Add support for SSL CA

Author: lewisheadden

util/src/main/java/io/kubernetes/client/util/ClientBuilder.java

@@ -22,6 +22,7 @@
 import java.io.FileReader;
 import java.io.IOException;
 
+import java.io.InputStream;
 import java.nio.charset.Charset;
 import java.nio.file.Files;
 import java.nio.file.Paths;
@@ -40,8 +41,7 @@
 public class ClientBuilder {
 
   private String basePath = Config.DEFAULT_FALLBACK_HOST;
-  private File certificateAuthorityFile = null;
-  private String certificateAuthorityData = null;
+  private byte[] caCertBytes = null;
   private boolean verifyingSsl = true;
   private CredentialProvider credentialProvider;
 
@@ -95,7 +95,7 @@ public static ClientBuilder fromCluster() throws IOException {
 
     final String token = new String(Files.readAllBytes(Paths.get(SERVICEACCOUNT_TOKEN_PATH)),
         Charset.defaultCharset());
-    builder.setCertificateAuthority(new File(SERVICEACCOUNT_CA_PATH));
+    builder.setCertificateAuthority(Files.readAllBytes(Paths.get(SERVICEACCOUNT_CA_PATH)));
     builder.setCredentialProvider(new AccessTokenCredentialProvider(token));
 
     return builder;
@@ -114,7 +114,9 @@ public static ClientBuilder fromKubeConfig(KubeConfig config) throws IOException
     }
 
     if(config.verifySSL()) {
-      builder.setCertificateAuthority();
+      final byte[] caBytes = KubeConfig.getDataOrFile(config.getCertificateAuthorityData(),
+          config.getCertificateAuthorityFile());
+      builder.setCertificateAuthority(caBytes);
     } else {
       builder.setVerifyingSsl(false);
     }
@@ -142,22 +144,8 @@ public ClientBuilder setCredentialProvider(final CredentialProvider credentialPr
     return this;
   }
 
-  public File getCertificateAuthorityFile() {
-    return certificateAuthorityFile;
-  }
-
-  public ClientBuilder setCertificateAuthority(File certificateAuthorityFile) {
-    this.certificateAuthorityFile = certificateAuthorityFile;
-    this.verifyingSsl = true;
-    return this;
-  }
-
-  public String getCertificateAuthorityData() {
-    return certificateAuthorityData;
-  }
-
-  public ClientBuilder setCertificateAuthority(String certificateAuthorityData) {
-    this.certificateAuthorityData = certificateAuthorityData;
+  public ClientBuilder setCertificateAuthority(final byte[] caCertBytes) {
+    this.caCertBytes = caCertBytes;
     this.verifyingSsl = true;
     return this;
   }
@@ -171,7 +159,7 @@ public ClientBuilder setVerifyingSsl(boolean verifyingSsl) {
     return this;
   }
 
-  public ApiClient build() throws FileNotFoundException {
+  public ApiClient build() {
     final ApiClient client = new ApiClient();
 
     if (basePath != null) {
@@ -183,13 +171,8 @@ public ApiClient build() throws FileNotFoundException {
 
     client.setVerifyingSsl(verifyingSsl);
 
-    if (certificateAuthorityFile != null) {
-      client.setSslCaCert(new FileInputStream(certificateAuthorityFile));
-    }
-
-    if (certificateAuthorityData != null) {
-      byte[] bytes = Base64.decodeBase64(certificateAuthorityData);
-      client.setSslCaCert(new ByteArrayInputStream(bytes));
+    if (caCertBytes != null) {
+      client.setSslCaCert(new ByteArrayInputStream(caCertBytes));
     }
 
     if (credentialProvider != null) {

util/src/test/java/io/kubernetes/client/util/ClientBuilderTest.java

@@ -45,6 +45,7 @@
 public class ClientBuilderTest {
 	private static final String HOME_PATH = Resources.getResource("").getPath();
 	private static final String KUBECONFIG_FILE_PATH = Resources.getResource("kubeconfig").getPath();
+	private static final String SSL_CA_CERT_PATH = Resources.getResource("ca-cert.pem").getPath();
 
 	private String basePath = "http://localhost";
   private String apiKey = "ABCD";
@@ -120,24 +121,12 @@ public void testApiKeyConfigbuilder() throws Exception {
 	}
 
 	@Test
-	public void testKeyMgrANDCertConfigBUilder() {
-		// will not fail even if file not found exception occurs for clientCertFile
-		try{
-			//keyMgrs = SSLUtils.keyManagers(clientCertData, clientCertFile, clientKeyData, clientKeyFile, algo, passphrase, keyStoreFile, keyStorePassphrase);
-			//by default verify ssl is false
-			ApiClient client = (new ClientBuilder())
+	public void testSslCertCa() throws Exception {
+		final ApiClient client = (new ClientBuilder())
 					.setBasePath(basePath)
-					.setCredentialProvider(new ClientCertificateCredentialProvider(null, null))
-					.setCertificateAuthority(certificateAuthorityData)
-					.setVerifyingSsl(true)
+					.setCertificateAuthority(Files.readAllBytes(Paths.get(SSL_CA_CERT_PATH)))
 					.build();
-			assertEquals(basePath, client.getBasePath());
-			assertEquals(true, client.isVerifyingSsl());
-			//below assert is not appropriate
-			//assertSame(keyMgrs, client.getKeyManagers());
-		}
-		catch(Exception e){
-			//e.printStackTrace();
-		}
+    assertEquals(basePath, client.getBasePath());
+    assertEquals(true, client.isVerifyingSsl());
 	}
 }

util/src/test/resources/ca-cert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
+ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
+b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
+MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
+b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
+ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
+9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
+IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
+VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
+93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
+jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
+A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
+U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
+N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
+o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
+5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
+rqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----