Skip to content

Commit ecc24d8

Browse files
papafepapafe
committed
Various fixes
1 parent 9939024 commit ecc24d8

File tree

3 files changed

+60
-80
lines changed

3 files changed

+60
-80
lines changed

evergreen/convert-client-cert-to-pkcs12.sh

Lines changed: 53 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -2,82 +2,62 @@
22

33
set -o errexit # Exit the script with an error if any of the commands fail
44

5-
# Environment variables used as input:
6-
# CLIENT_PEM Path to mongo -orchestration's client.pem: must be set.
7-
# MONGO_X509_CLIENT_P12 Filename for client certificate in p12 format
8-
#
9-
# Environment variables produced as output:
10-
# MONGODB_X509_CLIENT_P12_PATH Absolute path to client certificate in p12 format
11-
# MONGO_X509_CLIENT_CERTIFICATE_PASSWORD Password for client certificate
12-
13-
14-
CLIENT_PEM=${CLIENT_PEM:-nil}
15-
MONGO_X509_CLIENT_P12=${MONGO_X509_CLIENT_P12:-client.p12}
16-
MONGO_X509_CLIENT_CERTIFICATE_PASSWORD=${MONGO_X509_CLIENT_CERTIFICATE_PASSWORD:-Picard-Alpha-Alpha-3-0-5}
17-
18-
CLIENT_NO_USER_PEM=${CLIENT_NO_USER_PEM:-nil}
19-
MONGO_X509_CLIENT_NO_USER_P12=${MONGO_X509_CLIENT_NO_USER_P12:-client_no_user.p12}
20-
MONGO_X509_CLIENT_NO_USER_CERTIFICATE_PASSWORD=${MONGO_X509_CLIENT_NO_USER_CERTIFICATE_PASSWORD:-Picard-Alpha-Alpha-3-0-5}
21-
22-
function create_p12 {
23-
local PEM_FILE=$1
24-
local P12_FILE=$2
25-
local PASSWORD=$3
26-
27-
if [[ ! -f "$PEM_FILE" ]]; then
28-
echo "Warning: PEM file '$PEM_FILE' does not exist. Skipping generation of '$P12_FILE'."
29-
return 1
30-
fi
31-
32-
openssl pkcs12 -export -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -macalg sha1 -in "$PEM_FILE" \
33-
-out "$P12_FILE" \
34-
-name "Drivers Client Certificate" \
35-
-password "pass:${PASSWORD}"
36-
}
5+
# Input environment variables
6+
: "${CLIENT_PEM_VAR_NAME:="CLIENT_PEM"}" # Name of the input variable for the client.pem file
7+
: "${OUTPUT_VAR_PREFIX:="MONGO_X509_CLIENT"}" # Prefix for output environment variables
8+
: "${CERTIFICATE_NAME:="Drivers Client Certificate"}" # Name for the exported certificate
9+
10+
#todo, need to take the input name for client file and password, and not use the convoluted system we have
11+
#I think I need to add those to the input environment variables and then use those in the export down here (where the default values for output variables are)
12+
13+
CLIENT_PEM=${!CLIENT_PEM_VAR_NAME:-nil}
14+
OUT_CLIENT_P12_VAR="${OUTPUT_VAR_PREFIX}_CLIENT_P12"
15+
OUT_CLIENT_PASSWORD_VAR="${OUTPUT_VAR_PREFIX}_CERTIFICATE_PASSWORD"
16+
OUT_CLIENT_PATH_VAR="${OUTPUT_VAR_PREFIX}_CERTIFICATE_PATH"
17+
18+
# Default values for output variables (can be overridden via the environment)
19+
export "${OUT_CLIENT_P12_VAR}"="${!OUT_CLIENT_P12_VAR:-client.p12}"
20+
export "${OUT_CLIENT_PASSWORD_VAR}"="${!OUT_CLIENT_PASSWORD_VAR:-Picard-Alpha-Alpha-3-0-5}"
21+
22+
if [[ "$CLIENT_PEM" == "nil" ]]; then
23+
echo "Error: ${CLIENT_PEM_VAR_NAME} must be set."
24+
exit 1
25+
fi
3726

