From 01c9daf8d15aa49d33ade035ac7bb19cc4264f80 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Tue, 31 May 2022 12:14:37 +0200 Subject: [PATCH 1/4] chore(ci): add FIPS e2e and smoke tests MONGOSH-1222 --- .evergreen.yml | 401 ++++++++++++++++++ .evergreen/evergreen.yml.in | 7 +- packages/cli-repl/src/smoke-tests.ts | 30 +- packages/cli-repl/test/e2e-auth.spec.ts | 15 +- packages/cli-repl/test/test-shell.ts | 9 +- scripts/docker/amazonlinux1-rpm.Dockerfile | 2 +- scripts/docker/amazonlinux2-rpm.Dockerfile | 3 +- scripts/docker/centos7-epel-rpm.Dockerfile | 3 +- scripts/docker/centos7-rpm.Dockerfile | 2 +- scripts/docker/debian10-deb.Dockerfile | 2 +- scripts/docker/debian11-deb.Dockerfile | 2 +- scripts/docker/debian9-deb.Dockerfile | 2 +- scripts/docker/fedora34-rpm.Dockerfile | 3 +- scripts/docker/rocky8-epel-rpm.Dockerfile | 3 +- scripts/docker/rocky8-rpm.Dockerfile | 3 +- scripts/docker/suse12-rpm.Dockerfile | 2 +- scripts/docker/suse15-rpm.Dockerfile | 2 +- scripts/docker/ubuntu18.04-deb.Dockerfile | 2 +- scripts/docker/ubuntu20.04-deb.Dockerfile | 2 +- scripts/docker/ubuntu20.04-tgz.Dockerfile | 2 +- scripts/docker/ubuntu22.04-deb.Dockerfile | 3 +- testing/certificates/README.md | 7 +- .../certificates/client.bundle.encrypted.pem | 108 ++--- testing/certificates/client.encrypted.key | 108 ++--- testing/certificates/client.pem | 111 +++++ 25 files changed, 693 insertions(+), 141 deletions(-) create mode 100644 testing/certificates/client.pem diff --git a/.evergreen.yml b/.evergreen.yml index ff3fb2e80e..2fe1263710 100644 --- a/.evergreen.yml +++ b/.evergreen.yml @@ -7851,6 +7851,25 @@ tasks: ### # E2E TESTS ### + - name: e2e_tests_darwin_x64_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: darwin + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: darwin-x64 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_darwin_x64 tags: ["e2e-test"] depends_on: @@ -7869,6 +7888,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_darwin_x64_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: darwin + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: darwin-x64 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_darwin_x64_unstable tags: ["e2e-test"] depends_on: @@ -7887,6 +7926,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_darwin_arm64_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: darwin_arm64 + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: darwin-arm64 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_darwin_arm64 tags: ["e2e-test"] depends_on: @@ -7905,6 +7964,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_darwin_arm64_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: darwin_arm64 + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: darwin-arm64 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_darwin_arm64_unstable tags: ["e2e-test"] depends_on: @@ -7923,6 +8002,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_x64_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_x64_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-x64 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_x64 tags: ["e2e-test"] depends_on: @@ -7941,6 +8040,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_x64_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_x64_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-x64 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_x64_unstable tags: ["e2e-test"] depends_on: @@ -7959,6 +8078,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_x64_openssl11_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_x64_build_openssl11 + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-x64-openssl11 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_x64_openssl11 tags: ["e2e-test"] depends_on: @@ -7977,6 +8116,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_x64_openssl11_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_x64_build_openssl11 + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-x64-openssl11 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_x64_openssl11_unstable tags: ["e2e-test"] depends_on: @@ -7995,6 +8154,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_x64_openssl3_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_x64_build_openssl3 + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-x64-openssl3 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_x64_openssl3 tags: ["e2e-test"] depends_on: @@ -8013,6 +8192,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_x64_openssl3_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_x64_build_openssl3 + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-x64-openssl3 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_x64_openssl3_unstable tags: ["e2e-test"] depends_on: @@ -8031,6 +8230,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_arm64_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_arm64_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-arm64 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_arm64 tags: ["e2e-test"] depends_on: @@ -8049,6 +8268,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_arm64_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_arm64_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-arm64 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_arm64_unstable tags: ["e2e-test"] depends_on: @@ -8067,6 +8306,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_arm64_openssl11_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_arm64_build_openssl11 + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-arm64-openssl11 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_arm64_openssl11 tags: ["e2e-test"] depends_on: @@ -8085,6 +8344,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_arm64_openssl11_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_arm64_build_openssl11 + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-arm64-openssl11 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_arm64_openssl11_unstable tags: ["e2e-test"] depends_on: @@ -8103,6 +8382,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_ppc64le_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_ppc64le_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-ppc64le + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_ppc64le tags: ["e2e-test"] depends_on: @@ -8121,6 +8420,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_ppc64le_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_ppc64le_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-ppc64le + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_ppc64le_unstable tags: ["e2e-test"] depends_on: @@ -8139,6 +8458,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_s390x_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_s390x_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-s390x + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_s390x tags: ["e2e-test"] depends_on: @@ -8157,6 +8496,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_linux_s390x_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: linux_s390x_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: linux-s390x + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_linux_s390x_unstable tags: ["e2e-test"] depends_on: @@ -8175,6 +8534,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_win32_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: win32_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: win32 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_win32 tags: ["e2e-test"] depends_on: @@ -8193,6 +8572,26 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "stable" + mongosh_test_e2e_force_fips: "" + - name: e2e_tests_win32_unstable_fips + tags: ["e2e-test"] + depends_on: + - name: compile_artifact + variant: win32_build + commands: + - func: checkout + - func: install + vars: + node_js_version: "16.15.0" + npm_deps_mode: cli_build + - func: download_compiled_artifact + vars: + executable_os_id: win32 + - func: run_e2e_tests + vars: + node_js_version: "16.15.0" + mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "1" - name: e2e_tests_win32_unstable tags: ["e2e-test"] depends_on: @@ -8211,6 +8610,7 @@ tasks: vars: node_js_version: "16.15.0" mongosh_server_test_version: "unstable" + mongosh_test_e2e_force_fips: "" ### # PACKAGING @@ -9898,6 +10298,7 @@ buildvariants: tasks: - name: e2e_tests_linux_x64 - name: e2e_tests_linux_x64_openssl11 + - name: e2e_tests_linux_x64_openssl11_fips - name: e2e_ubuntu1804_x64 display_name: "Ubuntu 18.04 x64 (E2E Tests)" run_on: ubuntu1804-small diff --git a/.evergreen/evergreen.yml.in b/.evergreen/evergreen.yml.in index cffe534f97..05f69f40dd 100644 --- a/.evergreen/evergreen.yml.in +++ b/.evergreen/evergreen.yml.in @@ -798,8 +798,9 @@ tasks: ### <% for (const { executableOsId, compileBuildVariant } of EXECUTABLE_PKG_INFO) { for (const mVersion of ['stable', 'unstable']) { + for (const fipsVariant of ['fips', 'nofips']) { %> - - name: e2e_tests_<% out(executableOsId.replace(/-/g, '_')) %><% out(mVersion === 'stable' ? '' : '_unstable') %> + - name: e2e_tests_<% out(executableOsId.replace(/-/g, '_')) %><% out(mVersion === 'stable' ? '' : '_unstable') %><% out(fipsVariant === 'fips' ? '_fips' : '') %> tags: ["e2e-test"] depends_on: - name: compile_artifact @@ -817,7 +818,8 @@ tasks: vars: node_js_version: "<% out(NODE_JS_VERSION_16) %>" mongosh_server_test_version: "<% out(mVersion) %>" - <% } } %> + mongosh_test_e2e_force_fips: "<% out(fipsVariant === 'fips' ? '1' : '') %>" + <% } } } %> ### # PACKAGING @@ -1084,6 +1086,7 @@ buildvariants: tasks: - name: e2e_tests_linux_x64 - name: e2e_tests_linux_x64_openssl11 + - name: e2e_tests_linux_x64_openssl11_fips - name: e2e_ubuntu1804_x64 display_name: "Ubuntu 18.04 x64 (E2E Tests)" run_on: ubuntu1804-small diff --git a/packages/cli-repl/src/smoke-tests.ts b/packages/cli-repl/src/smoke-tests.ts index c6e3ff2cf3..d46a052da3 100644 --- a/packages/cli-repl/src/smoke-tests.ts +++ b/packages/cli-repl/src/smoke-tests.ts @@ -1,9 +1,10 @@ -/* eslint-disable no-console */ +/* eslint-disable no-console, @typescript-eslint/no-non-null-assertion, chai-friendly/no-unused-expressions */ import { spawn } from 'child_process'; import assert from 'assert'; import { once } from 'events'; import { redactURICredentials } from '@mongosh/history'; import fleSmokeTestScript from './smoke-tests-fle'; +import { buildInfo } from './build-info'; /** * Run smoke tests on an executable, e.g. @@ -19,11 +20,20 @@ export async function runSmokeTests(smokeTestServer: string | undefined, executa if (process.env.IS_CI) { assert(!!smokeTestServer, 'Make sure MONGOSH_SMOKE_TEST_SERVER is set in CI'); } + const expectFipsSupport = !!process.env.MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT && buildInfo().sharedOpenssl; + console.log('FIPS support required to pass?', expectFipsSupport); - for (const { input, output, testArgs } of [{ + for (const { input, output, testArgs, includeStderr } of [{ input: 'print("He" + "llo" + " Wor" + "ld!")', output: /Hello World!/, testArgs: ['--nodb'], + }, { + input: 'crypto.createHash("md5").update("hello").digest("hex")', + output: expectFipsSupport ? + /5d41402abc4b2a76b9719d911017c592/ : + /5d41402abc4b2a76b9719d911017c592|Could not enable FIPS mode/, + includeStderr: true, + testArgs: ['--tlsFIPSMode', '--nodb'] }].concat(smokeTestServer ? [{ input: ` const dbname = "testdb_simplesmoke" + new Date().getTime(); @@ -40,7 +50,7 @@ export async function runSmokeTests(smokeTestServer: string | undefined, executa output: /Test succeeded|Test skipped/, testArgs: [smokeTestServer as string] }] : [])) { - await runSmokeTest(executable, [...args, ...testArgs], input, output); + await runSmokeTest(executable, [...args, ...testArgs], input, output, includeStderr); } console.log('all tests passed'); } @@ -53,16 +63,18 @@ export async function runSmokeTests(smokeTestServer: string | undefined, executa * @param input stdin contents of the executable * @param output Expected contents of stdout */ -async function runSmokeTest(executable: string, args: string[], input: string, output: RegExp): Promise { +async function runSmokeTest(executable: string, args: string[], input: string, output: RegExp, includeStderr?: boolean): Promise { const proc = spawn(executable, [...args], { - stdio: ['pipe', 'pipe', 'inherit'] + stdio: ['pipe', 'pipe', includeStderr ? 