VSCODE-125: Connect with SSL to mongodb shell (#120)

* fix: set proper ssl options when launching mongodb shell

* refactor: remove dev conf

* feat: have certificate and key inputs combined together

* refactor: remove unused key check

* refactor: remove extra uri check

* fix: get binaries of ssl files

* fix: resolve files path

* refactor: check if driver options present

* refactor: add checks and catch errors

* refactor: check ssl option present before assign

* refactor: use ssl options to support older mongo

Author: alenakhineika

src/language/mongoDBService.ts

@@ -9,15 +9,22 @@ import { Visitor } from './visitor';
 import { ServerCommands, PlaygroundRunParameters } from './serverCommands';
 
 const path = require('path');
+const fs = require('fs');
 
 export const languageServerWorkerFileName = 'languageServerWorker.js';
 
+type SslFileOptions = {
+  sslCA?: string;
+  sslKey?: string;
+  sslCert?: string;
+};
+
 export default class MongoDBService {
   _serviceProvider?: CliServiceProvider;
   _runtime?: ElectronRuntime;
   _connection: any;
   _connectionString?: string;
-  _connectionOptions?: object;
+  _connectionOptions?: any;
   _cachedFields: object;
   _cachedDatabases: [];
   _cachedCollections: object;
@@ -43,6 +50,47 @@ export default class MongoDBService {
     return this._connectionOptions;
   }
 
+  private isSslConnection(connectionOptions: any): boolean {
+    return !!(
+      connectionOptions &&
+      (connectionOptions.sslCA ||
+        connectionOptions.sslCert ||
+        connectionOptions.sslPass)
+    );
+  }
+
+  private readSslFileSync(sslOption: string | string[]): any {
+    if (Array.isArray(sslOption)) {
+      return fs.readFileSync(sslOption[0]);
+    }
+
+    if (typeof sslOption !== 'string') {
+      return;
+    }
+
+    return fs.readFileSync(sslOption);
+  }
+
+  private loadSslBinaries(): void {
+    if (this._connectionOptions.sslCA) {
+      this._connectionOptions.sslCA = this.readSslFileSync(
+        this._connectionOptions.sslCA
+      );
+    }
+
+    if (this._connectionOptions.sslKey) {
+      this._connectionOptions.sslKey = this.readSslFileSync(
+        this._connectionOptions.sslKey
+      );
+    }
+
+    if (this._connectionOptions.sslCert) {
+      this._connectionOptions.sslCert = this.readSslFileSync(
+        this._connectionOptions.sslCert
+      );
+    }
+  }
+
   public async connectToServiceProvider(params: {
     connectionString?: string;
     connectionOptions?: any;
@@ -54,13 +102,25 @@ export default class MongoDBService {
     this.clearCurrentSessionCollections();
 
     this._connectionString = params.connectionString;
-    this._connectionOptions = params.connectionOptions;
+    this._connectionOptions = params.connectionOptions || {};
     this._extensionPath = params.extensionPath;
 
     if (!this._connectionString) {
       return Promise.resolve(false);
     }
 
+    if (this.isSslConnection(this._connectionOptions)) {
+      try {
+        this.loadSslBinaries();
+      } catch (error) {
+        this._connection.console.log(
+          `SSL FILES read error: ${util.inspect(error)}`
+        );
+
+        return Promise.resolve(false);
+      }
+    }
+
     try {
       this._serviceProvider = await CliServiceProvider.connect(
         this._connectionString,

src/mdbExtensionController.ts

@@ -397,35 +397,84 @@ export default class MDBExtensionController implements vscode.Disposable {
     );
   }
 
-  public openMongoDBShell(): Promise<boolean> {
-    let mdbConnectionString;
+  private isSslConnection(activeConnectionModel: any): boolean {
+    return !!(
+      activeConnectionModel &&
+      activeConnectionModel.driverOptions &&
+      (activeConnectionModel.driverOptions.sslCA ||
+        activeConnectionModel.driverOptions.sslCert ||
+        activeConnectionModel.driverOptions.sslPass)
+    );
+  }
+
+  private getSslOptionsString(driverOptions: any): string {
+    let mdbSslOptionsString = '--ssl';
+
+    if (!driverOptions.checkServerIdentity) {
+      mdbSslOptionsString = `${mdbSslOptionsString} --sslAllowInvalidHostnames`;
+    }
 
