From 6c62105cceeb7a0d98f526e3297e667ab93a1e10 Mon Sep 17 00:00:00 2001
From: Boshi LIAN <bolian@microsoft.com>
Date: Tue, 1 Jul 2025 14:34:50 -0700
Subject: [PATCH] Enhance certificate handling for .NET 9 compatibility in
 KubernetesClientConfiguration

---
 .../KubernetesClient.Aot.csproj                   |  5 +----
 .../KubernetesClientConfiguration.ConfigFile.cs   | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/KubernetesClient.Aot/KubernetesClient.Aot.csproj b/src/KubernetesClient.Aot/KubernetesClient.Aot.csproj
index 88fe09488..ced074146 100644
--- a/src/KubernetesClient.Aot/KubernetesClient.Aot.csproj
+++ b/src/KubernetesClient.Aot/KubernetesClient.Aot.csproj
@@ -6,6 +6,7 @@
     <PublishAot>true</PublishAot>
     <IsAotCompatible>true</IsAotCompatible>
     <EmitCompilerGeneratedFiles>true</EmitCompilerGeneratedFiles>
+    <DefineConstants>$(DefineConstants);K8S_AOT</DefineConstants>
   </PropertyGroup>
 
   <ItemGroup>
@@ -104,10 +105,6 @@
     <Compile Include="..\KubernetesClient\Authentication\TokenCredentials.cs" />
   </ItemGroup>
 
-  <ItemGroup>
-    <Reference Include="System.Net.Http" Condition="'$(TargetFramework)' == 'net48'" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\LibKubernetesGenerator\generators\LibKubernetesGenerator\LibKubernetesGenerator.csproj" OutputItemType="Analyzer" ReferenceOutputAssembly="false" />
   </ItemGroup>
diff --git a/src/KubernetesClient.Aot/KubernetesClientConfiguration.ConfigFile.cs b/src/KubernetesClient.Aot/KubernetesClientConfiguration.ConfigFile.cs
index 597eea7c5..c1865687c 100644
--- a/src/KubernetesClient.Aot/KubernetesClientConfiguration.ConfigFile.cs
+++ b/src/KubernetesClient.Aot/KubernetesClientConfiguration.ConfigFile.cs
@@ -306,21 +306,32 @@ private void SetClusterDetails(K8SConfiguration k8SConfig, Context activeContext
             {
                 if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthorityData))
                 {
+                    var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
+#if NET9_0_OR_GREATER
+                    SslCaCerts = new X509Certificate2Collection(X509CertificateLoader.LoadCertificate(Convert.FromBase64String(data)));
+#else
+                    string nullPassword = null;
                     // This null password is to change the constructor to fix this KB:
                     // https://support.microsoft.com/en-us/topic/kb5025823-change-in-how-net-applications-import-x-509-certificates-bf81c936-af2b-446e-9f7a-016f4713b46b
-                    string nullPassword = null;
-                    var data = clusterDetails.ClusterEndpoint.CertificateAuthorityData;
                     SslCaCerts = new X509Certificate2Collection(new X509Certificate2(Convert.FromBase64String(data), nullPassword));
+#endif
                 }
                 else if (!string.IsNullOrEmpty(clusterDetails.ClusterEndpoint.CertificateAuthority))
                 {
+#if NET9_0_OR_GREATER
+                    SslCaCerts = new X509Certificate2Collection(X509CertificateLoader.LoadCertificateFromFile(GetFullPath(
+                        k8SConfig,
+                        clusterDetails.ClusterEndpoint.CertificateAuthority)));
+#else
                     SslCaCerts = new X509Certificate2Collection(new X509Certificate2(GetFullPath(
                         k8SConfig,
                         clusterDetails.ClusterEndpoint.CertificateAuthority)));
+#endif
                 }
             }
         }
 
+
         private void SetUserDetails(K8SConfiguration k8SConfig, Context activeContext)
         {
             if (string.IsNullOrWhiteSpace(activeContext.ContextDetails.User))