Skip to content

Commit 67dcab6

Browse files
thrawn01kevinAlbs
thrawn01
authored and
kevinAlbs
committed
GODRIVER-2263 Load all certs in a PEM (#834)
1 parent 60ee08b commit 67dcab6

File tree

3 files changed

+94
-7
lines changed

3 files changed

+94
-7
lines changed

mongo/options/clientoptions.go

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1001,7 +1001,8 @@ func addClientCertFromConcatenatedFile(cfg *tls.Config, certKeyFile, keyPassword
10011001
// containing file and returns the certificate's subject name.
10021002
func addClientCertFromBytes(cfg *tls.Config, data []byte, keyPasswd string) (string, error) {
10031003
var currentBlock *pem.Block
1004-
var certBlock, certDecodedBlock, keyBlock []byte
1004+
var certDecodedBlock []byte
1005+
var certBlocks, keyBlocks [][]byte
10051006

10061007
remaining := data
10071008
start := 0
@@ -1012,7 +1013,8 @@ func addClientCertFromBytes(cfg *tls.Config, data []byte, keyPasswd string) (str
10121013
}
10131014

10141015
if currentBlock.Type == "CERTIFICATE" {
1015-
certBlock = data[start : len(data)-len(remaining)]
1016+
certBlock := data[start : len(data)-len(remaining)]
1017+
certBlocks = append(certBlocks, certBlock)
10161018
certDecodedBlock = currentBlock.Bytes
10171019
start += len(certBlock)
10181020
} else if strings.HasSuffix(currentBlock.Type, "PRIVATE KEY") {
@@ -1044,22 +1046,24 @@ func addClientCertFromBytes(cfg *tls.Config, data []byte, keyPasswd string) (str
10441046
}
10451047
var encoded bytes.Buffer
10461048
pem.Encode(&encoded, &pem.Block{Type: currentBlock.Type, Bytes: keyBytes})
1047-
keyBlock = encoded.Bytes()
1049+
keyBlock := encoded.Bytes()
1050+
keyBlocks = append(keyBlocks, keyBlock)
10481051
start = len(data) - len(remaining)
10491052
} else {
1050-
keyBlock = data[start : len(data)-len(remaining)]
1053+
keyBlock := data[start : len(data)-len(remaining)]
1054+
keyBlocks = append(keyBlocks, keyBlock)
10511055
start += len(keyBlock)
10521056
}
10531057
}
10541058
}
1055-
if len(certBlock) == 0 {
1059+
if len(certBlocks) == 0 {
10561060
return "", fmt.Errorf("failed to find CERTIFICATE")
10571061
}
1058-
if len(keyBlock) == 0 {
1062+
if len(keyBlocks) == 0 {
10591063
return "", fmt.Errorf("failed to find PRIVATE KEY")
10601064
}
10611065

1062-
cert, err := tls.X509KeyPair(certBlock, keyBlock)
1066+
cert, err := tls.X509KeyPair(bytes.Join(certBlocks, []byte("\n")), bytes.Join(keyBlocks, []byte("\n")))
10631067
if err != nil {
10641068
return "", err
10651069
}

mongo/options/clientoptions_test.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -538,6 +538,11 @@ func TestClientOptions(t *testing.T) {
538538
baseClient().SetSRVMaxHosts(2).
539539
SetHosts([]string{"localhost.test.build.10gen.cc:27017", "localhost.test.build.10gen.cc:27018"}),
540540
},
541+
{
542+
"GODRIVER-2263 regression test",
543+
"mongodb://localhost/?tlsCertificateKeyFile=testdata/one-pk-multiple-certs.pem",
544+
baseClient().SetTLSConfig(&tls.Config{Certificates: make([]tls.Certificate, 1)}),
545+
},
541546
}
542547

