From 235020ad64efc6d9d2ed40101b4384ba6f58500a Mon Sep 17 00:00:00 2001
From: Hai Huang <haih@us.ibm.com>
Date: Wed, 4 May 2016 11:18:23 -0400
Subject: [PATCH] getting emailAddress from TLS cert

---
 plugin/pkg/auth/authenticator/request/x509/x509.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/plugin/pkg/auth/authenticator/request/x509/x509.go b/plugin/pkg/auth/authenticator/request/x509/x509.go
index 310898dd847..7a0d4e010b8 100644
--- a/plugin/pkg/auth/authenticator/request/x509/x509.go
+++ b/plugin/pkg/auth/authenticator/request/x509/x509.go
@@ -18,6 +18,7 @@ package x509
 
 import (
 	"crypto/x509"
+	"encoding/asn1"
 	"net/http"
 
 	"k8s.io/kubernetes/pkg/auth/user"
@@ -104,7 +105,13 @@ var DNSNameUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (
 
 // EmailAddressUserConversion builds user info from a certificate chain using the first EmailAddress on the certificate
 var EmailAddressUserConversion = UserConversionFunc(func(chain []*x509.Certificate) (user.Info, bool, error) {
+	var emailAddressOID asn1.ObjectIdentifier = []int{1, 2, 840, 113549, 1, 9, 1}
 	if len(chain[0].EmailAddresses) == 0 {
+		for _, name := range chain[0].Subject.Names {
+			if name.Type.Equal(emailAddressOID) {
+				return &user.DefaultInfo{Name: name.Value.(string)}, true, nil
+			}
+		}
 		return nil, false, nil
 	}
 	return &user.DefaultInfo{Name: chain[0].EmailAddresses[0]}, true, nil