Fix issue with X509VerificationFlags.AllowUnknownCertificateAuthority behavior (kubernetes-client#174)

davidorbelian · JonJam · commit 94cf79919f19 · 2018-09-08T11:14:07.000+01:00
* Fix issue with X509VerificationFlags.AllowUnknownCertificateAuthority behavior

* Add CertificateValidationTests
diff --git a/src/KubernetesClient/Kubernetes.ConfigInit.cs b/src/KubernetesClient/Kubernetes.ConfigInit.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Diagnostics.CodeAnalysis;
+using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Net.Security;
@@ -181,6 +182,10 @@ public static bool CertificateValidationCallBack(
                 chain.ChainPolicy.ExtraStore.Add(caCert);
                 chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority;
                 var isValid = chain.Build((X509Certificate2) certificate);
+                
+                var rootCert = chain.ChainElements[chain.ChainElements.Count - 1].Certificate;
+                isValid = isValid && rootCert.RawData.SequenceEqual(caCert.RawData);
+
                 return isValid;
             }
 
diff --git a/tests/KubernetesClient.Tests/CertificateValidationTests.cs b/tests/KubernetesClient.Tests/CertificateValidationTests.cs
@@ -4,7 +4,7 @@
 using System.Security.Cryptography.X509Certificates;
 using Xunit;
 
-namespace k8s.Tests
+namespace k8s.tests
 {
     public class CertificateValidationTests
     {

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`using System.Security.Cryptography.X509Certificates;`
`5`	`5`	`using Xunit;`
`6`	`6`
`7`		`-namespace k8s.Tests`
	`7`	`+namespace k8s.tests`
`8`	`8`	`{`
`9`	`9`	`public class CertificateValidationTests`
`10`	`10`	`{`