-    if (this._connectionController) {
-      const activeConnectionModel = this._connectionController
-        .getActiveConnectionModel()
-        ?.getAttributes({ derived: true });
+    if (!driverOptions.sslValidate) {
+      mdbSslOptionsString = `${mdbSslOptionsString} --sslAllowInvalidCertificates`;
+    }
+
+    if (driverOptions.sslCA) {
+      mdbSslOptionsString = `${mdbSslOptionsString} --sslCAFile ${driverOptions.sslCA}`;
+    }
 
-      mdbConnectionString = activeConnectionModel
-        ? activeConnectionModel.driverUrlWithSsh
-        : '';
+    if (driverOptions.sslCert) {
+      mdbSslOptionsString = `${mdbSslOptionsString} --sslPEMKeyFile ${driverOptions.sslCert}`;
     }
 
-    if (!mdbConnectionString) {
+    if (driverOptions.sslPass) {
+      mdbSslOptionsString = `${mdbSslOptionsString} --sslPEMKeyPassword $MDB_SSL_CERTIFICATE_KEY_FILE_PASSWORD`;
+    }
+
+    return mdbSslOptionsString;
+  }
+
+  public openMongoDBShell(): Promise<boolean> {
+    const mongoDBShellEnv: any = {};
+    let mdbSslOptionsString = '';
+
+    if (
+      !this._connectionController ||
+      !this._connectionController.isCurrentlyConnected()
+    ) {
       vscode.window.showErrorMessage(
         'You need to be connected before launching the MongoDB Shell.'
       );
 
       return Promise.resolve(false);
     }
 
+    const activeConnectionModel = this._connectionController
+      .getActiveConnectionModel()
+      ?.getAttributes({ derived: true });
+
+    mongoDBShellEnv['MDB_CONNECTION_STRING'] = activeConnectionModel
+      ? activeConnectionModel.driverUrlWithSsh
+      : '';
+
+    if (activeConnectionModel && this.isSslConnection(activeConnectionModel)) {
+      mdbSslOptionsString = this.getSslOptionsString(
+        activeConnectionModel.driverOptions
+      );
+
+      if (activeConnectionModel.driverOptions.sslPass) {
+        mongoDBShellEnv['MDB_SSL_CERTIFICATE_KEY_FILE_PASSWORD'] =
+          activeConnectionModel.driverOptions.sslPass;
+      }
+    }
+
+    const shellCommand = vscode.workspace.getConfiguration('mdb').get('shell');
     const mongoDBShell = vscode.window.createTerminal({
       name: 'MongoDB Shell',
-      env: { MDB_CONNECTION_STRING: mdbConnectionString }
+      env: mongoDBShellEnv
     });
-    const shellCommand = vscode.workspace.getConfiguration('mdb').get('shell');
 
     mongoDBShell.sendText(
-      `${shellCommand} $MDB_CONNECTION_STRING; unset MDB_CONNECTION_STRING`
+      `${shellCommand} ${mdbSslOptionsString} $MDB_CONNECTION_STRING; unset MDB_CONNECTION_STRING; unset MDB_SSL_CERTIFICATE_KEY_FILE_PASSWORD`
     );
     mongoDBShell.show();
 

src/test/suite/extension.test.ts

@@ -15,6 +15,7 @@ suite('Extension Test Suite', () => {
 
   let fakeShowErrorMessage: any;
   let fakeGetActiveConnectionModel: any;
+  let fakeIsCurrentlyConnected: any;
   let createTerminalSpy: any;
 
   beforeEach(() => {
@@ -25,6 +26,10 @@ suite('Extension Test Suite', () => {
       mockMDBExtension._connectionController,
       'getActiveConnectionModel'
     );
+    fakeIsCurrentlyConnected = sandbox.stub(
+      mockMDBExtension._connectionController,
+      'isCurrentlyConnected'
+    );
 
     createTerminalSpy = sinon.spy(vscode.window, 'createTerminal');
   });
@@ -103,6 +108,7 @@ suite('Extension Test Suite', () => {
         port: 27018
       })
     );
+    fakeIsCurrentlyConnected.returns(true);
 
     try {
       await mockMDBExtension.openMongoDBShell();
@@ -138,6 +144,7 @@ suite('Extension Test Suite', () => {
         sshTunnelPassword: 'password'
       })
     );
+    fakeIsCurrentlyConnected.returns(true);
 
     try {
       await mockMDBExtension.openMongoDBShell();

src/test/suite/views/webviewController.test.ts

@@ -299,7 +299,7 @@ suite('Connect Form View Test Suite', () => {
       testTelemetryController
     );
     const fakeVSCodeOpenDialog = sinon.fake.resolves({
-      path: './somefilepath/test.text'
+      path: '/somefilepath/test.text'
     });
 
     let messageRecieved;
@@ -361,7 +361,7 @@ suite('Connect Form View Test Suite', () => {
       html: '',
       postMessage: (message: any): void => {
         assert(message.action === 'file_action');
-        assert(message.files[0] === 'somefilepath/test.text');
+        assert(message.files[0] === path.resolve('/somefilepath/test.text'));
 
         testConnectionController.disconnect();
         done();

src/views/webview-app/components/connect-form/ssl/ssl-server-client-validation.tsx