'pipe' : 'inherit'] }); let stdout = ''; - proc.stdout.setEncoding('utf8').on('data', (chunk) => { stdout += chunk; }); - proc.stdin.end(input); - await once(proc.stdout, 'end'); + let stderr = ''; + proc.stdout!.setEncoding('utf8').on('data', (chunk) => { stdout += chunk; }); + proc.stderr?.setEncoding('utf8').on('data', (chunk) => { stderr += chunk; }); + proc.stdin!.end(input); + await once(proc.stdout!, 'end'); try { - assert.match(stdout, output); + assert.match(includeStderr ? `${stdout}\n${stderr}` : stdout, output); console.error({ status: 'success', input, output, stdout, executable, args: args.map(arg => redactURICredentials(arg)) }); } catch (err: any) { console.error({ status: 'failure', input, output, stdout, executable, args: args.map(arg => redactURICredentials(arg)) }); diff --git a/packages/cli-repl/test/e2e-auth.spec.ts b/packages/cli-repl/test/e2e-auth.spec.ts index 3f3187e39f..58c6f8d59f 100644 --- a/packages/cli-repl/test/e2e-auth.spec.ts +++ b/packages/cli-repl/test/e2e-auth.spec.ts @@ -137,7 +137,10 @@ describe('Auth e2e', function() { }); shell.assertNoErrors(); }); - it('digestPassword', async() => { + it('digestPassword', async function() { + if (process.env.MONGOSH_TEST_E2E_FORCE_FIPS) { + return this.skip(); // No SCRAM-SHA-1 in FIPS mode + } await shell.executeLine(`use ${dbName}`); expect(await shell.executeLine( 'db.createUser({ user: "anna", pwd: "pwd", roles: [], mechanisms: ["SCRAM-SHA-1"], passwordDigestor: "client"})' @@ -190,7 +193,10 @@ describe('Auth e2e', function() { }); shell.assertNoErrors(); }); - it('digestPassword', async() => { + it('digestPassword', async function() { + if (process.env.MONGOSH_TEST_E2E_FORCE_FIPS) { + return this.skip(); // No SCRAM-SHA-1 in FIPS mode + } await shell.executeLine(`use ${dbName}`); expect(await shell.executeLine( 'db.updateUser("anna", { pwd: "pwd3", passwordDigestor: "client", mechanisms: ["SCRAM-SHA-1"]})' @@ -825,7 +831,10 @@ describe('Auth e2e', function() { shell.assertNoErrors(); }); context('with specific auth mechanisms', () => { - it('can auth with SCRAM-SHA-1', async() => { + it('can auth with SCRAM-SHA-1', async function() { + if (process.env.MONGOSH_TEST_E2E_FORCE_FIPS) { + return this.skip(); // No SCRAM-SHA-1 in FIPS mode + } const connectionString = await testServer.connectionString(); shell = TestShell.start({ args: [ connectionString, diff --git a/packages/cli-repl/test/test-shell.ts b/packages/cli-repl/test/test-shell.ts index eacb62f69b..a1e317cf99 100644 --- a/packages/cli-repl/test/test-shell.ts +++ b/packages/cli-repl/test/test-shell.ts @@ -35,8 +35,13 @@ export class TestShell { env = { ...env, MONGOSH_FORCE_TERMINAL: '1' }; } + const args = [...options.args]; + if (process.env.MONGOSH_TEST_E2E_FORCE_FIPS) { + args.push('--tlsFIPSMode'); + } + if (process.env.MONGOSH_TEST_EXECUTABLE_PATH) { - shellProcess = spawn(process.env.MONGOSH_TEST_EXECUTABLE_PATH, [...options.args], { + shellProcess = spawn(process.env.MONGOSH_TEST_EXECUTABLE_PATH, args, { stdio: [ 'pipe', 'pipe', 'pipe' ], env: env, cwd: options.cwd @@ -52,7 +57,7 @@ export class TestShell { env = { ...env, CLEAR_SIGINT_LISTENERS: '1' }; } - shellProcess = spawn('node', [path.resolve(__dirname, '..', 'bin', 'mongosh.js'), ...options.args], { + shellProcess = spawn('node', [path.resolve(__dirname, '..', 'bin', 'mongosh.js'), ...args], { stdio: [ 'pipe', 'pipe', 'pipe' ], env: env, cwd: options.cwd diff --git a/scripts/docker/amazonlinux1-rpm.Dockerfile b/scripts/docker/amazonlinux1-rpm.Dockerfile index bb1c7992af..95bb2ebf65 100644 --- a/scripts/docker/amazonlinux1-rpm.Dockerfile +++ b/scripts/docker/amazonlinux1-rpm.Dockerfile @@ -5,6 +5,6 @@ ADD ${artifact_url} /tmp ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN yum repolist RUN yum install -y /tmp/*mongosh*.rpm -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/amazonlinux2-rpm.Dockerfile b/scripts/docker/amazonlinux2-rpm.Dockerfile index 49b4600080..cd3f4b8115 100644 --- a/scripts/docker/amazonlinux2-rpm.Dockerfile +++ b/scripts/docker/amazonlinux2-rpm.Dockerfile @@ -5,6 +5,7 @@ ADD ${artifact_url} /tmp ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN yum repolist RUN yum install -y /tmp/*mongosh*.rpm -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- +ENV MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT=1 ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/centos7-epel-rpm.Dockerfile b/scripts/docker/centos7-epel-rpm.Dockerfile index 10b1b654cc..b5a3e340a4 100644 --- a/scripts/docker/centos7-epel-rpm.Dockerfile +++ b/scripts/docker/centos7-epel-rpm.Dockerfile @@ -8,6 +8,7 @@ RUN yum repolist RUN yum install -y epel-release RUN yum repolist RUN yum install -y /tmp/*mongosh*.rpm -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- +ENV MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT=1 ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/centos7-rpm.Dockerfile b/scripts/docker/centos7-rpm.Dockerfile index 98357e6efb..cdb662dd07 100644 --- a/scripts/docker/centos7-rpm.Dockerfile +++ b/scripts/docker/centos7-rpm.Dockerfile @@ -5,6 +5,6 @@ ADD ${artifact_url} /tmp ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN yum repolist RUN yum install -y /tmp/*mongosh*.rpm -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/debian10-deb.Dockerfile b/scripts/docker/debian10-deb.Dockerfile index 93aca5c0a0..e59bc37be4 100644 --- a/scripts/docker/debian10-deb.Dockerfile +++ b/scripts/docker/debian10-deb.Dockerfile @@ -6,7 +6,7 @@ ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN apt-get update RUN apt-get install -y man-db RUN apt-get install -y /tmp/*mongosh*.deb -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/debian11-deb.Dockerfile b/scripts/docker/debian11-deb.Dockerfile index 2195fa035b..a5bac57294 100644 --- a/scripts/docker/debian11-deb.Dockerfile +++ b/scripts/docker/debian11-deb.Dockerfile @@ -6,7 +6,7 @@ ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN apt-get update RUN apt-get install -y man-db RUN apt-get install -y /tmp/*mongosh*.deb -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/debian9-deb.Dockerfile b/scripts/docker/debian9-deb.Dockerfile index e52b8be024..e2589e7669 100644 --- a/scripts/docker/debian9-deb.Dockerfile +++ b/scripts/docker/debian9-deb.Dockerfile @@ -6,7 +6,7 @@ ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN apt-get update RUN apt-get install -y man-db RUN apt-get install -y /tmp/*mongosh*.deb -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/fedora34-rpm.Dockerfile b/scripts/docker/fedora34-rpm.Dockerfile index 1ef873e211..01d4f53e16 100644 --- a/scripts/docker/fedora34-rpm.Dockerfile +++ b/scripts/docker/fedora34-rpm.Dockerfile @@ -6,6 +6,7 @@ ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN yum repolist RUN yum install -y man RUN yum install -y /tmp/*mongosh*.rpm -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- +ENV MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT=1 ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/rocky8-epel-rpm.Dockerfile b/scripts/docker/rocky8-epel-rpm.Dockerfile index ff09b7c434..1d1ada638a 100644 --- a/scripts/docker/rocky8-epel-rpm.Dockerfile +++ b/scripts/docker/rocky8-epel-rpm.Dockerfile @@ -9,7 +9,8 @@ RUN dnf install -y epel-release RUN dnf repolist RUN dnf install -y man RUN dnf install -y /tmp/*mongosh*.rpm -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates +ENV MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT=1 ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/rocky8-rpm.Dockerfile b/scripts/docker/rocky8-rpm.Dockerfile index 3500dbdd9e..486faee738 100644 --- a/scripts/docker/rocky8-rpm.Dockerfile +++ b/scripts/docker/rocky8-rpm.Dockerfile @@ -6,7 +6,8 @@ ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN dnf repolist RUN dnf install -y man RUN dnf install -y /tmp/*mongosh*.rpm -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates +ENV MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT=1 ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/suse12-rpm.Dockerfile b/scripts/docker/suse12-rpm.Dockerfile index 78fa079138..2b1293d726 100644 --- a/scripts/docker/suse12-rpm.Dockerfile +++ b/scripts/docker/suse12-rpm.Dockerfile @@ -6,6 +6,6 @@ ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN zypper --no-gpg-checks --non-interactive addrepo https://download.opensuse.org/repositories/openSUSE:Leap:15.1:Update/standard/openSUSE:Leap:15.1:Update.repo RUN zypper --no-gpg-checks --non-interactive refresh RUN zypper --no-gpg-checks --non-interactive install /tmp/*mongosh*.rpm -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/suse15-rpm.Dockerfile b/scripts/docker/suse15-rpm.Dockerfile index c5164b9df5..31f0203372 100644 --- a/scripts/docker/suse15-rpm.Dockerfile +++ b/scripts/docker/suse15-rpm.Dockerfile @@ -7,7 +7,7 @@ RUN zypper --no-gpg-checks --non-interactive addrepo https://download.opensuse.o RUN zypper --no-gpg-checks --non-interactive refresh RUN zypper --no-gpg-checks --non-interactive install man RUN zypper --no-gpg-checks --non-interactive install /tmp/*mongosh*.rpm -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/ubuntu18.04-deb.Dockerfile b/scripts/docker/ubuntu18.04-deb.Dockerfile index 4c956b61a8..6bfcb4174d 100644 --- a/scripts/docker/ubuntu18.04-deb.Dockerfile +++ b/scripts/docker/ubuntu18.04-deb.Dockerfile @@ -5,6 +5,6 @@ ADD ${artifact_url} /tmp ADD node_modules /usr/share/mongodb-csfle-library-version/node_modules RUN apt-get update RUN apt-get install -y /tmp/*mongosh*.deb -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/ubuntu20.04-deb.Dockerfile b/scripts/docker/ubuntu20.04-deb.Dockerfile index 2374d05fa8..c5f5a2c2d7 100644 --- a/scripts/docker/ubuntu20.04-deb.Dockerfile +++ b/scripts/docker/ubuntu20.04-deb.Dockerfile @@ -7,7 +7,7 @@ RUN apt-get update RUN yes | unminimize RUN apt-get install -y man-db RUN apt-get install -y /tmp/*mongosh*.deb -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/ubuntu20.04-tgz.Dockerfile b/scripts/docker/ubuntu20.04-tgz.Dockerfile index 9699588dfa..94b660e715 100644 --- a/scripts/docker/ubuntu20.04-tgz.Dockerfile +++ b/scripts/docker/ubuntu20.04-tgz.Dockerfile @@ -7,6 +7,6 @@ RUN apt-get update RUN apt-get install -y libgssapi-krb5-2 RUN tar -C /tmp --strip-components=1 -xvzf /tmp/*mongosh*.tgz RUN ln -s /tmp/bin/mongosh /usr/bin/mongosh -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /tmp/bin/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/ubuntu22.04-deb.Dockerfile b/scripts/docker/ubuntu22.04-deb.Dockerfile index 16763f7739..27b06659aa 100644 --- a/scripts/docker/ubuntu22.04-deb.Dockerfile +++ b/scripts/docker/ubuntu22.04-deb.Dockerfile @@ -7,7 +7,8 @@ RUN apt-get update RUN yes | unminimize RUN apt-get install -y man-db RUN apt-get install -y /tmp/*mongosh*.deb -RUN /usr/bin/mongosh --version +RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates +ENV MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT=1 ENTRYPOINT [ "mongosh" ] diff --git a/testing/certificates/README.md b/testing/certificates/README.md index abc1733543..59b853b88b 100644 --- a/testing/certificates/README.md +++ b/testing/certificates/README.md @@ -133,9 +133,14 @@ To recreate the certificates follow the steps outlined below. openssl ca -create_serial -config ca.cnf -in client.csr -out client.pem -days 99999 ``` This will also generate a `.pem` file which can be removed. -4. Create a bundle with client key and certificate to use for connecting: +4. Create an encrypted client key file from the existing unencrypted one: + ``` + openssl pkcs8 -topk8 -in client.key -v2 aes-256-cbc -out client.encrypted.key -passout pass:p4ssw0rd + ``` +5. Create bundles with client key and certificate to use for connecting: ``` cat client.pem client.key > client.bundle.pem + cat client.pem client.encrypted.key > client.bundle.encrypted.pem ``` ## Create Client Certificate not from CA diff --git a/testing/certificates/client.bundle.encrypted.pem b/testing/certificates/client.bundle.encrypted.pem index b872699018..3d93dcd2b5 100644 --- a/testing/certificates/client.bundle.encrypted.pem +++ b/testing/certificates/client.bundle.encrypted.pem @@ -109,57 +109,57 @@ g/wLGC2uQr6Zo/A4b8NUFEF0Lt7fqZTFeCjDm1UPgkeGKIndM7T+mKaCyho+ZnP3 hG4ZYuEw1nh+fBHvlhGDCjgRxH5dmcYaf6BuyAQWJDuPh+v+IoJcwcWyVz3k7JnE 6c7nUAcBfiiA/pZAUaASdydzLA== -----END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,D9A18B7D6891D4BF9165337EC1FA2815 - -FhuaCyanFErFchjJkVqbu1RWKy3LQSnkfdBiqazsZkVO0QhszU7ZEfMY5vAmkLSd -rJMDfp3F16HkYw/JFFCrmkpR2zJZZufv3N5DR8GkNmMyFGhy6KuWxADcTdLiKCky -QDZw8LQbIW+sfskr2Gh7nAVKcsSY7a19K7gbpt658YBKP77VWW1NXxK5Rg082Mmu -AOZy/QxcvgAw/H+jXr1ZdBAo3RIjt6jFTilubcsN69HxkU7MuDd4Jm0cOxe1YH55 -Tv0vDyPwU+3UUgLRXVf7u9iXUTg9GRL5tclHJVwtPalh2KSKZdded3fC576i5yJr -tb2oGoU+Hpoz9pAt6y4K3ag48ddN9fKJQMPiUrsRLxkFoR0d1CcRJUED8uyJRF7e -1ymW2l/n8aEZX8QMjPThqGyiXqZusXBj5gtuFKJw086znzpKlKQDKL1OadtK4PEz -+iX4dxtsOPxBcp8mqyLN1H8xZmsKtxOWRkmehvn4Fu7N27+HJ3Gs/ibBXX1FY2rx -qjFuJ7CuCAzrhuLjDCXoD6D6oReJIx+lM95uKXH/mRABvO+mp3nj41ola/piVjRg -MK7BLwqUYkeZQBJM44QmxUfXDkOlCy1HzHt84hQnqO2QSYzo7LUTbXP8H1+g3U0a -66V5z6o+vk9qQf7sJmy9989NdgdU8Z/JV/1l/5QhSfrO3bif3nf+rZVccsSRN0PL -HmdVhF4VMZIzXhPVnRW6fKmnic1Yon96RzeTDGydpqzilUz0Zk05G1TdGUAr3s2r -7WhGDilnwocowT0XQqw3wizPgS9hYZt8mnb7KMjOHbYbrBGcUaMlU1jz+430s40u -+bspo0/48ANdbyYa+euUtHlUIdAwN7ImNqL7XS3CHKiSxcW4v1LWAHLxUaiCu5qc -IqAKgkJDk3LA2RzWw1FyKhXLkwEDLnlNqorT5S8iV3I//7rCfOxOrG4dJIqnZ4PJ -BxNRnDgm2Q6iCe918LZZd544j+TVpK1FUAto0RFSbCRz7k0M6gfY7V4S6ZZ5vbPn -bvG76aSWRlHoRFkH6/ZTEBH3cdJ6smBV8Gj7Pek6ShZx7idskbvIWL3Ia45U3EW4 -QOlKm4Ej7MtyTpZCADN5r989ZiE+OmASuA9pWqFk3vLzABNP3LSMiStstAgtel2h -FGIuh4K1aLrNsD25nCNQcardZxJO3b3gVfs9b/8/vD60aZN99YZ5xc9CQ7KSaqvo -/Wh0PKDkvYYxg1wmvCXSBj5ol3XQ9P3e0Qq1ZWpNMeyudk4c/K1USR2J/W12BwW6 -gvIJReRA0+TyZX1ScIcfLh4QtxkMRPjczQg81zND+yK6z9UGo7FkPcvnGDop1psy -z/1ow6aDgd8WJAtLVbEouyo2CrC4TLPNgOpBkvwP3Ffi0lKldRR3lINe0nfWhpKF -rQd15Im9y83dBsO8Ze7II7Tg57J2+JbI99MNx0e4p++C7Cst4+03WQclrmbmvbcJ -u620OCPPEWnf24gw/pvMmTD1sJhgOtOHb99nuf9oD0f8MxwPpgkfbvn6n2hfkxfV -+Ecpm8y0rNr0kJq7pD5qag/k8Wb+Gcn8bFpauYCjC6+8Rk+KazEoI0T+RwHTaB8H -KopLKni5grEijiCwEME57fpeAdghy+1nk4Fq6ENKMdlUCn7wKRsLERorI1w0kgPt -XeQg6rimr7dAZT9PXUlFTkh/kse8DgpJMvMnoKl/GpAdgQ6o9Xis3+Il/VG5y1Dk -cViLbRRLr+dC6VawHH5ZlWHD9TvbyCyFmDz4vkscmIrv5ucJUZh2VNe5SALyAkNV -eWhjjUxV9cfRTtCIg2/1uZo1hmWJ8pUL3EGDQmIHRFeJyr2sftAD4K9P/QT5pxh8 -dzVLFMEHdeNI24RpBjzmOqZ93ogt+NuFNQZ9S3P2XxtX+nmaGyOBXJAd62xFklMl -Hivj59eDIYwPilhggzq7bWH2TtwP7M3fv/l8d/+OOeGrPq8ySGkgOOmalT2/1AJQ -RT4ktt8T54GKk+2rnTByTxtXAnC0WMC8lj0k3e9o4rbhcQ8cNzOslfBnE1xmtplE -VoLxSRvpbqxQ0Hf2m/jwOpfX1RHcl1E28uIu5+dzPC368yE0ULgf2oMh4o6ahAFH -LQ0fSd7V3naYjlW8IodOxEoriD/QVP656Zg/E70Xf3/jge2ZIsRnzA8HFELOrTRs -bNEVusWXZIU47vaYV/YTMU8PU7TNzI1nsJjHvKnO4dX4+FsedvquAk6iALZwmSY0 -uWV+tvJBbczAdmIpgjnQsX6fx9wz9HOSbPVZ2fUWEMTVIXOc4D64Z/Ik6INEw69J -Eey9Op2lImYLBR7ly1AQxFAE+Y6ZRgRDkFkP1FEtEXLglzux8PRJhrncjG8ud6nU -ksehWFuAlMq+iKWQ7fHYNiLMN8ePrYVvr/xBerpgIPApys5lbaxbtSgggrG88LWE -ma1lBdOUXpLiMyO2fO/AoZ71IPiY6gOzuBAifjkMtVBNS75XkttOTVkE6M0f2LBG -o3/EXnfcx6+qrQf6a617w1eaHYD+BqfzgfOl0Yg3yEVnocEc1aJpWAn3hgA0nRWA -rjLBsS4v3BILyC4Y/2yMz/UyjpKrifn2pCP//ac6J7kex5fAdrWGKXXTh6qF04G/ -DY75WD6lhyVIAY/+HnJtGTFQWrM9OKS6YFot7fF8quYFIhkDVXU/I9+WvYDW71a9 -yt6jFbMk6+glEVtF5ZIO564BOWE7Fj1QHr4JmV1MMu8x65Zm1UXNhX/y9Os0LG+c -Q3UB8PH2g5J1S6USXleqJLY7j7bE7nBIdbZCDJ7YPm6VERWNfuhtShiEo2PgF+aX -XCW4s+sV4SAMphGTnsEXj8rhgLhctciYiPrNHQau017MvBsWlFuuy4B49tySH4Qn -oKWz9A0GBrKQv3pcu07XGdD4K/J3S3pC5oxyhB6SfL0268SRkott4I/LX/JLglP9 -wayrdwbNLU3ftTfqorMlh+ZbOiuohjsrjNp/4UASNZ1OhipyzFK8W7mKLO8IHnjG -mXbDI9qdK46VBkhHCJPgZsMdu9qG4bwrJlrsc4n6szgxLQ32LGFfUucW10iKSXYQ -SWdUl1kDWrtKVGvAYClTh2ljXvmBEBUHKHK4xmXX4PMwvtbnCcvMyXgM5iCOrq9Y ------END RSA PRIVATE KEY----- +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIQF5BwO6hclICAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCM+pLYwNO0CYI4/KeQKQaKBIIJ +UEwFojkFfPWzLkYZ5wro11G68T24hLj7Is1pCIi5A9e6nKnPe+y6nC1TeMeUzFuw +s09qaC3+b9+cgRa0iktNlEp9qmB0fufuhGLQHYI0oa8N5jJsHqdG6+XsIHnf3bUD +kNixcjdLtiiCgjmuDiA+h2+M6CIa7n7Th8Qwxvcvo/KAI1knf7rfegr7uzBM+y50 ++2NuUurb7yqbwepTakE10rxm4O1uoOP/5cmdoehF/A/lY/sj2aoabwZQlt/9CUUO +FIdfZnfU1+9P4D+4lTntaowYUi6xH2LtoUm29OEfgS1PBnqYgdC0piv24ZKSipAq +Jr2yoexO99kSz6JlcMhpySPACNjCWJ1thlaRXx9Fg3dL+dIbddQnHjigdCICF8CU +j2q7bAMVHjU0KmUDGXvHITXT9RFj55w5Va0jvIvQYZQMS4MKYC3gTqDdaHetvhII +3ClSRVj7xnj71DYjPvLJA0WuXrrHjH5rDubG0diohv+SgQVc3fv82wmmsqGASI+4 +mOv/Ha8/jTSKhexwx8XMtdZCNi5YRqwYS1nuqL8bzmyGlLqFYm6s20Pd58CywUPY +6vVxT7N0WINpHCfv7ozd7fhHKfDueWAGNjgZIjsL18rX34lqgNpYeVRvoHoJuBXX +335qEfCO2/CmLYiQ0yYURqKJk01ZeaketfrlAVFAZF0rcCI7YWcDUGzIJ3r/SU8M +Oc+3r2NIwZ7K1PI2u12tFvi0vSexBQQ4yjMBq+aEwxc5Jm5YmXjI/dBxRhFHL+C9 +5gxf7n6WQdMZAC+h4EN9NTCzJk803Ye/OWIXaIiXvNpFQHOgJnyZl1r22GYAghms +97V5m0yESW0C3bDwALnNWt4xG/1rVfT72x4dMNWg2bxzxLs97MyV2GAz2cJUsezi +rJ+JX6Z0h1CPh/OCZ3sIBfSXv6yKbN3szrgoNgDt9xMJeapnDMtODrylIrA+BNiF +Bm/jACY9CEw9KRN3g3gF/27zFYHwGdr7ZC6byaGKe8AQdN+qj26jz7/pAapTHY7J +tACOXyYiB3l8aVpLsxBOUYfQfOYu289/vlwMwWM3AmNVhjoWUW4mHWz75I43jQbm +lMx/RxXcGOiZ8hPXEz/gd0vqN6JdbDJnzisPv/p1lucMlTjUul4qP6eEG6xaU5gi +NEnkgBmCU8GA7ToM6A6aVDu8+I1bOP17qqJ1p8OUTTdTaUBbz4aQDSMeYTELBvhp +ypFCYQSgCJFzGeaKJODqdloJWueGEZsRApziUwgFMnbxRunmcftwpOKVaM31uBsj ++0fPDDUWBx+Sf2Hzx72r9CKVsl5aYfNcr+9cB2xjzFcrB1TdJzdicW5k9rRY91lC +76WyUwdPNGabaBcDxsuMdNQHulEokTCYfv9Njd7ss0D07TjC1I8oNLZRnY8V0VgN +TbG1MfxxYZ2NV9eAdxYyOLGuheWpyPBIfh+OOCasriJjDCDwjIQ3+kTqk3XNdoKj +hBkWEJ13NmqCoEI17aLzr/4TvowAX00AmH+01Td/x1sstEutBrOaTPXNS6jT5Rkn +06XAr02m4NJ4JenzRj0c8XZ9V12ecnE8A4E3hwrWGyWuo5UqQakvhc1a2dQtsKIH +HnW1lRZ/Qh84AKAtBQgDEgAAkPLWeWUzAW3PLdKK2QGGJRgxyV5r2yxQ3iuVW/Ep +E59VCfFNoB/KQLLe1T6laLPpztUU8WxdjRC6uePAHUsEJZAyZCliWPI+x66LNEse +xbEPcxlgJiMDGBRoKk/TMhgFbLKyK66mLOEzBYrIBz5w+XjZPad2NoPp8R3YILUn +ehxPYFmIRNo4pduK9K0DWeiVMqcOdWWUmHShFJNA5zIh+yl4bThbF45HXGohyRD8 +aUOE3JxGhFZNw+9zHvHroDB4mkUdFOcHHvLniAxr28TX7tYJ5ZWSapvGoL6BdF5x +KTZdiyrbKztqTnkNNWYYahY3RwG5/rCOKBtr8fAnZdaNO+lpRSOpLVFdoYUeiUd9 +QUdi5h2hEUaq9XLS4byXFBaZxZXx5D1AXbE3NCzZ1yMNDJVFgCWxBm4gxRFUUbuM +ZupETjfvkZ3H+I/Ax836nixnfrVRD8lcXnaHMxdGxoBYrpnqIL2CDY7PvDrNous5 +/Npxp4G1rE2ewLc7x4pkMVgKPpWrIir0d3ZlgqXg1WdH+XbPKYyslbEetg+BbrTF +xSXLWV6LdOA0uqsebEaR8lX95q+QpEcaywDzeRHCPNa2dxRBVm/yci/s9cn23nls +t1sgywCsAkoedgiKDYlRtqG4avgVLYp/KHzSYmGtwq1Ti8a2P2/8T76Po6JAP/TW +nMhhwPUoO5eb9wpJyGSOMNGd6fysCps9SCYBh9zcBYN49MY/zYR75n1WpgqUZWP9 +BMyOQ+q4UjwOdcru/0XylHsEcIr2G+YFDCC05+yh/soW+IMIjgHQ65NvWRPhJIeI +/xub4/zFZ9z1/gd3iOO5kvoJbowcaPnj6cRf/Uu8++TWgRibypQVqdcTOdgj6OCK +wnCf2g9E+EvPca59Yo9TGjpKeAU+NqFk1Bl2Zk+k6384CSWYkbX/ECR+qC5Yb0sJ +iyExFf7AzXzbsnj2zArD1z7hBCUwXdC2mutW7whsENeDtpjRwGzCygxI0A1U/jAq +LS3vOU4WhT3Jtq2+zF5aZLJlgeFgSJn7swZHMsinJVn5sW0vMni8TKzMgUtLtbkJ +HC3QZElWNxsbmdxsMss2G28iGPFUJh1LG3LpPBLCAV7HREGxC2UP6t+f+V6AShtO +/h7/G5X1v10S9FgadcS3y1mZWIsCysudqVhWExYfihHQ6XTN+uFxGLdsb4H332JZ +XXIGbVGYUGXw3zIjoiWu2S42bts6imYRq9E8HiBlzTbKQJQdi0buewGH/gTEWFKY +xTFdmVIPSm9pf1dukQ2XzdPTTcmnQomMBUn3mmCd5dQ9soPMHAeLTN0HrEzSZUdm +HBwm44BFdhB5aV/hLUoCuDIylRMufIzC9zcNJmY21/G/YMfBIiAv7B1dboWskoBI +FCabObqQPUcQRpqkMp0UrjIZOzetfRoQxWET4kJG7rPLey9fCPWSMQGA7CwBZ9kE +BQVWqVb5ILOKLwdE//C5C6Vn1wVeyEbr9jm5L3s/wmvp6Z0uv67Rt0yfSV7tIHsu +PxW7H9Uv/O/NzuvzB7iDAcXP6PqBAjBgYj1QHrYOZ16R +-----END ENCRYPTED PRIVATE KEY----- diff --git a/testing/certificates/client.encrypted.key b/testing/certificates/client.encrypted.key index 5a8fceb2f5..5d1e2d42d0 100644 --- a/testing/certificates/client.encrypted.key +++ b/testing/certificates/client.encrypted.key @@ -1,54 +1,54 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,D9A18B7D6891D4BF9165337EC1FA2815 - -FhuaCyanFErFchjJkVqbu1RWKy3LQSnkfdBiqazsZkVO0QhszU7ZEfMY5vAmkLSd -rJMDfp3F16HkYw/JFFCrmkpR2zJZZufv3N5DR8GkNmMyFGhy6KuWxADcTdLiKCky -QDZw8LQbIW+sfskr2Gh7nAVKcsSY7a19K7gbpt658YBKP77VWW1NXxK5Rg082Mmu -AOZy/QxcvgAw/H+jXr1ZdBAo3RIjt6jFTilubcsN69HxkU7MuDd4Jm0cOxe1YH55 -Tv0vDyPwU+3UUgLRXVf7u9iXUTg9GRL5tclHJVwtPalh2KSKZdded3fC576i5yJr -tb2oGoU+Hpoz9pAt6y4K3ag48ddN9fKJQMPiUrsRLxkFoR0d1CcRJUED8uyJRF7e -1ymW2l/n8aEZX8QMjPThqGyiXqZusXBj5gtuFKJw086znzpKlKQDKL1OadtK4PEz -+iX4dxtsOPxBcp8mqyLN1H8xZmsKtxOWRkmehvn4Fu7N27+HJ3Gs/ibBXX1FY2rx -qjFuJ7CuCAzrhuLjDCXoD6D6oReJIx+lM95uKXH/mRABvO+mp3nj41ola/piVjRg -MK7BLwqUYkeZQBJM44QmxUfXDkOlCy1HzHt84hQnqO2QSYzo7LUTbXP8H1+g3U0a -66V5z6o+vk9qQf7sJmy9989NdgdU8Z/JV/1l/5QhSfrO3bif3nf+rZVccsSRN0PL -HmdVhF4VMZIzXhPVnRW6fKmnic1Yon96RzeTDGydpqzilUz0Zk05G1TdGUAr3s2r -7WhGDilnwocowT0XQqw3wizPgS9hYZt8mnb7KMjOHbYbrBGcUaMlU1jz+430s40u -+bspo0/48ANdbyYa+euUtHlUIdAwN7ImNqL7XS3CHKiSxcW4v1LWAHLxUaiCu5qc -IqAKgkJDk3LA2RzWw1FyKhXLkwEDLnlNqorT5S8iV3I//7rCfOxOrG4dJIqnZ4PJ -BxNRnDgm2Q6iCe918LZZd544j+TVpK1FUAto0RFSbCRz7k0M6gfY7V4S6ZZ5vbPn -bvG76aSWRlHoRFkH6/ZTEBH3cdJ6smBV8Gj7Pek6ShZx7idskbvIWL3Ia45U3EW4 -QOlKm4Ej7MtyTpZCADN5r989ZiE+OmASuA9pWqFk3vLzABNP3LSMiStstAgtel2h -FGIuh4K1aLrNsD25nCNQcardZxJO3b3gVfs9b/8/vD60aZN99YZ5xc9CQ7KSaqvo -/Wh0PKDkvYYxg1wmvCXSBj5ol3XQ9P3e0Qq1ZWpNMeyudk4c/K1USR2J/W12BwW6 -gvIJReRA0+TyZX1ScIcfLh4QtxkMRPjczQg81zND+yK6z9UGo7FkPcvnGDop1psy -z/1ow6aDgd8WJAtLVbEouyo2CrC4TLPNgOpBkvwP3Ffi0lKldRR3lINe0nfWhpKF -rQd15Im9y83dBsO8Ze7II7Tg57J2+JbI99MNx0e4p++C7Cst4+03WQclrmbmvbcJ -u620OCPPEWnf24gw/pvMmTD1sJhgOtOHb99nuf9oD0f8MxwPpgkfbvn6n2hfkxfV -+Ecpm8y0rNr0kJq7pD5qag/k8Wb+Gcn8bFpauYCjC6+8Rk+KazEoI0T+RwHTaB8H -KopLKni5grEijiCwEME57fpeAdghy+1nk4Fq6ENKMdlUCn7wKRsLERorI1w0kgPt -XeQg6rimr7dAZT9PXUlFTkh/kse8DgpJMvMnoKl/GpAdgQ6o9Xis3+Il/VG5y1Dk -cViLbRRLr+dC6VawHH5ZlWHD9TvbyCyFmDz4vkscmIrv5ucJUZh2VNe5SALyAkNV -eWhjjUxV9cfRTtCIg2/1uZo1hmWJ8pUL3EGDQmIHRFeJyr2sftAD4K9P/QT5pxh8 -dzVLFMEHdeNI24RpBjzmOqZ93ogt+NuFNQZ9S3P2XxtX+nmaGyOBXJAd62xFklMl -Hivj59eDIYwPilhggzq7bWH2TtwP7M3fv/l8d/+OOeGrPq8ySGkgOOmalT2/1AJQ -RT4ktt8T54GKk+2rnTByTxtXAnC0WMC8lj0k3e9o4rbhcQ8cNzOslfBnE1xmtplE -VoLxSRvpbqxQ0Hf2m/jwOpfX1RHcl1E28uIu5+dzPC368yE0ULgf2oMh4o6ahAFH -LQ0fSd7V3naYjlW8IodOxEoriD/QVP656Zg/E70Xf3/jge2ZIsRnzA8HFELOrTRs -bNEVusWXZIU47vaYV/YTMU8PU7TNzI1nsJjHvKnO4dX4+FsedvquAk6iALZwmSY0 -uWV+tvJBbczAdmIpgjnQsX6fx9wz9HOSbPVZ2fUWEMTVIXOc4D64Z/Ik6INEw69J -Eey9Op2lImYLBR7ly1AQxFAE+Y6ZRgRDkFkP1FEtEXLglzux8PRJhrncjG8ud6nU -ksehWFuAlMq+iKWQ7fHYNiLMN8ePrYVvr/xBerpgIPApys5lbaxbtSgggrG88LWE -ma1lBdOUXpLiMyO2fO/AoZ71IPiY6gOzuBAifjkMtVBNS75XkttOTVkE6M0f2LBG -o3/EXnfcx6+qrQf6a617w1eaHYD+BqfzgfOl0Yg3yEVnocEc1aJpWAn3hgA0nRWA -rjLBsS4v3BILyC4Y/2yMz/UyjpKrifn2pCP//ac6J7kex5fAdrWGKXXTh6qF04G/ -DY75WD6lhyVIAY/+HnJtGTFQWrM9OKS6YFot7fF8quYFIhkDVXU/I9+WvYDW71a9 -yt6jFbMk6+glEVtF5ZIO564BOWE7Fj1QHr4JmV1MMu8x65Zm1UXNhX/y9Os0LG+c -Q3UB8PH2g5J1S6USXleqJLY7j7bE7nBIdbZCDJ7YPm6VERWNfuhtShiEo2PgF+aX -XCW4s+sV4SAMphGTnsEXj8rhgLhctciYiPrNHQau017MvBsWlFuuy4B49tySH4Qn -oKWz9A0GBrKQv3pcu07XGdD4K/J3S3pC5oxyhB6SfL0268SRkott4I/LX/JLglP9 -wayrdwbNLU3ftTfqorMlh+ZbOiuohjsrjNp/4UASNZ1OhipyzFK8W7mKLO8IHnjG -mXbDI9qdK46VBkhHCJPgZsMdu9qG4bwrJlrsc4n6szgxLQ32LGFfUucW10iKSXYQ -SWdUl1kDWrtKVGvAYClTh2ljXvmBEBUHKHK4xmXX4PMwvtbnCcvMyXgM5iCOrq9Y ------END RSA PRIVATE KEY----- +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIQF5BwO6hclICAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCM+pLYwNO0CYI4/KeQKQaKBIIJ +UEwFojkFfPWzLkYZ5wro11G68T24hLj7Is1pCIi5A9e6nKnPe+y6nC1TeMeUzFuw +s09qaC3+b9+cgRa0iktNlEp9qmB0fufuhGLQHYI0oa8N5jJsHqdG6+XsIHnf3bUD +kNixcjdLtiiCgjmuDiA+h2+M6CIa7n7Th8Qwxvcvo/KAI1knf7rfegr7uzBM+y50 ++2NuUurb7yqbwepTakE10rxm4O1uoOP/5cmdoehF/A/lY/sj2aoabwZQlt/9CUUO +FIdfZnfU1+9P4D+4lTntaowYUi6xH2LtoUm29OEfgS1PBnqYgdC0piv24ZKSipAq +Jr2yoexO99kSz6JlcMhpySPACNjCWJ1thlaRXx9Fg3dL+dIbddQnHjigdCICF8CU +j2q7bAMVHjU0KmUDGXvHITXT9RFj55w5Va0jvIvQYZQMS4MKYC3gTqDdaHetvhII +3ClSRVj7xnj71DYjPvLJA0WuXrrHjH5rDubG0diohv+SgQVc3fv82wmmsqGASI+4 +mOv/Ha8/jTSKhexwx8XMtdZCNi5YRqwYS1nuqL8bzmyGlLqFYm6s20Pd58CywUPY +6vVxT7N0WINpHCfv7ozd7fhHKfDueWAGNjgZIjsL18rX34lqgNpYeVRvoHoJuBXX +335qEfCO2/CmLYiQ0yYURqKJk01ZeaketfrlAVFAZF0rcCI7YWcDUGzIJ3r/SU8M +Oc+3r2NIwZ7K1PI2u12tFvi0vSexBQQ4yjMBq+aEwxc5Jm5YmXjI/dBxRhFHL+C9 +5gxf7n6WQdMZAC+h4EN9NTCzJk803Ye/OWIXaIiXvNpFQHOgJnyZl1r22GYAghms +97V5m0yESW0C3bDwALnNWt4xG/1rVfT72x4dMNWg2bxzxLs97MyV2GAz2cJUsezi +rJ+JX6Z0h1CPh/OCZ3sIBfSXv6yKbN3szrgoNgDt9xMJeapnDMtODrylIrA+BNiF +Bm/jACY9CEw9KRN3g3gF/27zFYHwGdr7ZC6byaGKe8AQdN+qj26jz7/pAapTHY7J +tACOXyYiB3l8aVpLsxBOUYfQfOYu289/vlwMwWM3AmNVhjoWUW4mHWz75I43jQbm +lMx/RxXcGOiZ8hPXEz/gd0vqN6JdbDJnzisPv/p1lucMlTjUul4qP6eEG6xaU5gi +NEnkgBmCU8GA7ToM6A6aVDu8+I1bOP17qqJ1p8OUTTdTaUBbz4aQDSMeYTELBvhp +ypFCYQSgCJFzGeaKJODqdloJWueGEZsRApziUwgFMnbxRunmcftwpOKVaM31uBsj ++0fPDDUWBx+Sf2Hzx72r9CKVsl5aYfNcr+9cB2xjzFcrB1TdJzdicW5k9rRY91lC +76WyUwdPNGabaBcDxsuMdNQHulEokTCYfv9Njd7ss0D07TjC1I8oNLZRnY8V0VgN +TbG1MfxxYZ2NV9eAdxYyOLGuheWpyPBIfh+OOCasriJjDCDwjIQ3+kTqk3XNdoKj +hBkWEJ13NmqCoEI17aLzr/4TvowAX00AmH+01Td/x1sstEutBrOaTPXNS6jT5Rkn +06XAr02m4NJ4JenzRj0c8XZ9V12ecnE8A4E3hwrWGyWuo5UqQakvhc1a2dQtsKIH +HnW1lRZ/Qh84AKAtBQgDEgAAkPLWeWUzAW3PLdKK2QGGJRgxyV5r2yxQ3iuVW/Ep +E59VCfFNoB/KQLLe1T6laLPpztUU8WxdjRC6uePAHUsEJZAyZCliWPI+x66LNEse +xbEPcxlgJiMDGBRoKk/TMhgFbLKyK66mLOEzBYrIBz5w+XjZPad2NoPp8R3YILUn +ehxPYFmIRNo4pduK9K0DWeiVMqcOdWWUmHShFJNA5zIh+yl4bThbF45HXGohyRD8 +aUOE3JxGhFZNw+9zHvHroDB4mkUdFOcHHvLniAxr28TX7tYJ5ZWSapvGoL6BdF5x +KTZdiyrbKztqTnkNNWYYahY3RwG5/rCOKBtr8fAnZdaNO+lpRSOpLVFdoYUeiUd9 +QUdi5h2hEUaq9XLS4byXFBaZxZXx5D1AXbE3NCzZ1yMNDJVFgCWxBm4gxRFUUbuM +ZupETjfvkZ3H+I/Ax836nixnfrVRD8lcXnaHMxdGxoBYrpnqIL2CDY7PvDrNous5 +/Npxp4G1rE2ewLc7x4pkMVgKPpWrIir0d3ZlgqXg1WdH+XbPKYyslbEetg+BbrTF +xSXLWV6LdOA0uqsebEaR8lX95q+QpEcaywDzeRHCPNa2dxRBVm/yci/s9cn23nls +t1sgywCsAkoedgiKDYlRtqG4avgVLYp/KHzSYmGtwq1Ti8a2P2/8T76Po6JAP/TW +nMhhwPUoO5eb9wpJyGSOMNGd6fysCps9SCYBh9zcBYN49MY/zYR75n1WpgqUZWP9 +BMyOQ+q4UjwOdcru/0XylHsEcIr2G+YFDCC05+yh/soW+IMIjgHQ65NvWRPhJIeI +/xub4/zFZ9z1/gd3iOO5kvoJbowcaPnj6cRf/Uu8++TWgRibypQVqdcTOdgj6OCK +wnCf2g9E+EvPca59Yo9TGjpKeAU+NqFk1Bl2Zk+k6384CSWYkbX/ECR+qC5Yb0sJ +iyExFf7AzXzbsnj2zArD1z7hBCUwXdC2mutW7whsENeDtpjRwGzCygxI0A1U/jAq +LS3vOU4WhT3Jtq2+zF5aZLJlgeFgSJn7swZHMsinJVn5sW0vMni8TKzMgUtLtbkJ +HC3QZElWNxsbmdxsMss2G28iGPFUJh1LG3LpPBLCAV7HREGxC2UP6t+f+V6AShtO +/h7/G5X1v10S9FgadcS3y1mZWIsCysudqVhWExYfihHQ6XTN+uFxGLdsb4H332JZ +XXIGbVGYUGXw3zIjoiWu2S42bts6imYRq9E8HiBlzTbKQJQdi0buewGH/gTEWFKY +xTFdmVIPSm9pf1dukQ2XzdPTTcmnQomMBUn3mmCd5dQ9soPMHAeLTN0HrEzSZUdm +HBwm44BFdhB5aV/hLUoCuDIylRMufIzC9zcNJmY21/G/YMfBIiAv7B1dboWskoBI +FCabObqQPUcQRpqkMp0UrjIZOzetfRoQxWET4kJG7rPLey9fCPWSMQGA7CwBZ9kE +BQVWqVb5ILOKLwdE//C5C6Vn1wVeyEbr9jm5L3s/wmvp6Z0uv67Rt0yfSV7tIHsu +PxW7H9Uv/O/NzuvzB7iDAcXP6PqBAjBgYj1QHrYOZ16R +-----END ENCRYPTED PRIVATE KEY----- diff --git a/testing/certificates/client.pem b/testing/certificates/client.pem new file mode 100644 index 0000000000..654a6e49d5 --- /dev/null +++ b/testing/certificates/client.pem @@ -0,0 +1,111 @@ +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + f3:49:92:0f:8b:55:bb:14 + Signature Algorithm: sha256WithRSAEncryption + Issuer: O=MongoDB, OU=DevTools, CN=DevTools CA + Validity + Not Before: Dec 22 15:24:05 2020 GMT + Not After : Oct 6 15:24:05 2294 GMT + Subject: O=MongoDB, OU=DevTools Testers, CN=Wonderwoman/emailAddress=tester@example.