diff options
author | David Golden <xdg@xdg.me> | 2018-05-02 16:35:13 -0400 |
---|---|---|
committer | David Golden <xdg@xdg.me> | 2018-05-02 16:35:13 -0400 |
commit | c9202bfe40c291a97ff56d8410b8f2245de44ab0 (patch) | |
tree | 0f308a7eb22d2e863092d3811ce1963f31fae954 | |
parent | be9b95a4a39827ddfbfaa53a517391927433d78b (diff) | |
download | mongo-c9202bfe40c291a97ff56d8410b8f2245de44ab0.tar.gz |
Import tools: 4c5314b404c2d7aac7ceb50133faa3ac4fc3d2ea from branch v3.4
ref: 4f093ae71c..4c5314b404
for: 3.4.15
TOOLS-1665 Mongotools may block forever on dead connections
TOOLS-17 mongodump --oplog should record the end oplog entry before backing up the oplog
TOOLS-1704 Update mongo-tools projects to use macos-1012 distro instead of osx-1010
TOOLS-1706 mongoreplay cannot safely terminate on one core
TOOLS-1779 stop building tools on solaris on all branches
TOOLS-1780 Build tools with Go 1.8.x
TOOLS-1941 Tools qa-tests often timeout, particularly on server latests
TOOLS-1948 Use Go-native TLS dialer on platforms with openssl 0.9.x
TOOLS-1968 Backport - Need to update spacemonkeygo/openssl fork to support newer OpenSSL libraries
TOOLS-1978 tools fail eslint testing
TOOLS-2003 Drop SUSE11 from Evergreen builds
TOOLS-2008 Tests fail on v3.4-master branch
-rw-r--r-- | src/mongo/gotools/Godeps | 2 | ||||
-rw-r--r-- | src/mongo/gotools/THIRD-PARTY-NOTICES | 517 | ||||
-rw-r--r-- | src/mongo/gotools/common.yml | 648 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/connector.go | 15 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/db_openssl.go (renamed from src/mongo/gotools/common/db/db_ssl.go) | 8 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/db_tlsgo.go | 26 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/openssl/openssl.go | 20 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/openssl/openssl_fips.go | 18 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/config.go | 246 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/config_test.go | 41 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/rootcerts.go | 22 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/rootcerts_darwin.go | 58 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-encrypted-rev.pem | 51 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-encrypted.pem | 51 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-rev.pem | 48 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/testdata/pkcs1.pem | 48 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-encrypted-rev.pem | 51 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-encrypted.pem | 51 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-rev.pem | 50 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/testdata/pkcs8.pem | 50 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/tlsgo/tlsgo.go | 135 | ||||
-rw-r--r-- | src/mongo/gotools/common/options/options.go | 18 | ||||
-rw-r--r-- | src/mongo/gotools/common/options/options_openssl.go | 18 | ||||
-rw-r--r-- | src/mongo/gotools/common/options/options_ssl.go | 6 | ||||
-rw-r--r-- | src/mongo/gotools/common/util/net.go | 24 | ||||
-rw-r--r-- | src/mongo/gotools/import.data | 2 | ||||
-rw-r--r-- | src/mongo/gotools/mongodump/mongodump.go | 11 | ||||
-rw-r--r-- | src/mongo/gotools/mongodump/oplog_dump.go | 15 | ||||
-rw-r--r-- | src/mongo/gotools/mongoreplay/main/mongoreplay.go | 7 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/LICENSE (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/LICENSE) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/README.md) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/bio.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/bio.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/build.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/build.go) | 4 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert_test.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_gcm.go | 154 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers_test.go) | 1 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/conn.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/conn.go) | 2 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx_test.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/dhparam.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/dhparam.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/digest.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/digest.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/engine.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/engine.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/fips.go) | 9 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go | 33 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.c) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/http.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/http.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_posix.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_windows.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/key.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key_test.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/mapping.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/mapping.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/net.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/net.go) | 35 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/nid.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/nid.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/oracle_stubs.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/oracle_stubs.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/password.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/password.c) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/pem.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/pem.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1_test.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256_test.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni.c) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni_test.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl_test.go) | 2 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/tickets.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.c) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/tickets.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/errors.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/errors.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/future.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/future.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/verify.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/verify.c) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/version.go) | 0 |
76 files changed, 2089 insertions, 408 deletions
diff --git a/src/mongo/gotools/Godeps b/src/mongo/gotools/Godeps index 8a0702bafda..df3fb3305dc 100644 --- a/src/mongo/gotools/Godeps +++ b/src/mongo/gotools/Godeps @@ -6,7 +6,7 @@ github.com/smartystreets/assertions 287b4346dc4e71a038c346375a9d572453bc469b github.com/smartystreets/goconvey bf58a9a1291224109919756b4dcc469c670cc7e4 github.com/jessevdk/go-flags 97448c91aac742cbca3d020b3e769013a420a06f github.com/3rf/mongo-lint 3550fdcf1f43b89aaeabaa4559eaae6dc4407e42 -github.com/spacemonkeygo/openssl 2869e8ca1a6eb35fb727f41611fd52b55cd0f49c github.com/10gen/openssl +github.com/10gen/openssl b7dbd48f71d65f519f8fb7d71f5f24e6eb766286 github.com/spacemonkeygo/spacelog f936fb050dc6b5fe4a96b485a6f069e8bdc59aeb github.com/howeyc/gopass 44476384cd4721b68705e72f19e95d1a3a504370 github.com/nsf/termbox-go 0723e7c3d0a317dea811f0fbe4d6edd81908c971 diff --git a/src/mongo/gotools/THIRD-PARTY-NOTICES b/src/mongo/gotools/THIRD-PARTY-NOTICES index 76e6e2520e0..c17f7956a8b 100644 --- a/src/mongo/gotools/THIRD-PARTY-NOTICES +++ b/src/mongo/gotools/THIRD-PARTY-NOTICES @@ -741,3 +741,520 @@ third-party archives. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + + +License notice for golang.org/x/crypto +------------------------------------------------------------ + +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +License notice for gopkg.in/mgo.v2 +------------------------------------------------------------ + +mgo - MongoDB driver for Go + +Copyright (c) 2010-2013 - Gustavo Niemeyer <gustavo@niemeyer.net> + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +License notice for gopkg.in/tomb.v2 +------------------------------------------------------------ + +tomb - support for clean goroutine termination in Go. + +Copyright (c) 2010-2011 - Gustavo Niemeyer <gustavo@niemeyer.net> + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + * Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR +CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License notice for github.com/mattn/go-runewidth +------------------------------------------------------------ + +Copyright © 2013-2017 Yasuhiro Matsumoto, http://mattn.kaoriya.net +<mattn.jp@gmail.com> + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the “Software”), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +License notice for JSON and CSV code from github.com/golang/go +------------------------------------------------------------ + +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License notice for github.com/hashicorp/go-rootcerts +---------------------------------------------------- + +Mozilla Public License, version 2.0 + +1. Definitions + +1.1. "Contributor" + + means each individual or legal entity that creates, contributes to the + creation of, or owns Covered Software. + +1.2. "Contributor Version" + + means the combination of the Contributions of others (if any) used by a + Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + + means Source Code Form to which the initial Contributor has attached the + notice in Exhibit A, the Executable Form of such Source Code Form, and + Modifications of such Source Code Form, in each case including portions + thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + a. that the initial Contributor has attached the notice described in + Exhibit B to the Covered Software; or + + b. that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the terms of + a Secondary License. + +1.6. "Executable Form" + + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + + means a work that combines Covered Software with other material, in a + separate file or files, that is not Covered Software. + +1.8. "License" + + means this document. + +1.9. "Licensable" + + means having the right to grant, to the maximum extent possible, whether + at the time of the initial grant or subsequently, any and all of the + rights conveyed by this License. + +1.10. "Modifications" + + means any of the following: + + a. any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered Software; or + + b. any new file in Source Code Form that contains any Covered Software. + +1.11. "Patent Claims" of a Contributor + + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the License, + by the making, using, selling, offering for sale, having made, import, + or transfer of either its Contributions or its Contributor Version. + +1.12. "Secondary License" + + means either the GNU General Public License, Version 2.0, the GNU Lesser + General Public License, Version 2.1, the GNU Affero General Public + License, Version 3.0, or any later versions of those licenses. + +1.13. "Source Code Form" + + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that controls, is + controlled by, or is under common control with You. For purposes of this + definition, "control" means (a) the power, direct or indirect, to cause + the direction or management of such entity, whether by contract or + otherwise, or (b) ownership of more than fifty percent (50%) of the + outstanding shares or beneficial ownership of such entity. + + +2. License Grants and Conditions + +2.1. Grants + + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + + a. under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + + b. under Patent Claims of such Contributor to make, use, sell, offer for + sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + + The licenses granted in Section 2.1 with respect to any Contribution + become effective for each Contribution on the date the Contributor first + distributes such Contribution. + +2.3. Limitations on Grant Scope + + The licenses granted in this Section 2 are the only rights granted under + this License. No additional rights or licenses will be implied from the + distribution or licensing of Covered Software under this License. + Notwithstanding Section 2.1(b) above, no patent license is granted by a + Contributor: + + a. for any code that a Contributor has removed from Covered Software; or + + b. for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + + c. under Patent Claims infringed by Covered Software in the absence of + its Contributions. + + This License does not grant any rights in the trademarks, service marks, + or logos of any Contributor (except as may be necessary to comply with + the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this + License (see Section 10.2) or under the terms of a Secondary License (if + permitted under the terms of Section 3.3). + +2.5. Representation + + Each Contributor represents that the Contributor believes its + Contributions are its original creation(s) or it has sufficient rights to + grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + + This License is not intended to limit any rights You have under + applicable copyright doctrines of fair use, fair dealing, or other + equivalents. + +2.7. Conditions + + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in + Section 2.1. + + +3. Responsibilities + +3.1. Distribution of Source Form + + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under + the terms of this License. You must inform recipients that the Source + Code Form of the Covered Software is governed by the terms of this + License, and how they can obtain a copy of this License. You may not + attempt to alter or restrict the recipients' rights in the Source Code + Form. + +3.2. Distribution of Executable Form + + If You distribute Covered Software in Executable Form then: + + a. such Covered Software must also be made available in Source Code Form, + as described in Section 3.1, and You must inform recipients of the + Executable Form how they can obtain a copy of such Source Code Form by + reasonable means in a timely manner, at a charge no more than the cost + of distribution to the recipient; and + + b. You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter the + recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for + the Covered Software. If the Larger Work is a combination of Covered + Software with a work governed by one or more Secondary Licenses, and the + Covered Software is not Incompatible With Secondary Licenses, this + License permits You to additionally distribute such Covered Software + under the terms of such Secondary License(s), so that the recipient of + the Larger Work may, at their option, further distribute the Covered + Software under the terms of either this License or such Secondary + License(s). + +3.4. Notices + + You may not remove or alter the substance of any license notices + (including copyright notices, patent notices, disclaimers of warranty, or + limitations of liability) contained within the Source Code Form of the + Covered Software, except that You may alter any license notices to the + extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on + behalf of any Contributor. You must make it absolutely clear that any + such warranty, support, indemnity, or liability obligation is offered by + You alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + +4. Inability to Comply Due to Statute or Regulation + + If it is impossible for You to comply with any of the terms of this License + with respect to some or all of the Covered Software due to statute, + judicial order, or regulation then You must: (a) comply with the terms of + this License to the maximum extent possible; and (b) describe the + limitations and the code they affect. Such description must be placed in a + text file included with all distributions of the Covered Software under + this License. Except to the extent prohibited by statute or regulation, + such description must be sufficiently detailed for a recipient of ordinary + skill to be able to understand it. + +5. Termination + +5.1. The rights granted under this License will terminate automatically if You + fail to comply with any of its terms. However, if You become compliant, + then the rights granted under this License from a particular Contributor + are reinstated (a) provisionally, unless and until such Contributor + explicitly and finally terminates Your grants, and (b) on an ongoing + basis, if such Contributor fails to notify You of the non-compliance by + some reasonable means prior to 60 days after You have come back into + compliance. Moreover, Your grants from a particular Contributor are + reinstated on an ongoing basis if such Contributor notifies You of the + non-compliance by some reasonable means, this is the first time You have + received notice of non-compliance with this License from such + Contributor, and You become compliant prior to 30 days after Your receipt + of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, + counter-claims, and cross-claims) alleging that a Contributor Version + directly or indirectly infringes any patent, then the rights granted to + You by any and all Contributors for the Covered Software under Section + 2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user + license agreements (excluding distributors and resellers) which have been + validly granted by You or Your distributors under this License prior to + termination shall survive termination. + +6. Disclaimer of Warranty + + Covered Software is provided under this License on an "as is" basis, + without warranty of any kind, either expressed, implied, or statutory, + including, without limitation, warranties that the Covered Software is free + of defects, merchantable, fit for a particular purpose or non-infringing. + The entire risk as to the quality and performance of the Covered Software + is with You. Should any Covered Software prove defective in any respect, + You (not any Contributor) assume the cost of any necessary servicing, + repair, or correction. This disclaimer of warranty constitutes an essential + part of this License. No use of any Covered Software is authorized under + this License except under this disclaimer. + +7. Limitation of Liability + + Under no circumstances and under no legal theory, whether tort (including + negligence), contract, or otherwise, shall any Contributor, or anyone who + distributes Covered Software as permitted above, be liable to You for any + direct, indirect, special, incidental, or consequential damages of any + character including, without limitation, damages for lost profits, loss of + goodwill, work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses, even if such party shall have been + informed of the possibility of such damages. This limitation of liability + shall not apply to liability for death or personal injury resulting from + such party's negligence to the extent applicable law prohibits such + limitation. Some jurisdictions do not allow the exclusion or limitation of + incidental or consequential damages, so this exclusion and limitation may + not apply to You. + +8. Litigation + + Any litigation relating to this License may be brought only in the courts + of a jurisdiction where the defendant maintains its principal place of + business and such litigation shall be governed by laws of that + jurisdiction, without reference to its conflict-of-law provisions. Nothing + in this Section shall prevent a party's ability to bring cross-claims or + counter-claims. + +9. Miscellaneous + + This License represents the complete agreement concerning the subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. Any law or regulation which provides that + the language of a contract shall be construed against the drafter shall not + be used to construe this License against a Contributor. + + +10. Versions of the License + +10.1. New Versions + + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + +10.2. Effect of New Versions + + You may distribute the Covered Software under the terms of the version + of the License under which You originally received the Covered Software, + or under the terms of any subsequent version published by the license + steward. + +10.3. Modified Versions + + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a + modified version of this License if you rename the license and remove + any references to the name of the license steward (except to note that + such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary + Licenses If You choose to distribute Source Code Form that is + Incompatible With Secondary Licenses under the terms of this version of + the License, the notice described in Exhibit B of this License must be + attached. + +Exhibit A - Source Code Form License Notice + + This Source Code Form is subject to the + terms of the Mozilla Public License, v. + 2.0. If a copy of the MPL was not + distributed with this file, You can + obtain one at + http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular file, +then You may include the notice in a location (such as a LICENSE file in a +relevant directory) where a recipient would be likely to look for such a +notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice + + This Source Code Form is "Incompatible + With Secondary Licenses", as defined by + the Mozilla Public License, v. 2.0. diff --git a/src/mongo/gotools/common.yml b/src/mongo/gotools/common.yml index 2fb7cb57dc8..ee3c741a010 100644 --- a/src/mongo/gotools/common.yml +++ b/src/mongo/gotools/common.yml @@ -11,14 +11,14 @@ mongo_tools_variables: ## List of tests to run on each buildvariant mongo_tools_task_lists: - osx_1010_task_list: &osx_1010_tasks + mac_1012_task_list: &macos_1012_tasks - name: db - name: dist - name: integration - name: integration-auth - - name: legacy28 - - name: legacy26 - - name: legacy24 + - name: legacy30 +# No SSL on 2.6 for osx +# - name: legacy26 - name: qa-tests - name: qa-dump-restore-archiving - name: qa-dump-restore-gzip @@ -31,32 +31,22 @@ mongo_tools_variables: # - name: replay-sharded_test # - name: replay-repl_test # - name: replay-replay_test - osx_1010_ssl_task_list: &osx_1010_ssl_tasks + macos_1012_ssl_task_list: &macos_1012_ssl_tasks - name: dist - name: qa-tests - name: native-cert-ssl - solaris_task_list: &solaris_tasks - - name: db - - name: dist - - name: integration - - name: integration-auth - - name: legacy28 - - name: legacy26 - - name: legacy24 - ubuntu1204_task_list: &ubuntu1204_tasks + - name: unit + ubuntu1404_task_list: &ubuntu1404_tasks - name: db - name: dist - name: integration - name: integration-auth - - name: legacy28 - - name: legacy28-wt + - name: legacy30 - name: lint-go - name: lint-js - name: qa-tests - - name: qa-tests-unstable - name: qa-dump-restore-archiving - name: qa-dump-restore-gzip - - name: qa-tests-wt - name: unit - name: vet - name: replay-dist @@ -66,23 +56,21 @@ mongo_tools_variables: - name: replay-sharded_test - name: replay-repl_test - name: replay-replay_test - ubuntu1204_ssl_task_list: &ubuntu1204_ssl_tasks + ubuntu1404_ssl_task_list: &ubuntu1404_ssl_tasks - name: dist - name: integration - name: integration-auth - - name: legacy28 + - name: legacy30 - name: qa-tests - - name: qa-tests-unstable - name: native-cert-ssl - ubuntu1204_enterprise_task_list: &ubuntu1204_enterprise_tasks + ubuntu1404_enterprise_task_list: &ubuntu1404_enterprise_tasks - name: db - name: dist - name: integration - name: integration-auth - name: kerberos - - name: legacy28 + - name: legacy30 - name: legacy26 - - name: legacy24 - name: qa-tests - name: native-cert-ssl - name: replay-dist @@ -92,17 +80,14 @@ mongo_tools_variables: - name: replay-sharded_test - name: replay-repl_test - name: replay-replay_test - ubuntu1204_race_task_list: &ubuntu1204_race_tasks + ubuntu1404_race_task_list: &ubuntu1404_race_tasks - name: db - name: dist - name: integration - name: integration-auth - - name: legacy28 - - name: legacy28-wt + - name: legacy30 - name: legacy26 - - name: legacy24 - name: qa-tests - - name: qa-tests-wt - name: unit - name: replay-dist - name: replay-sanity_check @@ -118,30 +103,24 @@ mongo_tools_variables: - name: dist - name: integration - name: integration-auth - - name: legacy28 + - name: legacy30 distros: - windows-64-vs2013-test - name: legacy26 distros: - windows-64-vs2013-test - - name: legacy24 - distros: - - windows-64-vs2013-test - name: unit windows_64_task_list: &windows_64_tasks - name: db - name: dist - name: integration - name: integration-auth - - name: legacy28 + - name: legacy30 distros: - windows-64-vs2013-test - name: legacy26 distros: - windows-64-vs2013-test - - name: legacy24 - distros: - - windows-64-vs2013-test - name: qa-tests distros: - windows-64-vs2013-test @@ -156,16 +135,17 @@ mongo_tools_variables: - name: dist - name: integration - name: integration-auth - - name: legacy28 + - name: legacy30 - name: qa-tests - name: native-cert-ssl + - name: unit windows_64_enterprise_task_list: &windows_64_enterprise_tasks - name: db - name: dist - name: integration - name: integration-auth - name: kerberos - - name: legacy28 + - name: legacy30 distros: - windows-64-vs2013-test - name: qa-tests @@ -182,8 +162,6 @@ mongo_tools_variables: - name: qa-dump-restore-archiving - name: qa-dump-restore-gzip - name: qa-tests - - name: qa-tests-unstable - - name: qa-tests-wt - name: native-cert-ssl # disabled until BUILD-2273 is done # - name: replay-dist @@ -201,8 +179,6 @@ mongo_tools_variables: - name: kerberos - name: qa-dump-restore-archiving - name: qa-dump-restore-gzip - - name: qa-tests-unstable - - name: qa-tests-wt - name: native-cert-ssl # disabled until BUILD-2273 is done # - name: replay-dist @@ -219,8 +195,6 @@ mongo_tools_variables: - name: integration-auth - name: qa-dump-restore-archiving - name: qa-dump-restore-gzip - - name: qa-tests-unstable - - name: qa-tests-wt - name: native-cert-ssl @@ -275,7 +249,7 @@ functions: rm -rf /data/mci/install /data/mci/multiversion mkdir -p /data/mci/install /data/mci/multiversion if [ "${multiversion_override}" != "skip" ]; then - python buildscripts/setup_multiversion_mongodb.py /data/mci/install /data/mci/multiversion ${arch} ${multiversion_override|2.6 2.4} --latest ${smoke_use_ssl} --os="${mongo_os}" + python buildscripts/setup_multiversion_mongodb.py /data/mci/install /data/mci/multiversion ${arch} ${multiversion_override|2.6} --latest ${smoke_use_ssl} --os="${mongo_os}" fi chmod 400 jstests/libs/key* @@ -306,6 +280,8 @@ functions: sed -i.bak "s/built-without-git-spec/$(git rev-parse HEAD)/" common/options/options.go . ./set_gopath.sh + ${gorootvars} go version + ${gorootvars} env | grep ^GO ${gorootvars} go build ${args} -tags "failpoints ${build_tags}" -o bin/${tool} ${tool}/main/${tool}.go ./bin/${tool} --version @@ -442,10 +418,11 @@ functions: fi; . ./set_gopath.sh + cwd=$(pwd) # run unit tests under common package - for i in archive bsonutil failpoint intents json log options progress text util; do - cd common/$i - COMMON_SUBPKG=$i + for i in archive bsonutil db/tlsgo failpoint intents json log options progress text util; do + cd $cwd/common/$i + COMMON_SUBPKG=$(basename $i) COVERAGE_ARGS="" if [ "${run_coverage}" ]; then COVERAGE_ARGS="-coverprofile=coverage_$COMMON_SUBPKG.out" @@ -456,13 +433,12 @@ functions: export exitcode=1 fi cat $COMMON_SUBPKG.suite - cp $COMMON_SUBPKG.suite ../../ - cd ../.. + cp $COMMON_SUBPKG.suite $cwd done #TODO mongotop needs a test for i in mongoimport mongoexport mongostat mongooplog mongorestore mongodump mongofiles; do - cd $i + cd $cwd/$i COVERAGE_ARGS="" if [ "${run_coverage}" ]; then COVERAGE_ARGS="-coverprofile=coverage_$i.out" @@ -473,8 +449,7 @@ functions: export exitcode=1 fi cat $i.suite - cp $i.suite ../. - cd .. + cp $i.suite $cwd done exit $exitcode @@ -965,7 +940,7 @@ tasks: - func: "setup integration test" - func: "run tool integration tests" -- name: legacy28 +- name: legacy30 depends_on: - name: dist commands: @@ -998,45 +973,9 @@ tasks: tool: mongofiles - func: "run legacy tests" vars: - test_path: "test/legacy28" + test_path: "test/legacy30" smoke_args: "--authMechanism SCRAM-SHA-1" -- name: legacy28-wt - depends_on: - - name: dist - commands: - - func: "fetch source" - - func: "get buildnumber" - - func: "setup credentials" - - func: "download mongod" - vars: - mongo_version: "3.0" - - func: "fetch tool" - vars: - tool: mongoimport - - func: "fetch tool" - vars: - tool: mongoexport - - func: "fetch tool" - vars: - tool: mongodump - - func: "fetch tool" - vars: - tool: mongostat - - func: "fetch tool" - vars: - tool: mongorestore - - func: "fetch tool" - vars: - tool: mongooplog - - func: "fetch tool" - vars: - tool: mongofiles - - func: "run legacy tests" - vars: - test_path: "test/legacy28" - smoke_args: "--authMechanism SCRAM-SHA-1 --storageEngine=wiredTiger" - - name: legacy26 depends_on: - name: dist @@ -1073,46 +1012,6 @@ tasks: test_path: "test/legacy26" smoke_use_ssl: "" -- name: legacy24 - depends_on: - - name: dist - commands: - - func: "fetch source" - - func: "get buildnumber" - - func: "setup credentials" - - func: "download mongod" - vars: - mongo_version: "2.4" - - func: "download mongod" - vars: - mongo_version: "2.6" - only_shell: true - - func: "fetch tool" - vars: - tool: mongoimport - - func: "fetch tool" - vars: - tool: mongoexport - - func: "fetch tool" - vars: - tool: mongodump - - func: "fetch tool" - vars: - tool: mongostat - - func: "fetch tool" - vars: - tool: mongorestore - - func: "fetch tool" - vars: - tool: mongooplog - - func: "fetch tool" - vars: - tool: mongofiles - - func: "run legacy tests" - vars: - test_path: "test/legacy24" - smoke_use_ssl: "" - - name: lint-go commands: - func: "fetch source" @@ -1142,47 +1041,6 @@ tasks: /opt/node/bin/npm install eslint@3.2 /opt/node/bin/node node_modules/eslint/bin/eslint.js test/qa-tests/jstests/**/*.js -- name: qa-tests-unstable - depends_on: - - name: dist - commands: - - func: "fetch source" - - func: "get buildnumber" - - func: "setup credentials" - - func: "download mongod" - vars: - mongo_version: "latest" - - func: "fetch tool" - vars: - tool: mongoimport - - func: "fetch tool" - vars: - tool: mongoexport - - func: "fetch tool" - vars: - tool: mongodump - - func: "fetch tool" - vars: - tool: mongorestore - - func: "fetch tool" - vars: - tool: mongostat - - func: "fetch tool" - vars: - tool: mongotop - - func: "fetch tool" - vars: - tool: mongooplog - - func: "fetch tool" - vars: - tool: mongofiles - - func: "fetch tool" - vars: - tool: bsondump - - func: "run qa-tests" - vars: - resmoke_suite: "core${resmoke_use_ssl}" - - name: qa-tests depends_on: - name: dist @@ -1320,49 +1178,6 @@ tasks: resmoke_suite: "restore_gzip" excludes: "requires_unstable,${excludes}" -- name: qa-tests-wt - depends_on: - - name: dist - commands: - - func: "fetch source" - - func: "get buildnumber" - - func: "setup credentials" - - func: "download mongod" - vars: - mongo_version: "3.4" - - func: "fetch tool" - vars: - tool: mongoimport - - func: "fetch tool" - vars: - tool: mongoexport - - func: "fetch tool" - vars: - tool: mongodump - - func: "fetch tool" - vars: - tool: mongorestore - - func: "fetch tool" - vars: - tool: mongostat - - func: "fetch tool" - vars: - tool: mongotop - - func: "fetch tool" - vars: - tool: mongooplog - - func: "fetch tool" - vars: - tool: mongofiles - - func: "fetch tool" - vars: - tool: bsondump - - func: "run qa-tests" - vars: - resmoke_suite: "core" - resmoke_args: "--storageEngine=wiredTiger ${resmoke_args}" - excludes: "requires_unstable,${excludes}" - - name: unit commands: - command: expansions.update @@ -1608,83 +1423,174 @@ tasks: - func: "upload timeseries" buildvariants: + +####################################### +# Amazon Buildvariants # +####################################### + +- name: amazonlinux64 + display_name: Amazon Linux 64 (Go 1.8) + run_on: + - linux-64-amzn-test + expansions: + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' + build_tags: "sasl ssl" + tasks: + - name: dist + +- name: amazon2 + display_name: Amazon Linux 64 v2 (Go 1.8) + run_on: + - amazon2-test + expansions: + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' + build_tags: "sasl ssl" + tasks: + - name: dist + ####################################### -# OSX Buildvariant # +# Debian Buildvariants # ####################################### -- name: osx-1010 - display_name: OSX 10.10 64-bit + +- name: debian71 + display_name: Debian 7.1 (Go 1.8) run_on: - - osx-1010 + - debian71-test + expansions: + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' + build_tags: "sasl ssl" + tasks: + - name: dist + +- name: debian81 + display_name: Debian 8.1 (Go 1.8) + run_on: + - debian81-test + expansions: + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' + build_tags: "sasl ssl" + tasks: + - name: dist + +####################################### +# macOS Buildvariant # +####################################### + +- name: macOS-1012 + display_name: MacOS 10.12 (Go 1.8) + run_on: + - macos-1012 expansions: <<: *mongod_default_startup_args <<: *mongo_default_startup_args mongo_os: "osx" arch: "osx/x86_64" - build_tags: "ssl" excludes: requires_many_files - tasks: *osx_1010_tasks + gorootvars: 'PATH="/usr/local/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/usr/local/go1.8/go' + tasks: *macos_1012_tasks -- name: osx-1010-ssl - display_name: OSX 10.10 64-bit SSL +- name: macOS-1012-ssl + display_name: MacOS 10.12 SSL (Go 1.8) run_on: - - osx-1010 + - macos-1012 expansions: <<: *mongod_ssl_startup_args <<: *mongo_ssl_startup_args mongo_os: "osx" mongo_target: "osx-ssl" arch: "osx/x86_64" - build_tags: "ssl" - edition: ssl + build_tags: "ssl openssl_pre_1.0" excludes: requires_many_files - tasks: *osx_1010_ssl_tasks + gorootvars: 'PATH="/usr/local/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/usr/local/go1.8/go' + tasks: *macos_1012_ssl_tasks + +####################################### +# RHEL Buildvariants # +####################################### + +- name: rhel62 + display_name: RHEL 6.2 (Go 1.8) + run_on: + - rhel62-test + expansions: + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' + build_tags: "sasl ssl" + tasks: + - name: dist + +- name: rhel70 + display_name: RHEL 7.0 (Go 1.8) + run_on: + - rhel70 + expansions: + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' + build_tags: "sasl ssl" + tasks: + - name: dist + +####################################### +# SUSE Buildvariants # +####################################### + +- name: suse12 + display_name: SUSE 12 (Go 1.8) + run_on: + - suse12-test + expansions: + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' + build_tags: "sasl ssl" + tasks: + - name: dist ####################################### # Ubuntu Buildvariants # ####################################### -- name: ubuntu - display_name: Linux 64-bit +- name: ubuntu1404 + display_name: Ubuntu 14.04 (Go 1.8) run_on: - - ubuntu1204-test + - ubuntu1404-test expansions: <<: *mongod_default_startup_args <<: *mongo_default_startup_args - mongo_os: "ubuntu1204" + mongo_os: "ubuntu1404" mongo_edition: "targeted" + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' build_tags: "ssl" arch: "linux/x86_64" integration_test_args: integration resmoke_args: --jobs $(grep -c ^processor /proc/cpuinfo) - tasks: *ubuntu1204_tasks + tasks: *ubuntu1404_tasks -- name: ubuntu-ssl - display_name: Linux 64-bit SSL +- name: ubuntu1404-ssl + display_name: Ubuntu 14.04 SSL (Go 1.8) run_on: - - ubuntu1204-test + - ubuntu1404-test expansions: <<: *mongod_ssl_startup_args <<: *mongo_ssl_startup_args - mongo_os: "ubuntu1204" + mongo_os: "ubuntu1404" mongo_edition: "enterprise" - build_tags: "ssl" + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' + build_tags: "sasl ssl" edition: ssl arch: "linux/x86_64" smoke_use_ssl: --use-ssl resmoke_use_ssl: _ssl resmoke_args: --jobs $(grep -c ^processor /proc/cpuinfo) integration_test_args: "integration,ssl" - tasks: *ubuntu1204_ssl_tasks + tasks: *ubuntu1404_ssl_tasks - name: ubuntu-enterprise - display_name: Linux 64-bit Enterprise + display_name: Ubuntu 14.04 Enterprise (Go 1.8) run_on: - - ubuntu1204-test + - ubuntu1404-test expansions: <<: *mongod_default_startup_args <<: *mongo_default_startup_args - mongo_os: "ubuntu1204" + mongo_os: "ubuntu1404" mongo_edition: "enterprise" + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' build_tags: "ssl sasl" smoke_use_ssl: --use-ssl resmoke_use_ssl: _ssl @@ -1693,100 +1599,24 @@ buildvariants: run_kinit: true integration_test_args: integration resmoke_args: --jobs $(grep -c ^processor /proc/cpuinfo) - tasks: *ubuntu1204_enterprise_tasks + tasks: *ubuntu1404_enterprise_tasks -- name: rhel71-ppc64le-enterprise - display_name: Linux PPC64LE RHEL 7.1 Enterprise +- name: ubuntu1604 + display_name: Ubuntu 16.04 (Go 1.8) run_on: - - rhel71-power8-test + - ubuntu1604-test expansions: - <<: *mongod_default_startup_args - <<: *mongo_default_startup_args - mongo_os: "rhel71" - mongo_edition: "enterprise" - mongo_arch: "ppc64le" - # RHEL 7.1 PPC64LE machines kerberos setup does not work for mongo-tools - #args: ... libsasl2; build_tags "sasl ssl" - args: -gccgoflags "$(pkg-config --libs --cflags libssl)" - build_tags: 'ssl' - resmoke_use_ssl: _ssl - gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" - resmoke_args: -j 4 - excludes: requires_mmap_available,requires_large_ram,requires_mongo_24,requires_mongo_26,requires_mongo_30 - multiversion_override: "skip" - arch: "linux/ppc64le" - edition: enterprise - run_kinit: true - integration_test_args: integration - tasks: *rhel71_enterprise_tasks - -- name: rhel72-s390x-enterprise - display_name: Linux s390x RHEL 7.2 Enterprise - run_on: - - rhel72-zseries-test - expansions: - <<: *mongod_default_startup_args - <<: *mongo_default_startup_args - mongo_os: "rhel72" - mongo_edition: "enterprise" - mongo_arch: "s390x" - args: -gccgoflags "$(pkg-config --libs --cflags libssl libsasl2)" + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' build_tags: "sasl ssl" - resmoke_use_ssl: _ssl - gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" - excludes: requires_mmap_available,requires_mongo_24,requires_mongo_26,requires_mongo_30 - resmoke_args: -j 2 - multiversion_override: "skip" - arch: "linux/s390x" - edition: enterprise - run_kinit: true - integration_test_args: integration - tasks: *rhel72_enterprise_tasks - -- name: ubuntu1604-arm64 - display_name: Linux ARM64 Ubuntu 16.04 SSL - run_on: - - ubuntu1604-arm64-small - expansions: - <<: *mongod_default_startup_args - <<: *mongo_default_startup_args - mongo_os: "ubuntu1604" - mongo_edition: "targeted" - mongo_arch: "arm64" - args: -gccgoflags "$(pkg-config --libs --cflags libcrypto libssl)" - build_tags: "ssl" - resmoke_use_ssl: _ssl - gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" - excludes: requires_mmap_available,requires_large_ram,requires_mongo_24,requires_mongo_26,requires_mongo_30 - resmoke_args: -j 2 - multiversion_override: "skip" - arch: "linux/arm64" - edition: ssl - integration_test_args: integration - tasks: *ubuntu1604_ssl_tasks - -####################################### -# Solaris Buildvariant # -####################################### -- name: solaris - display_name: Solaris 64-bit - run_on: - - solaris - expansions: - <<: *mongod_default_startup_args - <<: *mongo_default_startup_args - mongo_os: "sunos5" - gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" - args: -gccgoflags "-lsocket -lnsl" - excludes: requires_large_ram - resmoke_args: -j$(kstat cpu | sort -u | grep -c "^module") - tasks: *solaris_tasks + tasks: + - name: dist ####################################### # Windows Buildvariants # ####################################### + - name: windows-64 - display_name: Windows 64-bit + display_name: Windows 64-bit (Go 1.8) run_on: - windows-64-vs2013-test expansions: @@ -1799,10 +1629,11 @@ buildvariants: arch: "win32/x86_64" preproc_gpm: "perl -pi -e 's/\\r\\n/\\n/g' " integration_test_args: "integration" + gorootvars: 'PATH="/cygdrive/c/go1.8/go/bin:/cygdrive/c/mingw-w64/x86_64-4.9.1-posix-seh-rt_v3-rev1/mingw64/bin:$PATH" GOROOT="c:/go1.8/go"' tasks: *windows_64_tasks - name: windows-64-ssl - display_name: Windows 64-bit SSL + display_name: Windows 64-bit SSL (Go 1.8) run_on: - windows-64-vs2013-compile expansions: @@ -1818,13 +1649,13 @@ buildvariants: multiversion_override: "2.6" extension: .exe arch: "win32/x86_64" - gorootvars: PATH="/cygdrive/c/mingw-w64/x86_64-4.9.1-posix-seh-rt_v3-rev1/mingw64/bin:/cygdrive/c/sasl/:$PATH" + gorootvars: 'PATH="/cygdrive/c/go1.8/go/bin:/cygdrive/c/mingw-w64/x86_64-4.9.1-posix-seh-rt_v3-rev1/mingw64/bin:$PATH" GOROOT="c:/go1.8/go"' preproc_gpm: "perl -pi -e 's/\\r\\n/\\n/g' " integration_test_args: "integration,ssl" tasks: *windows_64_ssl_tasks - name: windows-64-enterprise - display_name: Windows 64-bit Enterprise + display_name: Windows 64-bit Enterprise (Go 1.8) run_on: - windows-64-vs2013-compile expansions: @@ -1841,90 +1672,165 @@ buildvariants: edition: enterprise extension: .exe arch: "win32/x86_64" - gorootvars: PATH="/cygdrive/c/mingw-w64/x86_64-4.9.1-posix-seh-rt_v3-rev1/mingw64/bin:/cygdrive/c/sasl/:$PATH" + gorootvars: 'PATH="/cygdrive/c/go1.8/go/bin:/cygdrive/c/mingw-w64/x86_64-4.9.1-posix-seh-rt_v3-rev1/mingw64/bin:$PATH" GOROOT="c:/go1.8/go"' preproc_gpm: "perl -pi -e 's/\\r\\n/\\n/g' " integration_test_args: "integration" tasks: *windows_64_enterprise_tasks ####################################### -# Experimental Buildvariants # +# ARM Buildvariants # ####################################### -- name: ubuntu-race - stepback: false - batchtime: 1440 # daily - display_name: z Race Detector Linux 64-bit +- name: ubuntu1604-arm64 + display_name: ZAP ARM64 Ubuntu 16.04 SSL (gccgo 1.4) run_on: - - ubuntu1204-test + - ubuntu1604-arm64-small + stepback: false + batchtime: 10080 # weekly expansions: <<: *mongod_default_startup_args <<: *mongo_default_startup_args - mongo_os: "ubuntu1204" - mongo_edition: "enterprise" + mongo_os: "ubuntu1604" + mongo_edition: "targeted" + mongo_arch: "arm64" + args: -gccgoflags "$(pkg-config --libs --cflags libcrypto libssl)" build_tags: "ssl" - arch: "linux/x86_64" - args: "-race" - excludes: requires_large_ram + resmoke_use_ssl: _ssl + gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" + excludes: requires_mmap_available,requires_large_ram,requires_mongo_24,requires_mongo_26,requires_mongo_30 + resmoke_args: -j 2 + multiversion_override: "skip" + arch: "linux/arm64" + edition: ssl integration_test_args: integration - tasks: *ubuntu1204_race_tasks + tasks: *ubuntu1604_ssl_tasks ####################################### -# Dist only Buildvariants # +# Power Buildvariants # ####################################### -- name: suse11 - display_name: SUSE 11 SSL +- name: rhel71-ppc64le-enterprise + display_name: ZAP PPC64LE RHEL 7.1 Enterprise (Go 1.8) run_on: - - suse11-test + - rhel71-power8-test + stepback: false + batchtime: 10080 # weekly expansions: - build_tags: "sasl ssl" - tasks: - - name: dist + <<: *mongod_default_startup_args + <<: *mongo_default_startup_args + mongo_os: "rhel71" + mongo_edition: "enterprise" + mongo_arch: "ppc64le" + # RHEL 7.1 PPC64LE machines kerberos setup does not work for mongo-tools + #args: ... libsasl2; build_tags "sasl ssl" + build_tags: 'ssl' + resmoke_use_ssl: _ssl + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/ppc64le-mongodb-linux-gcc' + resmoke_args: -j 4 + excludes: requires_mmap_available,requires_large_ram,requires_mongo_24,requires_mongo_26,requires_mongo_30 + multiversion_override: "skip" + arch: "linux/ppc64le" + edition: enterprise + run_kinit: true + integration_test_args: integration + tasks: *rhel71_enterprise_tasks -- name: suse12 - display_name: SUSE 12 SSL +- name: ubuntu1604-ppc64le-enterprise + display_name: ZAP PPC64LE Ubuntu 16.04 Enterprise (Go 1.8) run_on: - - suse12-test + - ubuntu1604-power8-test + stepback: false + batchtime: 10080 # weekly expansions: - build_tags: "sasl ssl" + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/ppc64le-mongodb-linux-gcc' + build_tags: 'ssl' tasks: - name: dist -- name: rhel62 - display_name: RHEL 6.2 SSL +####################################### +# Z (s390x) Buildvariants # +####################################### + +- name: rhel67-s390x-enterprise + display_name: ZAP s390x RHEL 6.7 Enterprise (Go 1.8) run_on: - - rhel62-test + - rhel67-zseries-test + stepback: false + batchtime: 10080 # weekly expansions: - gorootvars: PATH="/opt/go/bin:$PATH" + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc' build_tags: "sasl ssl" tasks: - name: dist -- name: rhel70 - display_name: RHEL 7.0 SSL +- name: rhel72-s390x-enterprise + display_name: ZAP s390x RHEL 7.2 Enterprise (Go 1.8) run_on: - - rhel70 + - rhel72-zseries-test + stepback: false + batchtime: 10080 # weekly expansions: - gorootvars: PATH="/opt/go/bin:$PATH" + <<: *mongod_default_startup_args + <<: *mongo_default_startup_args + mongo_os: "rhel72" + mongo_edition: "enterprise" + mongo_arch: "s390x" build_tags: "sasl ssl" - tasks: - - name: dist + resmoke_use_ssl: _ssl + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc' + excludes: requires_mmap_available,requires_mongo_24,requires_mongo_26,requires_mongo_30 + resmoke_args: -j 2 + multiversion_override: "skip" + arch: "linux/s390x" + edition: enterprise + run_kinit: true + integration_test_args: integration + tasks: *rhel72_enterprise_tasks -- name: ubuntu1404 - display_name: Ubuntu 14.04 SSL +- name: suse12-s390x-enterprise + display_name: ZAP s390x SUSE 12 Enterprise (Go 1.8) run_on: - - ubuntu1404-test + - suse12-zseries-test + stepback: false + batchtime: 10080 # weekly expansions: + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc' build_tags: "sasl ssl" tasks: - name: dist -- name: debian71 - display_name: Debian 7.1 SSL +- name: ubuntu1604-s390x-enterprise + display_name: ZAP s390x Ubuntu 16.04 Enterprise (Go 1.8) run_on: - - debian71-test + - ubuntu1604-zseries-small + stepback: false + batchtime: 10080 # weekly expansions: - gorootvars: PATH="/opt/go/bin:$PATH" + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go CC=/opt/mongodbtoolchain/v2/bin/s390x-mongodb-linux-gcc' build_tags: "sasl ssl" tasks: - name: dist + +####################################### +# Experimental Buildvariants # +####################################### + +- name: ubuntu-race + stepback: false + batchtime: 1440 # daily + display_name: z Race Detector Ubuntu 14.04 (Go 1.8) + run_on: + - ubuntu1404-test + expansions: + <<: *mongod_default_startup_args + <<: *mongo_default_startup_args + mongo_os: "ubuntu1404" + mongo_edition: "enterprise" + gorootvars: 'PATH="/opt/go1.8/go/bin:/opt/mongodbtoolchain/v2/bin/:$PATH" GOROOT=/opt/go1.8/go' + build_tags: "ssl" + arch: "linux/x86_64" + args: "-race" + excludes: requires_large_ram + integration_test_args: integration + tasks: *ubuntu1404_race_tasks + diff --git a/src/mongo/gotools/common/db/connector.go b/src/mongo/gotools/common/db/connector.go index 87b6a830fc9..2070f053e87 100644 --- a/src/mongo/gotools/common/db/connector.go +++ b/src/mongo/gotools/common/db/connector.go @@ -1,6 +1,7 @@ package db import ( + "net" "time" "github.com/mongodb/mongo-tools/common/db/kerberos" @@ -28,11 +29,25 @@ type VanillaDBConnector struct { // dial timeout. func (self *VanillaDBConnector) Configure(opts options.ToolOptions) error { timeout := time.Duration(opts.Timeout) * time.Second + // create the dialer func that will be used to connect + dialer := func(addr *mgo.ServerAddr) (net.Conn, error) { + conn, err := net.DialTimeout("tcp", addr.String(), timeout) + if err != nil { + return nil, err + } + // enable TCP keepalive + err = util.EnableTCPKeepAlive(conn, time.Duration(opts.TCPKeepAliveSeconds)*time.Second) + if err != nil { + return nil, err + } + return conn, nil + } // set up the dial info self.dialInfo = &mgo.DialInfo{ Direct: opts.Direct, ReplicaSetName: opts.ReplicaSetName, + DialServer: dialer, Username: opts.Auth.Username, Password: opts.Auth.Password, Source: opts.GetAuthenticationDatabase(), diff --git a/src/mongo/gotools/common/db/db_ssl.go b/src/mongo/gotools/common/db/db_openssl.go index 68d3850b525..2a7106a068e 100644 --- a/src/mongo/gotools/common/db/db_ssl.go +++ b/src/mongo/gotools/common/db/db_openssl.go @@ -1,4 +1,10 @@ -// +build ssl +// Copyright (C) MongoDB, Inc. 2014-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + +// +build ssl,!openssl_pre_1.0 package db diff --git a/src/mongo/gotools/common/db/db_tlsgo.go b/src/mongo/gotools/common/db/db_tlsgo.go new file mode 100644 index 00000000000..6fa04a11a60 --- /dev/null +++ b/src/mongo/gotools/common/db/db_tlsgo.go @@ -0,0 +1,26 @@ +// Copyright (C) MongoDB, Inc. 2014-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + +// +build ssl,openssl_pre_1.0 + +package db + +import ( + "github.com/mongodb/mongo-tools/common/db/tlsgo" + "github.com/mongodb/mongo-tools/common/options" +) + +func init() { + GetConnectorFuncs = append(GetConnectorFuncs, getSSLConnector) +} + +// return the SSL DB connector if using SSL, otherwise, return nil. +func getSSLConnector(opts options.ToolOptions) DBConnector { + if opts.SSL.UseSSL { + return &tlsgo.TLSDBConnector{} + } + return nil +} diff --git a/src/mongo/gotools/common/db/openssl/openssl.go b/src/mongo/gotools/common/db/openssl/openssl.go index d938cf5d532..1d4a1b3b86b 100644 --- a/src/mongo/gotools/common/db/openssl/openssl.go +++ b/src/mongo/gotools/common/db/openssl/openssl.go @@ -1,3 +1,11 @@ +// Copyright (C) MongoDB, Inc. 2014-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + +// +build ssl,!openssl_pre_1.0 + // Package openssl implements connection to MongoDB over ssl. package openssl @@ -6,10 +14,10 @@ import ( "net" "time" + "github.com/10gen/openssl" "github.com/mongodb/mongo-tools/common/db/kerberos" "github.com/mongodb/mongo-tools/common/options" "github.com/mongodb/mongo-tools/common/util" - "github.com/spacemonkeygo/openssl" "gopkg.in/mgo.v2" ) @@ -40,7 +48,15 @@ func (self *SSLDBConnector) Configure(opts options.ToolOptions) error { dialer := func(addr *mgo.ServerAddr) (net.Conn, error) { conn, err := openssl.Dial("tcp", addr.String(), self.ctx, flags) self.dialError = err - return conn, err + if err != nil { + return nil, err + } + // enable TCP keepalive + err = util.EnableTCPKeepAlive(conn.UnderlyingConn(), time.Duration(opts.TCPKeepAliveSeconds)*time.Second) + if err != nil { + return nil, err + } + return conn, nil } timeout := time.Duration(opts.Timeout) * time.Second diff --git a/src/mongo/gotools/common/db/openssl/openssl_fips.go b/src/mongo/gotools/common/db/openssl/openssl_fips.go index 2c4705e23ff..ded8515f397 100644 --- a/src/mongo/gotools/common/db/openssl/openssl_fips.go +++ b/src/mongo/gotools/common/db/openssl/openssl_fips.go @@ -1,13 +1,23 @@ -// +build ssl -// +build -darwin +// Copyright (C) MongoDB, Inc. 2014-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + +// +build ssl,!openssl_pre_1.0 package openssl -import "github.com/spacemonkeygo/openssl" +import ( + "fmt" + + "github.com/10gen/openssl" + "github.com/mongodb/mongo-tools/common/options" +) func init() { sslInitializationFunctions = append(sslInitializationFunctions, SetUpFIPSMode) } -func SetUpFIPSMode(opts *ToolOptions) error { +func SetUpFIPSMode(opts options.ToolOptions) error { if err := openssl.FIPSModeSet(opts.SSLFipsMode); err != nil { return fmt.Errorf("couldn't set FIPS mode to %v: %v", opts.SSLFipsMode, err) } diff --git a/src/mongo/gotools/common/db/tlsgo/config.go b/src/mongo/gotools/common/db/tlsgo/config.go new file mode 100644 index 00000000000..8d3971b537b --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/config.go @@ -0,0 +1,246 @@ +// Copyright (C) MongoDB, Inc. 2018-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + +// This file contains code adapted from the MongoDB Go Driver. + +// Package tlsgo provides a mgo connection using Go's native TLS library. +package tlsgo + +import ( + "crypto/tls" + "crypto/x509" + "encoding/asn1" + "encoding/hex" + "encoding/pem" + "fmt" + "io/ioutil" + "strings" +) + +// TLSConfig contains options for configuring an SSL connection to the server. +type TLSConfig struct { + caCert *x509.Certificate + clientCert *tls.Certificate + insecure bool +} + +// NewTLSConfig creates a new TLSConfig. +func NewTLSConfig() *TLSConfig { + cfg := &TLSConfig{} + + return cfg +} + +// SetInsecure sets whether the client should verify the server's certificate chain and hostnames. +func (c *TLSConfig) SetInsecure(allow bool) { + c.insecure = allow +} + +// AddClientCertFromFile adds a client certificate to the configuration given a path to the +// containing file and returns the certificate's subject name. +func (c *TLSConfig) AddClientCertFromFile(clientFile, password string) (string, error) { + data, err := ioutil.ReadFile(clientFile) + if err != nil { + return "", err + } + + certPEM, err := loadPEMBlock(data, "CERTIFICATE") + if err != nil { + return "", err + } + + keyPEM, err := loadPEMBlock(data, "PRIVATE KEY") + if err != nil { + return "", err + } + // This check only covers encrypted PEM data with a DEK-Info header. It + // does not detect unencrypted PEM containing PKCS#8 format data with an + // encrypted private key. + if x509.IsEncryptedPEMBlock(keyPEM) { + if password == "" { + return "", fmt.Errorf("No password provided to decrypt private key") + } + decrypted, err := x509.DecryptPEMBlock(keyPEM, []byte(password)) + if err != nil { + return "", err + } + keyPEM = &pem.Block{Bytes: decrypted, Type: keyPEM.Type} + } + + if strings.Contains(keyPEM.Type, "ENCRYPTED") { + return "", fmt.Errorf("PKCS#8 encrypted private keys are not supported") + } + + cert, err := tls.X509KeyPair(pem.EncodeToMemory(certPEM), pem.EncodeToMemory(keyPEM)) + if err != nil { + return "", err + } + + c.clientCert = &cert + + // The documentation for the tls.X509KeyPair indicates that the Leaf + // certificate is not retained. Because there isn't any way of creating a + // tls.Certificate from an x509.Certificate short of calling X509KeyPair + // on the raw bytes, we're forced to parse the certificate over again to + // get the subject name. + crt, err := x509.ParseCertificate(certPEM.Bytes) + if err != nil { + return "", err + } + + return x509CertSubject(crt), nil +} + +// AddCaCertFromFile adds a root CA certificate to the configuration given a path to the containing file. +func (c *TLSConfig) AddCaCertFromFile(caFile string) error { + data, err := ioutil.ReadFile(caFile) + if err != nil { + return err + } + + certBytes, err := loadCertBytes(data) + if err != nil { + return err + } + + cert, err := x509.ParseCertificate(certBytes) + if err != nil { + return err + } + + c.caCert = cert + + return nil +} + +// MakeConfig constructs a new tls.Config from the configuration specified. +func (c *TLSConfig) MakeConfig() (*tls.Config, error) { + cfg := &tls.Config{} + + if c.clientCert != nil { + cfg.Certificates = []tls.Certificate{*c.clientCert} + } + + if c.caCert == nil { + roots, err := loadSystemCAs() + if err != nil { + return nil, err + } + cfg.RootCAs = roots + } else { + cfg.RootCAs = x509.NewCertPool() + cfg.RootCAs.AddCert(c.caCert) + } + + cfg.InsecureSkipVerify = c.insecure + + return cfg, nil +} + +func loadCertBytes(data []byte) ([]byte, error) { + b, err := loadPEMBlock(data, "CERTIFICATE") + if err != nil { + return nil, err + } + return b.Bytes, nil +} + +func loadPEMBlock(data []byte, blocktype string) (*pem.Block, error) { + var b *pem.Block + + for b == nil { + if data == nil || len(data) == 0 { + return nil, fmt.Errorf("no block of type %s found in .pem file", blocktype) + } + + block, rest := pem.Decode(data) + if block == nil { + return nil, fmt.Errorf("invalid .pem file") + } + + if strings.Contains(block.Type, blocktype) { + if b != nil { + return nil, fmt.Errorf("multiple %s sections in .pem file", blocktype) + } + b = block + } + + data = rest + } + + return b, nil +} + +// Because the functionality to convert a pkix.Name to a string wasn't added until Go 1.10, we +// need to copy the implementation (along with the attributeTypeNames map below). +func x509CertSubject(cert *x509.Certificate) string { + r := cert.Subject.ToRDNSequence() + + s := "" + for i := 0; i < len(r); i++ { + rdn := r[len(r)-1-i] + if i > 0 { + s += "," + } + for j, tv := range rdn { + if j > 0 { + s += "+" + } + + oidString := tv.Type.String() + typeName, ok := attributeTypeNames[oidString] + if !ok { + derBytes, err := asn1.Marshal(tv.Value) + if err == nil { + s += oidString + "=#" + hex.EncodeToString(derBytes) + continue // No value escaping necessary. + } + + typeName = oidString + } + + valueString := fmt.Sprint(tv.Value) + escaped := make([]rune, 0, len(valueString)) + + for k, c := range valueString { + escape := false + + switch c { + case ',', '+', '"', '\\', '<', '>', ';': + escape = true + + case ' ': + escape = k == 0 || k == len(valueString)-1 + + case '#': + escape = k == 0 + } + + if escape { + escaped = append(escaped, '\\', c) + } else { + escaped = append(escaped, c) + } + } + + s += typeName + "=" + string(escaped) + } + } + + return s +} + +var attributeTypeNames = map[string]string{ + "2.5.4.6": "C", + "2.5.4.10": "O", + "2.5.4.11": "OU", + "2.5.4.3": "CN", + "2.5.4.5": "SERIALNUMBER", + "2.5.4.7": "L", + "2.5.4.8": "ST", + "2.5.4.9": "STREET", + "2.5.4.17": "POSTALCODE", +} diff --git a/src/mongo/gotools/common/db/tlsgo/config_test.go b/src/mongo/gotools/common/db/tlsgo/config_test.go new file mode 100644 index 00000000000..7eb09b8643c --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/config_test.go @@ -0,0 +1,41 @@ +package tlsgo + +import ( + "strings" + "testing" +) + +func TestAddClientCert(t *testing.T) { + cases := []struct { + Path string + Pass string + Valid bool + }{ + {Path: "testdata/pkcs1.pem", Valid: true}, + {Path: "testdata/pkcs1-rev.pem", Valid: true}, + {Path: "testdata/pkcs1-encrypted.pem", Pass: "qwerty", Valid: true}, + {Path: "testdata/pkcs1-encrypted-rev.pem", Pass: "qwerty", Valid: true}, + + {Path: "testdata/pkcs8.pem", Valid: true}, + {Path: "testdata/pkcs8-rev.pem", Valid: true}, + {Path: "testdata/pkcs8-encrypted.pem", Valid: false}, + {Path: "testdata/pkcs8-encrypted-rev.pem", Valid: false}, + } + + for _, v := range cases { + tlsc := NewTLSConfig() + _, err := tlsc.AddClientCertFromFile(v.Path, v.Pass) + switch v.Valid { + case true: + if err != nil { + t.Errorf("Error parsing %s: %s", v.Path, err.Error()) + } + case false: + if err == nil { + t.Errorf("Expected error parsing %s but parsed OK", v.Path) + } else if !strings.Contains(err.Error(), "encrypted private keys are not supported") { + t.Errorf("Incorrect error for %s: %s", v.Path, err.Error()) + } + } + } +} diff --git a/src/mongo/gotools/common/db/tlsgo/rootcerts.go b/src/mongo/gotools/common/db/tlsgo/rootcerts.go new file mode 100644 index 00000000000..ee3ec3769f1 --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/rootcerts.go @@ -0,0 +1,22 @@ +// Copyright (C) MongoDB, Inc. 2018-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// +// Based on https://github.com/hashicorp/go-rootcerts by HashiCorp +// See THIRD-PARTY-NOTICES for original license terms. + +// +build !darwin + +package tlsgo + +import ( + "crypto/x509" +) + +// Stubbed for non-darwin systems. By returning nil, the Go library +// will use its own code for finding system certs. +func loadSystemCAs() (*x509.CertPool, error) { + return nil, nil +} diff --git a/src/mongo/gotools/common/db/tlsgo/rootcerts_darwin.go b/src/mongo/gotools/common/db/tlsgo/rootcerts_darwin.go new file mode 100644 index 00000000000..72c7a9116ad --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/rootcerts_darwin.go @@ -0,0 +1,58 @@ +// Copyright (C) MongoDB, Inc. 2018-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 +// +// Based on https://github.com/hashicorp/go-rootcerts by HashiCorp +// See THIRD-PARTY-NOTICES for original license terms. + +package tlsgo + +import ( + "crypto/x509" + "os/exec" + "os/user" + "path" +) + +// loadSystemCAs has special behavior on Darwin systems to work around +// bugs loading certs from keychains. See this GitHub issues query: +// https://github.com/golang/go/issues?utf8=%E2%9C%93&q=is%3Aissue+darwin+keychain +func loadSystemCAs() (*x509.CertPool, error) { + pool := x509.NewCertPool() + + for _, keychain := range certKeychains() { + err := addCertsFromKeychain(pool, keychain) + if err != nil { + return nil, err + } + } + + return pool, nil +} + +func addCertsFromKeychain(pool *x509.CertPool, keychain string) error { + cmd := exec.Command("/usr/bin/security", "find-certificate", "-a", "-p", keychain) + data, err := cmd.Output() + if err != nil { + return err + } + + pool.AppendCertsFromPEM(data) + + return nil +} + +func certKeychains() []string { + keychains := []string{ + "/System/Library/Keychains/SystemRootCertificates.keychain", + "/Library/Keychains/System.keychain", + } + user, err := user.Current() + if err == nil { + loginKeychain := path.Join(user.HomeDir, "Library", "Keychains", "login.keychain") + keychains = append(keychains, loginKeychain) + } + return keychains +} diff --git a/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-encrypted-rev.pem b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-encrypted-rev.pem new file mode 100644 index 00000000000..308e2263d4a --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-encrypted-rev.pem @@ -0,0 +1,51 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIDBUEVMA0GCSqGSIb3DQEBBQUAMHQxFzAVBgNVBAMTDktl +cm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoTB01vbmdvREIx +FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD +VQQGEwJVUzAeFw0xNjA5MjIxODE1MTJaFw0zNjA5MjIxODE1MTJaMG8xEjAQBgNV +BAMTCWxvY2FsaG9zdDEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RC +MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG +A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTHMXV0LEZ +OCuDZ292e26NbbrMaib6IL3obp/5tOvNVCNnvfgYyJwCCTIZq/mwCjAV5N8Y7tJM +v0JrrGIWgJ3qtPMQ/1VxfzLLW598nnBuqZG2HiR3CTfhd0JBmnjKDMscz90+xB2x +DUDVe6PkbZWnN2otsBzVbW+AAJRVTgUb3cjSbGcC0eTMg3SGaWiB+DtiJIAe3bl8 +6TTmrUKVvbzbJrdrFWpz+NVxf5ejZje+Wlz6OXgkWki5U41PtA7aDFIX3mo1J3c0 +jW957fC/q76jrBoTCbufYPaLQIb5QSex+aJZ40rHpSSV75tsXNUkn22u83Bes+Ih +X0As7g5kW2TDAgMBAAGjHjAcMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAN +BgkqhkiG9w0BAQUFAAOCAQEAEDzWG64/IlXSEFQZom1z0uBLSLVaxrNg4se6geLH +Bt63EW78H+JMf97AA32DsDiT3ih5uo8yUcOVoEUwontUOSjekHrYfagF/KxMvyMy +sWX+8m5SLrU6s4FysUCtlXa92g1Nh/rET074U2sNShhALgNB2XSw9P5n9GnKt5VT +Rkh0AeBJd09WcOGnSHs30+kKGNV8A5a2GTJbDma0dLa7zlhV6VU91Z9LA0aamyrX +eWwnymJvRcIYvxGqgNDxN/8MsaU1EcW0MNEDkc+kDE1LbOwlAQbCeLQDq/w6AlmC +smoCi0pp6Bf8tZM2RhcUN/xXxgEKcZzhlDOI4v8RNHOyMg== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,B57A03692CDD397E50317A829B4A4698 + +V/V8LyrTJtyxBZYcodeO7xyS/+pmjmbEEYWC6ugP+MgeStTINrjfiYbc3QPkfUEg +SpWFgeq6rFbnszeWrcuk9U0NCv+vg3SjMuprrisCJerpv9bCldF9lbbqElL6o3ov +Q3EIS5JJWxXOJN/FAvTF4nNhh+0aasMmnZyHZMsT2aqBrswDQ7h51wCV4IRHk5Xr +StqjV314kQHMRQfybYkPKZkABtpghSLGGLguwch1cbKPCKHTinFuIuZGHJlQmnOz +tfXtnjlrAG7LtyfddrTlWkm/fGF6lhewC15HLLgpNVkLmFtHCyOtDVTkInT6CM+x +DaDnXebj4gghvJ0kmm7uX3rLX/pvnne+iNpNLaZcjVx20+iGhYaJdy4yUq+nH/UU ++dHlyublzcsDHmZG8CX297DT5kRgkH6Nh3VQdhygQNRNCEHQbR8Gsff/3bJ+KDO8 +6vw/xtcjnbIsOVM8Wxp+lkvKmwk+tTVEhL4bG/+6sq1Cd9jDnf0fzWx7t+IA4t/Y +OJ2K65T6I7QVgu0y3jSyLN1MH3oLPF3VGlF6NZlRZUObDL/HzWCFWCpBMtdAxfjI +Wxh5QyQix5lo9IuvYMYmCGk6d+N/fhpLmp3mcURkZrSZCIvfLFF7jrlO4z68j0Os +XODkuYgBXhHKf+tYc0Scokd5cbHlLZ986ngPsSClTtdovouHMxRfWoLQBdlXvxi0 +CjC7SRPuvLSSRLXzF72Htgb7U/W+JflSwvpZrO8VJ7ngR4sU2s1fO1K7x+fLIHEx +M1V6OTQfmJoumg6DIYqAqO8QD6JVIn+JfZ8Ympt7zFaPCJtpxxmKjmpQ1BWatDP6 +dLrdxW9uV6VKYBQuVv+k+jFcjNMrRfJHfeUxrOjCIo3dUDfju+DOdJUAMxWPzdZZ +OmcTG/4AIzw0BJirIAuAsz1RE3V8UXjefnO3YOBZMJPx22iBOacRtcYZXX5Vi/hs +UMmBWrjrsgmtb8KxIvDED3fnfWI6JdK92x+yIJAOB920z//XP1XmiLV6QjwXgXIw +g85ZceCh7Z6E62GYRQ3xboelbKlOzeRXqwM9Tz75677pqnloeEZfN/0GCABX4SAi +jDmb1dt9DiwHsVnt2zvY85V14qNq5QkCTkD+34l+ASLrwgYj8iJ8f3NQMXvBatY0 +eKUonwjSD0odxgvgdwvGlsx1++ec6TWB7jUD/dLxPqPy+m+SpsrxmJG9/WxFXIA/ +UHcW8n5xy1D1mKgeGxTPgWLwYlbcLD3HBaIFj6s9vDfP7+ztcg6Xdsslf8irHByp +JZgnG3ptQFAVEftM7oWvM2eXdBp1mgxuSGgZohURNOAdW0m5VEsmMp95k/iN4vXI ++aTYuVmeWJhQY9pvRW38RDhwxBXIiN2dCkijUPHCi7fc1k9ox06rGsX3doW6UBu+ +H45w0BTVpJR8kv7y+Ep5yd0VTKnGy16PVL/K9GqNahzwb72JxLP+hI4Amlp7rSAG +Mfq0O3SvSrDks5PsPgBHEKnBfMMgKgTQOWICLtFG7Xoh1aJA9ykge2TniaUZeRuN +Wm4FEDBqhCEZpOOFdtq/P9v8KV/IDuyMhFEMb6tSn9P6EDTIS7feJnhXn7JFMdJT +-----END RSA PRIVATE KEY----- diff --git a/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-encrypted.pem b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-encrypted.pem new file mode 100644 index 00000000000..fa92cebe1d7 --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-encrypted.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,B57A03692CDD397E50317A829B4A4698 + +V/V8LyrTJtyxBZYcodeO7xyS/+pmjmbEEYWC6ugP+MgeStTINrjfiYbc3QPkfUEg +SpWFgeq6rFbnszeWrcuk9U0NCv+vg3SjMuprrisCJerpv9bCldF9lbbqElL6o3ov +Q3EIS5JJWxXOJN/FAvTF4nNhh+0aasMmnZyHZMsT2aqBrswDQ7h51wCV4IRHk5Xr +StqjV314kQHMRQfybYkPKZkABtpghSLGGLguwch1cbKPCKHTinFuIuZGHJlQmnOz +tfXtnjlrAG7LtyfddrTlWkm/fGF6lhewC15HLLgpNVkLmFtHCyOtDVTkInT6CM+x +DaDnXebj4gghvJ0kmm7uX3rLX/pvnne+iNpNLaZcjVx20+iGhYaJdy4yUq+nH/UU ++dHlyublzcsDHmZG8CX297DT5kRgkH6Nh3VQdhygQNRNCEHQbR8Gsff/3bJ+KDO8 +6vw/xtcjnbIsOVM8Wxp+lkvKmwk+tTVEhL4bG/+6sq1Cd9jDnf0fzWx7t+IA4t/Y +OJ2K65T6I7QVgu0y3jSyLN1MH3oLPF3VGlF6NZlRZUObDL/HzWCFWCpBMtdAxfjI +Wxh5QyQix5lo9IuvYMYmCGk6d+N/fhpLmp3mcURkZrSZCIvfLFF7jrlO4z68j0Os +XODkuYgBXhHKf+tYc0Scokd5cbHlLZ986ngPsSClTtdovouHMxRfWoLQBdlXvxi0 +CjC7SRPuvLSSRLXzF72Htgb7U/W+JflSwvpZrO8VJ7ngR4sU2s1fO1K7x+fLIHEx +M1V6OTQfmJoumg6DIYqAqO8QD6JVIn+JfZ8Ympt7zFaPCJtpxxmKjmpQ1BWatDP6 +dLrdxW9uV6VKYBQuVv+k+jFcjNMrRfJHfeUxrOjCIo3dUDfju+DOdJUAMxWPzdZZ +OmcTG/4AIzw0BJirIAuAsz1RE3V8UXjefnO3YOBZMJPx22iBOacRtcYZXX5Vi/hs +UMmBWrjrsgmtb8KxIvDED3fnfWI6JdK92x+yIJAOB920z//XP1XmiLV6QjwXgXIw +g85ZceCh7Z6E62GYRQ3xboelbKlOzeRXqwM9Tz75677pqnloeEZfN/0GCABX4SAi +jDmb1dt9DiwHsVnt2zvY85V14qNq5QkCTkD+34l+ASLrwgYj8iJ8f3NQMXvBatY0 +eKUonwjSD0odxgvgdwvGlsx1++ec6TWB7jUD/dLxPqPy+m+SpsrxmJG9/WxFXIA/ +UHcW8n5xy1D1mKgeGxTPgWLwYlbcLD3HBaIFj6s9vDfP7+ztcg6Xdsslf8irHByp +JZgnG3ptQFAVEftM7oWvM2eXdBp1mgxuSGgZohURNOAdW0m5VEsmMp95k/iN4vXI ++aTYuVmeWJhQY9pvRW38RDhwxBXIiN2dCkijUPHCi7fc1k9ox06rGsX3doW6UBu+ +H45w0BTVpJR8kv7y+Ep5yd0VTKnGy16PVL/K9GqNahzwb72JxLP+hI4Amlp7rSAG +Mfq0O3SvSrDks5PsPgBHEKnBfMMgKgTQOWICLtFG7Xoh1aJA9ykge2TniaUZeRuN +Wm4FEDBqhCEZpOOFdtq/P9v8KV/IDuyMhFEMb6tSn9P6EDTIS7feJnhXn7JFMdJT +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIDBUEVMA0GCSqGSIb3DQEBBQUAMHQxFzAVBgNVBAMTDktl +cm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoTB01vbmdvREIx +FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD +VQQGEwJVUzAeFw0xNjA5MjIxODE1MTJaFw0zNjA5MjIxODE1MTJaMG8xEjAQBgNV +BAMTCWxvY2FsaG9zdDEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RC +MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG +A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTHMXV0LEZ +OCuDZ292e26NbbrMaib6IL3obp/5tOvNVCNnvfgYyJwCCTIZq/mwCjAV5N8Y7tJM +v0JrrGIWgJ3qtPMQ/1VxfzLLW598nnBuqZG2HiR3CTfhd0JBmnjKDMscz90+xB2x +DUDVe6PkbZWnN2otsBzVbW+AAJRVTgUb3cjSbGcC0eTMg3SGaWiB+DtiJIAe3bl8 +6TTmrUKVvbzbJrdrFWpz+NVxf5ejZje+Wlz6OXgkWki5U41PtA7aDFIX3mo1J3c0 +jW957fC/q76jrBoTCbufYPaLQIb5QSex+aJZ40rHpSSV75tsXNUkn22u83Bes+Ih +X0As7g5kW2TDAgMBAAGjHjAcMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAN +BgkqhkiG9w0BAQUFAAOCAQEAEDzWG64/IlXSEFQZom1z0uBLSLVaxrNg4se6geLH +Bt63EW78H+JMf97AA32DsDiT3ih5uo8yUcOVoEUwontUOSjekHrYfagF/KxMvyMy +sWX+8m5SLrU6s4FysUCtlXa92g1Nh/rET074U2sNShhALgNB2XSw9P5n9GnKt5VT +Rkh0AeBJd09WcOGnSHs30+kKGNV8A5a2GTJbDma0dLa7zlhV6VU91Z9LA0aamyrX +eWwnymJvRcIYvxGqgNDxN/8MsaU1EcW0MNEDkc+kDE1LbOwlAQbCeLQDq/w6AlmC +smoCi0pp6Bf8tZM2RhcUN/xXxgEKcZzhlDOI4v8RNHOyMg== +-----END CERTIFICATE----- diff --git a/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-rev.pem b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-rev.pem new file mode 100644 index 00000000000..0bb7b967c9d --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1-rev.pem @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIDBUEVMA0GCSqGSIb3DQEBBQUAMHQxFzAVBgNVBAMTDktl +cm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoTB01vbmdvREIx +FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD +VQQGEwJVUzAeFw0xNjA5MjIxODE1MTJaFw0zNjA5MjIxODE1MTJaMG8xEjAQBgNV +BAMTCWxvY2FsaG9zdDEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RC +MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG +A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTHMXV0LEZ +OCuDZ292e26NbbrMaib6IL3obp/5tOvNVCNnvfgYyJwCCTIZq/mwCjAV5N8Y7tJM +v0JrrGIWgJ3qtPMQ/1VxfzLLW598nnBuqZG2HiR3CTfhd0JBmnjKDMscz90+xB2x +DUDVe6PkbZWnN2otsBzVbW+AAJRVTgUb3cjSbGcC0eTMg3SGaWiB+DtiJIAe3bl8 +6TTmrUKVvbzbJrdrFWpz+NVxf5ejZje+Wlz6OXgkWki5U41PtA7aDFIX3mo1J3c0 +jW957fC/q76jrBoTCbufYPaLQIb5QSex+aJZ40rHpSSV75tsXNUkn22u83Bes+Ih +X0As7g5kW2TDAgMBAAGjHjAcMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAN +BgkqhkiG9w0BAQUFAAOCAQEAEDzWG64/IlXSEFQZom1z0uBLSLVaxrNg4se6geLH +Bt63EW78H+JMf97AA32DsDiT3ih5uo8yUcOVoEUwontUOSjekHrYfagF/KxMvyMy +sWX+8m5SLrU6s4FysUCtlXa92g1Nh/rET074U2sNShhALgNB2XSw9P5n9GnKt5VT +Rkh0AeBJd09WcOGnSHs30+kKGNV8A5a2GTJbDma0dLa7zlhV6VU91Z9LA0aamyrX +eWwnymJvRcIYvxGqgNDxN/8MsaU1EcW0MNEDkc+kDE1LbOwlAQbCeLQDq/w6AlmC +smoCi0pp6Bf8tZM2RhcUN/xXxgEKcZzhlDOI4v8RNHOyMg== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAkxzF1dCxGTgrg2dvdntujW26zGom+iC96G6f+bTrzVQjZ734 +GMicAgkyGav5sAowFeTfGO7STL9Ca6xiFoCd6rTzEP9VcX8yy1uffJ5wbqmRth4k +dwk34XdCQZp4ygzLHM/dPsQdsQ1A1Xuj5G2VpzdqLbAc1W1vgACUVU4FG93I0mxn +AtHkzIN0hmlogfg7YiSAHt25fOk05q1Clb282ya3axVqc/jVcX+Xo2Y3vlpc+jl4 +JFpIuVONT7QO2gxSF95qNSd3NI1vee3wv6u+o6waEwm7n2D2i0CG+UEnsfmiWeNK +x6Ukle+bbFzVJJ9trvNwXrPiIV9ALO4OZFtkwwIDAQABAoIBAAuueTclPyrVfv8M +M5mg64JneDHLLBUojGvsfN+DMkY3rCgMuaqeI2U1/bh0I3uLE45pgh2kuSZG+as7 +IP7Qb7m3bKWo4MwGYa4sNFnc6uiepmdjtVmObdWFdslmzrick3RSPStCv2jTuJY7 +HySAXyXMDK5cEa4Q5o2vfhfX/ifcMZrS2Pz1o4k2Wh8EtzmRxJR+QR8d+XLtVsKf +WIvtlhwGqWkmocFOsWW/6Mtf7IPWC3QAPjVYNcxe/8LSE/FhnRr7L6Uv1K7vGImE +/+QVScl5sP2bpvo+9LxzOMANMdTWWX5ZZJhIdvwpsyctcZovuJq/Lrh9A0j40nRJ +LuR6wUECgYEA2AgCKimqgpf7WCZMv72Kbur2banm1nwRsnPENGK4e6ZuYwHXu5n6 +HLgk/zp2lJdE4yGr8EBE5hvoFCosxEuvF2ldlqnKDqRUC9IKNtXJEisadWCEPmOp +v04zPaV5hWOXaK3ZoCQ7D8xvzThcZderMMdGoeacv050nJnSkPEhissCgYEArlSG +x2KRa1AvAYwMnEIeABrzjSzLLPHyYmCByouo3ljjWiBu7gSsJCO+O8QBjIklpW24 +g+Cek8d9X3oMw2aKKukgecxTR/XE7StB6RXngEIWvIqLj3CNWn1l+K/F95rrQrBr +6Fea6qWnMYeZrnuGGvBX7PwjJncE1nvn+ey/9ukCgYB/1N1TDayz8jLsil1H6GSO +FcMUSUErEed27UHgrbn0kRsowuJhRE/Xxq89x957NrewnzAaziz27PR7Wil7Tj2h +YNvcV0QVPe/tvrAEmqSMd60EX8RhFqBPb3qqs8wgvjnN23G3bTj1tEdD7GHgcan/ +BywoiUmfelFOiUcsNUNf2QKBgBUuig3R6S9r17pNZP7bfb+vhqZBqhI096mCZmLQ +41zY2g8KX9Al2zCs8yFZ6IJF68AU+9VyRnJYS+B8+O4JGIKsPtjtvbTBpQLYPbLv +iWhpH1AbWWe9Wj+Dew9jdB9owGsi+omJk3YtWIpJGqA7vAir6VMPM8oprfnNplsU +rCJ5AoGBANRKxMsriiA/sDLPxDCQOZg4JGRy1ycRVu75wETwoWnDMUP6J6BxE/pK +keA1nmrVXLheVs3kB7Bg7Jm+53E6RPATRGbvJ+5nqtDDxjL3HL8Jg6uKFjPmnpJ4 +crTsbc7nrAxo0cRmUlgbzQqhgAfnb8B7Fai2T1qoFixPtIFicehx +-----END RSA PRIVATE KEY----- diff --git a/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1.pem b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1.pem new file mode 100644 index 00000000000..9f6124b5fa2 --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs1.pem @@ -0,0 +1,48 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAkxzF1dCxGTgrg2dvdntujW26zGom+iC96G6f+bTrzVQjZ734 +GMicAgkyGav5sAowFeTfGO7STL9Ca6xiFoCd6rTzEP9VcX8yy1uffJ5wbqmRth4k +dwk34XdCQZp4ygzLHM/dPsQdsQ1A1Xuj5G2VpzdqLbAc1W1vgACUVU4FG93I0mxn +AtHkzIN0hmlogfg7YiSAHt25fOk05q1Clb282ya3axVqc/jVcX+Xo2Y3vlpc+jl4 +JFpIuVONT7QO2gxSF95qNSd3NI1vee3wv6u+o6waEwm7n2D2i0CG+UEnsfmiWeNK +x6Ukle+bbFzVJJ9trvNwXrPiIV9ALO4OZFtkwwIDAQABAoIBAAuueTclPyrVfv8M +M5mg64JneDHLLBUojGvsfN+DMkY3rCgMuaqeI2U1/bh0I3uLE45pgh2kuSZG+as7 +IP7Qb7m3bKWo4MwGYa4sNFnc6uiepmdjtVmObdWFdslmzrick3RSPStCv2jTuJY7 +HySAXyXMDK5cEa4Q5o2vfhfX/ifcMZrS2Pz1o4k2Wh8EtzmRxJR+QR8d+XLtVsKf +WIvtlhwGqWkmocFOsWW/6Mtf7IPWC3QAPjVYNcxe/8LSE/FhnRr7L6Uv1K7vGImE +/+QVScl5sP2bpvo+9LxzOMANMdTWWX5ZZJhIdvwpsyctcZovuJq/Lrh9A0j40nRJ +LuR6wUECgYEA2AgCKimqgpf7WCZMv72Kbur2banm1nwRsnPENGK4e6ZuYwHXu5n6 +HLgk/zp2lJdE4yGr8EBE5hvoFCosxEuvF2ldlqnKDqRUC9IKNtXJEisadWCEPmOp +v04zPaV5hWOXaK3ZoCQ7D8xvzThcZderMMdGoeacv050nJnSkPEhissCgYEArlSG +x2KRa1AvAYwMnEIeABrzjSzLLPHyYmCByouo3ljjWiBu7gSsJCO+O8QBjIklpW24 +g+Cek8d9X3oMw2aKKukgecxTR/XE7StB6RXngEIWvIqLj3CNWn1l+K/F95rrQrBr +6Fea6qWnMYeZrnuGGvBX7PwjJncE1nvn+ey/9ukCgYB/1N1TDayz8jLsil1H6GSO +FcMUSUErEed27UHgrbn0kRsowuJhRE/Xxq89x957NrewnzAaziz27PR7Wil7Tj2h +YNvcV0QVPe/tvrAEmqSMd60EX8RhFqBPb3qqs8wgvjnN23G3bTj1tEdD7GHgcan/ +BywoiUmfelFOiUcsNUNf2QKBgBUuig3R6S9r17pNZP7bfb+vhqZBqhI096mCZmLQ +41zY2g8KX9Al2zCs8yFZ6IJF68AU+9VyRnJYS+B8+O4JGIKsPtjtvbTBpQLYPbLv +iWhpH1AbWWe9Wj+Dew9jdB9owGsi+omJk3YtWIpJGqA7vAir6VMPM8oprfnNplsU +rCJ5AoGBANRKxMsriiA/sDLPxDCQOZg4JGRy1ycRVu75wETwoWnDMUP6J6BxE/pK +keA1nmrVXLheVs3kB7Bg7Jm+53E6RPATRGbvJ+5nqtDDxjL3HL8Jg6uKFjPmnpJ4 +crTsbc7nrAxo0cRmUlgbzQqhgAfnb8B7Fai2T1qoFixPtIFicehx +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIDBUEVMA0GCSqGSIb3DQEBBQUAMHQxFzAVBgNVBAMTDktl +cm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoTB01vbmdvREIx +FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD +VQQGEwJVUzAeFw0xNjA5MjIxODE1MTJaFw0zNjA5MjIxODE1MTJaMG8xEjAQBgNV +BAMTCWxvY2FsaG9zdDEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RC +MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG +A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTHMXV0LEZ +OCuDZ292e26NbbrMaib6IL3obp/5tOvNVCNnvfgYyJwCCTIZq/mwCjAV5N8Y7tJM +v0JrrGIWgJ3qtPMQ/1VxfzLLW598nnBuqZG2HiR3CTfhd0JBmnjKDMscz90+xB2x +DUDVe6PkbZWnN2otsBzVbW+AAJRVTgUb3cjSbGcC0eTMg3SGaWiB+DtiJIAe3bl8 +6TTmrUKVvbzbJrdrFWpz+NVxf5ejZje+Wlz6OXgkWki5U41PtA7aDFIX3mo1J3c0 +jW957fC/q76jrBoTCbufYPaLQIb5QSex+aJZ40rHpSSV75tsXNUkn22u83Bes+Ih +X0As7g5kW2TDAgMBAAGjHjAcMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAN +BgkqhkiG9w0BAQUFAAOCAQEAEDzWG64/IlXSEFQZom1z0uBLSLVaxrNg4se6geLH +Bt63EW78H+JMf97AA32DsDiT3ih5uo8yUcOVoEUwontUOSjekHrYfagF/KxMvyMy +sWX+8m5SLrU6s4FysUCtlXa92g1Nh/rET074U2sNShhALgNB2XSw9P5n9GnKt5VT +Rkh0AeBJd09WcOGnSHs30+kKGNV8A5a2GTJbDma0dLa7zlhV6VU91Z9LA0aamyrX +eWwnymJvRcIYvxGqgNDxN/8MsaU1EcW0MNEDkc+kDE1LbOwlAQbCeLQDq/w6AlmC +smoCi0pp6Bf8tZM2RhcUN/xXxgEKcZzhlDOI4v8RNHOyMg== +-----END CERTIFICATE----- diff --git a/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-encrypted-rev.pem b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-encrypted-rev.pem new file mode 100644 index 00000000000..2a9b8ea4aa4 --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-encrypted-rev.pem @@ -0,0 +1,51 @@ +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIDBUEVMA0GCSqGSIb3DQEBBQUAMHQxFzAVBgNVBAMTDktl +cm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoTB01vbmdvREIx +FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD +VQQGEwJVUzAeFw0xNjA5MjIxODE1MTJaFw0zNjA5MjIxODE1MTJaMG8xEjAQBgNV +BAMTCWxvY2FsaG9zdDEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RC +MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG +A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTHMXV0LEZ +OCuDZ292e26NbbrMaib6IL3obp/5tOvNVCNnvfgYyJwCCTIZq/mwCjAV5N8Y7tJM +v0JrrGIWgJ3qtPMQ/1VxfzLLW598nnBuqZG2HiR3CTfhd0JBmnjKDMscz90+xB2x +DUDVe6PkbZWnN2otsBzVbW+AAJRVTgUb3cjSbGcC0eTMg3SGaWiB+DtiJIAe3bl8 +6TTmrUKVvbzbJrdrFWpz+NVxf5ejZje+Wlz6OXgkWki5U41PtA7aDFIX3mo1J3c0 +jW957fC/q76jrBoTCbufYPaLQIb5QSex+aJZ40rHpSSV75tsXNUkn22u83Bes+Ih +X0As7g5kW2TDAgMBAAGjHjAcMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAN +BgkqhkiG9w0BAQUFAAOCAQEAEDzWG64/IlXSEFQZom1z0uBLSLVaxrNg4se6geLH +Bt63EW78H+JMf97AA32DsDiT3ih5uo8yUcOVoEUwontUOSjekHrYfagF/KxMvyMy +sWX+8m5SLrU6s4FysUCtlXa92g1Nh/rET074U2sNShhALgNB2XSw9P5n9GnKt5VT +Rkh0AeBJd09WcOGnSHs30+kKGNV8A5a2GTJbDma0dLa7zlhV6VU91Z9LA0aamyrX +eWwnymJvRcIYvxGqgNDxN/8MsaU1EcW0MNEDkc+kDE1LbOwlAQbCeLQDq/w6AlmC +smoCi0pp6Bf8tZM2RhcUN/xXxgEKcZzhlDOI4v8RNHOyMg== +-----END CERTIFICATE----- +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIP80PLbXYYHUCAggA +MB0GCWCGSAFlAwQBAgQQu1qZnln9ymhZVDJmGJpIJQSCBNDufC1nGCgwBWtkzqP+ +MN3/UJD4cX6TQDjGotN484gLvCm138yB8EPSuFz2RUcOFQImKm3fuqBKgx08jen6 +DQRNekzW1ngIV3BZwn5kMwr0lJK4ibpfEmdTYu/2INq55ljsFx7pq+69PLOqskPa +l+1CzPub0xPC8spG6H0xxOV3HYZlzNX6SKgpK/GPCyGzspgijdacn+x+KFpvMRG3 +fDvdGTP5F/lk6++EHFM/LBfitNV0qkd9GoOIbcDkinu6EytSfJY/mY337AhitWQZ +zdhgC3nA+QYy9s/hs2hXBepkIsFzLMRF162Cqc7KPNObpVGBPxFS+an3c7FyYXVw +ekTf1XrUpdsqNIgvSQkUhzkPc01jHWd4paHgSCLayLx6c9jPXiCxgASZ7BcjAZOC +VLqoi9RHYrEdpoZBwMnSheHa6OVdqPbitlx4vA41s1ERuRktz9hXuhl/Rje+IF5i +2N2l4q3ix4K2yvtZ4wmoc92/WPy2XVudeBinupIxLbrq82HIs1KvLZZ78s+s2Gfh +PDH/1gMiraOWyBY1/4DtAnptl2qKW3YsTwMGCfrX8euRC7WCk/QBw6SBy1XlV2pc +uc1ZOAgWQHwDSRK6XJHgElrQkgVRlszg5vofJ1RdRxJo6XossIc3vx/IUqv2+7xx +mGBE+71FYDg4vmN5nAgN2MjEGdyMEGL4WiKT6Y/WSOTrtRVKRFTilzxuOmx6Hq37 +rldBokhttrx0JikU0fqDWSaDbERSslmv5TinygKyq/PnGOHtcBzHC0c+AIlp2Rj8 +Z5TbgMVcxjV0GZ0SojjO6DO9weJ5c5iBom+VJrniYNDc4jqn0OqIQEembgGuTdHk +37Dqp7oxonLZS1Qi+YNljxQvGUeaoy0hSJS/9C2ANWoo+POB/BkhdS3NT2CQAxNZ +ca4ThdtyLvhSjLIEEMJH7J+LFVuE32hbivWtjKcha8vJ/sYz5gZE193Jfz5H92Zq +3Ee7ipvaKQrxATCp7xJdX5ftHp2+dMsiRKxff8TOO9TVwoJkWOw9zSOMidI+znuL +IF2kTMMPu/o1EbOzEvgck/dcvPlTzWQEGy6eCSixndB4c9yjcVnZpzYnWJEhV7to +W9OfcBkQ/3V5jn96yQPCXm1br2j9FS5QDmWP+GOlLUEPwb27jUajTs3emeqvC0qJ +OALtJsKkwT9L7Cq/cZNByBrbmimEI1NkaVRPjauHhQSzPYIJWBkaJPoZIkbCJ5eO +vRi/2Bd74fda8pVFxm9kUNP8wwpz9JSXmzVRzGXOJ3lS1TKAXl++gb5HX+bieSNy +QHcjw6rBwOkdac40vs5mxGb0XHtP8Qqvn0+fzmKan4MBGKGrB2nlfBrhI2Uopni5 +WRSWbZjDe3ofsjlaj39rxQksvSnZEN/us4JHl2QWfYhpg9tYiCmO0zPREqdWKoi2 +IgydR30JXmNx+W2UBoh1iIPgxeqkDXsxWusGbAgyZs4s7/dcrlcVQz5vzHm0zXsK +hix58eAuxTJORkGKaxva5fmdwvHJJPt5/nPPsGdm81WVqm79yKRRE4mjl+PTBryE +4IuFZjGksVDHpi1LMpW4FMmaYjf/oNm9/ZAqOtxJYC8CFIyyVbqSMOwrqSDxmE8O +gHyWskGclbX/lOH8H83lXnh2xw== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-encrypted.pem b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-encrypted.pem new file mode 100644 index 00000000000..88773490b0f --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-encrypted.pem @@ -0,0 +1,51 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIP80PLbXYYHUCAggA +MB0GCWCGSAFlAwQBAgQQu1qZnln9ymhZVDJmGJpIJQSCBNDufC1nGCgwBWtkzqP+ +MN3/UJD4cX6TQDjGotN484gLvCm138yB8EPSuFz2RUcOFQImKm3fuqBKgx08jen6 +DQRNekzW1ngIV3BZwn5kMwr0lJK4ibpfEmdTYu/2INq55ljsFx7pq+69PLOqskPa +l+1CzPub0xPC8spG6H0xxOV3HYZlzNX6SKgpK/GPCyGzspgijdacn+x+KFpvMRG3 +fDvdGTP5F/lk6++EHFM/LBfitNV0qkd9GoOIbcDkinu6EytSfJY/mY337AhitWQZ +zdhgC3nA+QYy9s/hs2hXBepkIsFzLMRF162Cqc7KPNObpVGBPxFS+an3c7FyYXVw +ekTf1XrUpdsqNIgvSQkUhzkPc01jHWd4paHgSCLayLx6c9jPXiCxgASZ7BcjAZOC +VLqoi9RHYrEdpoZBwMnSheHa6OVdqPbitlx4vA41s1ERuRktz9hXuhl/Rje+IF5i +2N2l4q3ix4K2yvtZ4wmoc92/WPy2XVudeBinupIxLbrq82HIs1KvLZZ78s+s2Gfh +PDH/1gMiraOWyBY1/4DtAnptl2qKW3YsTwMGCfrX8euRC7WCk/QBw6SBy1XlV2pc +uc1ZOAgWQHwDSRK6XJHgElrQkgVRlszg5vofJ1RdRxJo6XossIc3vx/IUqv2+7xx +mGBE+71FYDg4vmN5nAgN2MjEGdyMEGL4WiKT6Y/WSOTrtRVKRFTilzxuOmx6Hq37 +rldBokhttrx0JikU0fqDWSaDbERSslmv5TinygKyq/PnGOHtcBzHC0c+AIlp2Rj8 +Z5TbgMVcxjV0GZ0SojjO6DO9weJ5c5iBom+VJrniYNDc4jqn0OqIQEembgGuTdHk +37Dqp7oxonLZS1Qi+YNljxQvGUeaoy0hSJS/9C2ANWoo+POB/BkhdS3NT2CQAxNZ +ca4ThdtyLvhSjLIEEMJH7J+LFVuE32hbivWtjKcha8vJ/sYz5gZE193Jfz5H92Zq +3Ee7ipvaKQrxATCp7xJdX5ftHp2+dMsiRKxff8TOO9TVwoJkWOw9zSOMidI+znuL +IF2kTMMPu/o1EbOzEvgck/dcvPlTzWQEGy6eCSixndB4c9yjcVnZpzYnWJEhV7to +W9OfcBkQ/3V5jn96yQPCXm1br2j9FS5QDmWP+GOlLUEPwb27jUajTs3emeqvC0qJ +OALtJsKkwT9L7Cq/cZNByBrbmimEI1NkaVRPjauHhQSzPYIJWBkaJPoZIkbCJ5eO +vRi/2Bd74fda8pVFxm9kUNP8wwpz9JSXmzVRzGXOJ3lS1TKAXl++gb5HX+bieSNy +QHcjw6rBwOkdac40vs5mxGb0XHtP8Qqvn0+fzmKan4MBGKGrB2nlfBrhI2Uopni5 +WRSWbZjDe3ofsjlaj39rxQksvSnZEN/us4JHl2QWfYhpg9tYiCmO0zPREqdWKoi2 +IgydR30JXmNx+W2UBoh1iIPgxeqkDXsxWusGbAgyZs4s7/dcrlcVQz5vzHm0zXsK +hix58eAuxTJORkGKaxva5fmdwvHJJPt5/nPPsGdm81WVqm79yKRRE4mjl+PTBryE +4IuFZjGksVDHpi1LMpW4FMmaYjf/oNm9/ZAqOtxJYC8CFIyyVbqSMOwrqSDxmE8O +gHyWskGclbX/lOH8H83lXnh2xw== +-----END ENCRYPTED PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDfjCCAmagAwIBAgIDBUEVMA0GCSqGSIb3DQEBBQUAMHQxFzAVBgNVBAMTDktl +cm5lbCBUZXN0IENBMQ8wDQYDVQQLEwZLZXJuZWwxEDAOBgNVBAoTB01vbmdvREIx +FjAUBgNVBAcTDU5ldyBZb3JrIENpdHkxETAPBgNVBAgTCE5ldyBZb3JrMQswCQYD +VQQGEwJVUzAeFw0xNjA5MjIxODE1MTJaFw0zNjA5MjIxODE1MTJaMG8xEjAQBgNV +BAMTCWxvY2FsaG9zdDEPMA0GA1UECxMGS2VybmVsMRAwDgYDVQQKEwdNb25nb0RC +MRYwFAYDVQQHEw1OZXcgWW9yayBDaXR5MREwDwYDVQQIEwhOZXcgWW9yazELMAkG +A1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTHMXV0LEZ +OCuDZ292e26NbbrMaib6IL3obp/5tOvNVCNnvfgYyJwCCTIZq/mwCjAV5N8Y7tJM +v0JrrGIWgJ3qtPMQ/1VxfzLLW598nnBuqZG2HiR3CTfhd0JBmnjKDMscz90+xB2x +DUDVe6PkbZWnN2otsBzVbW+AAJRVTgUb3cjSbGcC0eTMg3SGaWiB+DtiJIAe3bl8 +6TTmrUKVvbzbJrdrFWpz+NVxf5ejZje+Wlz6OXgkWki5U41PtA7aDFIX3mo1J3c0 +jW957fC/q76jrBoTCbufYPaLQIb5QSex+aJZ40rHpSSV75tsXNUkn22u83Bes+Ih +X0As7g5kW2TDAgMBAAGjHjAcMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAN +BgkqhkiG9w0BAQUFAAOCAQEAEDzWG64/IlXSEFQZom1z0uBLSLVaxrNg4se6geLH +Bt63EW78H+JMf97AA32DsDiT3ih5uo8yUcOVoEUwontUOSjekHrYfagF/KxMvyMy +sWX+8m5SLrU6s4FysUCtlXa92g1Nh/rET074U2sNShhALgNB2XSw9P5n9GnKt5VT +Rkh0AeBJd09WcOGnSHs30+kKGNV8A5a2GTJbDma0dLa7zlhV6VU91Z9LA0aamyrX +eWwnymJvRcIYvxGqgNDxN/8MsaU1EcW0MNEDkc+kDE1LbOwlAQbCeLQDq/w6AlmC +smoCi0pp6Bf8tZM2RhcUN/xXxgEKcZzhlDOI4v8RNHOyMg== +-----END CERTIFICATE----- diff --git a/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-rev.pem b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-rev.pem new file mode 100644 index 00000000000..7d902b28e11 --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8-rev.pem @@ -0,0 +1,50 @@ +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIJAIJdodI/q6hqMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjERMA8G +A1UECwwIU2VjdXJpdHkxCzAJBgNVBAMMAmNhMB4XDTE3MDMxNzEwMTQ0MVoXDTI3 +MDMxNTEwMTQ0MVowaDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREw +DwYDVQQHDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJp +dmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA0nYSydRYw7eM1KtyM6s49A7SIPGUua+wStu9KkTzFcaJ8y/hcrek5J/4 +PcpY5gf8tkf3GrXxumtPnWCJJP+wbNh4U9HJgtFrzkIHnYmOxjLERGgu/w+4W3J+ +/RUSOOHK2DeOzIYZd79d48716kNWYFV80nhQRJexJSD1fGgQLll947HBh50f4Jne +JMtq3Bw/YoJfKDa8AcsWj80U5yGF6BUhVddteIwXlHbTUJxFu5cZ3iVOEr7sTd8O +gpJ1XZgUGOW9fVBxwRRiLe1MXHrljvaNOT532W+kQDw9U94teD6pDTIRPrOxJ8l4 +GWiP3hyKVqcbx2fPumj5zqRz8nlZSQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG +SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E +FgQUd7IrLVymryD9EI7JqSDy61B0hiYwHwYDVR0jBBgwFoAU6V78cAw4dTLrQwZE +x8Vf5k+rHDkwDQYJKoZIhvcNAQELBQADggEBAGxTZl9WrjlXd9UFIFKiTx3io/YR +NuAfStSuLwoNAi3P+XYLwvfUScyHOambqBmBFsMSNiQe6h4tepcVIFLeGcsTsoyf +JkTMwiJH1iIdAchNJmsdkWrPlzUc8s7modmzBx6TBokiGL79vVuh20SW8IyWJZaf +79A1vFR7PRRPsJWfbXkEOP+CoyQfJtPLz+fFcX2CFkvtn5T8IM97OBBckyE3pjRQ +nZ7bDc+mM/2T23KMnSWNvqP68Yt+7YMyQ+uj1+HJOHfHQSD0nU/Mn0+EqLhZbzvL +EKJ5z1meByoriHlMGvZjGMIIcH1Gt/QAi8sVzZBJr+Cq0c9P7F+uNFcODaM= +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDSdhLJ1FjDt4zU +q3Izqzj0DtIg8ZS5r7BK270qRPMVxonzL+Fyt6Tkn/g9yljmB/y2R/catfG6a0+d +YIkk/7Bs2HhT0cmC0WvOQgediY7GMsREaC7/D7hbcn79FRI44crYN47Mhhl3v13j +zvXqQ1ZgVXzSeFBEl7ElIPV8aBAuWX3jscGHnR/gmd4ky2rcHD9igl8oNrwByxaP +zRTnIYXoFSFV1214jBeUdtNQnEW7lxneJU4SvuxN3w6CknVdmBQY5b19UHHBFGIt +7UxceuWO9o05PnfZb6RAPD1T3i14PqkNMhE+s7EnyXgZaI/eHIpWpxvHZ8+6aPnO +pHPyeVlJAgMBAAECggEBALR2AAhF51Ly2XQmCkeZor1K1AzhePh7WDvoDVzoQFPE +qNb4kGTwaRiMvqwlDHM6GAwoyw6BQmPpzhuRAifSgvHh79NXiGV+suTqI2OG5wC1 +2Ssa9mlIjnkDRTY3UieqHGenw+9FcSMH2TcUaDLWSINT6jMCbTlTpNbEWxqwlGdY +URP4I0lN/NiKyfGemctXTuKj3YOB+6feQZaL1RWYJ9pneSad6rbsLYLOc0JAK8zG +wu3mPhPTrMqaj7DXAbhz4NWmIjosIp4/5bnV2HSvpd4UiB7/yK/gknZ4XesHOz4z +aIKbYxbaUkrKIGO/mwuZOjCDSw/rSDmuxuDWFRU3NE0CgYEA6LW2dFPfxIxEmeXl +EzFxJhsCeCOcPo4ueWxbMboILl2KjMhTUGxKZEjJtWpK+FwVqashU2CrDfW/zfzp +ekb1EVAeq+bDsHKRXMJfHQ3qky733nqsKbpQonJwyQ64AVhQVLgr8Xi+gNiYaOWo +g5ZftrlNlJu59GJv+St2eipAlwsCgYEA54ZTpYAodRkMcZOGqiG8mHwNwxPSRIRO +7iRRT+8NFLVfC3Y1oPD7o2tmwFDpSzybgIOpdKuqHOG6/ed82AyqnODhmdNPcCpv +FgyWZaurgJepe8Y61vjoaV6y7geLJAOL/WAbqzRRq6tDI708t21lsFCTvtoyW/0I +0kggr/+ytXsCgYEAkaW5jlE4ilGoVhI3L64QPWNGRl8zWUuv9rtE0Hi4yhwtrTNs +QbelT+LmrC7cwVkRDeJXt1GXfeNDqu8SSj/C/pUAvWJvNC5goIfe89ZT7M7GwG5S +9sLv2Nx7jrsxm1Xk4UFr73Q893OY4H5s2/7v5PNRhSN6XWSG5JK5UnjDeEUCgYEA +iMQnAWsVeybS3Pzi3fmT6RfPIV/CJEtsPO0jQ27ZcVQ60xB/WZVBcSXuysiBJ7qj +uWUNYyhNE0adKYPnkdDZsFZ/rljPYlkOyh2hcmnYo9vzeHR/KaJb2HLijA3Uue+G +cKSnc5kybZB71s7g4RI0sdTHkkRe30w4O8/zz0PjE6UCgYEAzARJZItdMu9wGu3U +X7tSSXJL2avVKv/lBDUfZAChBhpXOQf7MvgmKUCiZC/BMZ/plw/AxBL8swrfKgsw +TdrZwrhK3wOgqYWIHCAfzR+Qa0rRTqVmRQERFylqXzNmUWMG5iq7D9rp3Ht9/Ozn +6NGsAa53FvCDeBkFzi/dsbhxvjk= +-----END PRIVATE KEY----- diff --git a/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8.pem b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8.pem new file mode 100644 index 00000000000..305c67658c9 --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/testdata/pkcs8.pem @@ -0,0 +1,50 @@ +-----BEGIN PRIVATE KEY----- +MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDSdhLJ1FjDt4zU +q3Izqzj0DtIg8ZS5r7BK270qRPMVxonzL+Fyt6Tkn/g9yljmB/y2R/catfG6a0+d +YIkk/7Bs2HhT0cmC0WvOQgediY7GMsREaC7/D7hbcn79FRI44crYN47Mhhl3v13j +zvXqQ1ZgVXzSeFBEl7ElIPV8aBAuWX3jscGHnR/gmd4ky2rcHD9igl8oNrwByxaP +zRTnIYXoFSFV1214jBeUdtNQnEW7lxneJU4SvuxN3w6CknVdmBQY5b19UHHBFGIt +7UxceuWO9o05PnfZb6RAPD1T3i14PqkNMhE+s7EnyXgZaI/eHIpWpxvHZ8+6aPnO +pHPyeVlJAgMBAAECggEBALR2AAhF51Ly2XQmCkeZor1K1AzhePh7WDvoDVzoQFPE +qNb4kGTwaRiMvqwlDHM6GAwoyw6BQmPpzhuRAifSgvHh79NXiGV+suTqI2OG5wC1 +2Ssa9mlIjnkDRTY3UieqHGenw+9FcSMH2TcUaDLWSINT6jMCbTlTpNbEWxqwlGdY +URP4I0lN/NiKyfGemctXTuKj3YOB+6feQZaL1RWYJ9pneSad6rbsLYLOc0JAK8zG +wu3mPhPTrMqaj7DXAbhz4NWmIjosIp4/5bnV2HSvpd4UiB7/yK/gknZ4XesHOz4z +aIKbYxbaUkrKIGO/mwuZOjCDSw/rSDmuxuDWFRU3NE0CgYEA6LW2dFPfxIxEmeXl +EzFxJhsCeCOcPo4ueWxbMboILl2KjMhTUGxKZEjJtWpK+FwVqashU2CrDfW/zfzp +ekb1EVAeq+bDsHKRXMJfHQ3qky733nqsKbpQonJwyQ64AVhQVLgr8Xi+gNiYaOWo +g5ZftrlNlJu59GJv+St2eipAlwsCgYEA54ZTpYAodRkMcZOGqiG8mHwNwxPSRIRO +7iRRT+8NFLVfC3Y1oPD7o2tmwFDpSzybgIOpdKuqHOG6/ed82AyqnODhmdNPcCpv +FgyWZaurgJepe8Y61vjoaV6y7geLJAOL/WAbqzRRq6tDI708t21lsFCTvtoyW/0I +0kggr/+ytXsCgYEAkaW5jlE4ilGoVhI3L64QPWNGRl8zWUuv9rtE0Hi4yhwtrTNs +QbelT+LmrC7cwVkRDeJXt1GXfeNDqu8SSj/C/pUAvWJvNC5goIfe89ZT7M7GwG5S +9sLv2Nx7jrsxm1Xk4UFr73Q893OY4H5s2/7v5PNRhSN6XWSG5JK5UnjDeEUCgYEA +iMQnAWsVeybS3Pzi3fmT6RfPIV/CJEtsPO0jQ27ZcVQ60xB/WZVBcSXuysiBJ7qj +uWUNYyhNE0adKYPnkdDZsFZ/rljPYlkOyh2hcmnYo9vzeHR/KaJb2HLijA3Uue+G +cKSnc5kybZB71s7g4RI0sdTHkkRe30w4O8/zz0PjE6UCgYEAzARJZItdMu9wGu3U +X7tSSXJL2avVKv/lBDUfZAChBhpXOQf7MvgmKUCiZC/BMZ/plw/AxBL8swrfKgsw +TdrZwrhK3wOgqYWIHCAfzR+Qa0rRTqVmRQERFylqXzNmUWMG5iq7D9rp3Ht9/Ozn +6NGsAa53FvCDeBkFzi/dsbhxvjk= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIJAIJdodI/q6hqMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjERMA8G +A1UECwwIU2VjdXJpdHkxCzAJBgNVBAMMAmNhMB4XDTE3MDMxNzEwMTQ0MVoXDTI3 +MDMxNTEwMTQ0MVowaDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREw +DwYDVQQHDAhOZXcgWW9yazEQMA4GA1UECgwHTW9uZ29EQjEQMA4GA1UECwwHRHJp +dmVyczEPMA0GA1UEAwwGY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEA0nYSydRYw7eM1KtyM6s49A7SIPGUua+wStu9KkTzFcaJ8y/hcrek5J/4 +PcpY5gf8tkf3GrXxumtPnWCJJP+wbNh4U9HJgtFrzkIHnYmOxjLERGgu/w+4W3J+ +/RUSOOHK2DeOzIYZd79d48716kNWYFV80nhQRJexJSD1fGgQLll947HBh50f4Jne +JMtq3Bw/YoJfKDa8AcsWj80U5yGF6BUhVddteIwXlHbTUJxFu5cZ3iVOEr7sTd8O +gpJ1XZgUGOW9fVBxwRRiLe1MXHrljvaNOT532W+kQDw9U94teD6pDTIRPrOxJ8l4 +GWiP3hyKVqcbx2fPumj5zqRz8nlZSQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCG +SAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4E +FgQUd7IrLVymryD9EI7JqSDy61B0hiYwHwYDVR0jBBgwFoAU6V78cAw4dTLrQwZE +x8Vf5k+rHDkwDQYJKoZIhvcNAQELBQADggEBAGxTZl9WrjlXd9UFIFKiTx3io/YR +NuAfStSuLwoNAi3P+XYLwvfUScyHOambqBmBFsMSNiQe6h4tepcVIFLeGcsTsoyf +JkTMwiJH1iIdAchNJmsdkWrPlzUc8s7modmzBx6TBokiGL79vVuh20SW8IyWJZaf +79A1vFR7PRRPsJWfbXkEOP+CoyQfJtPLz+fFcX2CFkvtn5T8IM97OBBckyE3pjRQ +nZ7bDc+mM/2T23KMnSWNvqP68Yt+7YMyQ+uj1+HJOHfHQSD0nU/Mn0+EqLhZbzvL +EKJ5z1meByoriHlMGvZjGMIIcH1Gt/QAi8sVzZBJr+Cq0c9P7F+uNFcODaM= +-----END CERTIFICATE----- diff --git a/src/mongo/gotools/common/db/tlsgo/tlsgo.go b/src/mongo/gotools/common/db/tlsgo/tlsgo.go new file mode 100644 index 00000000000..c26b7e2dc4f --- /dev/null +++ b/src/mongo/gotools/common/db/tlsgo/tlsgo.go @@ -0,0 +1,135 @@ +// Copyright (C) MongoDB, Inc. 2014-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + +// Package tlsgo implements connection to MongoDB with Go native TLS. +package tlsgo + +import ( + "crypto/tls" + "fmt" + "net" + "strings" + "time" + + "github.com/mongodb/mongo-tools/common/db/kerberos" + "github.com/mongodb/mongo-tools/common/log" + "github.com/mongodb/mongo-tools/common/options" + "github.com/mongodb/mongo-tools/common/util" + "gopkg.in/mgo.v2" +) + +// TLSDBConnector makes a connection to the database with Go native TLS. +type TLSDBConnector struct { + dialInfo *mgo.DialInfo + config *TLSConfig +} + +// Configure the connector to connect to the server over ssl. Sets up the +// correct function to dial the server based on the ssl options passed in. +func (c *TLSDBConnector) Configure(opts options.ToolOptions) error { + if opts.SSLFipsMode { + return fmt.Errorf("FIPS mode not supported") + } + + if opts.SSLCRLFile != "" { + return fmt.Errorf("CRL files are not supported on this platform") + } + + c.config = NewTLSConfig() + + if opts.SSLAllowInvalidCert || opts.SSLAllowInvalidHost { + c.config.SetInsecure(true) + } + + if opts.SSLPEMKeyFile != "" { + subject, err := c.config.AddClientCertFromFile(opts.SSLPEMKeyFile, opts.SSLPEMKeyPassword) + if err != nil { + return err + } + if opts.Auth.Mechanism == "MONGODB-X509" && opts.Auth.Username == "" { + opts.Auth.Username = subject + } + } + + if opts.SSLCAFile != "" { + c.config.AddCaCertFromFile(opts.SSLCAFile) + } + + // set up the dial info + c.dialInfo = &mgo.DialInfo{ + Timeout: time.Duration(opts.Timeout) * time.Second, + Direct: opts.Direct, + ReplicaSetName: opts.ReplicaSetName, + DialServer: c.makeDialer(opts), + Username: opts.Auth.Username, + Password: opts.Auth.Password, + Source: opts.GetAuthenticationDatabase(), + Mechanism: opts.Auth.Mechanism, + } + + // create or fetch the addresses to be used to connect + if opts.URI != nil && opts.URI.ConnectionString != "" { + c.dialInfo.Addrs = opts.URI.GetConnectionAddrs() + } else { + c.dialInfo.Addrs = util.CreateConnectionAddrs(opts.Host, opts.Port) + } + kerberos.AddKerberosOpts(opts, c.dialInfo) + return nil +} + +// GetNewSession dials the server. +func (c *TLSDBConnector) GetNewSession() (*mgo.Session, error) { + return mgo.DialWithInfo(c.dialInfo) +} + +// To be handed to mgo.DialInfo for connecting to the server. +type dialerFunc func(addr *mgo.ServerAddr) (net.Conn, error) + +func (c *TLSDBConnector) makeDialer(opts options.ToolOptions) dialerFunc { + return func(addr *mgo.ServerAddr) (net.Conn, error) { + address := addr.String() + conn, err := net.Dial("tcp", address) + if err != nil { + // mgo discards dialer errors so log it now + log.Logvf(log.Always, "error dialing %v: %v", address, err) + return nil, err + } + // enable TCP keepalive + err = util.EnableTCPKeepAlive(conn, time.Duration(opts.TCPKeepAliveSeconds)*time.Second) + if err != nil { + // mgo discards dialer errors so log it now + log.Logvf(log.Always, "error enabling TCP keepalive on connection to %v: %v", address, err) + conn.Close() + return nil, err + } + + tlsConfig, err := c.config.MakeConfig() + if err != nil { + return nil, err + } + + if !tlsConfig.InsecureSkipVerify { + colonPos := strings.LastIndex(address, ":") + if colonPos == -1 { + colonPos = len(address) + } + + hostname := address[:colonPos] + tlsConfig.ServerName = hostname + } + + client := tls.Client(conn, tlsConfig) + err = client.Handshake() + if err != nil { + // mgo discards dialer errors so log it now + log.Logvf(log.Always, "error doing TLS handshake with %v: %v", address, err) + client.Close() + return nil, err + } + + return client, nil + } +} diff --git a/src/mongo/gotools/common/options/options.go b/src/mongo/gotools/common/options/options.go index 1e7cb8c6ca3..71b7b0d21f4 100644 --- a/src/mongo/gotools/common/options/options.go +++ b/src/mongo/gotools/common/options/options.go @@ -4,23 +4,24 @@ package options import ( "fmt" - "github.com/jessevdk/go-flags" - "github.com/mongodb/mongo-tools/common/connstring" - "github.com/mongodb/mongo-tools/common/failpoint" - "github.com/mongodb/mongo-tools/common/log" - "github.com/mongodb/mongo-tools/common/util" "os" "regexp" "runtime" "strconv" "strings" "time" + + "github.com/jessevdk/go-flags" + "github.com/mongodb/mongo-tools/common/connstring" + "github.com/mongodb/mongo-tools/common/failpoint" + "github.com/mongodb/mongo-tools/common/log" + "github.com/mongodb/mongo-tools/common/util" ) // Gitspec that the tool was built with. Needs to be set using -ldflags var ( - VersionStr = "built-without-version-string" - Gitspec = "built-without-git-spec" + VersionStr = "r3.4.14-18-gd0bd6a35" + Gitspec = "d0bd6a3539ed33ae2de254168681e7acbebe74e2" ) var ( @@ -120,7 +121,8 @@ type Connection struct { Host string `short:"h" long:"host" value-name:"<hostname>" description:"mongodb host to connect to (setname/host1,host2 for replica sets)"` Port string `long:"port" value-name:"<port>" description:"server port (can also use --host hostname:port)"` - Timeout int `long:"dialTimeout" default:"3" hidden:"true" description:"dial timeout in seconds"` + Timeout int `long:"dialTimeout" default:"3" hidden:"true" description:"dial timeout in seconds"` + TCPKeepAliveSeconds int `long:"TCPKeepAliveSeconds" default:"30" hidden:"true" description:"seconds between TCP keep alives"` } // Struct holding ssl-related options diff --git a/src/mongo/gotools/common/options/options_openssl.go b/src/mongo/gotools/common/options/options_openssl.go new file mode 100644 index 00000000000..afb18ab8eb2 --- /dev/null +++ b/src/mongo/gotools/common/options/options_openssl.go @@ -0,0 +1,18 @@ +// Copyright (C) MongoDB, Inc. 2014-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + +// +build ssl,!openssl_pre_1.0 + +package options + +import "github.com/10gen/openssl" + +func init() { + versionInfos = append(versionInfos, versionInfo{ + key: "OpenSSL version", + value: openssl.Version, + }) +} diff --git a/src/mongo/gotools/common/options/options_ssl.go b/src/mongo/gotools/common/options/options_ssl.go index 6fcd4da13b3..f9c7f966663 100644 --- a/src/mongo/gotools/common/options/options_ssl.go +++ b/src/mongo/gotools/common/options/options_ssl.go @@ -2,14 +2,8 @@ package options -import "github.com/spacemonkeygo/openssl" - func init() { ConnectionOptFunctions = append(ConnectionOptFunctions, registerSSLOptions) - versionInfos = append(versionInfos, versionInfo{ - key: "OpenSSL version", - value: openssl.Version, - }) } func registerSSLOptions(self *ToolOptions) error { diff --git a/src/mongo/gotools/common/util/net.go b/src/mongo/gotools/common/util/net.go new file mode 100644 index 00000000000..1459d4abf95 --- /dev/null +++ b/src/mongo/gotools/common/util/net.go @@ -0,0 +1,24 @@ +package util + +import ( + "net" + "time" +) + +// EnableTCPKeepAlive enables TCP keepalive on the underlying TCP connection. +func EnableTCPKeepAlive(conn net.Conn, keepAlivePeriod time.Duration) error { + if keepAlivePeriod == 0 { + return nil + } + if tcpconn, ok := conn.(*net.TCPConn); ok { + err := tcpconn.SetKeepAlive(true) + if err != nil { + return err + } + err = tcpconn.SetKeepAlivePeriod(keepAlivePeriod) + if err != nil { + return err + } + } + return nil +} diff --git a/src/mongo/gotools/import.data b/src/mongo/gotools/import.data index f0eee069180..d1d91264483 100644 --- a/src/mongo/gotools/import.data +++ b/src/mongo/gotools/import.data @@ -1,5 +1,5 @@ { - "commit": "4f093ae71cdb4c6a6e9de7cd1dc67ea4405f0013", + "commit": "4c5314b404c2d7aac7ceb50133faa3ac4fc3d2ea", "github": "mongodb/mongo-tools.git", "vendor": "tools", "branch": "v3.4" diff --git a/src/mongo/gotools/mongodump/mongodump.go b/src/mongo/gotools/mongodump/mongodump.go index 30cb0b2a2d3..3bc6342664f 100644 --- a/src/mongo/gotools/mongodump/mongodump.go +++ b/src/mongo/gotools/mongodump/mongodump.go @@ -44,6 +44,7 @@ type MongoDump struct { query bson.M oplogCollection string oplogStart bson.MongoTimestamp + oplogEnd bson.MongoTimestamp isMongos bool authVersion int archive *archive.Writer @@ -358,7 +359,7 @@ func (dump *MongoDump) Dump() (err error) { return fmt.Errorf("error finding oplog: %v", err) } log.Logvf(log.Info, "getting most recent oplog timestamp") - dump.oplogStart, err = dump.getOplogStartTime() + dump.oplogStart, err = dump.getCurrentOplogTime() if err != nil { return fmt.Errorf("error getting oplog start: %v", err) } @@ -390,6 +391,11 @@ func (dump *MongoDump) Dump() (err error) { // we check to see if the oplog has rolled over (i.e. the most recent entry when // we started still exist, so we know we haven't lost data) if dump.OutputOptions.Oplog { + dump.oplogEnd, err = dump.getCurrentOplogTime() + if err != nil { + return fmt.Errorf("error getting oplog end: %v", err) + } + log.Logvf(log.DebugLow, "checking if oplog entry %v still exists", dump.oplogStart) exists, err := dump.checkOplogTimestampExists(dump.oplogStart) if !exists { @@ -402,7 +408,8 @@ func (dump *MongoDump) Dump() (err error) { log.Logvf(log.DebugHigh, "oplog entry %v still exists", dump.oplogStart) log.Logvf(log.Always, "writing captured oplog to %v", dump.manager.Oplog().Location) - err = dump.DumpOplogAfterTimestamp(dump.oplogStart) + + err = dump.DumpOplogBetweenTimestamps(dump.oplogStart, dump.oplogEnd) if err != nil { return fmt.Errorf("error dumping oplog: %v", err) } diff --git a/src/mongo/gotools/mongodump/oplog_dump.go b/src/mongo/gotools/mongodump/oplog_dump.go index b0800ff4318..a4c94d07760 100644 --- a/src/mongo/gotools/mongodump/oplog_dump.go +++ b/src/mongo/gotools/mongodump/oplog_dump.go @@ -34,8 +34,8 @@ func (dump *MongoDump) determineOplogCollectionName() error { } -// getOplogStartTime returns the most recent oplog entry -func (dump *MongoDump) getOplogStartTime() (bson.MongoTimestamp, error) { +// getOplogCurrentTime returns the most recent oplog entry +func (dump *MongoDump) getCurrentOplogTime() (bson.MongoTimestamp, error) { mostRecentOplogEntry := db.Oplog{} err := dump.sessionProvider.FindOne("local", dump.oplogCollection, 0, nil, []string{"-$natural"}, &mostRecentOplogEntry, 0) @@ -65,16 +65,19 @@ func (dump *MongoDump) checkOplogTimestampExists(ts bson.MongoTimestamp) (bool, return true, nil } -// DumpOplogAfterTimestamp takes a timestamp and writer and dumps all oplog entries after -// the given timestamp to the writer. Returns any errors that occur. -func (dump *MongoDump) DumpOplogAfterTimestamp(ts bson.MongoTimestamp) error { +// DumpOplogBetweenTimestamps takes two timestamps and writer and dumps all oplog +// entries between the given timestamp to the writer. Returns any errors that occur. +func (dump *MongoDump) DumpOplogBetweenTimestamps(start, end bson.MongoTimestamp) error { session, err := dump.sessionProvider.GetSession() if err != nil { return err } defer session.Close() session.SetPrefetch(1.0) // mimic exhaust cursor - queryObj := bson.M{"ts": bson.M{"$gt": ts}} + queryObj := bson.M{"$and": []bson.M{ + bson.M{"ts": bson.M{"$gte": start}}, + bson.M{"ts": bson.M{"$lte": end}}, + }} oplogQuery := session.DB("local").C(dump.oplogCollection).Find(queryObj).LogReplay() oplogCount, err := dump.dumpQueryToIntent(oplogQuery, dump.manager.Oplog(), dump.getResettableOutputBuffer()) if err == nil { diff --git a/src/mongo/gotools/mongoreplay/main/mongoreplay.go b/src/mongo/gotools/mongoreplay/main/mongoreplay.go index 5a7fd02c809..cf8e0abee57 100644 --- a/src/mongo/gotools/mongoreplay/main/mongoreplay.go +++ b/src/mongo/gotools/mongoreplay/main/mongoreplay.go @@ -4,7 +4,9 @@ import ( "github.com/jessevdk/go-flags" "github.com/mongodb/mongo-tools/mongoreplay" + "fmt" "os" + "runtime" ) const ( @@ -27,6 +29,11 @@ func main() { os.Exit(ExitOk) } + if runtime.NumCPU() == 1 { + fmt.Fprint(os.Stderr, "mongoreplay must be run with multiple threads") + os.Exit(ExitError) + } + opts := mongoreplay.Options{} var parser = flags.NewParser(&opts, flags.Default) diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/LICENSE b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/LICENSE index 37ec93a14fd..37ec93a14fd 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/LICENSE +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/LICENSE diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/README.md b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md index 6bd3383a0e8..6bd3383a0e8 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/README.md +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/bio.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/bio.go index 8d0da8998eb..8d0da8998eb 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/bio.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/bio.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/build.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/build.go index 0425aa5f368..f71e285639a 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/build.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/build.go @@ -19,6 +19,6 @@ package openssl // #cgo linux pkg-config: openssl // #cgo windows CFLAGS: -DWIN32_LEAN_AND_MEAN // #cgo windows LDFLAGS: -lcrypt32 -// #cgo darwin CFLAGS: -Wno-deprecated-declarations -// #cgo darwin LDFLAGS: -lssl -lcrypto -framework CoreFoundation -framework Foundation -framework Security +// #cgo darwin CFLAGS: -Wno-deprecated-declarations -I/usr/include -I/usr/local/opt/openssl/include +// #cgo darwin LDFLAGS: -L/usr/local/opt/openssl/lib -lssl -lcrypto -framework CoreFoundation -framework Foundation -framework Security import "C" diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert.go index 61637c649fa..61637c649fa 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert_test.go index c32883ba4eb..c32883ba4eb 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert_test.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers.go index 12662707f54..12662707f54 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers.go diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_gcm.