Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit fea316a

Browse filesBrowse files
lewisheaddenlewisheadden
committed
Add support for SSL CA
1 parent 5e2e0bc commit fea316a
Copy full SHA for fea316a

File tree

Expand file treeCollapse file tree

3 files changed

+37
-45
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

3 files changed

+37
-45
lines changed
Open diff view settings
Collapse file

‎util/src/main/java/io/kubernetes/client/util/ClientBuilder.java‎

Copy file name to clipboardExpand all lines: util/src/main/java/io/kubernetes/client/util/ClientBuilder.java
+11-28Lines changed: 11 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
import java.io.FileReader;
2323
import java.io.IOException;
2424

25+
import java.io.InputStream;
2526
import java.nio.charset.Charset;
2627
import java.nio.file.Files;
2728
import java.nio.file.Paths;
@@ -40,8 +41,7 @@
4041
public class ClientBuilder {
4142

4243
private String basePath = Config.DEFAULT_FALLBACK_HOST;
43-
private File certificateAuthorityFile = null;
44-
private String certificateAuthorityData = null;
44+
private byte[] caCertBytes = null;
4545
private boolean verifyingSsl = true;
4646
private CredentialProvider credentialProvider;
4747

@@ -95,7 +95,7 @@ public static ClientBuilder fromCluster() throws IOException {
9595

9696
final String token = new String(Files.readAllBytes(Paths.get(SERVICEACCOUNT_TOKEN_PATH)),
9797
Charset.defaultCharset());
98-
builder.setCertificateAuthority(new File(SERVICEACCOUNT_CA_PATH));
98+
builder.setCertificateAuthority(Files.readAllBytes(Paths.get(SERVICEACCOUNT_CA_PATH)));
9999
builder.setCredentialProvider(new AccessTokenCredentialProvider(token));
100100

101101
return builder;
@@ -114,7 +114,9 @@ public static ClientBuilder fromKubeConfig(KubeConfig config) throws IOException
114114
}
115115

116116
if(config.verifySSL()) {
117-
builder.setCertificateAuthority();
117+
final byte[] caBytes = KubeConfig.getDataOrFile(config.getCertificateAuthorityData(),
118+
config.getCertificateAuthorityFile());
119+
builder.setCertificateAuthority(caBytes);
118120
} else {
119121
builder.setVerifyingSsl(false);
120122
}
@@ -142,22 +144,8 @@ public ClientBuilder setCredentialProvider(final CredentialProvider credentialPr
142144
return this;
143145
}
144146

145-
public File getCertificateAuthorityFile() {
146-
return certificateAuthorityFile;
147-
}
148-
149-
public ClientBuilder setCertificateAuthority(File certificateAuthorityFile) {
150-
this.certificateAuthorityFile = certificateAuthorityFile;
151-
this.verifyingSsl = true;
152-
return this;
153-
}
154-
155-
public String getCertificateAuthorityData() {
156-
return certificateAuthorityData;
157-
}
158-
159-
public ClientBuilder setCertificateAuthority(String certificateAuthorityData) {
160-
this.certificateAuthorityData = certificateAuthorityData;
147+
public ClientBuilder setCertificateAuthority(final byte[] caCertBytes) {
148+
this.caCertBytes = caCertBytes;
161149
this.verifyingSsl = true;
162150
return this;
163151
}
@@ -171,7 +159,7 @@ public ClientBuilder setVerifyingSsl(boolean verifyingSsl) {
171159
return this;
172160
}
173161

174-
public ApiClient build() throws FileNotFoundException {
162+
public ApiClient build() {
175163
final ApiClient client = new ApiClient();
176164

177165
if (basePath != null) {
@@ -183,13 +171,8 @@ public ApiClient build() throws FileNotFoundException {
183171

184172
client.setVerifyingSsl(verifyingSsl);
185173

186-
if (certificateAuthorityFile != null) {
187-
client.setSslCaCert(new FileInputStream(certificateAuthorityFile));
188-
}
189-
190-
if (certificateAuthorityData != null) {
191-
byte[] bytes = Base64.decodeBase64(certificateAuthorityData);
192-
client.setSslCaCert(new ByteArrayInputStream(bytes));
174+
if (caCertBytes != null) {
175+
client.setSslCaCert(new ByteArrayInputStream(caCertBytes));
193176
}
194177

195178
if (credentialProvider != null) {
Collapse file

‎util/src/test/java/io/kubernetes/client/util/ClientBuilderTest.java‎

Copy file name to clipboardExpand all lines: util/src/test/java/io/kubernetes/client/util/ClientBuilderTest.java
+6-17Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@
4545
public class ClientBuilderTest {
4646
private static final String HOME_PATH = Resources.getResource("").getPath();
4747
private static final String KUBECONFIG_FILE_PATH = Resources.getResource("kubeconfig").getPath();
48+
private static final String SSL_CA_CERT_PATH = Resources.getResource("ca-cert.pem").getPath();
4849

4950
private String basePath = "http://localhost";
5051
private String apiKey = "ABCD";
@@ -120,24 +121,12 @@ public void testApiKeyConfigbuilder() throws Exception {
120121
}
121122

122123
@Test
123-
public void testKeyMgrANDCertConfigBUilder() {
124-
// will not fail even if file not found exception occurs for clientCertFile
125-
try{
126-
//keyMgrs = SSLUtils.keyManagers(clientCertData, clientCertFile, clientKeyData, clientKeyFile, algo, passphrase, keyStoreFile, keyStorePassphrase);
127-
//by default verify ssl is false
128-
ApiClient client = (new ClientBuilder())
124+
public void testSslCertCa() throws Exception {
125+
final ApiClient client = (new ClientBuilder())
129126
.setBasePath(basePath)
130-
.setCredentialProvider(new ClientCertificateCredentialProvider(null, null))
131-
.setCertificateAuthority(certificateAuthorityData)
132-
.setVerifyingSsl(true)
127+
.setCertificateAuthority(Files.readAllBytes(Paths.get(SSL_CA_CERT_PATH)))
133128
.build();
134-
assertEquals(basePath, client.getBasePath());
135-
assertEquals(true, client.isVerifyingSsl());
136-
//below assert is not appropriate
137-
//assertSame(keyMgrs, client.getKeyManagers());
138-
}
139-
catch(Exception e){
140-
//e.printStackTrace();
141-
}
129+
assertEquals(basePath, client.getBasePath());
130+
assertEquals(true, client.isVerifyingSsl());
142131
}
143132
}
Collapse file

‎util/src/test/resources/ca-cert.pem‎

Copy file name to clipboard
+20Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
-----BEGIN CERTIFICATE-----
2+
MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
3+
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
4+
b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
5+
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
6+
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
7+
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
8+
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
9+
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
10+
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
11+
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
12+
jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
13+
AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
14+
A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
15+
U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
16+
N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
17+
o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
18+
5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
19+
rqXRfboQnoZsG4q5WTP468SQvvG5
20+
-----END CERTIFICATE-----

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.