Enhance certificate handling for .NET 9.0 compatibility in CertUtils and KubernetesClientConfiguration

tg123 · tg123 · commit 1c6612b3c076 · 2024-12-30T23:57:50.000-08:00
diff --git a/src/KubernetesClient/CertUtils.cs b/src/KubernetesClient/CertUtils.cs
@@ -80,11 +80,20 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
 
                 if (config.ClientCertificateKeyStoreFlags.HasValue)
                 {
+#if NET9_0_OR_GREATER
+                    X509CertificateLoader.LoadPkcs12(cert.Export(X509ContentType.Pkcs12), nullPassword, config.ClientCertificateKeyStoreFlags.Value);
+#else
                     cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword, config.ClientCertificateKeyStoreFlags.Value);
+#endif
+
                 }
                 else
                 {
+#if NET9_0_OR_GREATER
+                    X509CertificateLoader.LoadPkcs12(cert.Export(X509ContentType.Pkcs12), nullPassword);
+#else
                     cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword);
+#endif
                 }
             }
 
diff --git a/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs b/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs
@@ -305,19 +305,27 @@ private void SetClusterDetails(K8SConfiguration k8SConfig, Context activeContext
 
             if (uri.Scheme == "https")
             {
+                string nullPassword = null;
                 if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
                 {
                     // This null password is to change the constructor to fix this KB:
                     // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
-                    string nullPassword = null;
                     var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
+#if NET9_0_OR_GREATER
+                    SslCaCerts = X509CertificateLoader.LoadPkcs12Collection(Convert.FromBase64String(data), nullPassword);
+#else
                     SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data), nullPassword));
+#endif
                 }
                 else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
                 {
+#if NET9_0_OR_GREATER
+                    SslCaCerts = X509CertificateLoader.LoadPkcs12CollectionFromFile(GetFullPath(k8SConfig, clusterDetails.ClusterEndpoint.CertificateAuthority), nullPassword);
+#else
                     SslCaCerts = new X509Certificate2Collection(new X509Certificate2(GetFullPath(
                         k8SConfig,
                         clusterDetails.ClusterEndpoint.CertificateAuthority)));
+#endif
                 }
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -80,11 +80,20 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)`
`80`	`80`
`81`	`81`	`if (config.ClientCertificateKeyStoreFlags.HasValue)`
`82`	`82`	`{`
	`83`	`+#if NET9_0_OR_GREATER`
	`84`	`+ X509CertificateLoader.LoadPkcs12(cert.Export(X509ContentType.Pkcs12), nullPassword, config.ClientCertificateKeyStoreFlags.Value);`
	`85`	`+#else`
`83`	`86`	`cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword, config.ClientCertificateKeyStoreFlags.Value);`
	`87`	`+#endif`
	`88`	`+`
`84`	`89`	`}`
`85`	`90`	`else`
`86`	`91`	`{`
	`92`	`+#if NET9_0_OR_GREATER`
	`93`	`+ X509CertificateLoader.LoadPkcs12(cert.Export(X509ContentType.Pkcs12), nullPassword);`
	`94`	`+#else`
`87`	`95`	`cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword);`
	`96`	`+#endif`
`88`	`97`	`}`
`89`	`98`	`}`
`90`	`99`
Original file line number	Diff line number	Diff line change
`@@ -305,19 +305,27 @@ private void SetClusterDetails(K8SConfiguration k8SConfig, Context activeContext`
`305`	`305`
`306`	`306`	`if (uri.Scheme == "https")`
`307`	`307`	`{`
	`308`	`+ string nullPassword = null;`
`308`	`309`	`if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))`
`309`	`310`	`{`
`310`	`311`	`// This null password is to change the constructor to fix this KB:`
`311`	`312`	`// https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b`
`312`		`- string nullPassword = null;`
`313`	`313`	`var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;`
	`314`	`+#if NET9_0_OR_GREATER`
	`315`	`+ SslCaCerts = X509CertificateLoader.LoadPkcs12Collection(Convert.FromBase64String(data), nullPassword);`
	`316`	`+#else`
`314`	`317`	`SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data), nullPassword));`
	`318`	`+#endif`
`315`	`319`	`}`
`316`	`320`	`else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))`
`317`	`321`	`{`
	`322`	`+#if NET9_0_OR_GREATER`
	`323`	`+ SslCaCerts = X509CertificateLoader.LoadPkcs12CollectionFromFile(GetFullPath(k8SConfig, clusterDetails.ClusterEndpoint.CertificateAuthority), nullPassword);`
	`324`	`+#else`
`318`	`325`	`SslCaCerts = new X509Certificate2Collection(new X509Certificate2(GetFullPath(`
`319`	`326`	`k8SConfig,`
`320`	`327`	`clusterDetails.ClusterEndpoint.CertificateAuthority)));`
	`328`	`+#endif`
`321`	`329`	`}`
`322`	`330`	`}`
`323`	`331`	`}`