Example #1
0
        /// <summary>
        /// Generates the PFX client certificate.
        /// </summary>
        /// <param name="user">The config <see cref="User"/>.</param>
        /// <returns>The client certificate.</returns>
        public static X509Certificate2 GenerateClientCert(User user)
        {
            if (null == user)
            {
                throw new Exception(string.Format("Missing required parameter {0}.", nameof(user)));
            }

            byte[] clientCertData = default(byte[]);
            if (!KubeConfigUtils.TryGetDataFromBase64String(user.UserData.ClientCertificateData, out clientCertData))
            {
                throw new Exception(string.Format("Invalid base54 {0} string.", nameof(user.UserData.ClientCertificateData)));
            }

            byte[] clientKeyData = default(byte[]);
            if (!KubeConfigUtils.TryGetDataFromBase64String(user.UserData.ClientKeyData, out clientKeyData))
            {
                throw new Exception(string.Format("Invalid base64 {0} string.", nameof(user.UserData.ClientKeyData)));
            }

            // Generate RSA key
            object obj = default(object);

            using (StreamReader reader = new StreamReader(new MemoryStream(clientKeyData)))
            {
                obj = new PemReader(reader).ReadObject();
                var key = obj as AsymmetricCipherKeyPair;
                if (null != key)
                {
                    var cipherKey = key;
                    obj = cipherKey.Private;
                }
            }
            RsaPrivateCrtKeyParameters rsaPrivateKeyParams = (RsaPrivateCrtKeyParameters)obj;

            // Save cert entry in pkcs12 store
            Org.BouncyCastle.X509.X509Certificate clientCert = new X509CertificateParser().ReadCertificate(new MemoryStream(clientCertData));
            Pkcs12Store store = new Pkcs12StoreBuilder().Build();

            store.SetKeyEntry("K8SKEY", new AsymmetricKeyEntry(rsaPrivateKeyParams), new[] { new X509CertificateEntry(clientCert) });

            // Generate pfx
            using (MemoryStream pkcsStream = new MemoryStream())
            {
                store.Save(pkcsStream, new char[0], new SecureRandom());
                return(new X509Certificate2(pkcsStream.ToArray()));
            }
        }
Example #2
0
        /// <summary>
        /// Creates a new instance of <see cref="IKubernetesClient"/>.
        /// </summary>
        /// <param name="authType">The authentication type.</param>
        /// <returns>Instance of <see cref="IKubernetesClient"/>.</returns>
        public IKubernetesClient CreateClient(AuthType authType)
        {
            // Parse kube config from path
            KubeConfig kubeConfigFile = KubeConfigUtils.ParseKubeConfig(this.kubeConfigFilePath);

            // Get current context from kube config
            Cluster cluster = default(Cluster);
            User    user    = default(User);

            if (!KubeConfigUtils.TryGetCurrentContext(kubeConfigFile, out cluster, out user))
            {
                throw new ApplicationException("Invalid config in %USERPROFILE%\\.kube\\config.");
            }

            // Build client
            ApiClient client = new ApiClient(cluster.ClusterData.Server);

            switch (authType)
            {
            case AuthType.BasicAuth:
                client.RestClient.Authenticator = new HttpBasicAuthenticator(user.UserData.UserName, user.UserData.Password);
                break;

            case AuthType.TokenAuth:
                client.RestClient.Authenticator = new OAuth2AuthorizationRequestHeaderAuthenticator(user.UserData.Token);
                break;

            case AuthType.SSLAuth:
                client.RestClient.ClientCertificates = new X509CertificateCollection()
                {
                    KubeConfigUtils.GenerateClientCert(user)
                };
                break;

            default:
                break;
            }
            return(new KubernetesClient(new Configuration(client)));
        }