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_gcm.go new file mode 100644 index 00000000000..e184c95e5df --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_gcm.go @@ -0,0 +1,154 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !openssl_pre_1.0 + +package openssl + +// #include <openssl/evp.h> +import "C" + +import ( + "errors" + "fmt" +) + +type AuthenticatedEncryptionCipherCtx interface { + EncryptionCipherCtx + + // data passed in to ExtraData() is part of the final output; it is + // not encrypted itself, but is part of the authenticated data. when + // decrypting or authenticating, pass back with the decryption + // context's ExtraData() + ExtraData([]byte) error + + // use after finalizing encryption to get the authenticating tag + GetTag() ([]byte, error) +} + +type AuthenticatedDecryptionCipherCtx interface { + DecryptionCipherCtx + + // pass in any extra data that was added during encryption with the + // encryption context's ExtraData() + ExtraData([]byte) error + + // use before finalizing decryption to tell the library what the + // tag is expected to be + SetTag([]byte) error +} + +type authEncryptionCipherCtx struct { + *encryptionCipherCtx +} + +type authDecryptionCipherCtx struct { + *decryptionCipherCtx +} + +func getGCMCipher(blocksize int) (*Cipher, error) { + var cipherptr *C.EVP_CIPHER + switch blocksize { + case 256: + cipherptr = C.EVP_aes_256_gcm() + case 192: + cipherptr = C.EVP_aes_192_gcm() + case 128: + cipherptr = C.EVP_aes_128_gcm() + default: + return nil, fmt.Errorf("unknown block size %d", blocksize) + } + return &Cipher{ptr: cipherptr}, nil +} + +func NewGCMEncryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) ( + AuthenticatedEncryptionCipherCtx, error) { + cipher, err := getGCMCipher(blocksize) + if err != nil { + return nil, err + } + ctx, err := newEncryptionCipherCtx(cipher, e, key, nil) + if err != nil { + return nil, err + } + if len(iv) > 0 { + err := ctx.setCtrl(C.EVP_CTRL_GCM_SET_IVLEN, len(iv)) + if err != nil { + return nil, fmt.Errorf("could not set IV len to %d: %s", + len(iv), err) + } + if 1 != C.EVP_EncryptInit_ex(ctx.ctx, nil, nil, nil, + (*C.uchar)(&iv[0])) { + return nil, errors.New("failed to apply IV") + } + } + return &authEncryptionCipherCtx{encryptionCipherCtx: ctx}, nil +} + +func NewGCMDecryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) ( + AuthenticatedDecryptionCipherCtx, error) { + cipher, err := getGCMCipher(blocksize) + if err != nil { + return nil, err + } + ctx, err := newDecryptionCipherCtx(cipher, e, key, nil) + if err != nil { + return nil, err + } + if len(iv) > 0 { + err := ctx.setCtrl(C.EVP_CTRL_GCM_SET_IVLEN, len(iv)) + if err != nil { + return nil, fmt.Errorf("could not set IV len to %d: %s", + len(iv), err) + } + if 1 != C.EVP_DecryptInit_ex(ctx.ctx, nil, nil, nil, + (*C.uchar)(&iv[0])) { + return nil, errors.New("failed to apply IV") + } + } + return &authDecryptionCipherCtx{decryptionCipherCtx: ctx}, nil +} + +func (ctx *authEncryptionCipherCtx) ExtraData(aad []byte) error { + if aad == nil { + return nil + } + var outlen C.int + if 1 != C.EVP_EncryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), + C.int(len(aad))) { + return errors.New("failed to add additional authenticated data") + } + return nil +} + +func (ctx *authDecryptionCipherCtx) ExtraData(aad []byte) error { + if aad == nil { + return nil + } + var outlen C.int + if 1 != C.EVP_DecryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), + C.int(len(aad))) { + return errors.New("failed to add additional authenticated data") + } + return nil +} + +func (ctx *authEncryptionCipherCtx) GetTag() ([]byte, error) { + return ctx.getCtrlBytes(C.EVP_CTRL_GCM_GET_TAG, GCM_TAG_MAXLEN, + GCM_TAG_MAXLEN) +} + +func (ctx *authDecryptionCipherCtx) SetTag(tag []byte) error { + return ctx.setCtrlBytes(C.EVP_CTRL_GCM_SET_TAG, len(tag), tag) +} diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go index d1d430b1e15..9f5d27ab1c3 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go @@ -13,6 +13,7 @@ // limitations under the License. // +build !darwin +// +build !openssl_pre_1.0 package openssl diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/conn.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/conn.go index 992033d2a30..f77fb4d61b9 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/conn.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/conn.go @@ -48,7 +48,7 @@ import ( "time" "unsafe" - "github.com/spacemonkeygo/openssl/utils" + "github.com/10gen/openssl/utils" ) var ( diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx.go index 8daa1bbbb1f..8daa1bbbb1f 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx_test.go index 9644e518bf3..9644e518bf3 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx_test.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/dhparam.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dhparam.go index a698645c1ec..a698645c1ec 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/dhparam.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dhparam.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/digest.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/digest.go index 44d4d001b13..44d4d001b13 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/digest.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/digest.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/engine.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/engine.go index 7a175b70f7c..7a175b70f7c 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/engine.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/engine.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/fips.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips.go index cc463f17a18..fcccb000a36 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/fips.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips.go @@ -1,5 +1,5 @@ // +build cgo -// +build -darwin +// +build !darwin package openssl @@ -20,3 +20,10 @@ func FIPSModeSet(mode bool) error { } return nil } + +func FIPSMode() bool { + if C.FIPS_mode() == 0 { + return false + } + return true +} diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go new file mode 100644 index 00000000000..63d353b4a41 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go @@ -0,0 +1,33 @@ +// +build !darwin + +package openssl_test + +import ( + "testing" + + "github.com/10gen/openssl" +) + +func TestSetFIPSMode(t *testing.T) { + if openssl.FIPSMode() { + t.Fatal("Expected FIPS mode to be disabled, but was enabled") + } + + err := openssl.FIPSModeSet(true) + if err != nil { + t.Fatal(err) + } + + if !openssl.FIPSMode() { + t.Fatal("Expected FIPS mode to be enabled, but was disabled") + } + + err = openssl.FIPSModeSet(false) + if err != nil { + t.Fatal(err) + } + + if openssl.FIPSMode() { + t.Fatal("Expected FIPS mode to be disabled, but was enabled") + } +} diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.c index 9a610292067..9a610292067 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.c diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.go index c1d1202fb65..c1d1202fb65 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/http.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/http.go index e3be32c264a..e3be32c264a 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/http.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/http.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go index 314e5415c18..314e5415c18 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_posix.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go index 99558298e3a..99558298e3a 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_posix.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_windows.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go index ec817926b7a..ec817926b7a 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_windows.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key.go index cc17f5fcf7d..cc17f5fcf7d 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_test.go index 0af90128530..0af90128530 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_test.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/mapping.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/mapping.go index 066aba6b5db..066aba6b5db 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/mapping.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/mapping.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/net.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/net.go index 0d9d72b0e00..7120d065d15 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/net.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/net.go @@ -80,6 +80,27 @@ func Dial(network, addr string, ctx *Ctx, flags DialFlags) (*Conn, error) { return DialSession(network, addr, ctx, flags, nil) } +// DialWithDialer will connect to network/address using the provided dialer and +// then wrap the corresponding underlying connection with an OpenSSL client +// connection using context ctx. If flags includes InsecureSkipHostVerification, +// the server certificate's hostname will not be checked to match the hostname +// in addr. Otherwise, flags should be 0. +// +// Dial probably won't work for you unless you set a verify location or add +// some certs to the certificate store of the client context you're using. +// This library is not nice enough to use the system certificate store by +// default for you yet. +func DialWithDialer(dialer *net.Dialer, network, addr string, ctx *Ctx, flags DialFlags) (*Conn, error) { + return dialSessionWithDialer( + dialer, + network, + addr, + ctx, + flags, + nil, + ) +} + // DialSession will connect to network/address and then wrap the corresponding // underlying connection with an OpenSSL client connection using context ctx. // If flags includes InsecureSkipHostVerification, the server certificate's @@ -95,6 +116,18 @@ func Dial(network, addr string, ctx *Ctx, flags DialFlags) (*Conn, error) { // can be retrieved from the GetSession method on the Conn. func DialSession(network, addr string, ctx *Ctx, flags DialFlags, session []byte) (*Conn, error) { + return dialSessionWithDialer( + new(net.Dialer), + network, + addr, + ctx, + flags, + session, + ) +} + +func dialSessionWithDialer(dialer *net.Dialer, network, addr string, ctx *Ctx, flags DialFlags, + session []byte) (*Conn, error) { host, _, err := net.SplitHostPort(addr) if err != nil { @@ -108,7 +141,7 @@ func DialSession(network, addr string, ctx *Ctx, flags DialFlags, } // TODO: use operating system default certificate chain? } - c, err := net.Dial(network, addr) + c, err := dialer.Dial(network, addr) if err != nil { return nil, err } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/nid.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/nid.go index c80f237b605..c80f237b605 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/nid.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/nid.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/oracle_stubs.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/oracle_stubs.go index 30492f3b9d8..30492f3b9d8 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/oracle_stubs.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/oracle_stubs.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/password.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/password.c index db9582ca726..db9582ca726 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/password.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/password.c diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/pem.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/pem.go index 6dad5972dbd..6dad5972dbd 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/pem.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/pem.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1.go index 2592b6627d1..2592b6627d1 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1_test.go index 37037e4468b..37037e4468b 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1_test.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256.go index 6785b32f881..6785b32f881 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256_test.go index 89df88afd44..89df88afd44 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256_test.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni.c index 5398da869b8..5398da869b8 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni.c diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni_test.go index ee3b1a8bbaf..ee3b1a8bbaf 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni_test.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl.go index 3cc630601d3..3cc630601d3 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl_test.go index f83225dec97..0c088c2eed0 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl_test.go @@ -25,7 +25,7 @@ import ( "testing" "time" - "github.com/spacemonkeygo/openssl/utils" + "github.com/10gen/openssl/utils" ) var ( diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.c index 056f524aa1e..056f524aa1e 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.c diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.go index 9751622f837..9751622f837 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/tickets.c index 894c2676038..894c2676038 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/tickets.c diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/tickets.go index 23dc3e08305..23dc3e08305 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/tickets.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/errors.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/errors.go index bab314c95d7..bab314c95d7 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/errors.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/errors.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/future.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/future.go index fa1bbbfb861..fa1bbbfb861 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/future.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/future.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/verify.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/verify.c index d55866c4cf0..d55866c4cf0 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/verify.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/verify.c diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/version.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go index 8f3d392cde8..8f3d392cde8 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/version.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go |