Revert "SERVER-52648 Refactor kms_aws.cpp into kms_aws.cpp and kms_network.cpp"

This reverts commit a089a4fc13a0395f2d1bb3c71460ac74adb8029d.

4 files changed, 104 insertions, 187 deletions

diff --git a/src/mongo/shell/SConscript b/src/mongo/shell/SConscript
index 1c457eebeed..eb3c7a1631d 100644
--- a/src/mongo/shell/SConscript
+++ b/src/mongo/shell/SConscript
@@ -150,7 +150,6 @@ if get_option('ssl') == 'on':
             "kms.cpp",
             "kms_aws.cpp",
             "kms_local.cpp",
-            "kms_network.cpp",
             "kms.idl",
         ],
         LIBDEPS=[
diff --git a/src/mongo/shell/kms_aws.cpp b/src/mongo/shell/kms_aws.cpp
index 26dddaa37be..9fb3ded3280 100644
--- a/src/mongo/shell/kms_aws.cpp
+++ b/src/mongo/shell/kms_aws.cpp
@@ -38,12 +38,13 @@
 #include "mongo/base/secure_allocator.h"
 #include "mongo/base/status_with.h"
 #include "mongo/bson/json.h"
+#include "mongo/db/commands/test_commands_enabled.h"
 #include "mongo/shell/kms.h"
 #include "mongo/shell/kms_gen.h"
-#include "mongo/shell/kms_network.h"
 #include "mongo/util/base64.h"
 #include "mongo/util/kms_message_support.h"
 #include "mongo/util/net/hostandport.h"
+#include "mongo/util/net/sock.h"
 #include "mongo/util/net/ssl_manager.h"
 #include "mongo/util/net/ssl_options.h"
 #include "mongo/util/text.h"
@@ -53,6 +54,31 @@ namespace mongo {
 namespace {
 
 /**
+ * Make a request to a AWS HTTP endpoint.
+ *
+ * Does not maintain a persistent HTTP connection.
+ */
+class AWSConnection {
+public:
+    AWSConnection(SSLManagerInterface* ssl)
+        : _sslManager(ssl), _socket(std::make_unique<Socket>(10, logv2::LogSeverity::Info())) {}
+
+    UniqueKmsResponse makeOneRequest(const HostAndPort& host, ConstDataRange request);
+
+private:
+    UniqueKmsResponse sendRequest(ConstDataRange request);
+
+    void connect(const HostAndPort& host);
+
+private:
+    // SSL Manager for connections
+    SSLManagerInterface* _sslManager;
+
+    // Synchronous socket
+    std::unique_ptr<Socket> _socket;
+};
+
+/**
  * AWS configuration settings
  */
 struct AWSConfig {
@@ -181,7 +207,7 @@ std::vector<uint8_t> AWSKMSService::encrypt(ConstDataRange cdr, StringData kmsKe
     auto buffer = UniqueKmsCharBuffer(kms_request_get_signed(request.get()));
     auto buffer_len = strlen(buffer.get());
 
-    KMSNetworkConnection connection(_sslManager.get());
+    AWSConnection connection(_sslManager.get());
     auto response = connection.makeOneRequest(_server, ConstDataRange(buffer.get(), buffer_len));
 
     auto body = kms_response_get_body(response.get(), nullptr);
@@ -242,7 +268,7 @@ SecureVector<uint8_t> AWSKMSService::decrypt(ConstDataRange cdr, BSONObj masterK
 
     auto buffer = UniqueKmsCharBuffer(kms_request_get_signed(request.get()));
     auto buffer_len = strlen(buffer.get());
-    KMSNetworkConnection connection(_sslManager.get());
+    AWSConnection connection(_sslManager.get());
     auto response = connection.makeOneRequest(_server, ConstDataRange(buffer.get(), buffer_len));
 
     auto body = kms_response_get_body(response.get(), nullptr);
@@ -273,6 +299,64 @@ SecureVector<uint8_t> AWSKMSService::decrypt(ConstDataRange cdr, BSONObj masterK
     return toSecureVector(blobStr);
 }
 