543548
for _, tc := range testCases {

mongo/options/testdata/one-pk-multiple-certs.pem

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
This .pem file includes the following:
2+
- Private Key
3+
- Certificate 1 for Private Key
4+
- Certificate 2 for Issuer of Certificate 1.
5+
6+
This .pem file was created from test certificates from:
7+
https://x509gen.corp.mongodb.com/#/cert/5ce5b21a42a0ef0008b11399
8+
9+
-----BEGIN RSA PRIVATE KEY-----
10+
MIIEowIBAAKCAQEAgqdjbfumni3Z8A7q2TpVvk1XAHAT/LGsNOEZ/Ksuypv+q3BK
11+
BewgsF54n0oc2UshHDw8hIO6UsmsjRplySTvEfLkEaDiCA9xQ/TYVqSbx5PtFIVg
12+
icPniCl01w3cjsO/GqydeyE9O7X7u58tlEyXNgW+5s9wROPSV/TM5gFNmMOHVDJz
13+
QEiQVyVzd/96gYQHS44C/tibXb8Au+Z3dX0B5xPncbTITiZFpxqE7LXY29ZsyhOe
14+
hbA9YS+YmsVnYJI52kWUMeo4HDXYNa7vifdJmbRhmpAAyvDatZdwvdWlEp0odf8k
15+
JV9LNGvc9GZ31UhZmUAUYt4zR1awFr0xUOalMwIDAQABAoIBADrEW77OoGUprouB
16+
yjSnPoX4d5ek0fipWhH25h92R/euLuCiA0miqhlqhMrxJQS//Eac+YOJVLeEKu7U
17+
3s+Yo0fpfphHSyPg/ktYyC5AoCkm6k5+p6uPyIbATuOkQn6coUq4NaV6j/ZZpr7/
18+
nBrGUIVmFDXxPEhgSO5zF+6ky2hYdF/XSRHSS3ieGxy6PD9dHpWebVnZJ1EtElEc
19+
8h+K0pJzXol++WWNR0S9OZHbYOWfew/2r4K2jfNAYsVjXOLGb2k1k/jC2qN8fq7R
20+
6BGB0D2932X0WfUXBTxj3uBeTcz25ZnQeXuWmcmGRePBuW1nZaZnKcowbdu5gp19
21+
peaVzWECgYEA0fo9KEb1ffUzZTvX42PX0sZyxCmqLqOOQ9DWt9HNIscykIszF4XH
22+
nrrTASD5p3IAweZI/g7VGxjx5C9irqH4NLIswILCcaSyLKzIy9rj4D/4cEdFT4YQ
23+
8zTWXJAEgyphOSBPrefiwBDtbaQyUU+5lOXLEh+ceXjd/56WS0fOBukCgYEAn0pU
24+
Qg3XuWBi0RbaGWdFJ/A/DTmNP6tn9ULij7bjhpEgOT6E3H7gSUmC4QXKhAu+fdKH
25+
bmCs5GYGl9UOiERLvKl4HqU2lCniCKNP2ygRibH8BiKBNtLAp6SGRi6SJsJqfvge
26+
WddtG6WNNBXLpiNzeQJW6Cm0iKJF6skNzkpNMbsCgYEAwuwP9eHZZvJGocVp5hb7
27+
dRjv1RXwe5ctK9skWEQUsCJG2FPAPCfeZYV892FLIJv+BAHo5J+USLFha7hpXT/S
28+
j+iPDq7UHncLR9mmFUe/np8D3AbtWqNT/NGh5Q90gObIliVekkve/Pk5zzxL0Zu2
29+
5XhkiRB7S3BedTscvgmMQnECgYAF8pGI0dl/K3ElG3RTRH7Ziefgx4hVm0HLb47k
30+
DNEcAikw2fu9++LF+b+wRTYVjhazvfuejG+IK6MNYkAjqGEnjzBT/Jk4GQQ+jFJ7
31+
/VgCSyn81Kb8dAwLdmIpFq4QUmwFh6AifJ+vS5QlILc04df66bJzArOh8mUn6g/g
32+
5vdQ5wKBgBxewVKdmZY/GLn8ieFOHimG8y2xKa59j6nMTGaklKEoSyW60GiHk+Jl
33+
q5LhUwHOQx3HzD5dy0ne2+0gN88iySfIe5rGXS7S9Pvnu06WIIbAnGWfedl026KJ
34+
Tfg4SpzwaZtnXN/UJ62aaNgW2uYrdy4wF4M8zhXsgpj9w6xF369x
35+
-----END RSA PRIVATE KEY-----
36+
-----BEGIN CERTIFICATE-----
37+
MIIDhTCCAm2gAwIBAgIDAxBVMA0GCSqGSIb3DQEBCwUAMHoxHDAaBgNVBAMTE2Ns
38+
aWVudC1pbnRlcm1lZGlhdGUxEDAOBgNVBAsTB0RyaXZlcnMxEDAOBgNVBAoTB01v
39+
bmdvREIxFjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3Jr
40+
MQswCQYDVQQGEwJVUzAeFw0xOTA2MDMxNTQyMjVaFw0zOTA2MDMxNTQyMjVaMHAx
