Added ExpiresAt helper to certitifcate. Moved Subscription to SubscriptionInfo to match API. Applied feedback from the pull request.

felixsch · felixsch · commit 8807345a24cc · 2025-02-26T15:57:36.000+01:00
diff --git a/pkg/registration/offline_certificate.go b/pkg/registration/offline_certificate.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"strings"
+	"time"
 )
 
 // The information extracted from an offline registration certificate
@@ -29,19 +30,19 @@ type OfflineCertificate struct {
 // not have the relevant information. Make sure to check if the key exists and prepare for
 // type casting if necessary.
 type OfflinePayload struct {
-	Login         string         `json:"login"`
-	Password      string         `json:"password"`
-	Subscription  Subscription   `json:"subscription"`
-	HashedRegcode string         `json:"hashed_regcode"`
-	HashedUUID    string         `json:"hashed_uuid"`
-	Information   map[string]any `json:"information"`
+	Login            string           `json:"login"`
+	Password         string           `json:"password"`
+	SubscriptionInfo SubscriptionInfo `json:"subscription"`
+	HashedRegcode    string           `json:"hashed_regcode"`
+	HashedUUID       string           `json:"hashed_uuid"`
+	Information      map[string]any   `json:"information"`
 }
 
 // Reads an offline registration certificate from a read object
 //
 // An error indicates the certificate was probably malformed
 func OfflineCertificateFrom(reader io.Reader) (*OfflineCertificate, error) {
-	certificate := OfflineCertificate{}
+	certificate := &OfflineCertificate{}
 
 	raw, readErr := io.ReadAll(reader)
 
@@ -55,17 +56,17 @@ func OfflineCertificateFrom(reader io.Reader) (*OfflineCertificate, error) {
 		return nil, decodeErr
 	}
 
-	if err := json.Unmarshal(decoded, &certificate); err != nil {
+	if err := json.Unmarshal(decoded, certificate); err != nil {
 		return nil, fmt.Errorf("json error: %s", err)
 	}
 
-	return &certificate, nil
+	return certificate, nil
 }
 
 // Checks if the provided offline registration certificate is valid using
 // the public RSA key to validate the included signature
 func (cert *OfflineCertificate) IsValid() (bool, error) {
-	key, keyErr := sCCPublicKey()
+	key, keyErr := sccPublicKey()
 
 	if keyErr != nil {
 		return false, keyErr
@@ -94,19 +95,19 @@ func (cert *OfflineCertificate) ExtractPayload() (*OfflinePayload, error) {
 		return cert.OfflinePayload, nil
 	}
 
-	payload := OfflinePayload{}
+	payload := &OfflinePayload{}
 	raw, decodeErr := decodeBase64([]byte(cert.EncodedPayload))
 
 	if decodeErr != nil {
 		return nil, decodeErr
 	}
 
-	if jsonErr := json.Unmarshal(raw, &payload); jsonErr != nil {
+	if jsonErr := json.Unmarshal(raw, payload); jsonErr != nil {
 		return nil, fmt.Errorf("json: %s", jsonErr)
 	}
 
-	cert.OfflinePayload = &payload
-	return &payload, nil
+	cert.OfflinePayload = payload
+	return payload, nil
 }
 
 // Provides the signature encoded in the offline registration certificate which
@@ -150,10 +151,20 @@ func (cert *OfflineCertificate) ProductClassIncluded(name string) (bool, error)
 		return false, extractErr
 	}
 
-	for _, class := range payload.Subscription.ProductClasses {
+	for _, class := range payload.SubscriptionInfo.ProductClasses {
 		if class.Name == name {
 			return true, nil
 		}
 	}
 	return false, nil
 }
+
+func (cert *OfflineCertificate) ExpiresAt() (time.Time, error) {
+	payload, extractErr := cert.ExtractPayload()
+
+	if extractErr != nil {
+		return time.Now(), extractErr
+	}
+
+	return payload.SubscriptionInfo.ExpiresAt, nil
+}
diff --git a/pkg/registration/offline_certificate_test.go b/pkg/registration/offline_certificate_test.go
@@ -83,7 +83,6 @@ func TestOfflineCertificateExtractPayloadSuccess(t *testing.T) {
 
 	rawCert := fixture(t, "pkg/registration/offline_certificate/valid.cert")
 	reader := bytes.NewReader(rawCert)
-	expectedExpirationDate := time.Date(2026, time.January, 27, 11, 53, 51, 223000000, time.UTC)
 
 	cert, err := registration.OfflineCertificateFrom(reader)
 	assert.NoError(err)
@@ -93,8 +92,7 @@ func TestOfflineCertificateExtractPayloadSuccess(t *testing.T) {
 
 	assert.Equal("SCC_384deae18e324233b20de20c87b89df7", payload.Login)
 	assert.Equal("https://rnch1.dev.company.net/index", payload.Information["server_url"].(string))
-	assert.Equal("RANCHER-X86-ALPHA", payload.Subscription.ProductClasses[0].Name)
-	assert.Equal(expectedExpirationDate, payload.Subscription.ExpiresAt)
+	assert.Equal("RANCHER-X86-ALPHA", payload.SubscriptionInfo.ProductClasses[0].Name)
 }
 
 func TestOfflineCertificateExtractPayloadInvalidJSON(t *testing.T) {
@@ -166,3 +164,20 @@ func TestOfflineCertificateProductClassIncluded(t *testing.T) {
 	assert.True(shouldBeIncluded)
 	assert.False(shouldNotBeIncluded)
 }
+
+func TestOfflineCertificateExpireDate(t *testing.T) {
+	assert := assert.New(t)
+
+	rawCert := fixture(t, "pkg/registration/offline_certificate/valid.cert")
+	reader := bytes.NewReader(rawCert)
+
+	cert, readErr := registration.OfflineCertificateFrom(reader)
+	assert.NoError(readErr)
+
+	expectedExpirationDate := time.Date(2026, time.January, 27, 11, 53, 51, 223000000, time.UTC)
+
+	expireDate, err := cert.ExpiresAt()
+	assert.NoError(err)
+
+	assert.Equal(expectedExpirationDate, expireDate)
+}
diff --git a/pkg/registration/subscription_info.go b/pkg/registration/subscription_info.go
@@ -3,7 +3,7 @@ package registration
 import "time"
 
 // A subscription used in the offline registration workflow
-type Subscription struct {
+type SubscriptionInfo struct {
 	Kind           string         `json:"kind"`
 	Name           string         `json:"name"`
 	StartsAt       time.Time      `json:"starts_at"`
diff --git a/pkg/registration/utilities.go b/pkg/registration/utilities.go
@@ -29,7 +29,7 @@ func decodeBase64(input []byte) ([]byte, error) {
 	return decoded[:size], nil
 }
 
-func sCCPublicKey() (*rsa.PublicKey, error) {
+func sccPublicKey() (*rsa.PublicKey, error) {
 	block, _ := pem.Decode(publicKey)
 
 	// PKCS#8 compatible

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ func decodeBase64(input []byte) ([]byte, error) {`
`29`	`29`	`return decoded[:size], nil`
`30`	`30`	`}`
`31`	`31`
`32`		`-func sCCPublicKey() (*rsa.PublicKey, error) {`
	`32`	`+func sccPublicKey() (*rsa.PublicKey, error) {`
`33`	`33`	`block, _ := pem.Decode(publicKey)`
`34`	`34`
`35`	`35`	`// PKCS#8 compatible`