From 306d32b21a50ac20b1f31be8efff94c2ece859fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20K=C3=A1cha?= <ph@cesnet.cz>
Date: Tue, 26 Apr 2022 17:01:25 +0200
Subject: [PATCH] Fix too fragile EJBCA subjectAltName attribute access

---
 warden_ra/warden_ra.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/warden_ra/warden_ra.py b/warden_ra/warden_ra.py
index 193df9b..8d629f1 100755
--- a/warden_ra/warden_ra.py
+++ b/warden_ra/warden_ra.py
@@ -217,7 +217,14 @@ class EjbcaRegistry(OpenSSLRegistry):
     def client_data(self, ejbca_data):
         ejbca_username = ejbca_data["username"]
         username = ejbca_username[:-len(self.username_suffix)] if ejbca_username.endswith(self.username_suffix) else ejbca_username
-        admins = [u if not u.startswith("RFC822NAME") else u[11:] for u in ejbca_data["subjectAltName"].split(",")]
+        try:
+            alt_name = ejbca_data["subjectAltName"]
+        except KeyError:
+            alt_name = None
+        if alt_name:
+            admins = [u if not u.startswith("RFC822NAME") else u[11:] for u in alt_name.split(",")]
+        else:
+            admins = []
         status = self.status_ejbca_to_str.get(ejbca_data["status"], "Other")
         return username, admins, status, None, ejbca_data
 
-- 
GitLab