38-
function get_realpath {
39-
local FILE=$1
40-
if [[ "$OS" =~ MAC|Mac|mac ]]; then
41-
# realpath function for Mac OS
42-
function realpath() {
43-
OURPWD=$PWD
44-
cd "$(dirname "$1")"
27+
P12_FILENAME=${!OUT_CLIENT_P12_VAR}
28+
CERT_PASSWORD=${!OUT_CLIENT_PASSWORD_VAR}
29+
30+
openssl pkcs12 -export -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -macalg sha1 -in "${CLIENT_PEM}" \
31+
-out "${P12_FILENAME}" \
32+
-name "${CERTIFICATE_NAME}" \
33+
-password "pass:${CERT_PASSWORD}"
34+
35+
# Determine path using realpath (compatible across macOS, Linux, and Windows)
36+
if [[ "$OS" =~ MAC|Mac|mac ]]; then
37+
# Functionality to mimic `realpath` on macOS
38+
function realpath() {
39+
OURPWD=$PWD
40+
cd "$(dirname "$1")"
41+
LINK=$(readlink "$(basename "$1")")
42+
while [ "$LINK" ]; do
43+
cd "$(dirname "$LINK")"
4544
LINK=$(readlink "$(basename "$1")")
46-
while [ "$LINK" ]; do
47-
cd "$(dirname "$LINK")"
48-
LINK=$(readlink "$(basename "$1")")
49-
done
50-
REALPATH="$PWD/$(basename "$1")"
51-
cd "$OURPWD"
52-
echo "$REALPATH"
53-
}
54-
fi
45+
done
46+
REALPATH="$PWD/$(basename "$1")"
47+
cd "$OURPWD"
48+
echo "$REALPATH"
49+
}
50+
fi
5551

56-
if [[ "$OS" =~ Windows|windows ]]; then
57-
echo "$(cygpath -w "$FILE")"
58-
else
59-
echo "$(realpath "$FILE")"
60-
fi
61-
}
52+
CERT_PATH=$(realpath "${P12_FILENAME}")
6253

63-
# Create the primary client's p12 certificate if the PEM file exists
64-
if create_p12 "$CLIENT_PEM" "$MONGO_X509_CLIENT_P12" "$MONGO_X509_CLIENT_CERTIFICATE_PASSWORD"; then
65-
MONGO_X509_CLIENT_CERTIFICATE_PATH=$(get_realpath "$MONGO_X509_CLIENT_P12")
66-
export MONGO_X509_CLIENT_CERTIFICATE_PATH
67-
export MONGO_X509_CLIENT_CERTIFICATE_PASSWORD
68-
echo "Primary certificate path: $MONGO_X509_CLIENT_CERTIFICATE_PATH"
69-
echo "Primary certificate password: $MONGO_X509_CLIENT_CERTIFICATE_PASSWORD"
70-
else
71-
echo "Skipping primary certificate creation."
54+
if [[ "$OS" =~ Windows|windows ]]; then
55+
CERT_PATH=$(cygpath -w "${CERT_PATH}")
7256
fi
7357

74-
# Create the secondary "No User" client's p12 certificate if the PEM file exists
75-
if create_p12 "$CLIENT_NO_USER_PEM" "$MONGO_X509_CLIENT_NO_USER_P12" "$MONGO_X509_CLIENT_NO_USER_CERTIFICATE_PASSWORD"; then
76-
MONGO_X509_CLIENT_NO_USER_CERTIFICATE_PATH=$(get_realpath "$MONGO_X509_CLIENT_NO_USER_P12")
77-
export MONGO_X509_CLIENT_NO_USER_CERTIFICATE_PATH
78-
export MONGO_X509_CLIENT_NO_USER_CERTIFICATE_PASSWORD
79-
echo "Secondary ('No User') certificate path: $MONGO_X509_CLIENT_NO_USER_CERTIFICATE_PATH"
80-
echo "Secondary ('No User') certificate password: $MONGO_X509_CLIENT_NO_USER_CERTIFICATE_PASSWORD"
81-
else
82-
echo "Skipping secondary ('No User') certificate creation."
83-
fi
58+
export "${OUT_CLIENT_PATH_VAR}"="${CERT_PATH}"
59+
60+
echo "Exported variables:"
61+
echo "${OUT_CLIENT_P12_VAR}=${!OUT_CLIENT_P12_VAR}"
62+
echo "${OUT_CLIENT_PASSWORD_VAR}=${!OUT_CLIENT_PASSWORD_VAR}"
63+
echo "${OUT_CLIENT_PATH_VAR}=${!OUT_CLIENT_PATH_VAR}"

