From b5e7e303d7d622813db43b99bc935b9e78a769ff Mon Sep 17 00:00:00 2001 From: Alena Khineika Date: Fri, 9 Aug 2024 12:17:35 +0200 Subject: [PATCH] feat: enable tlsUseSystemCA by default MONGOSH-1852 (#2119) * feat: enable tlsUseSystemCA by default MONGOSH-1852 * fix: make ssh2 external * Update config/webpack.base.config.js Co-authored-by: Anna Henningsen * Update config/webpack.base.config.js Co-authored-by: Anna Henningsen * fix: webpack * fix: WebAssembly * chore: bump devtools-connect * refactor: remove noDeprecation true * test: change name * fixup: bump devtools-connect to 3.2.2, fix snapshot support test * fixup: bump system-ca + macos/win certificate store addons * fixup: bump macos-export-certificate-and-key again * fixup: bump macos-export-certificate-and-key again for CodeQL ... * fixup: apply lazy-webpack-modules check with slashes after path normalization * fixup: un-.only() ... --------- Co-authored-by: Anna Henningsen Co-authored-by: Anna Henningsen --- README.md | 3 +- config/webpack.base.config.js | 7 +- package-lock.json | 354 ++++++++++++++---- packages/arg-parser/package.json | 2 +- packages/arg-parser/src/arg-mapper.ts | 1 - packages/arg-parser/src/cli-options.ts | 1 - packages/cli-repl/README.md | 1 - packages/cli-repl/package.json | 4 +- packages/cli-repl/src/constants.ts | 3 - packages/cli-repl/src/run.ts | 2 +- .../src/tls-certificate-selector.spec.ts | 63 ++-- .../cli-repl/src/tls-certificate-selector.ts | 16 +- packages/cli-repl/webpack.config.js | 6 + packages/e2e-tests/test/e2e-oidc.spec.ts | 23 +- packages/e2e-tests/test/e2e-snapshot.spec.ts | 14 +- packages/e2e-tests/test/e2e-tls.spec.ts | 3 - packages/i18n/src/locales/en_US.ts | 1 - packages/logging/package.json | 2 +- packages/mongosh/README.md | 1 - .../node-runtime-worker-thread/package.json | 2 +- packages/service-provider-server/package.json | 2 +- .../src/cli-service-provider.ts | 3 +- packages/shell-api/src/mongo.ts | 2 +- packages/types/package.json | 2 +- 24 files changed, 384 insertions(+), 134 deletions(-) diff --git a/README.md b/README.md index 80b81b10f..bf01daf1c 100644 --- a/README.md +++ b/README.md @@ -67,7 +67,6 @@ variable. For detailed instructions for each of our supported platforms, please --tlsCertificateSelector [arg] TLS Certificate in system store (Windows and macOS only) --tlsCRLFile [arg] Specifies the .pem file that contains the Certificate Revocation List --tlsDisabledProtocols [arg] Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2] - --tlsUseSystemCA Load the operating system trusted certificate list --tlsFIPSMode Enable the system TLS library's FIPS mode API version options: @@ -123,7 +122,7 @@ variable. For detailed instructions for each of our supported platforms, please ### Requirements -- Node.js v16.x +- Node.js v20.x ### Install diff --git a/config/webpack.base.config.js b/config/webpack.base.config.js index 90058c95f..d1220ec0f 100644 --- a/config/webpack.base.config.js +++ b/config/webpack.base.config.js @@ -22,12 +22,15 @@ module.exports = { // only provide features that Node.js also provides out of the box. browserslist: path.resolve(__dirname, '..', 'scripts', 'dummy-browserslist.js'), tr46: path.resolve(__dirname, '..', 'scripts', 'tr46-stub.js'), + // Optional native-addon dependencies of ssh2 + 'cpu-features': false, + './crypto/build/Release/sshcrypto.node': false, } }, externals: { - "node:crypto": "commonjs2 crypto", - electron: "commonjs2 electron" // optional dep of the OIDC plugin + 'node:crypto': 'commonjs2 crypto', + electron: 'commonjs2 electron', // Optional dep of the OIDC plugin }, optimization: { diff --git a/package-lock.json b/package-lock.json index 0b58b314e..d06aa1013 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6544,15 +6544,16 @@ } }, "node_modules/@mongodb-js/devtools-connect": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/@mongodb-js/devtools-connect/-/devtools-connect-3.0.5.tgz", - "integrity": "sha512-L9GKPo119VpTt7K4DA99T9D+lpZTQNfUdKTLSgHCtoJa81bHu/bOneSlDA23dfT2ET3GNVNICWzNwOn2sXEA1Q==", + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/@mongodb-js/devtools-connect/-/devtools-connect-3.2.2.tgz", + "integrity": "sha512-0d/9hiNnVxFjgu0HtbUSMOem/hMtpj7aKj/QN3UsABGJ8jBxMXzE90jNP6JOJ+Nt5dmlCX2iTMvtJiBIWOtCZA==", + "license": "Apache-2.0", "dependencies": { + "@mongodb-js/devtools-proxy-support": "^0.3.2", "@mongodb-js/oidc-http-server-pages": "1.1.2", "lodash.merge": "^4.6.2", "mongodb-connection-string-url": "^3.0.0", - "socks": "^2.7.3", - "system-ca": "^2.0.0" + "socks": "^2.7.3" }, "optionalDependencies": { "kerberos": "^2.1.0", @@ -6561,7 +6562,7 @@ "resolve-mongodb-srv": "^1.1.1" }, "peerDependencies": { - "@mongodb-js/oidc-plugin": "^1.0.0", + "@mongodb-js/oidc-plugin": "^1.1.0", "mongodb": "^6.8.0", "mongodb-log-writer": "^1.4.2" } @@ -6574,6 +6575,112 @@ "node": ">= 12" } }, + "node_modules/@mongodb-js/devtools-proxy-support": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@mongodb-js/devtools-proxy-support/-/devtools-proxy-support-0.3.2.tgz", + "integrity": "sha512-qMSe/5XVEK3xXtMhtv+InIRuanH5nDdDo8yD3gFvsw5pRhI9qM5m06imfgx9X1woAFdntIUNy72lGNi2glbOaA==", + "license": "Apache-2.0", + "dependencies": { + "@mongodb-js/socksv5": "^0.0.10", + "agent-base": "^7.1.1", + "http-proxy-agent": "^7.0.2", + "https-proxy-agent": "^7.0.5", + "lru-cache": "^11.0.0", + "node-fetch": "^3.3.2", + "pac-proxy-agent": "7.0.2", + "socks-proxy-agent": "^8.0.4", + "ssh2": "^1.15.0", + "system-ca": "^2.0.0" + } + }, + "node_modules/@mongodb-js/devtools-proxy-support/node_modules/agent-base": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz", + "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==", + "license": "MIT", + "dependencies": { + "debug": "^4.3.4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/@mongodb-js/devtools-proxy-support/node_modules/data-uri-to-buffer": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz", + "integrity": "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==", + "license": "MIT", + "engines": { + "node": ">= 12" + } + }, + "node_modules/@mongodb-js/devtools-proxy-support/node_modules/http-proxy-agent": { + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", + "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", + "license": "MIT", + "dependencies": { + "agent-base": "^7.1.0", + "debug": "^4.3.4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/@mongodb-js/devtools-proxy-support/node_modules/https-proxy-agent": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz", + "integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==", + "license": "MIT", + "dependencies": { + "agent-base": "^7.0.2", + "debug": "4" + }, + "engines": { + "node": ">= 