41+
EjAQBgNVBAMTCWxvY2FsaG9zdDEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMH
42+
TW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlv
43+
cmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
44+
gqdjbfumni3Z8A7q2TpVvk1XAHAT/LGsNOEZ/Ksuypv+q3BKBewgsF54n0oc2Ush
45+
HDw8hIO6UsmsjRplySTvEfLkEaDiCA9xQ/TYVqSbx5PtFIVgicPniCl01w3cjsO/
46+
GqydeyE9O7X7u58tlEyXNgW+5s9wROPSV/TM5gFNmMOHVDJzQEiQVyVzd/96gYQH
47+
S44C/tibXb8Au+Z3dX0B5xPncbTITiZFpxqE7LXY29ZsyhOehbA9YS+YmsVnYJI5
48+
2kWUMeo4HDXYNa7vifdJmbRhmpAAyvDatZdwvdWlEp0odf8kJV9LNGvc9GZ31UhZ
49+
mUAUYt4zR1awFr0xUOalMwIDAQABox4wHDAaBgNVHREEEzARgglsb2NhbGhvc3SH
50+
BH8AAAEwDQYJKoZIhvcNAQELBQADggEBABNAqbfQon7VDIZIVoxL7fNsyv4y/mGI
51+
gR9hTfSJHVyFpgTHjIobKYDpRx01uVTjEGMVjOAcpOYQIfTa7MFdbELrH5q6UUyl
52+
J5i65MJlzIWgrchVzzgcP5UeBRnuUrFRDmt8VOGIA7CI6mWW/dDTHg7NVK5PbVi4
53+
ad56ogiptbnj1GKkImV2TCpwYhNxkf68OcwgfbknkWDxPjGFQjvYLspQBYdK+j9s
54+
0tOGMqbt+8DH7whioH+yv4KhlN9g4R3oOybG82E0fJ8NbdsjEmQby28/f/U8fsjV
55+
EDnxjuxJs/C9AH42Jpu56Zp16hhEz72mVZqeJZe+11wcUiyFW7jgEGc=
56+
-----END CERTIFICATE-----
57+
-----BEGIN CERTIFICATE-----
58+
MIIDjTCCAnWgAwIBAgIDB0QCMA0GCSqGSIb3DQEBCwUAMHkxGzAZBgNVBAMTEkRy
59+
aXZlcnMgVGVzdGluZyBDQTEQMA4GA1UECxMHRHJpdmVyczEQMA4GA1UEChMHTW9u
60+
Z29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UECBMITmV3IFlvcmsx
61+
CzAJBgNVBAYTAlVTMB4XDTE5MDYwMzE1NDAyM1oXDTM5MDYwMzE1NDAyM1owejEc
62+
MBoGA1UEAxMTY2xpZW50LWludGVybWVkaWF0ZTEQMA4GA1UECxMHRHJpdmVyczEQ
63+
MA4GA1UEChMHTW9uZ29EQjEWMBQGA1UEBxMNTmV3IFlvcmsgQ2l0eTERMA8GA1UE
64+
CBMITmV3IFlvcmsxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
65+
MIIBCgKCAQEAsIKl4kILAnpSbDPQaUNmd8P8X+h45+RXCXmlbNSnKvsDCZU2Q/QV
66+
BxMaOp7jNwOVBdECCQKYp1EL5B8O7rz7i/yJ80MGnh7mQW1Hnan79eIzq8ah5QSz
67+
zJNLdzpix6CBR2GyL4BSl3mujNESEYtotcnihP7+YV6Sis9bttzhYhjmHm7346k2
68+
IpCBhCTS3AEzVL7ExmEc6D7qVA7pMtRFUFoIUzpGNp53v1wUVjwPiiHmzNsuq/kE
69+
fqurB7WHIogux2xBVdfrU7Pfr+1MdD5rDuUB6VblWQBeeha1L6TvSSP3GHC2fG8j
70+
CnhVNye7kWStd3r6Zfpqp9VDTUu0uXM9qwIDAQABox0wGzAMBgNVHRMEBTADAQH/
71+
MAsGA1UdDwQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAX66R/Jvk2jUoVnvuPztR
72+
iinyq9JXCXVQuG+dJ4ATy6JB8xmuaDMYmOSwzVyYZWQGIlqkwNZR5wga5OnksicI
73+
Nm6dvhc5JbQ7ERDNgWzNtBaNkzJsaEjc9/FWcLlJeuQN+ZFdFVP+6k4aAWiYwf4A
74+
KDvyUILEI59TWaScYnQmQcb/v81gLIq1IjaINAkuZcCHAgu2ZWLOSofgnEATiLYH
75+
cXyy9WeRpd8nB3pgy1OjCN1E7+K6yHYYJYPQol25znAB5TLPbWwA8ek8fdmC3IpG
76+
HOQXMsoPKCdlgNzG1RXalFSIO1AU2nYO5zeVB1l+WbzEp+o/zq0bi/HcvBhNAtRm
77+
Lg==
78+
-----END CERTIFICATE-----

0 commit comments

Comments
 (0)