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (4096 bit) + Modulus: + 00:df:5c:43:6a:8d:4f:5c:3c:99:72:15:8b:5e:f8: + e1:8a:e8:8d:89:ea:6a:c5:4f:0c:78:75:24:0e:e9: + 73:b4:17:9e:08:54:90:96:cd:f6:fb:d5:1f:23:e6: + b8:08:ed:e0:58:0d:16:f9:8f:2d:dd:1b:c1:d7:30: + dc:98:72:85:13:d3:27:83:fb:5f:ca:28:60:0b:c2: + 28:3c:c3:44:46:82:92:b3:cb:64:f7:d7:9f:72:3e: + 42:6c:9d:cd:94:1a:15:ec:32:29:3c:dc:eb:0a:69: + 2d:ca:35:3e:19:a8:fd:09:5a:5b:e3:f4:cb:05:4b: + e4:03:a1:15:51:92:fb:c8:59:9b:d2:b4:09:84:39: + 8b:40:28:04:ef:57:2c:42:32:8e:ef:69:fe:d1:8c: + bc:8d:a7:ed:41:41:f1:6d:b9:e2:ae:3e:a2:28:61: + 80:bc:dc:bc:90:8b:a0:d7:e7:f4:ab:b0:ea:6d:e7: + e4:7b:39:46:af:10:41:2b:4f:6d:c3:11:cf:1e:c8: + 89:2c:d1:ba:40:c2:1e:d9:9c:73:c0:8a:fb:52:19: + 80:7c:a5:22:d5:47:e6:8c:e0:ac:32:3e:2b:b8:6a: + fa:53:3a:40:6a:9e:4a:ef:e3:7e:84:af:d0:35:46: + 94:c2:d4:95:cc:a5:e9:f0:62:cc:85:dc:0b:34:61: + 01:27:4d:55:f9:80:c7:27:a8:b5:51:9a:5e:9c:1e: + 26:fe:85:2a:d6:62:cc:e0:9e:7a:92:3d:63:23:6c: + a7:02:d9:54:8c:90:53:ff:93:b1:49:53:43:d1:d8: + 1d:be:83:20:0c:02:e7:0a:e0:4b:e3:db:0e:ab:d0: + fa:9f:e3:61:c4:df:ef:7b:fd:ac:d1:a3:96:fb:d0: + 7d:50:20:e9:8a:14:11:24:f7:6a:d9:06:45:27:fe: + 71:e5:29:e9:ce:12:eb:bf:5e:ef:ef:10:60:22:ae: + ea:60:f6:ad:fe:01:5a:28:b1:71:16:e0:ef:ad:93: + 96:0e:ea:7c:c8:c6:1f:0c:b8:29:9e:06:61:b9:d1: + 9f:da:bd:43:3b:58:ed:93:d5:ce:84:c4:4a:8d:2c: + c6:17:71:2a:74:b8:c2:b7:c8:de:e2:64:62:6e:db: + 32:ca:1d:e4:8e:8e:2e:4c:6d:10:a0:ae:f4:44:0e: + ae:b4:9d:88:b6:75:94:5d:61:d8:88:0b:e3:8c:da: + 18:cb:19:91:03:10:40:8c:50:ab:23:73:5d:5d:91: + 53:69:90:a3:2e:8a:62:be:91:e6:28:d5:10:fb:4e: + fa:a1:42:c3:d8:36:e0:2d:04:bd:97:88:8e:a9:e2: + 58:ab:84:aa:09:03:9a:ab:11:8c:e4:8e:29:6a:62: + db:1b:43 + Exponent: 65537 (0x10001) + Signature Algorithm: sha256WithRSAEncryption + 73:31:65:08:37:da:a2:05:dd:b7:44:1c:1c:52:14:4f:d9:bf: + 52:c2:91:e4:9a:8a:3b:b4:b8:ea:ee:d6:63:be:76:5d:c3:65: + 1e:1c:fd:2a:89:54:ae:6f:b6:15:5d:3a:40:fa:23:e6:33:9c: + 92:7e:9d:2d:c3:07:56:23:35:0d:0d:c3:92:37:25:7c:fd:98: + 5d:68:20:c4:25:13:45:46:4c:cd:72:26:ba:fb:a1:b9:16:29: + 37:32:14:e7:a1:ff:55:e7:52:47:77:66:a2:6c:4e:ff:9b:ec: + a8:8a:5d:9e:9f:10:ec:27:48:b6:4a:1f:2a:c7:a7:c6:da:07: + 91:56:c0:f4:88:6b:5b:99:e6:0b:ad:d1:bc:5e:a3:94:81:70: + f3:77:61:e7:d7:10:84:03:97:f9:c6:62:cb:a0:56:4b:a5:01: + 5e:14:df:5e:92:d3:b3:87:5c:b9:79:e7:ca:0e:b3:36:80:c6: + 78:26:18:87:63:0b:4a:d1:7b:9b:30:43:4b:16:9d:58:b4:9b: + a2:f7:5d:0e:77:10:03:1d:4d:a9:1e:80:89:3d:3d:83:69:c3: + 40:a0:b1:09:17:98:f0:0b:d9:85:0e:6d:94:72:ee:bd:bd:8f: + dd:87:e5:94:bf:49:97:f0:e2:58:52:46:75:73:0e:a1:f8:a2: + 9c:82:e7:3a:15:f9:52:ae:09:63:d5:14:77:04:a6:b1:d0:90: + bc:2d:a5:19:cb:c1:61:8c:da:4a:80:7f:08:6b:69:8c:e3:48: + 22:6b:f0:e5:e7:1f:84:9f:93:24:47:24:3b:b9:81:cb:4c:a5: + 36:be:da:f0:11:d2:d8:09:c8:79:19:21:26:96:e4:9d:ba:23: + 3d:18:11:b6:79:47:38:67:c5:bf:ca:ec:b9:9a:81:d9:70:b9: + 75:4e:6d:8b:31:b9:a8:9a:e2:e0:89:dd:d9:c1:74:b9:c1:6d: + 38:f9:d3:f2:a3:15:7e:f6:bc:2f:80:4b:84:37:f9:ab:bf:ae: + 44:2a:53:b3:47:df:04:d7:85:05:a5:d7:18:30:c7:db:81:a9: + 45:83:fc:0b:18:2d:ae:42:be:99:a3:f0:38:6f:c3:54:14:41: + 74:2e:de:df:a9:94:c5:78:28:c3:9b:55:0f:82:47:86:28:89: + dd:33:b4:fe:98:a6:82:ca:1a:3e:66:73:f7:84:6e:19:62:e1: + 30:d6:78:7e:7c:11:ef:96:11:83:0a:38:11:c4:7e:5d:99:c6: + 1a:7f:a0:6e:c8:04:16:24:3b:8f:87:eb:fe:22:82:5c:c1:c5: + b2:57:3d:e4:ec:99:c4:e9:ce:e7:50:07:01:7e:28:80:fe:96: + 40:51:a0:12:77:27:73:2c +-----BEGIN CERTIFICATE----- +MIIFHzCCAwcCCQDzSZIPi1W7FDANBgkqhkiG9w0BAQsFADA7MRAwDgYDVQQKDAdN +b25nb0RCMREwDwYDVQQLDAhEZXZUb29sczEUMBIGA1UEAwwLRGV2VG9vbHMgQ0Ew +IBcNMjAxMjIyMTUyNDA1WhgPMjI5NDEwMDYxNTI0MDVaMGYxEDAOBgNVBAoMB01v +bmdvREIxGTAXBgNVBAsMEERldlRvb2xzIFRlc3RlcnMxFDASBgNVBAMMC1dvbmRl +cndvbWFuMSEwHwYJKoZIhvcNAQkBFhJ0ZXN0ZXJAZXhhbXBsZS5jb20wggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfXENqjU9cPJlyFYte+OGK6I2J6mrF +Twx4dSQO6XO0F54IVJCWzfb71R8j5rgI7eBYDRb5jy3dG8HXMNyYcoUT0yeD+1/K +KGALwig8w0RGgpKzy2T3159yPkJsnc2UGhXsMik83OsKaS3KNT4ZqP0JWlvj9MsF +S+QDoRVRkvvIWZvStAmEOYtAKATvVyxCMo7vaf7RjLyNp+1BQfFtueKuPqIoYYC8 +3LyQi6DX5/SrsOpt5+R7OUavEEErT23DEc8eyIks0bpAwh7ZnHPAivtSGYB8pSLV +R+aM4KwyPiu4avpTOkBqnkrv436Er9A1RpTC1JXMpenwYsyF3As0YQEnTVX5gMcn +qLVRml6cHib+hSrWYszgnnqSPWMjbKcC2VSMkFP/k7FJU0PR2B2+gyAMAucK4Evj +2w6r0Pqf42HE3+97/azRo5b70H1QIOmKFBEk92rZBkUn/nHlKenOEuu/Xu/vEGAi +rupg9q3+AVoosXEW4O+tk5YO6nzIxh8MuCmeBmG50Z/avUM7WO2T1c6ExEqNLMYX +cSp0uMK3yN7iZGJu2zLKHeSOji5MbRCgrvREDq60nYi2dZRdYdiIC+OM2hjLGZED +EECMUKsjc11dkVNpkKMuimK+keYo1RD7TvqhQsPYNuAtBL2XiI6p4lirhKoJA5qr +EYzkjilqYtsbQwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBzMWUIN9qiBd23RBwc +UhRP2b9SwpHkmoo7tLjq7tZjvnZdw2UeHP0qiVSub7YVXTpA+iPmM5ySfp0twwdW +IzUNDcOSNyV8/ZhdaCDEJRNFRkzNcia6+6G5Fik3MhTnof9V51JHd2aibE7/m+yo +il2enxDsJ0i2Sh8qx6fG2geRVsD0iGtbmeYLrdG8XqOUgXDzd2Hn1xCEA5f5xmLL +oFZLpQFeFN9ektOzh1y5eefKDrM2gMZ4JhiHYwtK0XubMENLFp1YtJui910OdxAD +HU2pHoCJPT2DacNAoLEJF5jwC9mFDm2Ucu69vY/dh+WUv0mX8OJYUkZ1cw6h+KKc +guc6FflSrglj1RR3BKax0JC8LaUZy8FhjNpKgH8Ia2mM40gia/Dl5x+En5MkRyQ7 +uYHLTKU2vtrwEdLYCch5GSEmluSduiM9GBG2eUc4Z8W/yuy5moHZcLl1Tm2LMbmo +muLgid3ZwXS5wW04+dPyoxV+9rwvgEuEN/mrv65EKlOzR98E14UFpdcYMMfbgalF +g/wLGC2uQr6Zo/A4b8NUFEF0Lt7fqZTFeCjDm1UPgkeGKIndM7T+mKaCyho+ZnP3 +hG4ZYuEw1nh+fBHvlhGDCjgRxH5dmcYaf6BuyAQWJDuPh+v+IoJcwcWyVz3k7JnE +6c7nUAcBfiiA/pZAUaASdydzLA== +-----END CERTIFICATE----- From 3bcc3a5c268354b7191f895c78e1e0da5bf39a74 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Tue, 31 May 2022 15:24:04 +0200 Subject: [PATCH 2/4] fixup: use proper test condition for FIPS smoke test --- packages/cli-repl/src/smoke-tests.