Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GODRIVER-2263 Load all certs in a PEM #834

Merged
merged 2 commits into from Jan 24, 2022
Merged

GODRIVER-2263 Load all certs in a PEM #834

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fc7515b
GODRIVER-2263 Load all certs in a PEM when using tlsCertificateKeyFil…
thrawn01 Jan 4, 2022
461a380
Added suggested test from @kevinAlbs
thrawn01 Jan 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
18 changes: 11 additions & 7 deletions mongo/options/clientoptions.go
View file
Open in desktop
Expand Up @@ -1001,7 +1001,8 @@ func addClientCertFromConcatenatedFile(cfg *tls.Config, certKeyFile, keyPassword
// containing file and returns the certificate's subject name.
func addClientCertFromBytes(cfg *tls.Config, data []byte, keyPasswd string) (string, error) {
var currentBlock *pem.Block
var certBlock, certDecodedBlock, keyBlock []byte
var certDecodedBlock []byte
var certBlocks, keyBlocks [][]byte

remaining := data
start := 0
Expand All @@ -1012,7 +1013,8 @@ func addClientCertFromBytes(cfg *tls.Config, data []byte, keyPasswd string) (str
}

if currentBlock.Type == "CERTIFICATE" {
certBlock = data[start : len(data)-len(remaining)]
certBlock := data[start : len(data)-len(remaining)]
certBlocks = append(certBlocks, certBlock)
certDecodedBlock = currentBlock.Bytes
start += len(certBlock)
} else if strings.HasSuffix(currentBlock.Type, "PRIVATE KEY") {
Expand Down Expand Up @@ -1044,22 +1046,24 @@ func addClientCertFromBytes(cfg *tls.Config, data []byte, keyPasswd string) (str
}
var encoded bytes.Buffer
pem.Encode(&encoded, &pem.Block{Type: currentBlock.Type, Bytes: keyBytes})
keyBlock = encoded.Bytes()
keyBlock := encoded.Bytes()
keyBlocks = append(keyBlocks, keyBlock)
start = len(data) - len(remaining)
} else {
keyBlock = data[start : len(data)-len(remaining)]
keyBlock := data[start : len(data)-len(remaining)]
keyBlocks = append(keyBlocks, keyBlock)
start += len(keyBlock)
}
}
}
if len(certBlock) == 0 {
if len(certBlocks) == 0 {
return "", fmt.Errorf("failed to find CERTIFICATE")
}
if len(keyBlock) == 0 {
if len(keyBlocks) == 0 {
return "", fmt.Errorf("failed to find PRIVATE KEY")
}

cert, err := tls.X509KeyPair(certBlock, keyBlock)
cert, err := tls.X509KeyPair(bytes.Join(certBlocks, []byte("\n")), bytes.Join(keyBlocks, []byte("\n")))
kevinAlbs marked this conversation as resolved.
Show resolved Hide resolved
if err != nil {
return "", err
}
Expand Down
5 changes: 5 additions & 0 deletions mongo/options/clientoptions_test.go
View file
Open in desktop
Expand Up @@ -538,6 +538,11 @@ func TestClientOptions(t *testing.T) {
baseClient().SetSRVMaxHosts(2).
SetHosts([]string{"localhost.test.build.10gen.cc:27017", "localhost.test.build.10gen.cc:27018"}),
},
{
"GODRIVER-2263 regression test",
"mongodb://localhost/?tlsCertificateKeyFile=testdata/one-pk-multiple-certs.pem",
baseClient().SetTLSConfig(&tls.Config{Certificates: make([]tls.Certificate, 1)}),
},
}

for _, tc := range testCases {
Expand Down
78 changes: 78 additions & 0 deletions mongo/options/testdata/one-pk-multiple-certs.pem
View file
Open in desktop
@@ -0,0 +1,78 @@
This .pem file includes the following:
- Private Key
- Certificate 1 for Private Key
- Certificate 2 for Issuer of Certificate 1.

