addressing review comments

2023-10-27 19:06:51 -07:00 · 2023-10-27 19:06:51 -07:00 · cad6834715
--- a/pkg/certs/cert_utils.go
+++ b/pkg/certs/cert_utils.go
@ -4,10 +4,18 @@
 package certs

 import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"crypto/x509/pkix"
 	"fmt"
+	"math"
+	"math/big"
+	"net"
 	"time"

 	"github.com/microsoft/moc/pkg/errors"
+	wssdnet "github.com/microsoft/moc/pkg/net"
 )

 const (
@ -63,3 +71,51 @@ func IsCertificateExpired(certificate string) (bool, error) {
 	}
 	return x509Cert.NotAfter.Before(time.Now()), nil
 }
+
+func GenerateExpiredClientCertificate(name string) (*x509.Certificate, *rsa.PrivateKey, error) {
+	key, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, key, err
+	}
+
+	nodeFqdn, err := wssdnet.GetIPAddress()
+	if err != nil {
+		return nil, key, err
+	}
+
+	now := time.Now().UTC()
+
+	serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
+	if err != nil {
+		return nil, key, err
+	}
+
+	tmpl := x509.Certificate{
+		SerialNumber: serial,
+		Subject: pkix.Name{
+			CommonName:   name,
+			Organization: []string{"microsoft"},
+		},
+		NotBefore:             now.Add(-time.Hour * 24 * 365 * 2), // 2 years ago
+		NotAfter:              now.Add(-time.Hour * 24 * 365),     // 1 year ago
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		MaxPathLenZero:        true,
+		BasicConstraintsValid: true,
+		MaxPathLen:            0,
+		IsCA:                  true,
+		DNSNames:              []string{"localhost"},
+		IPAddresses:           []net.IP{wssdnet.StringToNetIPAddress(wssdnet.LOOPBACK_ADDRESS), wssdnet.StringToNetIPAddress(nodeFqdn)},
+	}
+
+	b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
+	if err != nil {
+		return nil, key, err
+	}
+
+	x509Cert, err := x509.ParseCertificate(b)
+	if err != nil {
+		return nil, key, err
+	}
+
+	return x509Cert, key, nil
+}
--- a/pkg/certs/util.go
+++ b/pkg/certs/util.go
@ -418,51 +418,3 @@ func GenerateCertificateRenewRequestSameKey(cert *tls.Certificate) (retCsr []byt
 	retCsr = EncodeCertRequestPEM(x509CertReq)
 	return
 }
-
-func GenerateExpiredClientCertificate(name string) (*x509.Certificate, *rsa.PrivateKey, error) {
-	key, err := rsa.GenerateKey(rand.Reader, 2048)
-	if err != nil {
-		return nil, key, err
-	}
-
-	nodeFqdn, err := wssdnet.GetIPAddress()
-	if err != nil {
-		return nil, key, err
-	}
-
-	now := time.Now().UTC()
-
-	serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
-	if err != nil {
-		return nil, key, err
-	}
-
-	tmpl := x509.Certificate{
-		SerialNumber: serial,
-		Subject: pkix.Name{
-			CommonName:   name,
-			Organization: []string{"microsoft"},
-		},
-		NotBefore:             now.Add(-time.Hour * 24 * 365 * 2), // 2 years ago
-		NotAfter:              now.Add(-time.Hour * 24 * 365),     // 1 year ago
-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
-		MaxPathLenZero:        true,
-		BasicConstraintsValid: true,
-		MaxPathLen:            0,
-		IsCA:                  true,
-		DNSNames:              []string{"localhost"},
-		IPAddresses:           []net.IP{wssdnet.StringToNetIPAddress(wssdnet.LOOPBACK_ADDRESS), wssdnet.StringToNetIPAddress(nodeFqdn)},
-	}
-
-	b, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key)
-	if err != nil {
-		return nil, key, err
-	}
-
-	x509Cert, err := x509.ParseCertificate(b)
-	if err != nil {
-		return nil, key, err
-	}
-
-	return x509Cert, key, nil
-}
--- a/pkg/validations/proxy_validation.go
+++ b/pkg/validations/proxy_validation.go
@ -15,7 +15,7 @@ import (
 	"github.com/microsoft/moc/pkg/errors"
 )

-func ValidateProxyURL(proxyURL string, certContent string) error {
+func ValidateProxyURLAndTestConnection(proxyURL string, certContent string, getRequestUrl string) error {
 	parsedURL, err := url.ParseRequestURI(proxyURL)

 	if err != nil {
@ -44,8 +44,12 @@ func ValidateProxyURL(proxyURL string, certContent string) error {
 		Transport: transport,
 	}

+	if getRequestUrl == "" {
+		getRequestUrl = "https://mcr.microsoft.com"
+	}
+
 	// Test the HTTP GET request
-	response, err := client.Get("https://mcr.microsoft.com")
+	response, err := client.Get(getRequestUrl)
 	if err != nil {
 		return errors.Wrapf(errors.InvalidInput, err.Error())
 	} else {
--- a/pkg/validations/proxy_validation_test.go
+++ b/pkg/validations/proxy_validation_test.go
@ -17,21 +17,21 @@ func Test_ValidateProxyURL(t *testing.T) {
 	caCertString := string(certBytes)

 	// Empty proxy url
-	err = ValidateProxyURL("", "")
+	err = ValidateProxyURLAndTestConnection("", "", "")
 	expectedResult := "parse \"\": empty url: Invalid Input"
 	if err.Error() != expectedResult {
 		t.Fatalf("Test_ValidateProxyURL test case failed. Expected error %s but got %s", expectedResult, err.Error())
 	}

 	// Invalid proxy url
-	err = ValidateProxyURL("//akse2e:akse2e@skyproxy.ceccloud1.selfhost.corp.microsoft.com:3128", caCertString)
+	err = ValidateProxyURLAndTestConnection("//akse2e:akse2e@skyproxy.ceccloud1.selfhost.corp.microsoft.com:3128", caCertString, "")
 	expectedResult = "Invalid proxy URL. The URL scheme should be http or https: Invalid Input"
 	if err.Error() != expectedResult {
 		t.Fatalf("Test_ValidateProxyURL test case failed. Expected error %s but got %s", expectedResult, err.Error())
 	}

 	// Invalid hostname
-	err = ValidateProxyURL("http://akse2e:akse2e@.ceccloud1.selfhost.corp.microsoft.com:3128", caCertString)
+	err = ValidateProxyURLAndTestConnection("http://akse2e:akse2e@.ceccloud1.selfhost.corp.microsoft.com:3128", caCertString, "")
 	expectedResult = "Get \"https://mcr.microsoft.com\": proxyconnect tcp: dial tcp: lookup .ceccloud1.selfhost.corp.microsoft.com: no such host: Invalid Input"
 	if err.Error() != expectedResult {
 		t.Fatalf("Test_ValidateProxyURL test case failed. Expected error %s but got %s", expectedResult, err.Error())