14" + } + }, + "node_modules/@mongodb-js/devtools-proxy-support/node_modules/lru-cache": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.0.0.tgz", + "integrity": "sha512-Qv32eSV1RSCfhY3fpPE2GNZ8jgM9X7rdAfemLWqTUxwiyIC4jJ6Sy0fZ8H+oLWevO6i4/bizg7c8d8i6bxrzbA==", + "license": "ISC", + "engines": { + "node": "20 || >=22" + } + }, + "node_modules/@mongodb-js/devtools-proxy-support/node_modules/node-fetch": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz", + "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==", + "license": "MIT", + "dependencies": { + "data-uri-to-buffer": "^4.0.0", + "fetch-blob": "^3.1.4", + "formdata-polyfill": "^4.0.10" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/node-fetch" + } + }, + "node_modules/@mongodb-js/devtools-proxy-support/node_modules/socks-proxy-agent": { + "version": "8.0.4", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.4.tgz", + "integrity": "sha512-GNAq/eg8Udq2x0eNiFkr9gRg5bA7PXEWagQdeRX4cPSG+X/8V38v637gim9bjFptMk1QWsCTr0ttrJEiXbNnRw==", + "license": "MIT", + "dependencies": { + "agent-base": "^7.1.1", + "debug": "^4.3.4", + "socks": "^2.8.3" + }, + "engines": { + "node": ">= 14" + } + }, "node_modules/@mongodb-js/dl-center": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/@mongodb-js/dl-center/-/dl-center-1.1.1.tgz", @@ -7025,6 +7132,18 @@ "ssh2": "^1.15.0" } }, + "node_modules/@mongodb-js/socksv5": { + "version": "0.0.10", + "resolved": "https://registry.npmjs.org/@mongodb-js/socksv5/-/socksv5-0.0.10.tgz", + "integrity": "sha512-JDz2fLKsjMiSNUxKrCpGptsgu7DzsXfu4gnUQ3RhUaBS1d4YbLrt6HejpckAiHIAa+niBpZAeiUsoop0IihWsw==", + "license": "MIT", + "dependencies": { + "ip-address": "^9.0.5" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/@mongodb-js/tsconfig-mongosh": { "resolved": "configs/tsconfig-mongosh", "link": true @@ -21944,10 +22063,11 @@ } }, "node_modules/macos-export-certificate-and-key": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/macos-export-certificate-and-key/-/macos-export-certificate-and-key-1.1.2.tgz", - "integrity": "sha512-kd4ba3kVKZXy46p4tg3X19dmwaXjtz0La5It6Rt6PbtwP+YcQ0F7ab8MjcSHOvz9NSXmAU15qQG53OlBDAPDzQ==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/macos-export-certificate-and-key/-/macos-export-certificate-and-key-1.2.2.tgz", + "integrity": "sha512-+LwU/wG3wawI3yZ/CMf9C6jSSugJ823EuNJeV8J+FTbmYDJ8G3sF9Fha/0BLEbRZU28+oVvBD3a4mYxLQzDvLA==", "hasInstallScript": true, + "license": "Apache-2.0", "optional": true, "os": [ "darwin" @@ -24706,18 +24826,19 @@ } }, "node_modules/pac-proxy-agent": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/pac-proxy-agent/-/pac-proxy-agent-7.0.1.tgz", - "integrity": "sha512-ASV8yU4LLKBAjqIPMbrgtaKIvxQri/yh2OpI+S6hVa9JRkUI3Y3NPFbfngDtY7oFtSMD3w31Xns89mDa3Feo5A==", + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/pac-proxy-agent/-/pac-proxy-agent-7.0.2.tgz", + "integrity": "sha512-BFi3vZnO9X5Qt6NRz7ZOaPja3ic0PhlsmCRYLOpN11+mWBCR6XJDqW5RF3j8jm4WGGQZtBA+bTfxYzeKW73eHg==", + "license": "MIT", "dependencies": { "@tootallnate/quickjs-emscripten": "^0.23.0", "agent-base": "^7.0.2", "debug": "^4.3.4", "get-uri": "^6.0.1", "http-proxy-agent": "^7.0.0", - "https-proxy-agent": "^7.0.2", - "pac-resolver": "^7.0.0", - "socks-proxy-agent": "^8.0.2" + "https-proxy-agent": "^7.0.5", + "pac-resolver": "^7.0.1", + "socks-proxy-agent": "^8.0.4" }, "engines": { "node": ">= 