Merge pull request #2009 from rrayst/master

support certificate chain when reading client certificate(s)

Author: k8s-ci-robot

util/src/main/java/io/kubernetes/client/util/SSLUtils.java

@@ -28,12 +28,14 @@
 import java.security.PrivateKey;
 import java.security.Security;
 import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.RSAPrivateCrtKeySpec;
+import java.util.Collection;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import org.apache.commons.codec.binary.Base64;
@@ -175,7 +177,7 @@ public static KeyStore createKeyStore(
       throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException,
           KeyStoreException {
     CertificateFactory certFactory = CertificateFactory.getInstance("X509");
-    X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream);
+    Collection<? extends Certificate> certs = certFactory.generateCertificates(certInputStream);
 
     PrivateKey privateKey = loadKey(keyInputStream, clientKeyAlgo);
 
@@ -195,8 +197,10 @@ public static KeyStore createKeyStore(
       loadDefaultKeyStoreFile(keyStore, keyStorePassphrase);
     }
 
-    String alias = cert.getSubjectX500Principal().getName();
-    keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new X509Certificate[] {cert});
+    String alias =
+        ((X509Certificate) certs.stream().findFirst().get()).getSubjectX500Principal().getName();
+    keyStore.setKeyEntry(
+        alias, privateKey, clientKeyPassphrase, certs.toArray(new X509Certificate[certs.size()]));
 
     return keyStore;
   }