kubernetes-client/csharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use net5 certificate api instead of 3rd api (#733)

Browse Source 
* use net api for cert loading

* codeql happy?
This commit is contained in:
Boshi Lian
2021-10-20 06:57:58 -07:00
committed by GitHub
parent e7de93dd10
commit 3643250f40
9 changed files with 71 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/codeql-analysis.yml vendored
View File

@@ -12,7 +12,7 @@ on:
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
runs-on: windows-latest
strategy:
fail-fast: false

46
src/KubernetesClient/CertUtils.cs
View File

@@ -1,12 +1,15 @@
using k8s.Exceptions;
#if !NET5_0_OR_GREATER
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Pkcs;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;
#endif
using System;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Text;
namespace k8s
{
@@ -22,6 +25,9 @@ namespace k8s
var certCollection = new X509Certificate2Collection();
using (var stream = FileUtils.FileSystem().File.OpenRead(file))
{
#if NET5_0_OR_GREATER
certCollection.ImportFromPem(new StreamReader(stream).ReadToEnd());
#else
var certs = new X509CertificateParser().ReadCertificates(stream);
// Convert BouncyCastle X509Certificates to the .NET cryptography implementation and add
@@ -31,6 +37,7 @@ namespace k8s
{
certCollection.Add(new X509Certificate2(cert.GetEncoded()));
}
#endif
}
return certCollection;
@@ -48,6 +55,44 @@ namespace k8s
throw new ArgumentNullException(nameof(config));
}
#if NET5_0_OR_GREATER
string keyData = null;
string certData = null;
if (!string.IsNullOrWhiteSpace(config.ClientCertificateKeyData))
{
keyData = Encoding.UTF8.GetString(Convert.FromBase64String(config.ClientCertificateKeyData));
}
if (!string.IsNullOrWhiteSpace(config.ClientKeyFilePath))
{
keyData = File.ReadAllText(config.ClientKeyFilePath);
}
if (keyData == null)
{
throw new KubeConfigException("keyData is empty");
}
if (!string.IsNullOrWhiteSpace(config.ClientCertificateData))
{
certData = Encoding.UTF8.GetString(Convert.FromBase64String(config.ClientCertificateData));
}
if (!string.IsNullOrWhiteSpace(config.ClientCertificateFilePath))
{
certData = File.ReadAllText(config.ClientCertificateFilePath);
}
if (certData == null)
{
throw new KubeConfigException("certData is empty");
}
return X509Certificate2.CreateFromPem(certData, keyData);
#else
byte[] keyData = null;
byte[] certData = null;
@@ -121,6 +166,7 @@ namespace k8s
return new X509Certificate2(pkcs.ToArray());
}
}
#endif
}
/// <summary>

2
src/KubernetesClient/KubernetesClient.csproj
View File

@@ -33,7 +33,7 @@
<PackageReference Include="AutoMapper" Version="10.1.1" />
<PackageReference Include="Fractions" Version="7.0.0" />
<PackageReference Include="Nerdbank.GitVersioning" Version="3.4.240" PrivateAssets="all" />
<PackageReference Include="Portable.BouncyCastle" Version="1.8.10" />
<PackageReference Include="Portable.BouncyCastle" Version="1.8.10" Condition="'$(TargetFramework)' == 'netstandard2.1'" />
<PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.23" />
<PackageReference Include="prometheus-net" Version="5.0.1" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.13.1" />

2
tests/E2E.Tests/E2E.Tests.csproj
View File

@@ -3,7 +3,7 @@
<IsPackable>false</IsPackable>
<SignAssembly>true</SignAssembly>
<RootNamespace>k8s.E2E</RootNamespace>
<TargetFramework>net5.0</TargetFramework>
<TargetFrameworks>net5.0;netcoreapp3.1</TargetFrameworks>
</PropertyGroup>
<ItemGroup>

3
tests/KubernetesClient.Tests/KubernetesClient.Tests.csproj
View File

@@ -4,7 +4,7 @@
<LangVersion>8</LangVersion>
<SignAssembly>true</SignAssembly>
<RootNamespace>k8s.Tests</RootNamespace>
<TargetFrameworks>net5</TargetFrameworks>
<TargetFrameworks>net5;netcoreapp3.1</TargetFrameworks>
</PropertyGroup>
<ItemGroup>
@@ -14,6 +14,7 @@
<PackageReference Include="System.IO.Abstractions.TestingHelpers" Version="13.2.47" />
<PackageReference Include="System.Reactive" Version="5.0.0" />
<PackageReference Include="Nito.AsyncEx" Version="5.1.2" />
<PackageReference Include="Portable.BouncyCastle" Version="1.8.10"/>
</ItemGroup>
<ItemGroup>

