add net standard way to create cert with key

tg123 · tg123 · commit 8e9ed00fc3d4 · 2017-10-13T03:06:35.000+08:00
diff --git a/src/Utils.cs b/src/Utils.cs
@@ -1,24 +1,21 @@
-﻿namespace k8s
-{
-    using System;
-    using System.Diagnostics;
-    using System.Globalization;
-    using System.IO;
-    using System.Runtime.InteropServices;
-    using System.Security.Cryptography;
-    using System.Security.Cryptography.X509Certificates;
-    using System.Text;
-    using System.Threading.Tasks;
-
-    using Org.BouncyCastle.Crypto;
-    using Org.BouncyCastle.Crypto.Parameters;
-    using Org.BouncyCastle.Security;
-    using Org.BouncyCastle.OpenSsl;
+using System;
+using System.IO;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using k8s.Exceptions;
+using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Parameters;
+using Org.BouncyCastle.OpenSsl;
+using Org.BouncyCastle.Pkcs;
+using Org.BouncyCastle.Security;
+using Org.BouncyCastle.X509;
 
+namespace k8s
+{
     public static class Utils
     {
         /// <summary>
-        /// Encode string in base64 format.
+        ///     Encode string in base64 format.
         /// </summary>
         /// <param name="text">string to be encoded.</param>
         /// <returns>Encoded string.</returns>
@@ -28,7 +25,7 @@ public static string Base64Encode(string text)
         }
 
         /// <summary>
-        /// Encode string in base64 format.
+        ///     Encode string in base64 format.
         /// </summary>
         /// <param name="text">string to be encoded.</param>
         /// <returns>Encoded string.</returns>
@@ -38,16 +35,15 @@ public static string Base64Decode(string text)
         }
 
         /// <summary>
-        /// Generates pfx from client configuration
+        ///     Generates pfx from client configuration
         /// </summary>
         /// <param name="config">Kuberentes Client Configuration</param>
         /// <returns>Generated Pfx Path</returns>
         public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
         {
-            var keyData = new byte[]{};
-            var certData = new byte[]{};
+            byte[] keyData = null;
+            byte[] certData = null;
 
-            var filePrefix = config.CurrentContext;
             if (!string.IsNullOrWhiteSpace(config.ClientCertificateKey))
             {
                 keyData = Convert.FromBase64String(config.ClientCertificateKey);
@@ -57,6 +53,11 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
                 keyData = File.ReadAllBytes(config.ClientKey);
             }
 
+            if (keyData == null)
+            {
+                throw new KubeConfigException("certData is empty");
+            }
+
             if (!string.IsNullOrWhiteSpace(config.ClientCertificateData))
             {
                 certData = Convert.FromBase64String(config.ClientCertificateData);
@@ -66,23 +67,35 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config)
                 certData = File.ReadAllBytes(config.ClientCertificate);
             }
 
-            var cert = new X509Certificate2(certData);
-            return addPrivateKey(cert, keyData);
-        }
+            if (certData == null)
+            {
+                throw new KubeConfigException("certData is empty");
+            }
 
-        public static X509Certificate2 addPrivateKey(X509Certificate2 cert, byte[] keyData)
-        {
+            var cert = new X509CertificateParser().ReadCertificate(new MemoryStream(certData));
+
+            object obj;
             using (var reader = new StreamReader(new MemoryStream(keyData)))
             {
-                var obj = new PemReader(reader).ReadObject();
-                if (obj is AsymmetricCipherKeyPair) {
-                    var cipherKey = (AsymmetricCipherKeyPair)obj;
+                obj = new PemReader(reader).ReadObject();
+                var key = obj as AsymmetricCipherKeyPair;
+                if (key != null)
+                {
+                    var cipherKey = key;
                     obj = cipherKey.Private;
                 }
-                var rsaKeyParams = (RsaPrivateCrtKeyParameters)obj;
-                var rsaKey = RSA.Create(DotNetUtilities.ToRSAParameters(rsaKeyParams));
-                return cert.CopyWithPrivateKey(rsaKey);
+            }
+
+            var rsaKeyParams = (RsaPrivateCrtKeyParameters) obj;
+
+            var store = new Pkcs12StoreBuilder().Build();
+            store.SetKeyEntry("K8SKEY", new AsymmetricKeyEntry(rsaKeyParams), new[] {new X509CertificateEntry(cert)});
+
+            using (var pkcs = new MemoryStream())
+            {
+                store.Save(pkcs, null, new SecureRandom());
+                return new X509Certificate2(pkcs.ToArray());
             }
         }
     }
-}
+}
