chore(cli-repl): add tls logging regression test COMPASS-5308 (#1173)

addaleax · web-flow · commit 0a19ca8ca55e · 2022-01-13T18:03:25.000+01:00
diff --git a/packages/cli-repl/test/e2e-tls.spec.ts b/packages/cli-repl/test/e2e-tls.spec.ts
@@ -2,8 +2,10 @@ import { assert, expect } from 'chai';
 import { promises as fs } from 'fs';
 import path from 'path';
 import { skipIfEnvServerVersion, startTestServer } from '../../../testing/integration-testing-hooks';
-import { useTmpdir } from './repl-helpers';
+import { useTmpdir, setTemporaryHomeDirectory } from './repl-helpers';
 import { TestShell } from './test-shell';
+import { promisify } from 'util';
+import rimraf from 'rimraf';
 
 function getCertPath(filename: string): string {
   return path.join(__dirname, 'fixtures', 'certificates', filename);
@@ -12,6 +14,8 @@ const CA_CERT = getCertPath('ca.crt');
 const NON_CA_CERT = getCertPath('non-ca.crt');
 const CLIENT_CERT = getCertPath('client.bundle.pem');
 const CLIENT_CERT_PFX = getCertPath('client.bundle.pfx');
+const CLIENT_CERT_ENCRYPTED = getCertPath('client.bundle.encrypted.pem');
+const CLIENT_CERT_PASSWORD = 'p4ssw0rd';
 const INVALID_CLIENT_CERT = getCertPath('invalid-client.bundle.pem');
 const SERVER_KEY = getCertPath('server.bundle.pem');
 const SERVER_INVALIDHOST_KEY = getCertPath('server-invalidhost.bundle.pem');
@@ -156,8 +160,11 @@ describe('e2e TLS', () => {
 
     context('connecting with client cert to server with valid cert', () => {
       const tmpdir = useTmpdir();
+      let homedir: string;
+      let env: Record<string, string>;
+      let logBasePath: string;
 
-      after(async() => {
+      after(async function() {
         const shell = TestShell.start({ args:
           [
             await server.connectionString(),
@@ -169,8 +176,16 @@ describe('e2e TLS', () => {
         await shell.executeLine('db.shutdownServer({ force: true })');
         shell.kill();
         await shell.waitForExit();
+
+        await TestShell.cleanup.call(this);
+        try {
+          await promisify(rimraf)(homedir);
+        } catch (err) {
+          // On Windows in CI, this can fail with EPERM for some reason.
+          // If it does, just log the error instead of failing all tests.
+          console.error('Could not remove fake home directory:', err);
+        }
       });
-      afterEach(TestShell.cleanup);
 
       const server = startTestServer(
         'not-shared', '--hostname', 'localhost',
@@ -184,6 +199,15 @@ describe('e2e TLS', () => {
         if (process.env.MONGOSH_TEST_FORCE_API_STRICT) {
           return this.skip(); // createUser is unversioned
         }
+        const homeInfo = setTemporaryHomeDirectory();
+        homedir = homeInfo.homedir;
+        env = homeInfo.env;
+
+        if (process.platform === 'win32') {
+          logBasePath = path.resolve(homedir, 'local', 'mongodb', 'mongosh');
+        } else {
+          logBasePath = path.resolve(homedir, '.mongodb', 'mongosh');
+        }
         /* connect with cert to create user */
         const shell = TestShell.start({
           args: [
@@ -223,6 +247,32 @@ describe('e2e TLS', () => {
           .to.include(`user: '${certUser}'`);
       });
 
+      it('works with valid cert (args, encrypted)', async() => {
+        const shell = TestShell.start({
+          args: [
+            `${await server.connectionString()}?serverSelectionTimeoutMS=1500`,
+            '--authenticationMechanism', 'MONGODB-X509',
+            '--tls', '--tlsCAFile', CA_CERT,
+            '--tlsCertificateKeyFile', CLIENT_CERT_ENCRYPTED,
+            '--tlsCertificateKeyFilePassword', CLIENT_CERT_PASSWORD
+          ],
+          env
+        });
+        const prompt = await shell.waitForPromptOrExit();
+        expect(prompt.state).to.equal('prompt');
+        expect(await shell.executeLine('db.runCommand({ connectionStatus: 1 })'))
+          .to.include(`user: '${certUser}'`);
+
+        expect(await shell.executeLine('db.getSiblingDB("$external").auth({mechanism: "MONGODB-X509"})'))
+          .to.include('ok: 1');
+        expect(await shell.executeLine('db.runCommand({ connectionStatus: 1 })'))
+          .to.include(`user: '${certUser}'`);
+
+        const logPath = path.join(logBasePath, `${shell.logId}_log`);
+        const logFileContents = await fs.readFile(logPath, 'utf8');
+        expect(logFileContents).not.to.include(CLIENT_CERT_PASSWORD);
+      });
+
       it('works with valid cert (connection string)', async() => {
         const shell = TestShell.start({
           args: [
@@ -242,6 +292,32 @@ describe('e2e TLS', () => {
           .to.include(`user: '${certUser}'`);
       });
 
+      it('works with valid cert (connection string, encrypted)', async() => {
+        const shell = TestShell.start({
+          args: [
+            `${await server.connectionString()}?serverSelectionTimeoutMS=1500`
+            + '&authMechanism=MONGODB-X509'