+void AWSConnection::connect(const HostAndPort& host) {
+    SockAddr server(host.host().c_str(), host.port(), AF_UNSPEC);
+
+    uassert(51136,
+            str::stream() << "AWS KMS server address " << host.host() << " is invalid.",
+            server.isValid());
+
+    int attempt = 0;
+    bool connected = false;
+    while ((connected == false) && (attempt < 20)) {
+        connected = _socket->connect(server);
+        attempt++;
+    }
+    uassert(51137,
+            str::stream() << "Could not connect to AWS KMS server " << server.toString(),
+            connected);
+
+    uassert(51138,
+            str::stream() << "Failed to perform SSL handshake with the AWS KMS server "
+                          << host.toString(),
+            _socket->secure(_sslManager, host.host()));
+}
+
+// Sends a request message to the AWS KMS server and creates a KMS Response.
+UniqueKmsResponse AWSConnection::sendRequest(ConstDataRange request) {
+    std::array<char, 512> resp;
+
+    _socket->send(
+        reinterpret_cast<const char*>(request.data()), request.length(), "AWS KMS request");
+
+    auto parser = UniqueKmsResponseParser(kms_response_parser_new());
+    int bytes_to_read = 0;
+
+    while ((bytes_to_read = kms_response_parser_wants_bytes(parser.get(), resp.size())) > 0) {
+        bytes_to_read = std::min(bytes_to_read, static_cast<int>(resp.size()));
+        bytes_to_read = _socket->unsafe_recv(resp.data(), bytes_to_read);
+
+        uassert(51139,
+                "kms_response_parser_feed failed",
+                kms_response_parser_feed(
+                    parser.get(), reinterpret_cast<uint8_t*>(resp.data()), bytes_to_read));
+    }
+
+    auto response = UniqueKmsResponse(kms_response_parser_get_response(parser.get()));
+
+    return response;
+}
+
+UniqueKmsResponse AWSConnection::makeOneRequest(const HostAndPort& host, ConstDataRange request) {
+    connect(host);
+
+    auto resp = sendRequest(request);
+
+    _socket->close();
+
+    return resp;
+}
+
 boost::optional<std::string> toString(boost::optional<StringData> str) {
     if (str) {
         return {str.get().toString()};
@@ -284,7 +368,23 @@ std::unique_ptr<KMSService> AWSKMSService::create(const AwsKMS& config) {
     auto awsKMS = std::make_unique<AWSKMSService>();
 
     SSLParams params;
-    getSSLParamsForNetworkKMS(&params);
+    params.sslPEMKeyFile = "";
+    params.sslPEMKeyPassword = "";
+    params.sslClusterFile = "";
+    params.sslClusterPassword = "";
+    params.sslCAFile = "";
+
+    params.sslCRLFile = "";
+
+    // Copy the rest from the global SSL manager options.
+    params.sslFIPSMode = sslGlobalParams.sslFIPSMode;
+
+    // KMS servers never should have invalid certificates
+    params.sslAllowInvalidCertificates = false;
+    params.sslAllowInvalidHostnames = false;
+
+    params.sslDisabledProtocols =
+        std::vector({SSLParams::Protocols::TLS1_0, SSLParams::Protocols::TLS1_1});
 