8
tests/KubernetesClient.Tests/assets/elliptic-client.key
View File

@@ -1,5 +1,7 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIPRgTfIRnvc0IUzur8Hty7BKyGxyeKgy3PTymy+HdCG9oAoGCCqGSM49
AwEHoUQDQgAEtwldWFvRSvTgNo0s+bhL/58WoBObRCfbBYzc7ynSkm0Eywkni7Rl
i6LlpOrg9xRwLwNblSgCjO15S3Nvue2WbQ==
MIHcAgEBBEIAgsWy6kCIIGCuedLfU0zqElm7H9VwpzKWK3ITjtG8QPEJfw0vEqVL
Ly4aVsZ8dH7lP6Ykz90lAxLPwMJTL7fht9qgBwYFK4EEACOhgYkDgYYABADJVVPm
PwRHH96uMREAJMrznGswswqMerCY8wqGjAMDHCWE/bvbGROhRzZM5WNuI/C7d5oV
YpagbVVgIi3L4Jr+hgDuAmK4AExQYcZWVcPqLe/kv7i5xxAT2MJwuto7QJeR7ffh
YzbpOXqgQBrJW2Fdgh/mTAKHrtP/nDOsioRWzxl2zQ==
-----END EC PRIVATE KEY-----

13
tests/KubernetesClient.Tests/assets/elliptic.crt Normal file
View File

@@ -0,0 +1,13 @@
-----BEGIN CERTIFICATE-----
MIICBTCCAWYCFDt3JLija7g4s9TNSFI8p9topHs4MAoGCCqGSM49BAMCMEExCzAJ
BgNVBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UE
CgwKS3ViZXJuZXRlczAeFw0yMTEwMjAwMDA2MDdaFw0yMTExMTkwMDA2MDdaMEEx
CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTETMBEG
A1UECgwKS3ViZXJuZXRlczCBmzAQBgcqhkjOPQIBBgUrgQQAIwOBhgAEAMlVU+Y/
BEcf3q4xEQAkyvOcazCzCox6sJjzCoaMAwMcJYT9u9sZE6FHNkzlY24j8Lt3mhVi
lqBtVWAiLcvgmv6GAO4CYrgATFBhxlZVw+ot7+S/uLnHEBPYwnC62jtAl5Ht9+Fj
Nuk5eqBAGslbYV2CH+ZMAoeu0/+cM6yKhFbPGXbNMAoGCCqGSM49BAMCA4GMADCB
iAJCAL8VpSq+rs+h/BmNu/z0KCWsfQv7zOZOTOqYJ/5NzaBlEhejj8ktfvWTJ3SR
jHIMWdK+SAJva1v1tzaTi5z7KiYuAkIApijJv9yr/Ex4okg6zB/LgsTio67fm4DG
9Yrw9KVtUbskcYjcpLVbT78cQjeDyDg1dYtHpdl7Z7p+jga/nPb/HKU=
-----END CERTIFICATE-----

2
tests/KubernetesClient.Tests/assets/kubeconfig.additional-properties.yml
View File