+            + `&tls=true&tlsCAFile=${encodeURIComponent(CA_CERT)}`
+            + `&tlsCertificateKeyFile=${encodeURIComponent(CLIENT_CERT_ENCRYPTED)}`
+            + `&tlsCertificateKeyFilePassword=${encodeURIComponent(CLIENT_CERT_PASSWORD)}`
+          ],
+          env
+        });
+        const prompt = await shell.waitForPromptOrExit();
+        expect(prompt.state).to.equal('prompt');
+        expect(await shell.executeLine('db.runCommand({ connectionStatus: 1 })'))
+          .to.include(`user: '${certUser}'`);
+
+        expect(await shell.executeLine('db.getSiblingDB("$external").auth({mechanism: "MONGODB-X509"})'))
+          .to.include('ok: 1');
+        expect(await shell.executeLine('db.runCommand({ connectionStatus: 1 })'))
+          .to.include(`user: '${certUser}'`);
+
+        const logPath = path.join(logBasePath, `${shell.logId}_log`);
+        const logFileContents = await fs.readFile(logPath, 'utf8');
+        expect(logFileContents).not.to.include(CLIENT_CERT_PASSWORD);
+      });
+
       it('fails with invalid cert (args)', async() => {
         const shell = TestShell.start({
           args: [
diff --git a/packages/cli-repl/test/fixtures/certificates/client.bundle.encrypted.pem b/packages/cli-repl/test/fixtures/certificates/client.bundle.encrypted.pem
@@ -0,0 +1,165 @@
+Certificate:
+    Data:
+        Version: 1 (0x0)
+        Serial Number:
+            f3:49:92:0f:8b:55:bb:14
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: O=MongoDB, OU=DevTools, CN=DevTools CA
+        Validity
+            Not Before: Dec 22 15:24:05 2020 GMT
+            Not After : Oct  6 15:24:05 2294 GMT
+        Subject: O=MongoDB, OU=DevTools Testers, CN=Wonderwoman/emailAddress=tester@example.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (4096 bit)
+                Modulus:
+                    00:df:5c:43:6a:8d:4f:5c:3c:99:72:15:8b:5e:f8:
+                    e1:8a:e8:8d:89:ea:6a:c5:4f:0c:78:75:24:0e:e9:
+                    73:b4:17:9e:08:54:90:96:cd:f6:fb:d5:1f:23:e6:
+                    b8:08:ed:e0:58:0d:16:f9:8f:2d:dd:1b:c1:d7:30:
+                    dc:98:72:85:13:d3:27:83:fb:5f:ca:28:60:0b:c2:
+                    28:3c:c3:44:46:82:92:b3:cb:64:f7:d7:9f:72:3e:
+                    42:6c:9d:cd:94:1a:15:ec:32:29:3c:dc:eb:0a:69:
+                    2d:ca:35:3e:19:a8:fd:09:5a:5b:e3:f4:cb:05:4b:
+                    e4:03:a1:15:51:92:fb:c8:59:9b:d2:b4:09:84:39:
+                    8b:40:28:04:ef:57:2c:42:32:8e:ef:69:fe:d1:8c:
+                    bc:8d:a7:ed:41:41:f1:6d:b9:e2:ae:3e:a2:28:61:
+                    80:bc:dc:bc:90:8b:a0:d7:e7:f4:ab:b0:ea:6d:e7:
+                    e4:7b:39:46:af:10:41:2b:4f:6d:c3:11:cf:1e:c8:
+                    89:2c:d1:ba:40:c2:1e:d9:9c:73:c0:8a:fb:52:19:
+                    80:7c:a5:22:d5:47:e6:8c:e0:ac:32:3e:2b:b8:6a:
+                    fa:53:3a:40:6a:9e:4a:ef:e3:7e:84:af:d0:35:46:
+                    94:c2:d4:95:cc:a5:e9:f0:62:cc:85:dc:0b:34:61:
+                    01:27:4d:55:f9:80:c7:27:a8:b5:51:9a:5e:9c:1e:
+                    26:fe:85:2a:d6:62:cc:e0:9e:7a:92:3d:63:23:6c:
+                    a7:02:d9:54:8c:90:53:ff:93:b1:49:53:43:d1:d8:
+                    1d:be:83:20:0c:02:e7:0a:e0:4b:e3:db:0e:ab:d0:
+                    fa:9f:e3:61:c4:df:ef:7b:fd:ac:d1:a3:96:fb:d0:
+                    7d:50:20:e9:8a:14:11:24:f7:6a:d9:06:45:27:fe:
+                    71:e5:29:e9:ce:12:eb:bf:5e:ef:ef:10:60:22:ae:
+                    ea:60:f6:ad:fe:01:5a:28:b1:71:16:e0:ef:ad:93:
+                    96:0e:ea:7c:c8:c6:1f:0c:b8:29:9e:06:61:b9:d1:
+                    9f:da:bd:43:3b:58:ed:93:d5:ce:84:c4:4a:8d:2c:
+                    c6:17:71:2a:74:b8:c2:b7:c8:de:e2:64:62:6e:db:
+                    32:ca:1d:e4:8e:8e:2e:4c:6d:10:a0:ae:f4:44:0e:
+                    ae:b4:9d:88:b6:75:94:5d:61:d8:88:0b:e3:8c:da:
+                    18:cb:19:91:03:10:40:8c:50:ab:23:73:5d:5d:91:
+                    53:69:90:a3:2e:8a:62:be:91:e6:28:d5:10:fb:4e:
+                    fa:a1:42:c3:d8:36:e0:2d:04:bd:97:88:8e:a9:e2:
+                    58:ab:84:aa:09:03:9a:ab:11:8c:e4:8e:29:6a:62:
+                    db:1b:43
+                Exponent: 65537 (0x10001)
+    Signature Algorithm: sha256WithRSAEncryption
+         73:31:65:08:37:da:a2:05:dd:b7:44:1c:1c:52:14:4f:d9:bf:
+         52:c2:91:e4:9a:8a:3b:b4:b8:ea:ee:d6:63:be:76:5d:c3:65:
+         1e:1c:fd:2a:89:54:ae:6f:b6:15:5d:3a:40:fa:23:e6:33:9c:
+         92:7e:9d:2d:c3:07:56:23:35:0d:0d:c3:92:37:25:7c:fd:98:
+         5d:68:20:c4:25:13:45:46:4c:cd:72:26:ba:fb:a1:b9:16:29:
+         37:32:14:e7:a1:ff:55:e7:52:47:77:66:a2:6c:4e:ff:9b:ec:
+         a8:8a:5d:9e:9f:10:ec:27:48:b6:4a:1f:2a:c7:a7:c6:da:07:
+         91:56:c0:f4:88:6b:5b:99:e6:0b:ad:d1:bc:5e:a3:94:81:70:
+         f3:77:61:e7:d7:10:84:03:97:f9:c6:62:cb:a0:56:4b:a5:01:
+         5e:14:df:5e:92:d3:b3:87:5c:b9:79:e7:ca:0e:b3:36:80:c6:
+         78:26:18:87:63:0b:4a:d1:7b:9b:30:43:4b:16:9d:58:b4:9b:
+         a2:f7:5d:0e:77:10:03:1d:4d:a9:1e:80:89:3d:3d:83:69:c3:
+         40:a0:b1:09:17:98:f0:0b:d9:85:0e:6d:94:72:ee:bd:bd:8f:
+         dd:87:e5:94:bf:49:97:f0:e2:58:52:46:75:73:0e:a1:f8:a2:
+         9c:82:e7:3a:15:f9:52:ae:09:63:d5:14:77:04:a6:b1:d0:90:
+         bc:2d:a5:19:cb:c1:61:8c:da:4a:80:7f:08:6b:69:8c:e3:48:
+         22:6b:f0:e5:e7:1f:84:9f:93:24:47:24:3b:b9:81:cb:4c:a5:
+         36:be:da:f0:11:d2:d8:09:c8:79:19:21:26:96:e4:9d:ba:23:
+         3d:18:11:b6:79:47:38:67:c5:bf:ca:ec:b9:9a:81:d9:70:b9:
+         75:4e:6d:8b:31:b9:a8:9a:e2:e0:89:dd:d9:c1:74:b9:c1:6d:
+         38:f9:d3:f2:a3:15:7e:f6:bc:2f:80:4b:84:37:f9:ab:bf:ae:
+         44:2a:53:b3:47:df:04:d7:85:05:a5:d7:18:30:c7:db:81:a9:
+         45:83:fc:0b:18:2d:ae:42:be:99:a3:f0:38:6f:c3:54:14:41:
+         74:2e:de:df:a9:94:c5:78:28:c3:9b:55:0f:82:47:86:28:89:
+         dd:33:b4:fe:98:a6:82:ca:1a:3e:66:73:f7:84:6e:19:62:e1:
+         30:d6:78:7e:7c:11:ef:96:11:83:0a:38:11:c4:7e:5d:99:c6:
+         1a:7f:a0:6e:c8:04:16:24:3b:8f:87:eb:fe:22:82:5c:c1:c5:
+         b2:57:3d:e4:ec:99:c4:e9:ce:e7:50:07:01:7e:28:80:fe:96:
+         40:51:a0:12:77:27:73:2c
+-----BEGIN CERTIFICATE-----
+MIIFHzCCAwcCCQDzSZIPi1W7FDANBgkqhkiG9w0BAQsFADA7MRAwDgYDVQQKDAdN
+b25nb0RCMREwDwYDVQQLDAhEZXZUb29sczEUMBIGA1UEAwwLRGV2VG9vbHMgQ0Ew
+IBcNMjAxMjIyMTUyNDA1WhgPMjI5NDEwMDYxNTI0MDVaMGYxEDAOBgNVBAoMB01v
+bmdvREIxGTAXBgNVBAsMEERldlRvb2xzIFRlc3RlcnMxFDASBgNVBAMMC1dvbmRl
+cndvbWFuMSEwHwYJKoZIhvcNAQkBFhJ0ZXN0ZXJAZXhhbXBsZS5jb20wggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfXENqjU9cPJlyFYte+OGK6I2J6mrF
+Twx4dSQO6XO0F54IVJCWzfb71R8j5rgI7eBYDRb5jy3dG8HXMNyYcoUT0yeD+1/K
+KGALwig8w0RGgpKzy2T3159yPkJsnc2UGhXsMik83OsKaS3KNT4ZqP0JWlvj9MsF
+S+QDoRVRkvvIWZvStAmEOYtAKATvVyxCMo7vaf7RjLyNp+1BQfFtueKuPqIoYYC8
+3LyQi6DX5/SrsOpt5+R7OUavEEErT23DEc8eyIks0bpAwh7ZnHPAivtSGYB8pSLV
+R+aM4KwyPiu4avpTOkBqnkrv436Er9A1RpTC1JXMpenwYsyF3As0YQEnTVX5gMcn
+qLVRml6cHib+hSrWYszgnnqSPWMjbKcC2VSMkFP/k7FJU0PR2B2+gyAMAucK4Evj
+2w6r0Pqf42HE3+97/azRo5b70H1QIOmKFBEk92rZBkUn/nHlKenOEuu/Xu/vEGAi
+rupg9q3+AVoosXEW4O+tk5YO6nzIxh8MuCmeBmG50Z/avUM7WO2T1c6ExEqNLMYX
+cSp0uMK3yN7iZGJu2zLKHeSOji5MbRCgrvREDq60nYi2dZRdYdiIC+OM2hjLGZED
+EECMUKsjc11dkVNpkKMuimK+keYo1RD7TvqhQsPYNuAtBL2XiI6p4lirhKoJA5qr
+EYzkjilqYtsbQwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQBzMWUIN9qiBd23RBwc
+UhRP2b9SwpHkmoo7tLjq7tZjvnZdw2UeHP0qiVSub7YVXTpA+iPmM5ySfp0twwdW
+IzUNDcOSNyV8/ZhdaCDEJRNFRkzNcia6+6G5Fik3MhTnof9V51JHd2aibE7/m+yo
