From 19573f7d2604e95ea71357e36cd7afdfa1f2dece Mon Sep 17 00:00:00 2001
From: Boshi Lian <farmer1992@gmail.com>
Date: Tue, 31 Dec 2024 00:24:58 -0800
Subject: [PATCH] Refactor certificate loading to improve compatibility with
 .NET 9.0

---
 .../KubernetesClientConfiguration.ConfigFile.cs      | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs b/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs
index 50560edd..f25c55bb 100644
--- a/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs
+++ b/src/KubernetesClient/KubernetesClientConfiguration.ConfigFile.cs
@@ -305,22 +305,24 @@ private void SetClusterDetails(K8SConfiguration k8SConfig, Context activeContext
 
             if (uri.Scheme == "https")
             {
-                string nullPassword = null;
                 if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
                 {
-                    // This null password is to change the constructor to fix this KB:
-                    // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
                     var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
 #if NET9_0_OR_GREATER
-                    SslCaCerts = X509CertificateLoader.LoadPkcs12Collection(Convert.FromBase64String(data), nullPassword);
+                    SslCaCerts = new X509Certificate2Collection(X509CertificateLoader.LoadCertificate(Convert.FromBase64String(data)));
 #else
+                    string nullPassword = null;
+                    // This null password is to change the constructor to fix this KB:
+                    // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
                     SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data), nullPassword));
 #endif
                 }
                 else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
                 {
 #if NET9_0_OR_GREATER
-                    SslCaCerts = X509CertificateLoader.LoadPkcs12CollectionFromFile(GetFullPath(k8SConfig, clusterDetails.ClusterEndpoint.CertificateAuthority), nullPassword);
+                    SslCaCerts = new X509Certificate2Collection(X509CertificateLoader.LoadCertificateFromFile(GetFullPath(
+                        k8SConfig,
+                        clusterDetails.ClusterEndpoint.CertificateAuthority)));
 #else
                     SslCaCerts = new X509Certificate2Collection(new X509Certificate2(GetFullPath(
                         k8SConfig,