Add missing client cert (#729)

FrodeHus · web-flow · commit 73d8e99d2a64 · 2021-10-20T06:51:58.000-07:00
* Updated GitVersioning package to fix issue with loading native libgit lib. Added check for missing HttpClientHandler

* fixed type

* HttpClientHandler is null when trying to get client certificates for web socket connection. Added direct configuration of client cert instead of via HttpClientHandler

* fixed indentation warning

* re-added certs from httpclienthandler if present

* Updated GitVersioning package to fix issue with loading native libgit lib. Added check for missing HttpClientHandler

* fixed type

* HttpClientHandler is null when trying to get client certificates for web socket connection. Added direct configuration of client cert instead of via HttpClientHandler

* fixed indentation warning

* re-added certs from httpclienthandler if present

* merged duplicate code

* reverted package changes
diff --git a/src/KubernetesClient/CertUtils.cs b/src/KubernetesClient/CertUtils.cs
@@ -122,5 +122,28 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
                 }
             }
         }
+
+        /// <summary>
+        /// Retrieves Client Certificate PFX from configuration
+        /// </summary>
+        /// <param name="config">Kubernetes Client Configuration</param>
+        /// <returns>Client certificate PFX</returns>
+        public static X509Certificate2 GetClientCert(KubernetesClientConfiguration config)
+        {
+            if (config == null)
+            {
+                throw new ArgumentNullException(nameof(config));
+            }
+
+            if ((!string.IsNullOrWhiteSpace(config.ClientCertificateData) ||
+                 !string.IsNullOrWhiteSpace(config.ClientCertificateFilePath)) &&
+                (!string.IsNullOrWhiteSpace(config.ClientCertificateKeyData) ||
+                 !string.IsNullOrWhiteSpace(config.ClientKeyFilePath)))
+            {
+                return GeneratePfx(config);
+            }
+
+            return null;
+        }
     }
 }
diff --git a/src/KubernetesClient/Kubernetes.ConfigInit.cs b/src/KubernetesClient/Kubernetes.ConfigInit.cs
@@ -57,6 +57,7 @@ public Kubernetes(KubernetesClientConfiguration config, HttpClient httpClient, b
             ValidateConfig(config);
             CaCerts = config.SslCaCerts;
             SkipTlsVerify = config.SkipTlsVerify;
+            ClientCert = CertUtils.GetClientCert(config);
             SetCredentials(config);
         }
 
@@ -133,7 +134,7 @@ private void InitializeFromConfig(KubernetesClientConfiguration config)
         }
 
         private X509Certificate2Collection CaCerts { get; }
-
+        private X509Certificate2 ClientCert { get; }
         private bool SkipTlsVerify { get; }
 
         partial void CustomInitialize()
@@ -262,6 +263,8 @@ private void CreateHttpClient(DelegatingHandler[] handlers, KubernetesClientConf
             };
         }
 
+
+
         /// <summary>
         ///     Set credentials for the Client
         /// </summary>
diff --git a/src/KubernetesClient/Kubernetes.WebSocket.cs b/src/KubernetesClient/Kubernetes.WebSocket.cs
@@ -295,9 +295,17 @@ protected async Task<WebSocket> StreamConnectAsync(Uri uri, string invocationId
             }
 
             // Set Credentials
-            foreach (var cert in this.HttpClientHandler.ClientCertificates.OfType<X509Certificate2>())
+            if (this.ClientCert != null)
             {
-                webSocketBuilder.AddClientCertificate(cert);
+                webSocketBuilder.AddClientCertificate(this.ClientCert);
+            }
+
+            if (this.HttpClientHandler != null)
+            {
+                foreach (var cert in this.HttpClientHandler.ClientCertificates.OfType<X509Certificate2>())
+                {
+                    webSocketBuilder.AddClientCertificate(cert);
+                }
             }
 
             if (Credentials != null)
diff --git a/src/KubernetesClient/KubernetesClientConfiguration.HttpClientHandler.cs b/src/KubernetesClient/KubernetesClientConfiguration.HttpClientHandler.cs
@@ -41,14 +41,10 @@ public void AddCertificates(HttpClientHandler handler)
                 throw new ArgumentNullException(nameof(handler));
             }
 