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/cli-repl/src/smoke-tests.ts b/packages/cli-repl/src/smoke-tests.ts index d46a052da3..8e7fd5d5a5 100644 --- a/packages/cli-repl/src/smoke-tests.ts +++ b/packages/cli-repl/src/smoke-tests.ts @@ -30,8 +30,8 @@ export async function runSmokeTests(smokeTestServer: string | undefined, executa }, { input: 'crypto.createHash("md5").update("hello").digest("hex")', output: expectFipsSupport ? - /5d41402abc4b2a76b9719d911017c592/ : - /5d41402abc4b2a76b9719d911017c592|Could not enable FIPS mode/, + /disabled for FIPS/i : + /disabled for FIPS|Could not enable FIPS mode/i, includeStderr: true, testArgs: ['--tlsFIPSMode', '--nodb'] }].concat(smokeTestServer ? [{ From bd01d4df70bc51a90c97b3b8f1417b2c4cd800f0 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Tue, 31 May 2022 16:31:42 +0200 Subject: [PATCH 3/4] fixup: adjust for CI results --- packages/cli-repl/test/e2e-auth.spec.ts | 6 +++--- packages/cli-repl/test/e2e-tls.spec.ts | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/packages/cli-repl/test/e2e-auth.spec.ts b/packages/cli-repl/test/e2e-auth.spec.ts index 58c6f8d59f..b43a9d6f2c 100644 --- a/packages/cli-repl/test/e2e-auth.spec.ts +++ b/packages/cli-repl/test/e2e-auth.spec.ts @@ -111,9 +111,6 @@ describe('Auth e2e', function() { describe('user management', () => { describe('createUser', () => { - afterEach(async() => { - await assertUserAuth(); - }); it('all arguments', async() => { await shell.executeLine(`use ${dbName}`); expect(await shell.executeLine( @@ -125,6 +122,7 @@ describe('Auth e2e', function() { mechanisms: ['SCRAM-SHA-256'] }); shell.assertNoErrors(); + await assertUserAuth(); }); it('default arguments', async() => { await shell.executeLine(`use ${dbName}`); @@ -136,6 +134,7 @@ describe('Auth e2e', function() { mechanisms: ['SCRAM-SHA-1', 'SCRAM-SHA-256'] }); shell.assertNoErrors(); + await assertUserAuth(); }); it('digestPassword', async function() { if (process.env.MONGOSH_TEST_E2E_FORCE_FIPS) { @@ -150,6 +149,7 @@ describe('Auth e2e', function() { mechanisms: ['SCRAM-SHA-1'] }); shell.assertNoErrors(); + await assertUserAuth(); }); }); describe('updateUser', () => { diff --git a/packages/cli-repl/test/e2e-tls.spec.ts b/packages/cli-repl/test/e2e-tls.spec.ts index 2f9a33acdf..7080d88140 100644 --- a/packages/cli-repl/test/e2e-tls.spec.ts +++ b/packages/cli-repl/test/e2e-tls.spec.ts @@ -424,7 +424,10 @@ describe('e2e TLS', () => { shell.assertContainsOutput('MongoServerSelectionError'); }); - it('works with valid cert (with tlsCertificateSelector)', async() => { + it('works with valid cert (with tlsCertificateSelector)', async function() { + if (process.env.MONGOSH_TEST_E2E_FORCE_FIPS) { + return this.skip(); // No tlsCertificateSelector support in FIPS mode + } const fakeOsCaModule = path.resolve(tmpdir.path, 'fake-ca.js'); await fs.writeFile(fakeOsCaModule, ` const fs = require('fs'); From e0933353f791e3c49e244f2f7690bcc8087636b3 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Wed, 1 Jun 2022 12:21:26 +0200 Subject: [PATCH 4/4] fixup: skip fips smoke testing with openssl 3 --- packages/cli-repl/src/smoke-tests.ts | 11 ++++++++--- scripts/docker/rocky8-epel-rpm.Dockerfile | 2 +- scripts/docker/ubuntu22.04-deb.Dockerfile | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/packages/cli-repl/src/smoke-tests.ts b/packages/cli-repl/src/smoke-tests.ts index 8e7fd5d5a5..4c096383d3 100644 --- a/packages/cli-repl/src/smoke-tests.ts +++ b/packages/cli-repl/src/smoke-tests.ts @@ -20,21 +20,24 @@ export async function runSmokeTests(smokeTestServer: string | undefined, executa if (process.env.IS_CI) { assert(!!smokeTestServer, 'Make sure MONGOSH_SMOKE_TEST_SERVER is set in CI'); } + + const skipFipsWithOpenSSL3 = process.env.MONGOSH_SMOKE_TEST_OS_SKIP_FIPS_WITH_OPENSSL3 && buildInfo().opensslVersion.startsWith('3.'); const expectFipsSupport = !!process.env.MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT && buildInfo().sharedOpenssl; - console.log('FIPS support required to pass?', expectFipsSupport); + console.log('FIPS support required to pass?', { skipFipsWithOpenSSL3, expectFipsSupport }); for (const { input, output, testArgs, includeStderr } of [{ input: 'print("He" + "llo" + " Wor" + "ld!")', output: /Hello World!/, + includeStderr: false, testArgs: ['--nodb'], - }, { + }].concat(skipFipsWithOpenSSL3 ? [] : [{ input: 'crypto.createHash("md5").update("hello").digest("hex")', output: expectFipsSupport ? /disabled for FIPS/i : /disabled for FIPS|Could not enable FIPS mode/i, includeStderr: true, testArgs: ['--tlsFIPSMode', '--nodb'] - }].concat(smokeTestServer ? [{ + }]).concat(smokeTestServer ? [{ input: ` const dbname = "testdb_simplesmoke" + new Date().getTime(); use(dbname); @@ -44,10 +47,12 @@ export async function runSmokeTests(smokeTestServer: string | undefined, executa } db.dropDatabase();`, output: /Test succeeded/, + includeStderr: false, testArgs: [smokeTestServer as string] }, { input: fleSmokeTestScript, output: /Test succeeded|Test skipped/, + includeStderr: false, testArgs: [smokeTestServer as string] }] : [])) { await runSmokeTest(executable, [...args, ...testArgs], input, output, includeStderr); diff --git a/scripts/docker/rocky8-epel-rpm.Dockerfile b/scripts/docker/rocky8-epel-rpm.Dockerfile index 1d1ada638a..1bd977519e 100644 --- a/scripts/docker/rocky8-epel-rpm.Dockerfile +++ b/scripts/docker/rocky8-epel-rpm.Dockerfile @@ -12,5 +12,5 @@ RUN dnf install -y /tmp/*mongosh*.rpm RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib64/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates -ENV MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT=1 +ENV MONGOSH_SMOKE_TEST_OS_SKIP_FIPS_WITH_OPENSSL3=1 ENTRYPOINT [ "mongosh" ] diff --git a/scripts/docker/ubuntu22.04-deb.Dockerfile b/scripts/docker/ubuntu22.04-deb.Dockerfile index 27b06659aa..c350217dc5 100644 --- a/scripts/docker/ubuntu22.04-deb.Dockerfile +++ b/scripts/docker/ubuntu22.04-deb.Dockerfile @@ -10,5 +10,5 @@ RUN apt-get install -y /tmp/*mongosh*.deb RUN /usr/bin/mongosh --build-info RUN env MONGOSH_RUN_NODE_SCRIPT=1 mongosh /usr/share/mongodb-csfle-library-version/node_modules/.bin/mongodb-csfle-library-version /usr/lib/mongosh_csfle_v1.so | grep -q ^mongo_csfle_v1- RUN man mongosh | grep -q tlsAllowInvalidCertificates -ENV MONGOSH_SMOKE_TEST_OS_HAS_FIPS_SUPPORT=1 +ENV MONGOSH_SMOKE_TEST_OS_SKIP_FIPS_WITH_OPENSSL3=1 ENTRYPOINT [ "mongosh" ]