From 3edf256defee7799063ca7f5b0df7dda01c0374b Mon Sep 17 00:00:00 2001 From: wuweng Date: Wed, 19 Jul 2023 12:24:04 -0700 Subject: [PATCH] Change X509Certificate2 constructor to fix KB (#1343) --- src/KubernetesClient/CertUtils.cs | 21 ++++++++++++++----- ...ubernetesClientConfiguration.ConfigFile.cs | 5 ++++- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/KubernetesClient/CertUtils.cs b/src/KubernetesClient/CertUtils.cs index 21f369927..347771417 100644 --- a/src/KubernetesClient/CertUtils.cs +++ b/src/KubernetesClient/CertUtils.cs @@ -36,7 +36,10 @@ public static X509Certificate2Collection LoadPemFileCert(string file) // foreach (Org.BouncyCastle.X509.X509Certificate cert in certs) { - certCollection.Add(new X509Certificate2(cert.GetEncoded())); + // This null password is to change the constructor to fix this KB: + // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b + string nullPassword = null; + certCollection.Add(new X509Certificate2(cert.GetEncoded(), nullPassword)); } #endif } @@ -96,13 +99,17 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config) // see https://github.com/kubernetes-client/csharp/issues/737 if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { + // This null password is to change the constructor to fix this KB: + // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b + string nullPassword = null; + if (config.ClientCertificateKeyStoreFlags.HasValue) { - cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), "", config.ClientCertificateKeyStoreFlags.Value); + cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword, config.ClientCertificateKeyStoreFlags.Value); } else { - cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12)); + cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12), nullPassword); } } @@ -172,13 +179,17 @@ public static X509Certificate2 GeneratePfx(KubernetesClientConfiguration config) store.Save(pkcs, new char[0], new SecureRandom()); + // This null password is to change the constructor to fix this KB: + // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b + string nullPassword = null; + if (config.ClientCertificateKeyStoreFlags.HasValue) { - return new X509Certificate2(pkcs.ToArray(), "", config.ClientCertificateKeyStoreFlags.Value); + return new X509Certificate2(pkcs.ToArray(), nullPassword, config.ClientCertificateKeyStoreFlags.Value); } else { - return new X509Certificate2(pkcs.ToArray()); + return new X509Certificate2(pkcs.ToArray(), nullPassword); } #endif } diff --git a/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs b/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs index 85085838c..6c2c7be4d 100644 --- a/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs +++ b/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs @@ -308,8 +308,11 @@ private void SetClusterDetails(K8SConfiguration k8SConfig, Context activeContext { if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData)) { + // This null password is to change the constructor to fix this KB: + // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b + string nullPassword = null; var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData; - SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data))); + SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data), nullPassword)); } else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority)) {