From ccfb3561c719bf4e7c3bd21c8841c16caf5dc0b8 Mon Sep 17 00:00:00 2001
From: Joe Topjian <joe@topjian.net>
Date: Tue, 6 Jun 2017 22:25:15 +0000
Subject: [PATCH] Utilize lxdhelper library for certain functions

---
 Makefile             |   3 +-
 src/discovery/lxd.go | 108 +++++--------------------------------------
 2 files changed, 13 insertions(+), 98 deletions(-)

diff --git a/Makefile b/Makefile
index 1e6e284f..3d1fff4c 100644
--- a/Makefile
+++ b/Makefile
@@ -68,7 +68,8 @@ deps: clean-deps
 	github.com/spf13/cobra \
 	github.com/laher/goxc \
 	github.com/gin-contrib/cors \
-	github.com/lxc/lxd
+	github.com/lxc/lxd \
+	github.com/jtopjian/lxdhelpers
 
 clean-dist:
 	rm -rf ./dist/${VERSION}
diff --git a/src/discovery/lxd.go b/src/discovery/lxd.go
index aa8d4eaa..2338a1d2 100644
--- a/src/discovery/lxd.go
+++ b/src/discovery/lxd.go
@@ -6,11 +6,7 @@
 package discovery
 
 import (
-	"crypto/x509"
-	"encoding/pem"
 	"fmt"
-	"net/http"
-	"os"
 	"strings"
 	"time"
 
@@ -19,6 +15,8 @@ import (
 	"../logging"
 	"../utils"
 
+	"github.com/jtopjian/lxdhelpers"
+
 	"github.com/lxc/lxd"
 	"github.com/lxc/lxd/shared"
 )
@@ -156,7 +154,7 @@ func lxdBuildClient(cfg config.DiscoveryConfig) (*lxd.Client, error) {
 	if strings.HasPrefix(cfg.LXDServerAddress, "https:") {
 
 		/* Validate or generate certificates on the client side (gobetween) */
-		if err := lxdValidateClientCertificates(cfg, lxdConfig); err != nil {
+		if err := lxdhelpers.ValidateClientCertificates(lxdConfig, cfg.LXDClientGenerateCerts); err != nil {
 			return nil, err
 		}
 
@@ -184,7 +182,7 @@ func lxdBuildClient(cfg config.DiscoveryConfig) (*lxd.Client, error) {
 			if _, err := client.GetServerConfig(); err != nil {
 				if cfg.LXDClientAcceptServerCert {
 					var err error
-					client, err = lxdGetServerCertificate(client, cfg.LXDServerRemoteName)
+					client, err = lxdhelpers.GetRemoteCertificate(client, cfg.LXDServerRemoteName)
 					if err != nil {
 						return nil, fmt.Errorf("Could not add the LXD server: ", err)
 					}
@@ -203,13 +201,14 @@ func lxdBuildClient(cfg config.DiscoveryConfig) (*lxd.Client, error) {
 			 *
 			 * Authentication must happen even if PKI is in use.
 			 */
-			if !client.AmTrusted() {
-				log.Info("Attempting to authenticate")
-				if err := client.AddMyCertToServer(cfg.LXDServerRemotePassword); err != nil {
-					return nil, err
-				}
-				log.Info("Authentication successful")
+			log.Info("Attempting to authenticate")
+			err = lxdhelpers.ValidateRemoteConnection(client, cfg.LXDServerRemoteName, cfg.LXDServerRemotePassword)
+			if err != nil {
+				log.Info("Authentication unsuccessful")
+				return nil, err
 			}
+
+			log.Info("Authentication successful")
 		}
 	}
 
@@ -245,91 +244,6 @@ func lxdBuildConfig(cfg config.DiscoveryConfig) (lxd.Config, error) {
 	return config, nil
 }
 
-func lxdValidateClientCertificates(cfg config.DiscoveryConfig, lxdConfig lxd.Config) error {
-	log := logging.For("lxdValidateClientCertificates")
-	certf := lxdConfig.ConfigPath("client.crt")
-	keyf := lxdConfig.ConfigPath("client.key")
-
-	if !shared.PathExists(certf) || !shared.PathExists(keyf) {
-		if cfg.LXDClientGenerateCerts {
-			log.Info("Attempting to generate client certificates. This could take a minute.")
-			if err := shared.FindOrGenCert(certf, keyf, true); err != nil {
-				return err
-			}
-		} else {
-			err := fmt.Errorf("Certificate or key not found:\n\t%s\n\t%s\n"+
-				"Either set lxd_generate_client_certs to true or generate the "+
-				"certificates out of band of gobetween and try again", certf, keyf)
-			return err
-		}
-	}
-
-	return nil
-}
-
-func lxdGetServerCertificate(client *lxd.Client, remote string) (*lxd.Client, error) {
-	var certificate *x509.Certificate
-	var err error
-
-	log := logging.For("lxdGetRemoteCertificate")
-	addr := client.Config.Remotes[remote]
-
-	log.Info("Attempting to retrieve remote server certificate")
-	tlsConfig, err := shared.GetTLSConfig("", "", "", nil)
-	if err != nil {
-		return nil, err
-	}
-
-	tlsConfig.InsecureSkipVerify = true
-	tr := &http.Transport{
-		TLSClientConfig: tlsConfig,
-		Dial:            shared.RFC3493Dialer,
-		Proxy:           shared.ProxyFromEnvironment,
-	}
-
-	/* Connect to the remote */
-	httpClient := &http.Client{Transport: tr}
-	resp, err := httpClient.Get(addr.Addr)
-	if err != nil {
-		return nil, err
-	}
-
-	/* Retrieve the certificate */
-	if resp.TLS == nil || len(resp.TLS.PeerCertificates) == 0 {
-		return client, fmt.Errorf("Unable to read remote TLS certificate")
-	}
-
-	certificate = resp.TLS.PeerCertificates[0]
-
-	/* Save the server certificate in the LXDConfigDirectory */
-	dnam := client.Config.ConfigPath("servercerts")
-	if err := os.MkdirAll(dnam, 0750); err != nil {
-		return client, fmt.Errorf("Could not create server cert dir")
-	}
-
-	certf := fmt.Sprintf("%s/%s.crt", dnam, client.Name)
-	certOut, err := os.Create(certf)
-	if err != nil {
-		return client, err
-	}
-
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certificate.Raw})
-	certOut.Close()
-
-	// Setup a new connection, this time with the remote certificate
-	client, err = lxd.NewClient(&client.Config, remote)
-	if err != nil {
-		return client, err
-	}
-
-	// Validate the client before returning
-	if _, err := client.GetServerConfig(); err != nil {
-		return client, err
-	}
-
-	return client, nil
-}
-
 /**
  * Get container IP address depending on network interface and address type
  */