14" @@ -24747,9 +24868,10 @@ } }, "node_modules/pac-proxy-agent/node_modules/https-proxy-agent": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.4.tgz", - "integrity": "sha512-wlwpilI7YdjSkWaQ/7omYBMTliDcmCN8OLihO6I9B86g06lMyAoqgoDpV0XqoaPOKj+0DIdAvnsWfyAAhmimcg==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz", + "integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==", + "license": "MIT", "dependencies": { "agent-base": "^7.0.2", "debug": "4" @@ -24759,13 +24881,14 @@ } }, "node_modules/pac-proxy-agent/node_modules/socks-proxy-agent": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.3.tgz", - "integrity": "sha512-VNegTZKhuGq5vSD6XNKlbqWhyt/40CgoEw8XxD6dhnm8Jq9IEa3nIa4HwnM8XOqU0CdB0BwWVXusqiFXfHB3+A==", + "version": "8.0.4", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.4.tgz", + "integrity": "sha512-GNAq/eg8Udq2x0eNiFkr9gRg5bA7PXEWagQdeRX4cPSG+X/8V38v637gim9bjFptMk1QWsCTr0ttrJEiXbNnRw==", + "license": "MIT", "dependencies": { "agent-base": "^7.1.1", "debug": "^4.3.4", - "socks": "^2.7.1" + "socks": "^2.8.3" }, "engines": { "node": ">= 14" @@ -28575,12 +28698,13 @@ } }, "node_modules/system-ca": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/system-ca/-/system-ca-2.0.0.tgz", - "integrity": "sha512-eEWsCZHEyXdRPPMO680gLUhb9x8RK7YlXvv+I0zCvmGg9zf9OCchJxDf5NHqGPwAzLDEFpLXL5qv9KEU62N4Nw==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/system-ca/-/system-ca-2.0.1.tgz", + "integrity": "sha512-9ZDV9yl8ph6Op67wDGPr4LykX86usE9x3le+XZSHfVMiiVJ5IRgmCWjLgxyz35ju9H3GDIJJZm4ogAeIfN5cQQ==", + "license": "Apache-2.0", "optionalDependencies": { - "macos-export-certificate-and-key": "^1.1.1", - "win-export-certificate-and-key": "^2.0.0" + "macos-export-certificate-and-key": "^1.2.0", + "win-export-certificate-and-key": "^2.1.0" } }, "node_modules/tabbable": { @@ -30439,10 +30563,11 @@ "dev": true }, "node_modules/win-export-certificate-and-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/win-export-certificate-and-key/-/win-export-certificate-and-key-2.0.1.tgz", - "integrity": "sha512-GsPUuIn95CepWgfiaqyIBWlj1uzr0LMfWIHBESSa+f84Zll9SjIX7Jj0+xNs/FlhH5zEkPO6k+SRQX1dfv3zPg==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/win-export-certificate-and-key/-/win-export-certificate-and-key-2.1.0.tgz", + "integrity": "sha512-WeMLa/2uNZcS/HWGKU2G1Gzeh3vHpV/UFvwLhJLKxPHYFAbubxxVcJbqmPXaqySWK1Ymymh16zKK5WYIJ3zgzA==", "hasInstallScript": true, + "license": "Apache-2.0", "optional": true, "os": [ "win32" @@ -30878,7 +31003,7 @@ "mongodb-connection-string-url": "^3.0.1" }, "devDependencies": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", "@mongodb-js/tsconfig-mongosh": "^1.0.0", @@ -31271,9 +31396,9 @@ "optionalDependencies": { "get-console-process-list": "^1.0.5", "glibc-version": "^1.0.0", - "macos-export-certificate-and-key": "^1.1.2", + "macos-export-certificate-and-key": "^1.2.2", "mongodb-crypt-library-version": "^1.0.5", - "win-export-certificate-and-key": "^2.0.1" + "win-export-certificate-and-key": "^2.1.0" } }, "packages/cli-repl/node_modules/argparse": { @@ -31625,7 +31750,7 @@ "version": "0.0.0-dev.0", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/history": "0.0.0-dev.0", "@mongosh/types": "0.0.0-dev.0", @@ -31663,7 +31788,7 @@ "license": "Apache-2.0", "dependencies": { "interruptor": "^1.0.1", - "system-ca": "^2.0.0" + "system-ca": "^2.0.1" }, "devDependencies": { "@mongodb-js/eslint-config-mongosh": "^1.0.0", @@ -31717,7 +31842,7 @@ "version": "0.0.0-dev.0", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongodb-js/oidc-plugin": "^1.1.1", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/service-provider-core": "0.0.0-dev.0", @@ -31830,7 +31955,7 @@ "version": "0.0.0-dev.0", "license": "Apache-2.0", "dependencies": { - "@mongodb-js/devtools-connect": "^3.0.5" + "@mongodb-js/devtools-connect": "^3.2.2" }, "devDependencies": { "@mongodb-js/eslint-config-mongosh": "^1.0.0", @@ -36996,10 +37121,11 @@ } }, "@mongodb-js/devtools-connect": { - "version": "3.0.5", - "resolved": "https://registry.npmjs.org/@mongodb-js/devtools-connect/-/devtools-connect-3.0.5.tgz", - "integrity": "sha512-L9GKPo119VpTt7K4DA99T9D+lpZTQNfUdKTLSgHCtoJa81bHu/bOneSlDA23dfT2ET3GNVNICWzNwOn2sXEA1Q==", + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/@mongodb-js/devtools-connect/-/devtools-connect-3.2.2.tgz", + "integrity": "sha512-0d/9hiNnVxFjgu0HtbUSMOem/hMtpj7aKj/QN3UsABGJ8jBxMXzE90jNP6JOJ+Nt5dmlCX2iTMvtJiBIWOtCZA==", "requires": { + "@mongodb-js/devtools-proxy-support": "^0.3.2", "@mongodb-js/oidc-http-server-pages": "1.1.2", "kerberos": "^2.1.0", "lodash.merge": "^4.6.2", @@ -37007,8 +37133,7 @@ "mongodb-connection-string-url": "^3.0.0", "os-dns-native": "^1.2.0", "resolve-mongodb-srv": "^1.1.1", - "socks": "^2.7.3", - "system-ca": "^2.0.0" + "socks": "^2.7.3" } }, "@mongodb-js/devtools-github-repo": { @@ -37016,6 +37141,81 @@ "resolved": "https://registry.npmjs.org/@mongodb-js/devtools-github-repo/-/devtools-github-repo-1.2.0.tgz", "integrity": "sha512-rBwJHZ0g3Ma6zluNUWfeFXvuxsz9ZtFX2YZ1qR/aQEwk64ZhOqjrVbcROSdtfGUs4qg1JGXFIU+ZQ+oLYqPEvQ==" }, + "@mongodb-js/devtools-proxy-support": { + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@mongodb-js/devtools-proxy-support/-/devtools-proxy-support-0.3.2.tgz", + "integrity": "sha512-qMSe/5XVEK3xXtMhtv+InIRuanH5nDdDo8yD3gFvsw5pRhI9qM5m06imfgx9X1woAFdntIUNy72lGNi2glbOaA==", + "requires": { + "@mongodb-js/socksv5": "^0.0.10", + "agent-base": "^7.1.1", + "http-proxy-agent": "^7.0.2", + "https-proxy-agent": "^7.0.5", + "lru-cache": "^11.0.0", + "node-fetch": "^3.3.2", + "pac-proxy-agent": "7.0.2", + "socks-proxy-agent": "^8.0.4", + "ssh2": "^1.15.0", + "system-ca": "^2.0.0" + }, + "dependencies": { + "agent-base": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz", + "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==", + "requires": { + "debug": "^4.3.4" + } + }, + "data-uri-to-buffer": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/data-uri-to-buffer/-/data-uri-to-buffer-4.0.1.tgz", + "integrity": "sha512-0R9ikRb668HB7QDxT1vkpuUBtqc53YyAwMwGeUFKRojY/NWKvdZ+9UYtRfGmhqNbRkTSVpMbmyhXipFFv2cb/A==" + }, + "http-proxy-agent": { + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz", + "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==", + "requires": { + "agent-base": "^7.1.0", + "debug": "^4.3.4" + } + }, + "https-proxy-agent": { + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz", + "integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==", + "requires": { + "agent-base": "^7.0.2", + "debug": "4" + } + }, + "lru-cache": { + "version": "11.