@@ -8,7 +8,6 @@ import {
   ActionTypes,
   OnChangeSSLCAAction,
   OnChangeSSLCertAction,
-  OnChangeSSLKeyAction,
   SSLPassChangedAction
 } from '../../../store/actions';
 import { AppState } from '../../../store/store';
@@ -19,14 +18,12 @@ type stateProps = {
   isValid: boolean;
   sslCA?: string[];
   sslCert?: string[];
-  sslKey?: string[];
   sslPass?: string;
 };
 
 type dispatchProps = {
   onChangeSSLCA: () => void;
   onChangeSSLCertificate: () => void;
-  onChangeSSLPrivateKey: () => void;
   sslPrivateKeyPasswordChanged: (newSSLPass: string) => void;
 };
 
@@ -49,13 +46,6 @@ class SSLServerClientValidation extends React.Component<props> {
     this.props.onChangeSSLCertificate();
   };
 
-  /**
-   * Handles sslKey change.
-   */
-  onClientPrivateKeyChanged = (): void => {
-    this.props.onChangeSSLPrivateKey();
-  };
-
   /**
    * Handles sslPass change.
    *
@@ -66,7 +56,7 @@ class SSLServerClientValidation extends React.Component<props> {
   };
 
   render(): React.ReactNode {
-    const { isValid, sslCA, sslCert, sslKey, sslPass } = this.props;
+    const { isValid, sslCA, sslCert, sslPass } = this.props;
 
     return (
       <div
@@ -80,24 +70,15 @@ class SSLServerClientValidation extends React.Component<props> {
           onClick={this.onCertificateAuthorityChanged}
           values={sslCA}
           link="https://docs.mongodb.com/manual/tutorial/configure-ssl/#certificate-authorities"
-          multi
         />
         <FileInputButton
-          label="Client Certificate"
+          label="Client Certificate and Key"
           id="sslCert"
           error={!isValid && sslCert === undefined}
           onClick={this.onClientCertificateChanged}
           values={sslCert}
           link="https://docs.mongodb.com/manual/tutorial/configure-ssl/#pem-file"
         />
-        <FileInputButton
-          label="Client Private Key"
-          id="sslKey"
-          error={!isValid && sslKey === undefined}
-          onClick={this.onClientPrivateKeyChanged}
-          values={sslKey}
-          link="https://docs.mongodb.com/manual/tutorial/configure-ssl/#pem-file"
-        />
         <FormInput
           label="Client Key Password"
           name="sslPass"
@@ -117,7 +98,6 @@ const mapStateToProps = (state: AppState): stateProps => {
     isValid: state.isValid,
     sslCA: state.currentConnection.sslCA,
     sslCert: state.currentConnection.sslCert,
-    sslKey: state.currentConnection.sslKey,
     sslPass: state.currentConnection.sslPass
   };
 };
@@ -129,9 +109,6 @@ const mapDispatchToProps: dispatchProps = {
   onChangeSSLCertificate: (): OnChangeSSLCertAction => ({
     type: ActionTypes.ON_CHANGE_SSL_CERT
   }),
-  onChangeSSLPrivateKey: (): OnChangeSSLKeyAction => ({
-    type: ActionTypes.ON_CHANGE_SSL_KEY
-  }),
   sslPrivateKeyPasswordChanged: (newSSLPass: string): SSLPassChangedAction => ({
     type: ActionTypes.SSL_PASS_CHANGED,
     sslPass: newSSLPass

src/views/webview-app/connection-model/connection-model.ts

@@ -105,10 +105,6 @@ const validateSsl = (attrs: ConnectionModel): void => {
       throw new TypeError('sslCA is required when ssl is ALL.');
     }
 
-    if (!attrs.sslKey) {
-      throw new TypeError('sslKey is required when ssl is ALL.');
-    }
-
     if (!attrs.sslCert) {
       throw new TypeError('sslCert is required when ssl is ALL.');
     }