adding steps for validating ssl

seankane-msft · Aug 4, 2021 · 9dbe47d · 9dbe47d
1 parent 5019877
commit 9dbe47d
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 4 deletions.
diff --git a/eng/pipelines/templates/steps/build-test.yml b/eng/pipelines/templates/steps/build-test.yml
@@ -67,8 +67,7 @@ steps:
         }
 
         Write-Host "##[command]Executing go test -run "^Test" -v -coverprofile coverage.txt $td | go-junit-report -set-exit-code > report.xml"
-        go test -run "^Test" -v -coverprofile coverage.txt .
-        # | go-junit-report -set-exit-code > report.xml
+        go test -run "^Test" -v -coverprofile coverage.txt . | go-junit-report -set-exit-code > report.xml
         # if no tests were actually run (e.g. examples) delete the coverage file so it's omitted from the coverage report
         if (Select-String -path ./report.xml -pattern '<testsuites></testsuites>' -simplematch -quiet) {
           Write-Host "##[command]Deleting empty coverage file"

diff --git a/sdk/tables/aztable/proxy_test.go b/sdk/tables/aztable/proxy_test.go
@@ -6,8 +6,11 @@ package aztable
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
+	"encoding/pem"
 	"fmt"
 	"hash/fnv"
+	"io/ioutil"
 	"net/http"
 	"os"
 	"strings"
@@ -21,11 +24,47 @@ import (
 
 var AADAuthenticationScope = "https://storage.azure.com/.default"
 
+var localCertFile = "C:/github.com/azure-sdk-tools/tools/test-proxy/docker/dev_certificate/dotnet-devcert.crt"
+
+func getRootCas(filePath *string) (*x509.CertPool, error) {
+	rootCAs, err := x509.SystemCertPool()
+	if err != nil {
+		rootCAs = x509.NewCertPool()
+	}
+
+	certs, err := ioutil.ReadFile(*filePath)
+	if err != nil {
+		return nil, err
+	}
+
+	block, _ := pem.Decode(certs)
+
+
+	cert, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	fmt.Println(cert)
+
+	rootCAs.AddCert(cert)
+	return rootCAs, nil
+}
+
 func createTableClientForRecording(t *testing.T, tableName string, serviceURL string, cred azcore.Credential) (*TableClient, error) {
 	policy := recording.NewRecordingPolicy(&recording.RecordingOptions{UseHTTPS: true})
 	transport := http.DefaultTransport.(*http.Transport).Clone()
-	transport.TLSClientConfig.InsecureSkipVerify = true
-	transport.TLSClientConfig.MinVersion = tls.VersionTLS12
+	// transport.TLSClientConfig.InsecureSkipVerify = true
+
+	rootCAs, err := getRootCas(&localCertFile)
+	if err != nil {
+		return nil, err
+	}
+	transport.TLSClientConfig = &tls.Config{
+		InsecureSkipVerify: false,
+		RootCAs:            rootCAs,
+		MinVersion:         tls.VersionTLS12,
+	}
+	// transport.TLSClientConfig.MinVersion = tls.VersionTLS12
 	defaultHttpClient := &http.Client{
 		Transport: transport,
 	}
@@ -39,9 +78,26 @@ func createTableClientForRecording(t *testing.T, tableName string, serviceURL st
 
 func createTableServiceClientForRecording(t *testing.T, serviceURL string, cred azcore.Credential) (*TableServiceClient, error) {
 	policy := recording.NewRecordingPolicy(&recording.RecordingOptions{UseHTTPS: true})
+	transport := http.DefaultTransport.(*http.Transport).Clone()
+	// transport.TLSClientConfig.InsecureSkipVerify = true
+
+	rootCAs, err := getRootCas(&localCertFile)
+	if err != nil {
+		return nil, err
+	}
+	transport.TLSClientConfig = &tls.Config{
+		InsecureSkipVerify: false,
+		RootCAs:            rootCAs,
+		MinVersion:         tls.VersionTLS12,
+	}
+	// transport.TLSClientConfig.MinVersion = tls.VersionTLS12
+	defaultHttpClient := &http.Client{
+		Transport: transport,
+	}
 	options := &TableClientOptions{
 		Scopes:         []string{AADAuthenticationScope},
 		PerCallOptions: []azcore.Policy{policy},
+		HTTPClient:     defaultHttpClient,
 	}
 	return NewTableServiceClient(serviceURL, cred, options)
 }