+il2enxDsJ0i2Sh8qx6fG2geRVsD0iGtbmeYLrdG8XqOUgXDzd2Hn1xCEA5f5xmLL
+oFZLpQFeFN9ektOzh1y5eefKDrM2gMZ4JhiHYwtK0XubMENLFp1YtJui910OdxAD
+HU2pHoCJPT2DacNAoLEJF5jwC9mFDm2Ucu69vY/dh+WUv0mX8OJYUkZ1cw6h+KKc
+guc6FflSrglj1RR3BKax0JC8LaUZy8FhjNpKgH8Ia2mM40gia/Dl5x+En5MkRyQ7
+uYHLTKU2vtrwEdLYCch5GSEmluSduiM9GBG2eUc4Z8W/yuy5moHZcLl1Tm2LMbmo
+muLgid3ZwXS5wW04+dPyoxV+9rwvgEuEN/mrv65EKlOzR98E14UFpdcYMMfbgalF
+g/wLGC2uQr6Zo/A4b8NUFEF0Lt7fqZTFeCjDm1UPgkeGKIndM7T+mKaCyho+ZnP3
+hG4ZYuEw1nh+fBHvlhGDCjgRxH5dmcYaf6BuyAQWJDuPh+v+IoJcwcWyVz3k7JnE
+6c7nUAcBfiiA/pZAUaASdydzLA==
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,D9A18B7D6891D4BF9165337EC1FA2815
+
+FhuaCyanFErFchjJkVqbu1RWKy3LQSnkfdBiqazsZkVO0QhszU7ZEfMY5vAmkLSd
+rJMDfp3F16HkYw/JFFCrmkpR2zJZZufv3N5DR8GkNmMyFGhy6KuWxADcTdLiKCky
+QDZw8LQbIW+sfskr2Gh7nAVKcsSY7a19K7gbpt658YBKP77VWW1NXxK5Rg082Mmu
+AOZy/QxcvgAw/H+jXr1ZdBAo3RIjt6jFTilubcsN69HxkU7MuDd4Jm0cOxe1YH55
+Tv0vDyPwU+3UUgLRXVf7u9iXUTg9GRL5tclHJVwtPalh2KSKZdded3fC576i5yJr
+tb2oGoU+Hpoz9pAt6y4K3ag48ddN9fKJQMPiUrsRLxkFoR0d1CcRJUED8uyJRF7e
+1ymW2l/n8aEZX8QMjPThqGyiXqZusXBj5gtuFKJw086znzpKlKQDKL1OadtK4PEz
++iX4dxtsOPxBcp8mqyLN1H8xZmsKtxOWRkmehvn4Fu7N27+HJ3Gs/ibBXX1FY2rx
+qjFuJ7CuCAzrhuLjDCXoD6D6oReJIx+lM95uKXH/mRABvO+mp3nj41ola/piVjRg
+MK7BLwqUYkeZQBJM44QmxUfXDkOlCy1HzHt84hQnqO2QSYzo7LUTbXP8H1+g3U0a
+66V5z6o+vk9qQf7sJmy9989NdgdU8Z/JV/1l/5QhSfrO3bif3nf+rZVccsSRN0PL
+HmdVhF4VMZIzXhPVnRW6fKmnic1Yon96RzeTDGydpqzilUz0Zk05G1TdGUAr3s2r
+7WhGDilnwocowT0XQqw3wizPgS9hYZt8mnb7KMjOHbYbrBGcUaMlU1jz+430s40u
++bspo0/48ANdbyYa+euUtHlUIdAwN7ImNqL7XS3CHKiSxcW4v1LWAHLxUaiCu5qc
+IqAKgkJDk3LA2RzWw1FyKhXLkwEDLnlNqorT5S8iV3I//7rCfOxOrG4dJIqnZ4PJ
+BxNRnDgm2Q6iCe918LZZd544j+TVpK1FUAto0RFSbCRz7k0M6gfY7V4S6ZZ5vbPn
+bvG76aSWRlHoRFkH6/ZTEBH3cdJ6smBV8Gj7Pek6ShZx7idskbvIWL3Ia45U3EW4
+QOlKm4Ej7MtyTpZCADN5r989ZiE+OmASuA9pWqFk3vLzABNP3LSMiStstAgtel2h
+FGIuh4K1aLrNsD25nCNQcardZxJO3b3gVfs9b/8/vD60aZN99YZ5xc9CQ7KSaqvo
+/Wh0PKDkvYYxg1wmvCXSBj5ol3XQ9P3e0Qq1ZWpNMeyudk4c/K1USR2J/W12BwW6
+gvIJReRA0+TyZX1ScIcfLh4QtxkMRPjczQg81zND+yK6z9UGo7FkPcvnGDop1psy
+z/1ow6aDgd8WJAtLVbEouyo2CrC4TLPNgOpBkvwP3Ffi0lKldRR3lINe0nfWhpKF
+rQd15Im9y83dBsO8Ze7II7Tg57J2+JbI99MNx0e4p++C7Cst4+03WQclrmbmvbcJ
+u620OCPPEWnf24gw/pvMmTD1sJhgOtOHb99nuf9oD0f8MxwPpgkfbvn6n2hfkxfV
++Ecpm8y0rNr0kJq7pD5qag/k8Wb+Gcn8bFpauYCjC6+8Rk+KazEoI0T+RwHTaB8H
+KopLKni5grEijiCwEME57fpeAdghy+1nk4Fq6ENKMdlUCn7wKRsLERorI1w0kgPt
+XeQg6rimr7dAZT9PXUlFTkh/kse8DgpJMvMnoKl/GpAdgQ6o9Xis3+Il/VG5y1Dk
+cViLbRRLr+dC6VawHH5ZlWHD9TvbyCyFmDz4vkscmIrv5ucJUZh2VNe5SALyAkNV
