LoadPemFileCert() does not handle bundle certificates #234
Description
We currently working with a customer who is running the C# Kubernetes Client from within their cluster. They are providing their own CA certificate in a PEM file that contains the entire Certificate Trust Chain in it as well as comments
i.e.
-----BEGIN CERTIFICATE-----
<base 64 string>
-----END CERTIFICATE-----
subject=/CN=<subject>
issuer=/CN=<issuer>
-----BEGIN CERTIFICATE-----
<base 64 string>
-----END CERTIFICATE-----
subject=/CN=<subject>
issuer=/CN=<issuer>
-----BEGIN CERTIFICATE-----
<base 64 string>
-----END CERTIFICATE-----
Calling KubernetesClientConfiguration.InClusterConfig() results in the following stack:
System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding charcters, or an illegal character among the padding characters,
at System.Convert.FromBase64_ComputeResultLength(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s)
at k8s.CertUtils.LoadPemFileCert(String file)
at k8s.KubernetesClientConfiguration.InClusterConfig()
It looks like the client's certificate parsing currently only handles comment-less cert files with a single certificate in them.
https://github.com/kubernetes-client/csharp/blob/master/src/KubernetesClient/CertUtils.cs
/// <summary>
/// Load pem encoded cert file
/// </summary>
/// <param name="file">Path to pem encoded cert file</param>
/// <returns>x509 instance.</returns>
public static X509Certificate2 LoadPemFileCert(string file)
{
var certdata = File.ReadAllText(file)
.Replace("-----BEGIN CERTIFICATE-----", "")
.Replace("-----END CERTIFICATE-----", "")
.Replace("\r", "")
.Replace("\n", "");
return new X509Certificate2(Convert.FromBase64String(certdata));
}
Since Kubernetes supports supplying custom certs to the cluster, the client should also be able to handle certificates formats allowed by OpenSSL.