-            if ((!string.IsNullOrWhiteSpace(ClientCertificateData) ||
-                 !string.IsNullOrWhiteSpace(ClientCertificateFilePath)) &&
-                (!string.IsNullOrWhiteSpace(ClientCertificateKeyData) ||
-                 !string.IsNullOrWhiteSpace(ClientKeyFilePath)))
+            var clientCert = CertUtils.GetClientCert(this);
+            if (clientCert != null)
             {
-                var cert = CertUtils.GeneratePfx(this);
-
-                handler.ClientCertificates.Add(cert);
+                handler.ClientCertificates.Add(clientCert);
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -122,5 +122,28 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)`
`122`	`122`	`}`
`123`	`123`	`}`
`124`	`124`	`}`
	`125`	`+`
	`126`	`+ /// <summary>`
	`127`	`+ /// Retrieves Client Certificate PFX from configuration`
	`128`	`+ /// </summary>`
	`129`	`+ /// <param name="config">Kubernetes Client Configuration</param>`
	`130`	`+ /// <returns>Client certificate PFX</returns>`
	`131`	`+ public static X509Certificate2 GetClientCert(KubernetesClientConfiguration config)`
	`132`	`+ {`
	`133`	`+ if (config == null)`
	`134`	`+ {`
	`135`	`+ throw new ArgumentNullException(nameof(config));`
	`136`	`+ }`
	`137`	`+`
	`138`	`+ if ((!string.IsNullOrWhiteSpace(config.ClientCertificateData) \|\|`
	`139`	`+ !string.IsNullOrWhiteSpace(config.ClientCertificateFilePath)) &&`
	`140`	`+ (!string.IsNullOrWhiteSpace(config.ClientCertificateKeyData) \|\|`
	`141`	`+ !string.IsNullOrWhiteSpace(config.ClientKeyFilePath)))`
	`142`	`+ {`
	`143`	`+ return GeneratePfx(config);`
	`144`	`+ }`
	`145`	`+`
	`146`	`+ return null;`
	`147`	`+ }`
`125`	`148`	`}`
`126`	`149`	`}`
Original file line number	Diff line number	Diff line change
`@@ -295,9 +295,17 @@ protected async Task<WebSocket> StreamConnectAsync(Uri uri, string invocationId`
`295`	`295`	`}`
`296`	`296`
`297`	`297`	`// Set Credentials`
`298`		`- foreach (var cert in this.HttpClientHandler.ClientCertificates.OfType<X509Certificate2>())`
	`298`	`+ if (this.ClientCert != null)`
`299`	`299`	`{`
`300`		`- webSocketBuilder.AddClientCertificate(cert);`
	`300`	`+ webSocketBuilder.AddClientCertificate(this.ClientCert);`
	`301`	`+ }`
	`302`	`+`
	`303`	`+ if (this.HttpClientHandler != null)`
	`304`	`+ {`
	`305`	`+ foreach (var cert in this.HttpClientHandler.ClientCertificates.OfType<X509Certificate2>())`
	`306`	`+ {`
	`307`	`+ webSocketBuilder.AddClientCertificate(cert);`
	`308`	`+ }`
`301`	`309`	`}`
`302`	`310`
`303`	`311`	`if (Credentials != null)`
Original file line number	Diff line number	Diff line change
`@@ -41,14 +41,10 @@ public void AddCertificates(HttpClientHandler handler)`
`41`	`41`	`throw new ArgumentNullException(nameof(handler));`
`42`	`42`	`}`
`43`	`43`
`44`		`- if ((!string.IsNullOrWhiteSpace(ClientCertificateData) \|\|`
`45`		`- !string.IsNullOrWhiteSpace(ClientCertificateFilePath)) &&`
`46`		`- (!string.IsNullOrWhiteSpace(ClientCertificateKeyData) \|\|`
`47`		`- !string.IsNullOrWhiteSpace(ClientKeyFilePath)))`
	`44`	`+ var clientCert = CertUtils.GetClientCert(this);`
	`45`	`+ if (clientCert != null)`
`48`	`46`	`{`
`49`		`- var cert = CertUtils.GeneratePfx(this);`
`50`		`-`
`51`		`- handler.ClientCertificates.Add(cert);`
	`47`	`+ handler.ClientCertificates.Add(clientCert);`
`52`	`48`	`}`
`53`	`49`	`}`
`54`	`50`	`}`