V1CertificateSigningRequest returns system null reference exception

kibernetik542 commented 2 years ago

Hi we are trying, approve and save signing certificate key for k8s.

Our x509 Certificate generator looks like:

  public static byte[] GenerateCertificate(string name)
    {
        var sanBuilder = new SubjectAlternativeNameBuilder();
        sanBuilder.AddIpAddress(IPAddress.Loopback);
        sanBuilder.AddIpAddress(IPAddress.IPv6Loopback);
        sanBuilder.AddDnsName("localhost");
        sanBuilder.AddDnsName(Environment.MachineName);

        var distinguishedName = new X500DistinguishedName(name);

        using var rsa = RSA.Create(4096);
        var request = new CertificateRequest(distinguishedName, rsa, HashAlgorithmName.SHA256,RSASignaturePadding.Pkcs1);

        request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature , false));
        request.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection { new ("1.3.6.1.5.5.7.3.1") }, false));
        request.CertificateExtensions.Add(sanBuilder.Build());
        request.CreateSelfSigned(new DateTimeOffset(DateTime.UtcNow.AddDays(-1)), new DateTimeOffset(DateTime.UtcNow.AddDays(3650)));
        var csr = request.CreateSigningRequest();
        return csr;
    }

And our k8s code looks like:

        var config = KubernetesClientConfiguration.BuildConfigFromConfigFile(fileName);
        IKubernetes client = new k8s.Kubernetes(config);
        config.HttpClientTimeout = new TimeSpan(0, 0, 0, 5);
        var csr = CommonHelper.GenerateCertificate("CN=demo");
        var req = new V1CertificateSigningRequest
         {
             ApiVersion = "certificates.k8s.io/v1",
             Kind = "CertificateSigningRequest",
             Metadata =
             {
                 Name  = "demo"
             },
             Spec =
             {
                 Request = csr,
                 SignerName = "kubernetes.io/kube-apiserver-client",
                 Usages = new List<string>{"client auth"}
             },
         };

         var sign = await client.CreateCertificateSigningRequestAsync(req, cancellationToken: cancellationToken);

Before we thought it was issue with certificate itself and manually replaced with working certificate, but issue is same, V1CertificateSigningRequest returns all time null reference exception. What can be wrong in code?

brendandburns commented 2 years ago

Can you send the exception stack trace?

Thanks

kibernetik542 commented 2 years ago

Hi, I am getting only very short message.

Object reference not set to an instance of an object.

kibernetik542 commented 2 years ago

Nevermind, actually I missed

           ```
            Metadata = new V1ObjectMeta
            {
                Name = "demo"
            },
            Spec = new V1CertificateSigningRequestSpec
            {
                Request = bases,
                SignerName = "kubernetes.io/kube-apiserver-client",
                Usages = new List<string> { "client auth" }
            }

kubernetes-client / csharp

V1CertificateSigningRequest returns system null reference exception #813