This .pem file was created from test certificates from:
https://x509gen.corp.mongodb.com/#/cert/5ce5b21a42a0ef0008b11399

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAgqdjbfumni3Z8A7q2TpVvk1XAHAT/LGsNOEZ/Ksuypv+q3BK
BewgsF54n0oc2UshHDw8hIO6UsmsjRplySTvEfLkEaDiCA9xQ/TYVqSbx5PtFIVg
icPniCl01w3cjsO/GqydeyE9O7X7u58tlEyXNgW+5s9wROPSV/TM5gFNmMOHVDJz
QEiQVyVzd/96gYQHS44C/tibXb8Au+Z3dX0B5xPncbTITiZFpxqE7LXY29ZsyhOe
hbA9YS+YmsVnYJI52kWUMeo4HDXYNa7vifdJmbRhmpAAyvDatZdwvdWlEp0odf8k
JV9LNGvc9GZ31UhZmUAUYt4zR1awFr0xUOalMwIDAQABAoIBADrEW77OoGUprouB
yjSnPoX4d5ek0fipWhH25h92R/euLuCiA0miqhlqhMrxJQS//Eac+YOJVLeEKu7U
3s+Yo0fpfphHSyPg/ktYyC5AoCkm6k5+p6uPyIbATuOkQn6coUq4NaV6j/ZZpr7/
nBrGUIVmFDXxPEhgSO5zF+6ky2hYdF/XSRHSS3ieGxy6PD9dHpWebVnZJ1EtElEc
8h+K0pJzXol++WWNR0S9OZHbYOWfew/2r4K2jfNAYsVjXOLGb2k1k/jC2qN8fq7R
6BGB0D2932X0WfUXBTxj3uBeTcz25ZnQeXuWmcmGRePBuW1nZaZnKcowbdu5gp19
peaVzWECgYEA0fo9KEb1ffUzZTvX42PX0sZyxCmqLqOOQ9DWt9HNIscykIszF4XH
nrrTASD5p3IAweZI/g7VGxjx5C9irqH4NLIswILCcaSyLKzIy9rj4D/4cEdFT4YQ
8zTWXJAEgyphOSBPrefiwBDtbaQyUU+5lOXLEh+ceXjd/56WS0fOBukCgYEAn0pU
Qg3XuWBi0RbaGWdFJ/A/DTmNP6tn9ULij7bjhpEgOT6E3H7gSUmC4QXKhAu+fdKH
bmCs5GYGl9UOiERLvKl4HqU2lCniCKNP2ygRibH8BiKBNtLAp6SGRi6SJsJqfvge
WddtG6WNNBXLpiNzeQJW6Cm0iKJF6skNzkpNMbsCgYEAwuwP9eHZZvJGocVp5hb7
dRjv1RXwe5ctK9skWEQUsCJG2FPAPCfeZYV892FLIJv+BAHo5J+USLFha7hpXT/S
j+iPDq7UHncLR9mmFUe/np8D3AbtWqNT/NGh5Q90gObIliVekkve/Pk5zzxL0Zu2
5XhkiRB7S3BedTscvgmMQnECgYAF8pGI0dl/K3ElG3RTRH7Ziefgx4hVm0HLb47k
DNEcAikw2fu9++LF+b+wRTYVjhazvfuejG+IK6MNYkAjqGEnjzBT/Jk4GQQ+jFJ7
/VgCSyn81Kb8dAwLdmIpFq4QUmwFh6AifJ+vS5QlILc04df66bJzArOh8mUn6g/g
5vdQ5wKBgBxewVKdmZY/GLn8ieFOHimG8y2xKa59j6nMTGaklKEoSyW60GiHk+Jl
q5LhUwHOQx3HzD5dy0ne2+0gN88iySfIe5rGXS7S9Pvnu06WIIbAnGWfedl026KJ
Tfg4SpzwaZtnXN/UJ62aaNgW2uYrdy4wF4M8zhXsgpj9w6xF369x
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDhTCCAm2gAwIBAgIDAxBVMA0GCSqGSIb3DQEBCwUAMHoxHDAaBgNVBAMTE2Ns
aWVudC1pbnRlcm1lZGlhdGUxEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01v
bmdvREIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3Jr
MQswCQYDVQQGEwJVUzAeFw0xOTA2MDMxNTQyMjVaFw0zOTA2MDMxNTQyMjVaMHAx
EjAQBgNVBAMTCWxvY2FsaG9zdDEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMH
TW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlv
cmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
gqdjbfumni3Z8A7q2TpVvk1XAHAT/LGsNOEZ/Ksuypv+q3BKBewgsF54n0oc2Ush
HDw8hIO6UsmsjRplySTvEfLkEaDiCA9xQ/TYVqSbx5PtFIVgicPniCl01w3cjsO/
GqydeyE9O7X7u58tlEyXNgW+5s9wROPSV/TM5gFNmMOHVDJzQEiQVyVzd/96gYQH
S44C/tibXb8Au+Z3dX0B5xPncbTITiZFpxqE7LXY29ZsyhOehbA9YS+YmsVnYJI5
2kWUMeo4HDXYNa7vifdJmbRhmpAAyvDatZdwvdWlEp0odf8kJV9LNGvc9GZ31UhZ
mUAUYt4zR1awFr0xUOalMwIDAQABox4wHDAaBgNVHREEEzARgglsb2NhbGhvc3SH
BH8AAAEwDQYJKoZIhvcNAQELBQADggEBABNAqbfQon7VDIZIVoxL7fNsyv4y/mGI
gR9hTfSJHVyFpgTHjIobKYDpRx01uVTjEGMVjOAcpOYQIfTa7MFdbELrH5q6UUyl
J5i65MJlzIWgrchVzzgcP5UeBRnuUrFRDmt8VOGIA7CI6mWW/dDTHg7NVK5PbVi4
ad56ogiptbnj1GKkImV2TCpwYhNxkf68OcwgfbknkWDxPjGFQjvYLspQBYdK+j9s
0tOGMqbt+8DH7whioH+yv4KhlN9g4R3oOybG82E0fJ8NbdsjEmQby28/f/U8fsjV
EDnxjuxJs/C9AH42Jpu56Zp16hhEz72mVZqeJZe+11wcUiyFW7jgEGc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDjTCCAnWgAwIBAgIDB0QCMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy
aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u
Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx
CzAJBgNVBAYTAlVTMB4XDTE5MDYwMzE1NDAyM1oXDTM5MDYwMzE1NDAyM1owejEc
MBoGA1UEAxMTY2xpZW50LWludGVybWVkaWF0ZTEQMA4GA1UECxMHRHJpdmVyczEQ
MA4GA1UEChMHTW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UE
CBMITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsIKl4kILAnpSbDPQaUNmd8P8X+h45+RXCXmlbNSnKvsDCZU2Q/QV
BxMaOp7jNwOVBdECCQKYp1EL5B8O7rz7i/yJ80MGnh7mQW1Hnan79eIzq8ah5QSz
zJNLdzpix6CBR2GyL4BSl3mujNESEYtotcnihP7+YV6Sis9bttzhYhjmHm7346k2
IpCBhCTS3AEzVL7ExmEc6D7qVA7pMtRFUFoIUzpGNp53v1wUVjwPiiHmzNsuq/kE
fqurB7WHIogux2xBVdfrU7Pfr+1MdD5rDuUB6VblWQBeeha1L6TvSSP3GHC2fG8j
CnhVNye7kWStd3r6Zfpqp9VDTUu0uXM9qwIDAQABox0wGzAMBgNVHRMEBTADAQH/
MAsGA1UdDwQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAX66R/Jvk2jUoVnvuPztR
iinyq9JXCXVQuG+dJ4ATy6JB8xmuaDMYmOSwzVyYZWQGIlqkwNZR5wga5OnksicI
Nm6dvhc5JbQ7ERDNgWzNtBaNkzJsaEjc9/FWcLlJeuQN+ZFdFVP+6k4aAWiYwf4A
KDvyUILEI59TWaScYnQmQcb/v81gLIq1IjaINAkuZcCHAgu2ZWLOSofgnEATiLYH
cXyy9WeRpd8nB3pgy1OjCN1E7+K6yHYYJYPQol25znAB5TLPbWwA8ek8fdmC3IpG
HOQXMsoPKCdlgNzG1RXalFSIO1AU2nYO5zeVB1l+WbzEp+o/zq0bi/HcvBhNAtRm
Lg==
-----END CERTIFICATE-----