evergreen/run-tests.sh

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ TOPOLOGY=${TOPOLOGY:-server}
2929
COMPRESSOR=${COMPRESSOR:-none}
3030
OCSP_TLS_SHOULD_SUCCEED=${OCSP_TLS_SHOULD_SUCCEED:-nil}
3131
CLIENT_PEM=${CLIENT_PEM:-nil}
32+
CLIENT_NO_USER_PEM=${CLIENT_NO_USER_PEM:-nil}
3233
PLATFORM=${PLATFORM:-nil}
3334
TARGET=${TARGET:-Test}
3435
FRAMEWORK=${FRAMEWORK:-nil}
@@ -133,8 +134,12 @@ if [[ "$CLIENT_PEM" != "nil" ]]; then
133134
CLIENT_PEM=${CLIENT_PEM} source evergreen/convert-client-cert-to-pkcs12.sh
134135
fi
135136

136-
if [[ "$CLIENT_NOUSER_PEM" != "nil" ]]; then
137-
CLIENT_NOUSER_PEM=${CLIENT_NOUSER_PEM} source evergreen/convert-client-cert-to-pkcs12.sh
137+
if [[ "$CLIENT_NO_USER_PEM" != "nil" ]]; then
138+
export CLIENT_PEM_VAR_NAME="CLIENT_NO_USER_PEM"
139+
export OUTPUT_VAR_PREFIX="MONGO_X509_CLIENT_NO_USER"
140+
export CERTIFICATE_NAME="Drivers No-User Client Certificate"
141+
export MONGO_X509_CLIENT_NO_USER_CLIENT_P12="client_no_user.p12"
142+
CLIENT_NO_USER_PEM=${CLIENT_NO_USER_PEM} source evergreen/convert-client-cert-to-pkcs12.sh
138143
fi
139144

140145
if [[ -z "$MONGO_X509_CLIENT_CERTIFICATE_PATH" && -z "$MONGO_X509_CLIENT_CERTIFICATE_PASSWORD" ]]; then

tests/MongoDB.Driver.Tests/X509Tests.cs

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -44,8 +44,6 @@ public void Authentication_succeeds_with_MONGODB_X509_mechanism()
4444
var clientCertificate = new X509Certificate2(pathToClientCertificate, password);
4545

4646
var settings = DriverTestConfiguration.GetClientSettings().Clone();
47-
//settings.Credential = MongoCredential.CreateMongoX509Credential();
48-
settings.SslSettings = settings.SslSettings.Clone();
4947
settings.SslSettings.ClientCertificates = [clientCertificate];
5048

5149
AssertAuthenticationSucceeds(settings);
@@ -64,7 +62,6 @@ public void Authentication_fails_with_MONGODB_X509_mechanism_when_username_is_wr
6462

6563
var settings = DriverTestConfiguration.GetClientSettings().Clone();
6664
settings.Credential = MongoCredential.CreateMongoX509Credential("wrong_username");
67-
settings.SslSettings = settings.SslSettings.Clone();
6865
settings.SslSettings.ClientCertificates = [clientCertificate];
6966

7067
AssertAuthenticationFails(settings);
@@ -82,8 +79,6 @@ public void Authentication_fails_with_MONGODB_X509_mechanism_when_user_is_not_in
8279
var clientCertificate = new X509Certificate2(pathToClientCertificate, password);
8380

8481
var settings = DriverTestConfiguration.GetClientSettings().Clone();
85-
//settings.Credential = MongoCredential.CreateMongoX509Credential();
86-
settings.SslSettings = settings.SslSettings.Clone();
8782
settings.SslSettings.ClientCertificates = [clientCertificate];
8883

8984
AssertAuthenticationFails(settings);

0 commit comments

Comments
 (0)