Merge pull request #339 from jzwlqx/master

brendandburns · web-flow · commit 91d4e44af4e1 · 2018-08-22T11:43:19.000-07:00
support client certificate chain
diff --git a/util/src/main/java/io/kubernetes/client/util/SSLUtils.java b/util/src/main/java/io/kubernetes/client/util/SSLUtils.java
@@ -34,13 +34,13 @@
 import java.security.PrivateKey;
 import java.security.Security;
 import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.RSAPrivateCrtKeySpec;
+import java.util.Collection;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import org.apache.commons.codec.binary.Base64;
@@ -145,7 +145,9 @@ public static KeyStore createKeyStore(
       throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException,
           KeyStoreException {
     CertificateFactory certFactory = CertificateFactory.getInstance("X509");
-    X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream);
+    Collection<X509Certificate> certs =
+        (Collection<X509Certificate>) certFactory.generateCertificates(certInputStream);
+    X509Certificate[] certsArray = certs.toArray(new X509Certificate[0]);
 
     PrivateKey privateKey = loadKey(keyInputStream, clientKeyAlgo);
 
@@ -156,8 +158,8 @@ public static KeyStore createKeyStore(
       loadDefaultKeyStoreFile(keyStore, keyStorePassphrase);
     }
 
-    String alias = cert.getSubjectX500Principal().getName();
-    keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[] {cert});
+    String alias = certsArray[0].getSubjectX500Principal().getName();
+    keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, certsArray);
 
     return keyStore;
   }
