From 5e94bc7c5a6f0a4a9eca0e3bd1a2c4a911190e05 Mon Sep 17 00:00:00 2001
From: Sourabh Jain <sourabhjain@microsoft.com>
Date: Mon, 29 Jan 2024 01:26:41 +0530
Subject: [PATCH] fix validation

---
 .../src/CosmosClientOptions.cs                | 20 ++++++++++++++-----
 .../CosmosClientOptionsUnitTests.cs           |  5 +++--
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/Microsoft.Azure.Cosmos/src/CosmosClientOptions.cs b/Microsoft.Azure.Cosmos/src/CosmosClientOptions.cs
index 19d71f901a..8700f2e56e 100644
--- a/Microsoft.Azure.Cosmos/src/CosmosClientOptions.cs
+++ b/Microsoft.Azure.Cosmos/src/CosmosClientOptions.cs
@@ -731,6 +731,11 @@ internal Protocol ConnectionProtocol
         /// Flag that controls whether CPU monitoring thread is created to enrich timeout exceptions with additional diagnostic. Default value is true.
         /// </summary>
         internal bool? EnableCpuMonitor { get; set; }
+
+        /// <summary>
+        /// Flag indicates the value of DisableServerCertificateValidation flag set at connection string level.Default it is false.
+        /// </summary>
+        internal bool DisableServerCertificateValidation { get; set; }
 
         /// <summary>
         /// Gets or sets Client Telemetry Options like feature flags and corresponding options
@@ -758,7 +763,7 @@ internal virtual ConnectionPolicy GetConnectionPolicy(int clientId)
             this.ValidateDirectTCPSettings();
             this.ValidateLimitToEndpointSettings();
             this.ValidatePartitionLevelFailoverSettings();
-            this.ValidateServerCallbackSettings();
+            this.ValidateAndSetServerCallbackSettings();
 
             ConnectionPolicy connectionPolicy = new ConnectionPolicy()
             {
@@ -867,7 +872,7 @@ internal static CosmosClientOptions GetCosmosClientOptionsWithCertificateFlag(st
             clientOptions ??= new CosmosClientOptions();
             if (CosmosClientOptions.IsConnectionStringDisableServerCertificateValidationFlag(connectionString))
             {
-                clientOptions.ServerCertificateCustomValidationCallback = (_, _, _) => true;
+                clientOptions.DisableServerCertificateValidation = true;
             }
 
             return clientOptions;
@@ -932,11 +937,16 @@ private void ValidatePartitionLevelFailoverSettings()
             }
         }
 
-        private void ValidateServerCallbackSettings()
+        private void ValidateAndSetServerCallbackSettings()
         {
-            if (this.HttpClientFactory != null && this.ServerCertificateCustomValidationCallback != null)
+            if (this.DisableServerCertificateValidation && this.ServerCertificateCustomValidationCallback != null)
             {
-                throw new ArgumentException($"Cannot specify {nameof(this.HttpClientFactory)} and {nameof(this.ServerCertificateCustomValidationCallback)}. Only one can be set.");
+                throw new ArgumentException($"Cannot specify {nameof(this.DisableServerCertificateValidation)} flag in Connection String and {nameof(this.ServerCertificateCustomValidationCallback)}. Only one can be set.");
+            }
+            
+            if (this.DisableServerCertificateValidation)
+            {
+                this.ServerCertificateCustomValidationCallback = (_, _, _) => true;
             }
         }
 
diff --git a/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/CosmosClientOptionsUnitTests.cs b/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/CosmosClientOptionsUnitTests.cs
index 994d53ed35..b0b6b8be35 100644
--- a/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/CosmosClientOptionsUnitTests.cs
+++ b/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.Tests/CosmosClientOptionsUnitTests.cs
@@ -892,6 +892,7 @@ public void InvalidApplicationNameCatchTest()
         [TestMethod]
         [DataRow(ConnectionString, false)]
         [DataRow(ConnectionString + "DisableServerCertificateValidation=true;", true)]
+        [DataRow(ConnectionString + "DisableServerCertificateValidation=false;", false)]
         public void TestServerCertificatesValidationCallback(string connStr, bool expectedIgnoreCertificateFlag)
         {
             //Arrange
@@ -917,11 +918,11 @@ public void TestServerCertificatesValidationCallback(string connStr, bool expect
         [TestMethod]
         [DataRow(ConnectionString + "DisableServerCertificateValidation=true;")]
         [ExpectedException(typeof(ArgumentException))]
-        public void TestServerCertificatesValidationWithHttpFactoryCallback(string connStr)
+        public void TestServerCertificatesValidationWithDisableSSLFlagTrue(string connStr)
         {
             CosmosClientOptions options = new CosmosClientOptions
             {
-                HttpClientFactory = () => new HttpClient()
+               ServerCertificateCustomValidationCallback = (certificate, chain, sslPolicyErrors) => true
             };
             CosmosClient cosmosClient = new CosmosClient(connStr, options);
         }