csharp/src/KubernetesClient/CertUtils.cs

using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using k8s.Exceptions;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;

namespace k8s
{
    public static class CertUtils
    {
        /// <summary>
        /// Load pem encoded cert file
        /// </summary>
        /// <param name="file">Path to pem encoded cert file</param>
        /// <returns>x509 instance.</returns>
        public static X509Certificate2 LoadPemFileCert(string file)
        {
            var certdata = File.ReadAllText(file)
                .Replace("-----BEGIN CERTIFICATE-----", "")
                .Replace("-----END CERTIFICATE-----", "")
                .Replace("\r", "")
                .Replace("\n", "");

            return new X509Certificate2(Convert.FromBase64String(certdata));
        }

        /// <summary>
        /// Generates pfx from client configuration
        /// </summary>
        /// <param name="config">Kubernetes Client Configuration</param>
        /// <returns>Generated Pfx Path</returns>
        public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
        {
            byte[] keyData = null;
            byte[] certData = null;

            if (!string.IsNullOrWhiteSpace(config.ClientCertificateKeyData))
            {
                keyData = Convert.FromBase64String(config.ClientCertificateKeyData);
            }
            if (!string.IsNullOrWhiteSpace(config.ClientKeyFilePath))
            {
                keyData = File.ReadAllBytes(config.ClientKeyFilePath);
            }

            if (keyData == null)
            {
                throw new KubeConfigException("keyData is empty");
            }

            if (!string.IsNullOrWhiteSpace(config.ClientCertificateData))
            {
                certData = Convert.FromBase64String(config.ClientCertificateData);
            }
            if (!string.IsNullOrWhiteSpace(config.ClientCertificateFilePath))
            {
                certData = File.ReadAllBytes(config.ClientCertificateFilePath);
            }

            if (certData == null)
            {
                throw new KubeConfigException("certData is empty");
            }

            var cert = new X509CertificateParser().ReadCertificate(new MemoryStream(certData));

            object obj;
            using (var reader = new StreamReader(new MemoryStream(keyData)))
            {
                obj = new PemReader(reader).ReadObject();
                var key = obj as AsymmetricCipherKeyPair;
                if (key != null)
                {
                    var cipherKey = key;
                    obj = cipherKey.Private;
                }
            }

            var rsaKeyParams = (RsaPrivateCrtKeyParameters) obj;

            var store = new Pkcs12StoreBuilder().Build();
            store.SetKeyEntry("K8SKEY", new AsymmetricKeyEntry(rsaKeyParams), new[] {new X509CertificateEntry(cert)});

            using (var pkcs = new MemoryStream())
            {
                store.Save(pkcs, new char[0], new SecureRandom());
                return new X509Certificate2(pkcs.ToArray());
            }
        }
    }
}
add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`using System;`
			`using System.IO;`
			`using System.Security.Cryptography.X509Certificates;`
			`using System.Text;`
			`using k8s.Exceptions;`
			`using Org.BouncyCastle.Crypto;`
			`using Org.BouncyCastle.Crypto.Parameters;`
			`using Org.BouncyCastle.OpenSsl;`
			`using Org.BouncyCastle.Pkcs;`
			`using Org.BouncyCastle.Security;`
			`using Org.BouncyCastle.X509;`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00
add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`namespace k8s`
			`{`
cleanup unused code and functions and fix unittest naming style 2017-11-08 14:22:10 +08:00			`public static class CertUtils`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`{`
			`/// <summary>`
introduce go client style config creating functions 2017-10-11 21:27:22 +08:00			`/// Load pem encoded cert file`
			`/// </summary>`
			`/// <param name="file">Path to pem encoded cert file</param>`
			`/// <returns>x509 instance.</returns>`
			`public static X509Certificate2 LoadPemFileCert(string file)`
			`{`
			`var certdata = File.ReadAllText(file)`
			`.Replace("-----BEGIN CERTIFICATE-----", "")`
			`.Replace("-----END CERTIFICATE-----", "")`
			`.Replace("\r", "")`
			`.Replace("\n", "");`

			`return new X509Certificate2(Convert.FromBase64String(certdata));`
			`}`

			`/// <summary>`
			`/// Generates pfx from client configuration`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`/// </summary>`
fix misspelling of Kubernetes (#99) 2018-03-12 17:55:21 -04:00			`/// <param name="config">Kubernetes Client Configuration</param>`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`/// <returns>Generated Pfx Path</returns>`
Add tests. 2017-09-27 21:51:00 -07:00			`public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`{`
add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`byte[] keyData = null;`
			`byte[] certData = null;`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00
rename client cert params to a better name 2017-10-13 01:53:25 +08:00			`if (!string.IsNullOrWhiteSpace(config.ClientCertificateKeyData))`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`{`
rename client cert params to a better name 2017-10-13 01:53:25 +08:00			`keyData = Convert.FromBase64String(config.ClientCertificateKeyData);`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`}`
rename client cert params to a better name 2017-10-13 01:53:25 +08:00			`if (!string.IsNullOrWhiteSpace(config.ClientKeyFilePath))`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`{`
rename client cert params to a better name 2017-10-13 01:53:25 +08:00			`keyData = File.ReadAllBytes(config.ClientKeyFilePath);`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`}`

add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`if (keyData == null)`
			`{`
Fix incorrect exception message in CertUtils (#172) 2018-06-12 00:09:51 +04:00			`throw new KubeConfigException("keyData is empty");`
add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`}`

Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`if (!string.IsNullOrWhiteSpace(config.ClientCertificateData))`
			`{`
			`certData = Convert.FromBase64String(config.ClientCertificateData);`
			`}`
rename client cert params to a better name 2017-10-13 01:53:25 +08:00			`if (!string.IsNullOrWhiteSpace(config.ClientCertificateFilePath))`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`{`
rename client cert params to a better name 2017-10-13 01:53:25 +08:00			`certData = File.ReadAllBytes(config.ClientCertificateFilePath);`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`}`

add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`if (certData == null)`
			`{`
			`throw new KubeConfigException("certData is empty");`
			`}`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00
add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`var cert = new X509CertificateParser().ReadCertificate(new MemoryStream(certData));`

			`object obj;`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`using (var reader = new StreamReader(new MemoryStream(keyData)))`
			`{`
add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`obj = new PemReader(reader).ReadObject();`
			`var key = obj as AsymmetricCipherKeyPair;`
			`if (key != null)`
			`{`
			`var cipherKey = key;`
Add tests. 2017-09-27 21:51:00 -07:00			`obj = cipherKey.Private;`
			`}`
add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`}`

			`var rsaKeyParams = (RsaPrivateCrtKeyParameters) obj;`

			`var store = new Pkcs12StoreBuilder().Build();`
			`store.SetKeyEntry("K8SKEY", new AsymmetricKeyEntry(rsaKeyParams), new[] {new X509CertificateEntry(cert)});`

			`using (var pkcs = new MemoryStream())`
			`{`
fix load error on linux 2017-10-13 03:34:24 +08:00			`store.Save(pkcs, new char[0], new SecureRandom());`
add net standard way to create cert with key 2017-10-13 03:06:35 +08:00			`return new X509Certificate2(pkcs.ToArray());`
Remove openssl dependency. Move to dotnet 2.0 2017-09-22 20:59:41 -07:00			`}`
			`}`
			`}`
introduce go client style config creating functions 2017-10-11 21:27:22 +08:00			`}`