@@ -60,5 +60,5 @@ users:
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdkdSRUNxTXh6dC9DM3h1SXFhbDJiU2p0Nmh3blAxYm1lZFdiMGNtNXpjd1dqVzlqCm9VdUtqSU9OYzZWclA4Q3djdkg4RHEyWWZNeHFLTkpjbmdMZ1NUemwxdlNaTk5vVGJGZTNhWTJxV0YwdmlLNk8KemFpMmw5TW8zZFdJbmlHbnFMSmxwVzZINHFlYkNzTEZBZTVYUThxNGdTQUd0ZE9sMmpjZlhhT2p4N2k5MjV2bgpzRzRuWVJQVEQweG5Ic21LSklNekpZNG84L3J6TmtiTW9EWUszY1UvRVBQeFF3NzM4RWhYMDRSWG1xOTZ3L3hRClJYbDZCZmRNODZabVgyV2kvYTRISEFpYkFtMFgyVzgyRkV3MEU4K3J2bVVGMDdZcEprdndzTDhCMXBDKzVZVCsKYndETmsyUXl3V2dMZFBUTWJZalEwbFlVRW1FN3dJeVJYdkN0b1FJREFRQUJBb0lCQUNCYk9EUjdndnA5QkFNOQp2Mk1rYitxZnRQMFlpTVVnTDhXTklvNE5qNVFCRVg2Sk94dGcxaEw4SlRkUG1mUUJMRTBSc3JEeXI5WC9aZHhOCkJRcytnemNROW9qTXllT0I4UVFTckxXOFZ4MkdJN3ZkL3pqaldUa0tVMktHWWtpR2p6MHlKck1iSU11VTdkUVQKVDdMZE5LKzRDYWhqejhNNjdxbGova2NlNitwSlRLdHZKR2tNSDRYUXJyMFRmU3hLMmEwUUNmNkZwSXp2OFFEMApISE9HbFJaWlBYK1dXYVA2UFpFU3JSZG1vbmFKaTJlRG03b1Y1WU1DMExWTHJzMVprZS9FT01CODZYOVlraGJUCmJsRkxRZjlNR1hTdWtGeW1MSnFSd01DUjJxZytKSXpEU1BuYzkzbjNwcHl4Nys3UkhFeXZNMFVNOVhyeHQrNHcKUkd3ZVZlRUNnWUVBeElkaFRCdW4rRk52YkVhSHZUdlpzNkVCa1lJUXUyV0NDR3dWN1lPbTZzc0hzczJBaldrVgprQ0pMajhZMTFpMHd0Y21yOG9DcE1EN0FDRWxMSWFEK3RubW5CTzlkQ2NnTzJoNXFCSkY1UytJeFlGcVZ5ZVBsCnptQkE2VzFvdzB2Y1hsYmkrVUg4SWF3WnNLaFlMaklscmdmQ3YwaU9LNzBYaEF3YzZ6Vlk4TjhDZ1lFQTlXYUUKMklkNjJEaGxLWVRaNW5yY3g1aVN3WU1jaitMTE5FYTFZMlZFNEhZZktvbjFkRnNSa2NKV1YyRVpoRGlqcVIyaQpXZEdEVldiMVVaVEpiM3BZWW1NakJFQXhFbEJXTSt0SzhialRqMWhxbXJPQWhLU0ZYUjg4RkNEanVkcStSbmo4CklyZFlWanNCdDA5RkVkT2RqdVFseGgyRVdQWDNPdVFhRXd5WnNYOENnWUJzekNtZ0VadHVqUG9kTGZxTlZ5blIKR0t3ZW1xdWFvcnBXNFVkT1l0aXdHTS9kTzRrVVAvMlErbnRzVDZXVU9SWkRQUzgwbytlRjd1Y3VieXpwcEEvKwpndUJraWdLdW5KTWtTendUNVZrS0dtR05YdmlYZU5QSzZWeG1IWXltdVVONDhvN2F3SjNOSWxKaWl2K3VLMUxTCndqY2M0QlRjditUWjFEN2FNNEZXYndLQmdHY1MyNE96VEJiYmdTb3lRZS83OVJYazhPZFU4YjlCN0VZVjJRUloKdWRkcDVlZFJNUWJoWlh6S21zZHk0bXZWK25BRElYa0dkbHA5dDFhLzN1ZnpCSUsyenpOdTN1MnBUcnZaL1kyUQpLMVJQTjkrb3U3ZDYvd1ZCSkZQMENKSzgzU1R1bGtEaXI3andhZVViNTQvNFNYcUdPNU4rUEdPOVZFMnBGNGFlCnlVTnpBb0dCQUptMU1vcFQ4N0llelBmQ010ck51cXVqQjFpdStvb1lIYm9IbGJXZUNxS3RSRnNYMWhXOWpTY1UKQ0ZRanhSVCtPcENVWndjbDdkY2xsTUlxQTRWQ1NmUUFRMW9CMU41WENRWE8xVFlXOHU1K1BRTUdUcFEvQlVEawp6WmRJZzZqQkFXd3R6YkNzKzRjVkFoclN3cDRBSXFvcndTZU1qRmdsTmNoNzgxMEF6emNJCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
- name: elliptic-user
user:
client-certificate: assets/client.crt
client-certificate: assets/elliptic.crt
client-key: assets/elliptic-client.key