+eWhjjUxV9cfRTtCIg2/1uZo1hmWJ8pUL3EGDQmIHRFeJyr2sftAD4K9P/QT5pxh8
+dzVLFMEHdeNI24RpBjzmOqZ93ogt+NuFNQZ9S3P2XxtX+nmaGyOBXJAd62xFklMl
+Hivj59eDIYwPilhggzq7bWH2TtwP7M3fv/l8d/+OOeGrPq8ySGkgOOmalT2/1AJQ
+RT4ktt8T54GKk+2rnTByTxtXAnC0WMC8lj0k3e9o4rbhcQ8cNzOslfBnE1xmtplE
+VoLxSRvpbqxQ0Hf2m/jwOpfX1RHcl1E28uIu5+dzPC368yE0ULgf2oMh4o6ahAFH
+LQ0fSd7V3naYjlW8IodOxEoriD/QVP656Zg/E70Xf3/jge2ZIsRnzA8HFELOrTRs
+bNEVusWXZIU47vaYV/YTMU8PU7TNzI1nsJjHvKnO4dX4+FsedvquAk6iALZwmSY0
+uWV+tvJBbczAdmIpgjnQsX6fx9wz9HOSbPVZ2fUWEMTVIXOc4D64Z/Ik6INEw69J
+Eey9Op2lImYLBR7ly1AQxFAE+Y6ZRgRDkFkP1FEtEXLglzux8PRJhrncjG8ud6nU
+ksehWFuAlMq+iKWQ7fHYNiLMN8ePrYVvr/xBerpgIPApys5lbaxbtSgggrG88LWE
+ma1lBdOUXpLiMyO2fO/AoZ71IPiY6gOzuBAifjkMtVBNS75XkttOTVkE6M0f2LBG
+o3/EXnfcx6+qrQf6a617w1eaHYD+BqfzgfOl0Yg3yEVnocEc1aJpWAn3hgA0nRWA
+rjLBsS4v3BILyC4Y/2yMz/UyjpKrifn2pCP//ac6J7kex5fAdrWGKXXTh6qF04G/
+DY75WD6lhyVIAY/+HnJtGTFQWrM9OKS6YFot7fF8quYFIhkDVXU/I9+WvYDW71a9
+yt6jFbMk6+glEVtF5ZIO564BOWE7Fj1QHr4JmV1MMu8x65Zm1UXNhX/y9Os0LG+c
+Q3UB8PH2g5J1S6USXleqJLY7j7bE7nBIdbZCDJ7YPm6VERWNfuhtShiEo2PgF+aX
+XCW4s+sV4SAMphGTnsEXj8rhgLhctciYiPrNHQau017MvBsWlFuuy4B49tySH4Qn
+oKWz9A0GBrKQv3pcu07XGdD4K/J3S3pC5oxyhB6SfL0268SRkott4I/LX/JLglP9
+wayrdwbNLU3ftTfqorMlh+ZbOiuohjsrjNp/4UASNZ1OhipyzFK8W7mKLO8IHnjG
+mXbDI9qdK46VBkhHCJPgZsMdu9qG4bwrJlrsc4n6szgxLQ32LGFfUucW10iKSXYQ
+SWdUl1kDWrtKVGvAYClTh2ljXvmBEBUHKHK4xmXX4PMwvtbnCcvMyXgM5iCOrq9Y
+-----END RSA PRIVATE KEY-----
diff --git a/packages/cli-repl/test/fixtures/certificates/client.encrypted.key b/packages/cli-repl/test/fixtures/certificates/client.encrypted.key
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,D9A18B7D6891D4BF9165337EC1FA2815
+
+FhuaCyanFErFchjJkVqbu1RWKy3LQSnkfdBiqazsZkVO0QhszU7ZEfMY5vAmkLSd
+rJMDfp3F16HkYw/JFFCrmkpR2zJZZufv3N5DR8GkNmMyFGhy6KuWxADcTdLiKCky
+QDZw8LQbIW+sfskr2Gh7nAVKcsSY7a19K7gbpt658YBKP77VWW1NXxK5Rg082Mmu
+AOZy/QxcvgAw/H+jXr1ZdBAo3RIjt6jFTilubcsN69HxkU7MuDd4Jm0cOxe1YH55
+Tv0vDyPwU+3UUgLRXVf7u9iXUTg9GRL5tclHJVwtPalh2KSKZdded3fC576i5yJr
+tb2oGoU+Hpoz9pAt6y4K3ag48ddN9fKJQMPiUrsRLxkFoR0d1CcRJUED8uyJRF7e
+1ymW2l/n8aEZX8QMjPThqGyiXqZusXBj5gtuFKJw086znzpKlKQDKL1OadtK4PEz
++iX4dxtsOPxBcp8mqyLN1H8xZmsKtxOWRkmehvn4Fu7N27+HJ3Gs/ibBXX1FY2rx
+qjFuJ7CuCAzrhuLjDCXoD6D6oReJIx+lM95uKXH/mRABvO+mp3nj41ola/piVjRg
+MK7BLwqUYkeZQBJM44QmxUfXDkOlCy1HzHt84hQnqO2QSYzo7LUTbXP8H1+g3U0a
+66V5z6o+vk9qQf7sJmy9989NdgdU8Z/JV/1l/5QhSfrO3bif3nf+rZVccsSRN0PL
+HmdVhF4VMZIzXhPVnRW6fKmnic1Yon96RzeTDGydpqzilUz0Zk05G1TdGUAr3s2r
