X Tutup
Skip to content

Commit fea316a

Browse files
lewisheaddenlewisheadden
committed
Add support for SSL CA
1 parent 5e2e0bc commit fea316a

File tree

3 files changed

+37
-45
lines changed

3 files changed

+37
-45
lines changed

util/src/main/java/io/kubernetes/client/util/ClientBuilder.java

Lines changed: 11 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
import java.io.FileReader;
2323
import java.io.IOException;
2424

25+
import java.io.InputStream;
2526
import java.nio.charset.Charset;
2627
import java.nio.file.Files;
2728
import java.nio.file.Paths;
@@ -40,8 +41,7 @@
4041
public class ClientBuilder {
4142

4243
private String basePath = Config.DEFAULT_FALLBACK_HOST;
43-
private File certificateAuthorityFile = null;
44-
private String certificateAuthorityData = null;
44+
private byte[] caCertBytes = null;
4545
private boolean verifyingSsl = true;
4646
private CredentialProvider credentialProvider;
4747

@@ -95,7 +95,7 @@ public static ClientBuilder fromCluster() throws IOException {
9595

9696
final String token = new String(Files.readAllBytes(Paths.get(SERVICEACCOUNT_TOKEN_PATH)),
9797
Charset.defaultCharset());
98-
builder.setCertificateAuthority(new File(SERVICEACCOUNT_CA_PATH));
98+
builder.setCertificateAuthority(Files.readAllBytes(Paths.get(SERVICEACCOUNT_CA_PATH)));
9999
builder.setCredentialProvider(new AccessTokenCredentialProvider(token));
100100

101101
return builder;
@@ -114,7 +114,9 @@ public static ClientBuilder fromKubeConfig(KubeConfig config) throws IOException
114114
}
115115

116116
if(config.verifySSL()) {
117-
builder.setCertificateAuthority();
117+
final byte[] caBytes = KubeConfig.getDataOrFile(config.getCertificateAuthorityData(),
118+
config.getCertificateAuthorityFile());
119+
builder.setCertificateAuthority(caBytes);
118120
} else {
119121
builder.setVerifyingSsl(false);
120122
}
@@ -142,22 +144,8 @@ public ClientBuilder setCredentialProvider(final CredentialProvider credentialPr
142144
return this;
143145
}
144146

145-
public File getCertificateAuthorityFile() {
146-
return certificateAuthorityFile;
147-
}
148-
149-
public ClientBuilder setCertificateAuthority(File certificateAuthorityFile) {
150-
this.certificateAuthorityFile = certificateAuthorityFile;
151-
this.verifyingSsl = true;
152-
return this;
153-
}
154-
155-
public String getCertificateAuthorityData() {
156-
return certificateAuthorityData;
157-
}
158-
159-
public ClientBuilder setCertificateAuthority(String certificateAuthorityData) {
160-
this.certificateAuthorityData = certificateAuthorityData;
147+
public ClientBuilder setCertificateAuthority(final byte[] caCertBytes) {
148+
this.caCertBytes = caCertBytes;
161149
this.verifyingSsl = true;
162150
return this;
163151
}
@@ -171,7 +159,7 @@ public ClientBuilder setVerifyingSsl(boolean verifyingSsl) {
171159
return this;
172160
}
173161

174-
public ApiClient build() throws FileNotFoundException {
162+
public ApiClient build() {
175163
final ApiClient client = new ApiClient();
176164

177165
if (basePath != null) {
@@ -183,13 +171,8 @@ public ApiClient build() throws FileNotFoundException {
183171

184172
client.setVerifyingSsl(verifyingSsl);
185173

186-
if (certificateAuthorityFile != null) {
187-
client.setSslCaCert(new FileInputStream(certificateAuthorityFile));
188-
}
189-
190-
if (certificateAuthorityData != null) {
191-
byte[] bytes = Base64.decodeBase64(certificateAuthorityData);
192-
client.setSslCaCert(new ByteArrayInputStream(bytes));
174+
if (caCertBytes != null) {
175+
client.setSslCaCert(new ByteArrayInputStream(caCertBytes));
193176
}
194177

195178
if (credentialProvider != null) {

util/src/test/java/io/kubernetes/client/util/ClientBuilderTest.java

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@
4545
public class ClientBuilderTest {
4646
private static final String HOME_PATH = Resources.getResource("").getPath();
4747
private static final String KUBECONFIG_FILE_PATH = Resources.getResource("kubeconfig").getPath();
48+
private static final String SSL_CA_CERT_PATH = Resources.getResource("ca-cert.pem").getPath();
4849

4950
private String basePath = "http://localhost";
5051
private String apiKey = "ABCD";
@@ -120,24 +121,12 @@ public void testApiKeyConfigbuilder() throws Exception {
120121
}
121122

122123
@Test
123-
public void testKeyMgrANDCertConfigBUilder() {
124-
// will not fail even if file not found exception occurs for clientCertFile
125-
try{
126-
//keyMgrs = SSLUtils.keyManagers(clientCertData, clientCertFile, clientKeyData, clientKeyFile, algo, passphrase, keyStoreFile, keyStorePassphrase);
127-
//by default verify ssl is false
128-
ApiClient client = (new ClientBuilder())
124+
public void testSslCertCa() throws Exception {
125+
final ApiClient client = (new ClientBuilder())
129126
.setBasePath(basePath)
130-
.setCredentialProvider(new ClientCertificateCredentialProvider(null, null))
131-
.setCertificateAuthority(certificateAuthorityData)
132-
.setVerifyingSsl(true)
127+
.setCertificateAuthority(Files.readAllBytes(Paths.get(SSL_CA_CERT_PATH)))
133128
.build();
134-
assertEquals(basePath, client.getBasePath());
135-
assertEquals(true, client.isVerifyingSsl());
136-
//below assert is not appropriate
137-
//assertSame(keyMgrs, client.getKeyManagers());
138-
}
139-
catch(Exception e){
140-
//e.printStackTrace();
141-
}
129+
assertEquals(basePath, client.getBasePath());
130+
assertEquals(true, client.isVerifyingSsl());
142131
}
143132
}

util/src/test/resources/ca-cert.pem

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
3+
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
4+
b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
5+
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
6+
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
7+
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
8+
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
9+
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
10+
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
11+
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
12+
jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
13+
AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
14+
A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
15+
U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
16+
N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
17+
o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
18+
5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
19+
rqXRfboQnoZsG4q5WTP468SQvvG5
20+
-----END CERTIFICATE-----

0 commit comments

Comments
 (0)
X Tutup