Fix elliptic curve certs and add a unit test (#243)

* Fix a elipitic curve certs and add a unit test. * Address comments. * Change the key to be OSX compatible.
2019-02-27 10:45:21 -08:00
parent e95e01c6e9
commit 948d78c1bd
4 changed files with 30 additions and 2 deletions
--- a/src/KubernetesClient/CertUtils.cs
+++ b/src/KubernetesClient/CertUtils.cs
@@ -89,10 +89,10 @@ namespace k8s
                }
            }

-            var rsaKeyParams = (RsaPrivateCrtKeyParameters) obj;
+            var keyParams = (AsymmetricKeyParameter) obj;

            var store = new Pkcs12StoreBuilder().Build();
-            store.SetKeyEntry("K8SKEY", new AsymmetricKeyEntry(rsaKeyParams), new[] {new X509CertificateEntry(cert)});
+            store.SetKeyEntry("K8SKEY", new AsymmetricKeyEntry(keyParams), new[] {new X509CertificateEntry(cert)});

            using (var pkcs = new MemoryStream())
            {
--- a/tests/KubernetesClient.Tests/KubernetesClientConfigurationTests.cs
+++ b/tests/KubernetesClient.Tests/KubernetesClientConfigurationTests.cs
@@ -54,6 +54,20 @@ namespace k8s.Tests
            Assert.Equal(cfg.ClientKeyFilePath, clientCertKey);
        }

+        /// <summary>
+        ///     Checks for loading of elliptical curve keys
+        /// </summary>
+        /// <param name="context"></param>
+        [Theory]
+        [InlineData("elliptic-context")]
+        public void ContextEllipticKey(string context)
+        {
+            var fi = new FileInfo("assets/kubeconfig.yml");
+            var cfg = KubernetesClientConfiguration.BuildConfigFromConfigFile(fi, context, useRelativePaths: false);
+            var pfx = CertUtils.GeneratePfx(cfg);
+            Assert.NotNull(pfx);
+        }
+
        /// <summary>
        ///     Checks if certificate-based authentication is loaded properly from the config file, per context
        /// </summary>
--- a/tests/KubernetesClient.Tests/assets/elliptic-client.key
+++ b/tests/KubernetesClient.Tests/assets/elliptic-client.key
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIPRgTfIRnvc0IUzur8Hty7BKyGxyeKgy3PTymy+HdCG9oAoGCCqGSM49
+AwEHoUQDQgAEtwldWFvRSvTgNo0s+bhL/58WoBObRCfbBYzc7ynSkm0Eywkni7Rl
+i6LlpOrg9xRwLwNblSgCjO15S3Nvue2WbQ==
+-----END EC PRIVATE KEY-----
--- a/tests/KubernetesClient.Tests/assets/kubeconfig.yml
+++ b/tests/KubernetesClient.Tests/assets/kubeconfig.yml
@@ -35,6 +35,11 @@ contexts:
    namespace: saw-ns
    user: red-user
  name: victorian-context
+- context:
+    cluster: llama-cluster
+    namespace: saw-ns
+    user: elliptic-user
+  name: elliptic-context
 kind: Config
 users:
 - name: blue-user
@@ -51,3 +56,7 @@ users:
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURrVENDQW5tZ0F3SUJBZ0lVTzlVTkdpbHhmSHpMbVJXcWU2dVMyRVZ1NVhVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1FURUxNQWtHQTFVRUJoTUNWVk14RURBT0JnTlZCQWdUQjFKbFpHMXZibVF4Q3pBSkJnTlZCQWNUQWxkQgpNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6TUNBWERURTRNVEl3T0RBNU5URXdNRm9ZRHpJeE1UZ3hNVEUwCk1EazFNVEF3V2pCQk1Rc3dDUVlEVlFRR0V3SlZVekVRTUE0R0ExVUVDQk1IVW1Wa2JXOXVaREVMTUFrR0ExVUUKQnhNQ1YwRXhFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQgpEd0F3Z2dFS0FvSUJBUUM4WkVRS296SE8zOExmRzRpcHFYWnRLTzNxSENjL1Z1WjUxWnZSeWJuTnpCYU5iMk9oClM0cU1nNDF6cFdzL3dMQnk4ZndPclpoOHpHb28wbHllQXVCSlBPWFc5SmswMmhOc1Y3ZHBqYXBZWFMrSXJvN04KcUxhWDB5amQxWWllSWFlb3NtV2xib2ZpcDVzS3dzVUI3bGREeXJpQklBYTEwNlhhTng5ZG82UEh1TDNibStldwpiaWRoRTlNUFRHY2V5WW9rZ3pNbGppanordk0yUnN5Z05ncmR4VDhROC9GRER2ZndTRmZUaEZlYXIzckQvRkJGCmVYb0Y5MHp6cG1aZlphTDlyZ2NjQ0pzQ2JSZlpiellVVERRVHo2dStaUVhUdGlrbVMvQ3d2d0hXa0w3bGhQNXYKQU0yVFpETEJhQXQwOU14dGlORFNWaFFTWVR2QWpKRmU4SzJoQWdNQkFBR2pmekI5TUE0R0ExVWREd0VCL3dRRQpBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3CkFEQWRCZ05WSFE0RUZnUVVuQmo0T3Y3MnFlWWJ5YjVYSHJma1pkazd6VUF3SHdZRFZSMGpCQmd3Rm9BVUxwemQKRlplYkR6N0RmZUNkZkJqNmNkUWJmNk13RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQU1CL1RDaElEbTNkeDA4SApJeXlFS2dYUHh1d3A1cTB5QkFoT0pUS1JOVXNpayt6ZVUyUGpibnV0M3B1WnBENkZoTGFKQUZPbTdsMHhkNU1ZCkFZOVloSy9wa1U3Rmw1TFg0MitxQzRqK05JdGhBbFM5clNtNkRvNlN1b3JRcjdNajErY0syTjFkZHBtRWZya3kKZXZnMm02aFB5YTFlV0hNanVCd250bkJmV2EzWHBWMWVGZVBvd21zY3R6UmRJYUh3WDM3Yit3c2JmbkppczRvTgo2bHk0THBQb2xtYld3ZTRnaEtPWXNuL3lMT3FrUGJMZVpLeU5yaWJpSGhSQTM0NUVHUGJleXNmSlNIWWFqMnBaCmE0VmRTRFhnT2JlM3Vtdk9keXVEaGl5RFJ3TFozbVJLWlpIR0lzZC9ORzRncWo3a0gzV2N2Wm5mSkVHMXY2cG0KQTZFYTJiRT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdkdSRUNxTXh6dC9DM3h1SXFhbDJiU2p0Nmh3blAxYm1lZFdiMGNtNXpjd1dqVzlqCm9VdUtqSU9OYzZWclA4Q3djdkg4RHEyWWZNeHFLTkpjbmdMZ1NUemwxdlNaTk5vVGJGZTNhWTJxV0YwdmlLNk8KemFpMmw5TW8zZFdJbmlHbnFMSmxwVzZINHFlYkNzTEZBZTVYUThxNGdTQUd0ZE9sMmpjZlhhT2p4N2k5MjV2bgpzRzRuWVJQVEQweG5Ic21LSklNekpZNG84L3J6TmtiTW9EWUszY1UvRVBQeFF3NzM4RWhYMDRSWG1xOTZ3L3hRClJYbDZCZmRNODZabVgyV2kvYTRISEFpYkFtMFgyVzgyRkV3MEU4K3J2bVVGMDdZcEprdndzTDhCMXBDKzVZVCsKYndETmsyUXl3V2dMZFBUTWJZalEwbFlVRW1FN3dJeVJYdkN0b1FJREFRQUJBb0lCQUNCYk9EUjdndnA5QkFNOQp2Mk1rYitxZnRQMFlpTVVnTDhXTklvNE5qNVFCRVg2Sk94dGcxaEw4SlRkUG1mUUJMRTBSc3JEeXI5WC9aZHhOCkJRcytnemNROW9qTXllT0I4UVFTckxXOFZ4MkdJN3ZkL3pqaldUa0tVMktHWWtpR2p6MHlKck1iSU11VTdkUVQKVDdMZE5LKzRDYWhqejhNNjdxbGova2NlNitwSlRLdHZKR2tNSDRYUXJyMFRmU3hLMmEwUUNmNkZwSXp2OFFEMApISE9HbFJaWlBYK1dXYVA2UFpFU3JSZG1vbmFKaTJlRG03b1Y1WU1DMExWTHJzMVprZS9FT01CODZYOVlraGJUCmJsRkxRZjlNR1hTdWtGeW1MSnFSd01DUjJxZytKSXpEU1BuYzkzbjNwcHl4Nys3UkhFeXZNMFVNOVhyeHQrNHcKUkd3ZVZlRUNnWUVBeElkaFRCdW4rRk52YkVhSHZUdlpzNkVCa1lJUXUyV0NDR3dWN1lPbTZzc0hzczJBaldrVgprQ0pMajhZMTFpMHd0Y21yOG9DcE1EN0FDRWxMSWFEK3RubW5CTzlkQ2NnTzJoNXFCSkY1UytJeFlGcVZ5ZVBsCnptQkE2VzFvdzB2Y1hsYmkrVUg4SWF3WnNLaFlMaklscmdmQ3YwaU9LNzBYaEF3YzZ6Vlk4TjhDZ1lFQTlXYUUKMklkNjJEaGxLWVRaNW5yY3g1aVN3WU1jaitMTE5FYTFZMlZFNEhZZktvbjFkRnNSa2NKV1YyRVpoRGlqcVIyaQpXZEdEVldiMVVaVEpiM3BZWW1NakJFQXhFbEJXTSt0SzhialRqMWhxbXJPQWhLU0ZYUjg4RkNEanVkcStSbmo4CklyZFlWanNCdDA5RkVkT2RqdVFseGgyRVdQWDNPdVFhRXd5WnNYOENnWUJzekNtZ0VadHVqUG9kTGZxTlZ5blIKR0t3ZW1xdWFvcnBXNFVkT1l0aXdHTS9kTzRrVVAvMlErbnRzVDZXVU9SWkRQUzgwbytlRjd1Y3VieXpwcEEvKwpndUJraWdLdW5KTWtTendUNVZrS0dtR05YdmlYZU5QSzZWeG1IWXltdVVONDhvN2F3SjNOSWxKaWl2K3VLMUxTCndqY2M0QlRjditUWjFEN2FNNEZXYndLQmdHY1MyNE96VEJiYmdTb3lRZS83OVJYazhPZFU4YjlCN0VZVjJRUloKdWRkcDVlZFJNUWJoWlh6S21zZHk0bXZWK25BRElYa0dkbHA5dDFhLzN1ZnpCSUsyenpOdTN1MnBUcnZaL1kyUQpLMVJQTjkrb3U3ZDYvd1ZCSkZQMENKSzgzU1R1bGtEaXI3andhZVViNTQvNFNYcUdPNU4rUEdPOVZFMnBGNGFlCnlVTnpBb0dCQUptMU1vcFQ4N0llelBmQ010ck51cXVqQjFpdStvb1lIYm9IbGJXZUNxS3RSRnNYMWhXOWpTY1UKQ0ZRanhSVCtPcENVWndjbDdkY2xsTUlxQTRWQ1NmUUFRMW9CMU41WENRWE8xVFlXOHU1K1BRTUdUcFEvQlVEawp6WmRJZzZqQkFXd3R6YkNzKzRjVkFoclN3cDRBSXFvcndTZU1qRmdsTmNoNzgxMEF6emNJCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+- name: elliptic-user
+  user:
+    client-certificate: assets/client.crt
+    client-key: assets/elliptic-client.key