+7WhGDilnwocowT0XQqw3wizPgS9hYZt8mnb7KMjOHbYbrBGcUaMlU1jz+430s40u
++bspo0/48ANdbyYa+euUtHlUIdAwN7ImNqL7XS3CHKiSxcW4v1LWAHLxUaiCu5qc
+IqAKgkJDk3LA2RzWw1FyKhXLkwEDLnlNqorT5S8iV3I//7rCfOxOrG4dJIqnZ4PJ
+BxNRnDgm2Q6iCe918LZZd544j+TVpK1FUAto0RFSbCRz7k0M6gfY7V4S6ZZ5vbPn
+bvG76aSWRlHoRFkH6/ZTEBH3cdJ6smBV8Gj7Pek6ShZx7idskbvIWL3Ia45U3EW4
+QOlKm4Ej7MtyTpZCADN5r989ZiE+OmASuA9pWqFk3vLzABNP3LSMiStstAgtel2h
+FGIuh4K1aLrNsD25nCNQcardZxJO3b3gVfs9b/8/vD60aZN99YZ5xc9CQ7KSaqvo
+/Wh0PKDkvYYxg1wmvCXSBj5ol3XQ9P3e0Qq1ZWpNMeyudk4c/K1USR2J/W12BwW6
+gvIJReRA0+TyZX1ScIcfLh4QtxkMRPjczQg81zND+yK6z9UGo7FkPcvnGDop1psy
+z/1ow6aDgd8WJAtLVbEouyo2CrC4TLPNgOpBkvwP3Ffi0lKldRR3lINe0nfWhpKF
+rQd15Im9y83dBsO8Ze7II7Tg57J2+JbI99MNx0e4p++C7Cst4+03WQclrmbmvbcJ
+u620OCPPEWnf24gw/pvMmTD1sJhgOtOHb99nuf9oD0f8MxwPpgkfbvn6n2hfkxfV
++Ecpm8y0rNr0kJq7pD5qag/k8Wb+Gcn8bFpauYCjC6+8Rk+KazEoI0T+RwHTaB8H
+KopLKni5grEijiCwEME57fpeAdghy+1nk4Fq6ENKMdlUCn7wKRsLERorI1w0kgPt
+XeQg6rimr7dAZT9PXUlFTkh/kse8DgpJMvMnoKl/GpAdgQ6o9Xis3+Il/VG5y1Dk
+cViLbRRLr+dC6VawHH5ZlWHD9TvbyCyFmDz4vkscmIrv5ucJUZh2VNe5SALyAkNV
+eWhjjUxV9cfRTtCIg2/1uZo1hmWJ8pUL3EGDQmIHRFeJyr2sftAD4K9P/QT5pxh8
+dzVLFMEHdeNI24RpBjzmOqZ93ogt+NuFNQZ9S3P2XxtX+nmaGyOBXJAd62xFklMl
+Hivj59eDIYwPilhggzq7bWH2TtwP7M3fv/l8d/+OOeGrPq8ySGkgOOmalT2/1AJQ
+RT4ktt8T54GKk+2rnTByTxtXAnC0WMC8lj0k3e9o4rbhcQ8cNzOslfBnE1xmtplE
+VoLxSRvpbqxQ0Hf2m/jwOpfX1RHcl1E28uIu5+dzPC368yE0ULgf2oMh4o6ahAFH
+LQ0fSd7V3naYjlW8IodOxEoriD/QVP656Zg/E70Xf3/jge2ZIsRnzA8HFELOrTRs
+bNEVusWXZIU47vaYV/YTMU8PU7TNzI1nsJjHvKnO4dX4+FsedvquAk6iALZwmSY0
+uWV+tvJBbczAdmIpgjnQsX6fx9wz9HOSbPVZ2fUWEMTVIXOc4D64Z/Ik6INEw69J
+Eey9Op2lImYLBR7ly1AQxFAE+Y6ZRgRDkFkP1FEtEXLglzux8PRJhrncjG8ud6nU
+ksehWFuAlMq+iKWQ7fHYNiLMN8ePrYVvr/xBerpgIPApys5lbaxbtSgggrG88LWE
+ma1lBdOUXpLiMyO2fO/AoZ71IPiY6gOzuBAifjkMtVBNS75XkttOTVkE6M0f2LBG
+o3/EXnfcx6+qrQf6a617w1eaHYD+BqfzgfOl0Yg3yEVnocEc1aJpWAn3hgA0nRWA
+rjLBsS4v3BILyC4Y/2yMz/UyjpKrifn2pCP//ac6J7kex5fAdrWGKXXTh6qF04G/
+DY75WD6lhyVIAY/+HnJtGTFQWrM9OKS6YFot7fF8quYFIhkDVXU/I9+WvYDW71a9
+yt6jFbMk6+glEVtF5ZIO564BOWE7Fj1QHr4JmV1MMu8x65Zm1UXNhX/y9Os0LG+c
+Q3UB8PH2g5J1S6USXleqJLY7j7bE7nBIdbZCDJ7YPm6VERWNfuhtShiEo2PgF+aX
+XCW4s+sV4SAMphGTnsEXj8rhgLhctciYiPrNHQau017MvBsWlFuuy4B49tySH4Qn
+oKWz9A0GBrKQv3pcu07XGdD4K/J3S3pC5oxyhB6SfL0268SRkott4I/LX/JLglP9
+wayrdwbNLU3ftTfqorMlh+ZbOiuohjsrjNp/4UASNZ1OhipyzFK8W7mKLO8IHnjG
+mXbDI9qdK46VBkhHCJPgZsMdu9qG4bwrJlrsc4n6szgxLQ32LGFfUucW10iKSXYQ
+SWdUl1kDWrtKVGvAYClTh2ljXvmBEBUHKHK4xmXX4PMwvtbnCcvMyXgM5iCOrq9Y
+-----END RSA PRIVATE KEY-----
