From 73d8e99d2a64207eb8e51bed5d7fee2a0bfd438d Mon Sep 17 00:00:00 2001
From: Frode Hus <frode.hus@outlook.com>
Date: Wed, 20 Oct 2021 15:51:58 +0200
Subject: [PATCH] Add missing client cert (#729)

* Updated GitVersioning package to fix issue with loading native libgit lib. Added check for missing HttpClientHandler

* fixed type

* HttpClientHandler is null when trying to get client certificates for web socket connection. Added direct configuration of client cert instead of via HttpClientHandler

* fixed indentation warning

* re-added certs from httpclienthandler if present

* Updated GitVersioning package to fix issue with loading native libgit lib. Added check for missing HttpClientHandler

* fixed type

* HttpClientHandler is null when trying to get client certificates for web socket connection. Added direct configuration of client cert instead of via HttpClientHandler

* fixed indentation warning

* re-added certs from httpclienthandler if present

* merged duplicate code

* reverted package changes
---
 src/KubernetesClient/CertUtils.cs             | 23 +++++++++++++++++++
 src/KubernetesClient/Kubernetes.ConfigInit.cs |  5 +++-
 src/KubernetesClient/Kubernetes.WebSocket.cs  | 12 ++++++++--
 ...esClientConfiguration.HttpClientHandler.cs | 10 +++-----
 4 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/src/KubernetesClient/CertUtils.cs b/src/KubernetesClient/CertUtils.cs
index cabd901..6f75365 100644
--- a/src/KubernetesClient/CertUtils.cs
+++ b/src/KubernetesClient/CertUtils.cs
@@ -122,5 +122,28 @@ namespace k8s
                 }
             }
         }
+
+        /// <summary>
+        /// Retrieves Client Certificate PFX from configuration
+        /// </summary>
+        /// <param name="config">Kubernetes Client Configuration</param>
+        /// <returns>Client certificate PFX</returns>
+        public static X509Certificate2 GetClientCert(KubernetesClientConfiguration config)
+        {
+            if (config == null)
+            {
+                throw new ArgumentNullException(nameof(config));
+            }
+
+            if ((!string.IsNullOrWhiteSpace(config.ClientCertificateData) ||
+                 !string.IsNullOrWhiteSpace(config.ClientCertificateFilePath)) &&
+                (!string.IsNullOrWhiteSpace(config.ClientCertificateKeyData) ||
+                 !string.IsNullOrWhiteSpace(config.ClientKeyFilePath)))
+            {
+                return GeneratePfx(config);
+            }
+
+            return null;
+        }
     }
 }
diff --git a/src/KubernetesClient/Kubernetes.ConfigInit.cs b/src/KubernetesClient/Kubernetes.ConfigInit.cs
index 28b9d13..ac3f351 100644
--- a/src/KubernetesClient/Kubernetes.ConfigInit.cs
+++ b/src/KubernetesClient/Kubernetes.ConfigInit.cs
@@ -57,6 +57,7 @@ namespace k8s
             ValidateConfig(config);
             CaCerts = config.SslCaCerts;
             SkipTlsVerify = config.SkipTlsVerify;
+            ClientCert = CertUtils.GetClientCert(config);
             SetCredentials(config);
         }
 
@@ -133,7 +134,7 @@ namespace k8s
         }
 
         private X509Certificate2Collection CaCerts { get; }
-
+        private X509Certificate2 ClientCert { get; }
         private bool SkipTlsVerify { get; }
 
         partial void CustomInitialize()
@@ -262,6 +263,8 @@ namespace k8s
             };
         }
 
+
+
         /// <summary>
         ///     Set credentials for the Client
         /// </summary>
diff --git a/src/KubernetesClient/Kubernetes.WebSocket.cs b/src/KubernetesClient/Kubernetes.WebSocket.cs
index 648d041..b1cbfc9 100644
--- a/src/KubernetesClient/Kubernetes.WebSocket.cs
+++ b/src/KubernetesClient/Kubernetes.WebSocket.cs
@@ -295,9 +295,17 @@ namespace k8s
             }
 
             // Set Credentials
-            foreach (var cert in this.HttpClientHandler.ClientCertificates.OfType<X509Certificate2>())
+            if (this.ClientCert != null)
             {
-                webSocketBuilder.AddClientCertificate(cert);
+                webSocketBuilder.AddClientCertificate(this.ClientCert);
+            }
+
+            if (this.HttpClientHandler != null)
+            {
+                foreach (var cert in this.HttpClientHandler.ClientCertificates.OfType<X509Certificate2>())
+                {
+                    webSocketBuilder.AddClientCertificate(cert);
+                }
             }
 
             if (Credentials != null)
diff --git a/src/KubernetesClient/KubernetesClientConfiguration.HttpClientHandler.cs b/src/KubernetesClient/KubernetesClientConfiguration.HttpClientHandler.cs
index 5b7faab..810ef5d 100644
--- a/src/KubernetesClient/KubernetesClientConfiguration.HttpClientHandler.cs
+++ b/src/KubernetesClient/KubernetesClientConfiguration.HttpClientHandler.cs
@@ -41,14 +41,10 @@ namespace k8s
                 throw new ArgumentNullException(nameof(handler));
             }
 
-            if ((!string.IsNullOrWhiteSpace(ClientCertificateData) ||
-                 !string.IsNullOrWhiteSpace(ClientCertificateFilePath)) &&
-                (!string.IsNullOrWhiteSpace(ClientCertificateKeyData) ||
-                 !string.IsNullOrWhiteSpace(ClientKeyFilePath)))
+            var clientCert = CertUtils.GetClientCert(this);
+            if (clientCert != null)
             {
-                var cert = CertUtils.GeneratePfx(this);
-
-                handler.ClientCertificates.Add(cert);
+                handler.ClientCertificates.Add(clientCert);
             }
         }
     }