2
tests/KubernetesClient.Tests/assets/kubeconfig.yml
View File

@@ -58,5 +58,5 @@ users:
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdkdSRUNxTXh6dC9DM3h1SXFhbDJiU2p0Nmh3blAxYm1lZFdiMGNtNXpjd1dqVzlqCm9VdUtqSU9OYzZWclA4Q3djdkg4RHEyWWZNeHFLTkpjbmdMZ1NUemwxdlNaTk5vVGJGZTNhWTJxV0YwdmlLNk8KemFpMmw5TW8zZFdJbmlHbnFMSmxwVzZINHFlYkNzTEZBZTVYUThxNGdTQUd0ZE9sMmpjZlhhT2p4N2k5MjV2bgpzRzRuWVJQVEQweG5Ic21LSklNekpZNG84L3J6TmtiTW9EWUszY1UvRVBQeFF3NzM4RWhYMDRSWG1xOTZ3L3hRClJYbDZCZmRNODZabVgyV2kvYTRISEFpYkFtMFgyVzgyRkV3MEU4K3J2bVVGMDdZcEprdndzTDhCMXBDKzVZVCsKYndETmsyUXl3V2dMZFBUTWJZalEwbFlVRW1FN3dJeVJYdkN0b1FJREFRQUJBb0lCQUNCYk9EUjdndnA5QkFNOQp2Mk1rYitxZnRQMFlpTVVnTDhXTklvNE5qNVFCRVg2Sk94dGcxaEw4SlRkUG1mUUJMRTBSc3JEeXI5WC9aZHhOCkJRcytnemNROW9qTXllT0I4UVFTckxXOFZ4MkdJN3ZkL3pqaldUa0tVMktHWWtpR2p6MHlKck1iSU11VTdkUVQKVDdMZE5LKzRDYWhqejhNNjdxbGova2NlNitwSlRLdHZKR2tNSDRYUXJyMFRmU3hLMmEwUUNmNkZwSXp2OFFEMApISE9HbFJaWlBYK1dXYVA2UFpFU3JSZG1vbmFKaTJlRG03b1Y1WU1DMExWTHJzMVprZS9FT01CODZYOVlraGJUCmJsRkxRZjlNR1hTdWtGeW1MSnFSd01DUjJxZytKSXpEU1BuYzkzbjNwcHl4Nys3UkhFeXZNMFVNOVhyeHQrNHcKUkd3ZVZlRUNnWUVBeElkaFRCdW4rRk52YkVhSHZUdlpzNkVCa1lJUXUyV0NDR3dWN1lPbTZzc0hzczJBaldrVgprQ0pMajhZMTFpMHd0Y21yOG9DcE1EN0FDRWxMSWFEK3RubW5CTzlkQ2NnTzJoNXFCSkY1UytJeFlGcVZ5ZVBsCnptQkE2VzFvdzB2Y1hsYmkrVUg4SWF3WnNLaFlMaklscmdmQ3YwaU9LNzBYaEF3YzZ6Vlk4TjhDZ1lFQTlXYUUKMklkNjJEaGxLWVRaNW5yY3g1aVN3WU1jaitMTE5FYTFZMlZFNEhZZktvbjFkRnNSa2NKV1YyRVpoRGlqcVIyaQpXZEdEVldiMVVaVEpiM3BZWW1NakJFQXhFbEJXTSt0SzhialRqMWhxbXJPQWhLU0ZYUjg4RkNEanVkcStSbmo4CklyZFlWanNCdDA5RkVkT2RqdVFseGgyRVdQWDNPdVFhRXd5WnNYOENnWUJzekNtZ0VadHVqUG9kTGZxTlZ5blIKR0t3ZW1xdWFvcnBXNFVkT1l0aXdHTS9kTzRrVVAvMlErbnRzVDZXVU9SWkRQUzgwbytlRjd1Y3VieXpwcEEvKwpndUJraWdLdW5KTWtTendUNVZrS0dtR05YdmlYZU5QSzZWeG1IWXltdVVONDhvN2F3SjNOSWxKaWl2K3VLMUxTCndqY2M0QlRjditUWjFEN2FNNEZXYndLQmdHY1MyNE96VEJiYmdTb3lRZS83OVJYazhPZFU4YjlCN0VZVjJRUloKdWRkcDVlZFJNUWJoWlh6S21zZHk0bXZWK25BRElYa0dkbHA5dDFhLzN1ZnpCSUsyenpOdTN1MnBUcnZaL1kyUQpLMVJQTjkrb3U3ZDYvd1ZCSkZQMENKSzgzU1R1bGtEaXI3andhZVViNTQvNFNYcUdPNU4rUEdPOVZFMnBGNGFlCnlVTnpBb0dCQUptMU1vcFQ4N0llelBmQ010ck51cXVqQjFpdStvb1lIYm9IbGJXZUNxS3RSRnNYMWhXOWpTY1UKQ0ZRanhSVCtPcENVWndjbDdkY2xsTUlxQTRWQ1NmUUFRMW9CMU41WENRWE8xVFlXOHU1K1BRTUdUcFEvQlVEawp6WmRJZzZqQkFXd3R6YkNzKzRjVkFoclN3cDRBSXFvcndTZU1qRmdsTmNoNzgxMEF6emNJCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
- name: elliptic-user
user:
client-certificate: assets/client.crt
client-certificate: assets/elliptic.crt
client-key: assets/elliptic-client.key