     // Leave the CA file empty so we default to system CA but for local testing allow it to inherit
     // the CA file.
diff --git a/src/mongo/shell/kms_network.cpp b/src/mongo/shell/kms_network.cpp
deleted file mode 100644
index 9dba4d4bb92..00000000000
--- a/src/mongo/shell/kms_network.cpp
+++ /dev/null
@@ -1,114 +0,0 @@
-/**
- *    Copyright (C) 2020-present MongoDB, Inc.
- *
- *    This program is free software: you can redistribute it and/or modify
- *    it under the terms of the Server Side Public License, version 1,
- *    as published by MongoDB, Inc.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    Server Side Public License for more details.
- *
- *    You should have received a copy of the Server Side Public License
- *    along with this program. If not, see
- *    <http://www.mongodb.com/licensing/server-side-public-license>.
- *
- *    As a special exception, the copyright holders give permission to link the
- *    code of portions of this program with the OpenSSL library under certain
- *    conditions as described in each individual source file and distribute
- *    linked combinations including the program with the OpenSSL library. You
- *    must comply with the Server Side Public License in all respects for
- *    all of the code used other than as permitted herein. If you modify file(s)
- *    with this exception, you may extend this exception to your version of the
- *    file(s), but you are not obligated to do so. If you do not wish to do so,
- *    delete this exception statement from your version. If you delete this
- *    exception statement from all source files in the program, then also delete
- *    it in the license file.
- */
-
-#define MONGO_LOGV2_DEFAULT_COMPONENT ::mongo::logv2::LogComponent::kControl
-
-#include "mongo/shell/kms_network.h"
-
-namespace mongo {
-
-void KMSNetworkConnection::connect(const HostAndPort& host) {
-    SockAddr server(host.host().c_str(), host.port(), AF_UNSPEC);
-
-    uassert(51136,
-            str::stream() << "KMS server address " << host.host() << " is invalid.",
-            server.isValid());
-
-    int attempt = 0;
-    bool connected = false;
-    while (!connected && attempt < 20) {
-        connected = _socket->connect(server);
-        attempt++;
-    }
-    uassert(
-        51137, str::stream() << "Could not connect to KMS server " << server.toString(), connected);
-
-    uassert(51138,
-            str::stream() << "Failed to perform SSL handshake with the KMS server "
-                          << host.toString(),
-            _socket->secure(_sslManager, host.host()));
-}
-
-// Sends a request message to the KMS server and creates a KMS Response.
-UniqueKmsResponse KMSNetworkConnection::sendRequest(ConstDataRange request) {
-    std::array<char, 512> resp;
-
-    _socket->send(reinterpret_cast<const char*>(request.data()), request.length(), "KMS request");
-
-    auto parser = UniqueKmsResponseParser(kms_response_parser_new());
-    int bytes_to_read = 0;
-
-    while ((bytes_to_read = kms_response_parser_wants_bytes(parser.get(), resp.size())) > 0) {
-        bytes_to_read = std::min(bytes_to_read, static_cast<int>(resp.size()));
-        bytes_to_read = _socket->unsafe_recv(resp.data(), bytes_to_read);
-
-        uassert(51139,
-                "kms_response_parser_feed failed",
-                kms_response_parser_feed(
-                    parser.get(), reinterpret_cast<uint8_t*>(resp.data()), bytes_to_read));
-    }
-
-    auto response = UniqueKmsResponse(kms_response_parser_get_response(parser.get()));
-
-    return response;
-}
-
-UniqueKmsResponse KMSNetworkConnection::makeOneRequest(const HostAndPort& host,
-                                                       ConstDataRange request) {
-    connect(host);
-
-    auto resp = sendRequest(request);
-
-    _socket->close();
-
-    return resp;
-}
-
-void getSSLParamsForNetworkKMS(SSLParams* params) {
-    params->sslPEMKeyFile = "";
-    params->sslPEMKeyPassword = "";
-    params->sslClusterFile = "";
-    params->sslClusterPassword = "";
-    params->sslCAFile = "";
-
-    params->sslCRLFile = "";
-
-    // Copy the rest from the global SSL manager options.
-    params->sslFIPSMode = sslGlobalParams.sslFIPSMode;
-
-    // KMS servers never should have invalid certificates
-    params->sslAllowInvalidCertificates = false;
-    params->sslAllowInvalidHostnames = false;
-
-    params->sslDisabledProtocols =
-        std::vector({SSLParams::Protocols::TLS1_0, SSLParams::Protocols::TLS1_1});
-}
-
-
-}  // namespace mongo
\ No newline at end of file
diff --git a/src/mongo/shell/kms_network.h b/src/mongo/shell/kms_network.h
deleted file mode 100644
index 43e08fc9789..00000000000
--- a/src/mongo/shell/kms_network.h
+++ /dev/null
@@ -1,68 +0,0 @@
-/**
- *    Copyright (C) 2020-present MongoDB, Inc.
- *
- *    This program is free software: you can redistribute it and/or modify
- *    it under the terms of the Server Side Public License, version 1,
- *    as published by MongoDB, Inc.
- *
- *    This program is distributed in the hope that it will be useful,
- *    but WITHOUT ANY WARRANTY; without even the implied warranty of
- *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *    Server Side Public License for more details.
- *
- *    You should have received a copy of the Server Side Public License
- *    along with this program. If not, see
- *    <http://www.mongodb.com/licensing/server-side-public-license>.
- *
- *    As a special exception, the copyright holders give permission to link the
- *    code of portions of this program with the OpenSSL library under certain
- *    conditions as described in each individual source file and distribute
- *    linked combinations including the program with the OpenSSL library. You
- *    must comply with the Server Side Public License in all respects for
- *    all of the code used other than as permitted herein. If you modify file(s)
- *    with this exception, you may extend this exception to your version of the
- *    file(s), but you are not obligated to do so. If you do not wish to do so,
- *    delete this exception statement from your version. If you delete this
- *    exception statement from all source files in the program, then also delete
- *    it in the license file.
- */
-
-#include "mongo/util/kms_message_support.h"
-#include "mongo/util/net/hostandport.h"
-#include "mongo/util/net/sock.h"
-#include "mongo/util/net/ssl_manager.h"
-#include "mongo/util/net/ssl_options.h"
-
-namespace mongo {
-
-/**
- * Make a request to an HTTP endpoint.
- *
- * Does not maintain a persistent HTTP connection.
- */
-class KMSNetworkConnection {
-public:
-    KMSNetworkConnection(SSLManagerInterface* ssl)
-        : _sslManager(ssl), _socket(std::make_unique<Socket>(10, logv2::LogSeverity::Info())) {}
-
-    UniqueKmsResponse makeOneRequest(const HostAndPort& host, ConstDataRange request);
-
-private:
-    UniqueKmsResponse sendRequest(ConstDataRange request);
-
-    void connect(const HostAndPort& host);
-
-private:
-    // SSL Manager for connections
-    SSLManagerInterface* _sslManager;
-
-    // Synchronous socket
-    std::unique_ptr<Socket> _socket;
-};
-
-/**
- * Creates an initial SSLParams object for KMS over the network.
- */
-void getSSLParamsForNetworkKMS(SSLParams*);
-
-}  // namespace mongo