key = self.generate_private_key()
         self.__public_key = self.__private_key.public_key()
         alt_names: list[x509.GeneralName] = []
-        for alt_name in subject_alt_names:
+        for alt_name in subject_alt_names or []:
             if alt_name.strip() != "":
                 alt_names.append(x509.DNSName(alt_name))
         self.__builder = (

authentik/providers/oauth2/views/jwks.py

@@ -96,14 +96,16 @@ class JWKSView(View):
         else:
             return key_data
         key_data["x5c"] = [b64encode(key.certificate.public_bytes(Encoding.DER)).decode("utf-8")]
-        key_data["x5t"] = urlsafe_b64encode(
+        key_data["x5t"] = (
-            key.certificate.fingerprint(hashes.SHA1())
+            urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA1()))  # nosec
-        ).decode(  # nosec
+            .decode("utf-8")
-            "utf-8"
+            .rstrip("=")
-        ).rstrip("=")
+        )
-        key_data["x5t#S256"] = urlsafe_b64encode(
+        key_data["x5t#S256"] = (
-            key.certificate.fingerprint(hashes.SHA256())
+            urlsafe_b64encode(key.certificate.fingerprint(hashes.SHA256()))
-        ).decode("utf-8").rstrip("=")
+            .decode("utf-8")
+            .rstrip("=")
+        )
         return key_data
 
     def get(self, request: HttpRequest, application_slug: str) -> HttpResponse: