Skip to content

Commit

Permalink
Change X509Certificate2 constructor to fix KB (#1343)
Browse files Browse the repository at this point in the history
  • Loading branch information
@weng5e
weng5e committed Jul 19, 2023
1 parent dfa5cc9 commit 3edf256
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 6 deletions.
21 changes: 16 additions & 5 deletions src/KubernetesClient/CertUtils.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,10 @@ public static X509Certificate2Collection LoadPemFileCert(string file)
//
foreach (Org.BouncyCastle.X509.X509Certificate cert in certs)
{
certCollection.Add(new X509Certificate2(cert.GetEncoded()));
// This null password is to change the constructor to fix this KB:
// https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
string nullPassword = null;
certCollection.Add(new X509Certificate2(cert.GetEncoded(), nullPassword));
}
#endif
}
Expand Down Expand Up @@ -96,13 +99,17 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
// see https://github.com/kubernetes-client/csharp/issues/737
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
// This null password is to change the constructor to fix this KB:
// https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
string nullPassword = null;

if (config.ClientCertificateKeyStoreFlags.HasValue)
{
cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), "", config.ClientCertificateKeyStoreFlags.Value);
cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword, config.ClientCertificateKeyStoreFlags.Value);
}
else
{
cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12));
cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword);
}
}

Expand Down Expand Up @@ -172,13 +179,17 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)

store.Save(pkcs, new char[0], new SecureRandom());

// This null password is to change the constructor to fix this KB:
// https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
string nullPassword = null;

if (config.ClientCertificateKeyStoreFlags.HasValue)
{
return new X509Certificate2(pkcs.ToArray(), "", config.ClientCertificateKeyStoreFlags.Value);
return new X509Certificate2(pkcs.ToArray(), nullPassword, config.ClientCertificateKeyStoreFlags.Value);
}
else
{
return new X509Certificate2(pkcs.ToArray());
return new X509Certificate2(pkcs.ToArray(), nullPassword);
}
#endif
}
Expand Down
5 changes: 4 additions & 1 deletion src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -308,8 +308,11 @@ private void SetClusterDetails(K8SConfiguration k8SConfig, Context activeContext
{
if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
{
// This null password is to change the constructor to fix this KB:
// https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
string nullPassword = null;
var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data)));
SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data), nullPassword));
}
else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
{
Expand Down

0 comments on commit 3edf256

Please sign in to comment.