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.0.0.tgz", + "integrity": "sha512-Qv32eSV1RSCfhY3fpPE2GNZ8jgM9X7rdAfemLWqTUxwiyIC4jJ6Sy0fZ8H+oLWevO6i4/bizg7c8d8i6bxrzbA==" + }, + "node-fetch": { + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz", + "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==", + "requires": { + "data-uri-to-buffer": "^4.0.0", + "fetch-blob": "^3.1.4", + "formdata-polyfill": "^4.0.10" + } + }, + "socks-proxy-agent": { + "version": "8.0.4", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.4.tgz", + "integrity": "sha512-GNAq/eg8Udq2x0eNiFkr9gRg5bA7PXEWagQdeRX4cPSG+X/8V38v637gim9bjFptMk1QWsCTr0ttrJEiXbNnRw==", + "requires": { + "agent-base": "^7.1.1", + "debug": "^4.3.4", + "socks": "^2.8.3" + } + } + } + }, "@mongodb-js/dl-center": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/@mongodb-js/dl-center/-/dl-center-1.1.1.tgz", @@ -37379,6 +37579,14 @@ "ssh2": "^1.15.0" } }, + "@mongodb-js/socksv5": { + "version": "0.0.10", + "resolved": "https://registry.npmjs.org/@mongodb-js/socksv5/-/socksv5-0.0.10.tgz", + "integrity": "sha512-JDz2fLKsjMiSNUxKrCpGptsgu7DzsXfu4gnUQ3RhUaBS1d4YbLrt6HejpckAiHIAa+niBpZAeiUsoop0IihWsw==", + "requires": { + "ip-address": "^9.0.5" + } + }, "@mongodb-js/tsconfig-mongosh": { "version": "file:configs/tsconfig-mongosh", "requires": { @@ -37389,7 +37597,7 @@ "@mongosh/arg-parser": { "version": "file:packages/arg-parser", "requires": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", "@mongodb-js/tsconfig-mongosh": "^1.0.0", @@ -37677,7 +37885,7 @@ "glibc-version": "^1.0.0", "is-recoverable-error": "^1.0.3", "js-yaml": "^4.1.0", - "macos-export-certificate-and-key": "^1.1.2", + "macos-export-certificate-and-key": "^1.2.2", "mongodb": "^6.8.0", "mongodb-connection-string-url": "^3.0.1", "mongodb-crypt-library-dummy": "^1.0.2", @@ -37691,7 +37899,7 @@ "strip-ansi": "^6.0.0", "text-table": "^0.2.0", "webpack-merge": "^5.8.0", - "win-export-certificate-and-key": "^2.0.1", + "win-export-certificate-and-key": "^2.1.0", "yargs-parser": "^20.2.4" }, "dependencies": { @@ -37929,7 +38137,7 @@ "@mongosh/logging": { "version": "file:packages/logging", "requires": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", "@mongodb-js/tsconfig-mongosh": "^1.0.0", @@ -37961,7 +38169,7 @@ "mocha": "^10.2.0", "postmsg-rpc": "^2.4.0", "prettier": "^2.8.8", - "system-ca": "^2.0.0", + "system-ca": "^2.0.1", "webpack-merge": "^5.8.0" } }, @@ -37985,7 +38193,7 @@ "@mongosh/service-provider-server": { "version": "file:packages/service-provider-server", "requires": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/oidc-plugin": "^1.1.1", "@mongodb-js/prettier-config-devtools": "^1.0.1", @@ -38068,7 +38276,7 @@ "@mongosh/types": { "version": "file:packages/types", "requires": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", "@mongodb-js/tsconfig-mongosh": "^1.0.0", @@ -49716,9 +49924,9 @@ } }, "macos-export-certificate-and-key": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/macos-export-certificate-and-key/-/macos-export-certificate-and-key-1.1.2.tgz", - "integrity": "sha512-kd4ba3kVKZXy46p4tg3X19dmwaXjtz0La5It6Rt6PbtwP+YcQ0F7ab8MjcSHOvz9NSXmAU15qQG53OlBDAPDzQ==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/macos-export-certificate-and-key/-/macos-export-certificate-and-key-1.2.2.tgz", + "integrity": "sha512-+LwU/wG3wawI3yZ/CMf9C6jSSugJ823EuNJeV8J+FTbmYDJ8G3sF9Fha/0BLEbRZU28+oVvBD3a4mYxLQzDvLA==", "optional": true, "requires": { "bindings": "^1.5.0", @@ -51819,18 +52027,18 @@ } }, "pac-proxy-agent": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/pac-proxy-agent/-/pac-proxy-agent-7.0.1.tgz", - "integrity": "sha512-ASV8yU4LLKBAjqIPMbrgtaKIvxQri/yh2OpI+S6hVa9JRkUI3Y3NPFbfngDtY7oFtSMD3w31Xns89mDa3Feo5A==", + "version": "7.0.2", + "resolved": "https://registry.npmjs.org/pac-proxy-agent/-/pac-proxy-agent-7.0.2.tgz", + "integrity": "sha512-BFi3vZnO9X5Qt6NRz7ZOaPja3ic0PhlsmCRYLOpN11+mWBCR6XJDqW5RF3j8jm4WGGQZtBA+bTfxYzeKW73eHg==", "requires": { "@tootallnate/quickjs-emscripten": "^0.23.0", "agent-base": "^7.0.2", "debug": "^4.3.4", "get-uri": "^6.0.1", "http-proxy-agent": "^7.0.0", - "https-proxy-agent": "^7.0.2", - "pac-resolver": "^7.0.0", - "socks-proxy-agent": "^8.0.2" + "https-proxy-agent": "^7.0.5", + "pac-resolver": "^7.0.1", + "socks-proxy-agent": "^8.0.4" }, "dependencies": { "agent-base": { @@ -51851,22 +52059,22 @@ } }, "https-proxy-agent": { - "version": "7.0.4", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.4.tgz", - "integrity": "sha512-wlwpilI7YdjSkWaQ/7omYBMTliDcmCN8OLihO6I9B86g06lMyAoqgoDpV0XqoaPOKj+0DIdAvnsWfyAAhmimcg==", + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz", + "integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==", "requires": { "agent-base": "^7.0.2", "debug": "4" } }, "socks-proxy-agent": { - "version": "8.0.3", - "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.3.tgz", - "integrity": "sha512-VNegTZKhuGq5vSD6XNKlbqWhyt/40CgoEw8XxD6dhnm8Jq9IEa3nIa4HwnM8XOqU0CdB0BwWVXusqiFXfHB3+A==", + "version": "8.0.4", + "resolved": "https://registry.npmjs.org/socks-proxy-agent/-/socks-proxy-agent-8.0.4.tgz", + "integrity": "sha512-GNAq/eg8Udq2x0eNiFkr9gRg5bA7PXEWagQdeRX4cPSG+X/8V38v637gim9bjFptMk1QWsCTr0ttrJEiXbNnRw==", "requires": { "agent-base": "^7.1.1", "debug": "^4.3.4", - "socks": "^2.7.1" + "socks": "^2.8.3" } } } @@ -54845,12 +55053,12 @@ "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==" }, "system-ca": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/system-ca/-/system-ca-2.0.0.tgz", - "integrity": "sha512-eEWsCZHEyXdRPPMO680gLUhb9x8RK7YlXvv+I0zCvmGg9zf9OCchJxDf5NHqGPwAzLDEFpLXL5qv9KEU62N4Nw==", + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/system-ca/-/system-ca-2.0.1.tgz", + "integrity": "sha512-9ZDV9yl8ph6Op67wDGPr4LykX86usE9x3le+XZSHfVMiiVJ5IRgmCWjLgxyz35ju9H3GDIJJZm4ogAeIfN5cQQ==", "requires": { - "macos-export-certificate-and-key": "^1.1.1", - "win-export-certificate-and-key": "^2.0.0" + "macos-export-certificate-and-key": "^1.2.0", + "win-export-certificate-and-key": "^2.1.0" } }, "tabbable": { @@ -56211,9 +56419,9 @@ "dev": true }, "win-export-certificate-and-key": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/win-export-certificate-and-key/-/win-export-certificate-and-key-2.0.1.tgz", - "integrity": "sha512-GsPUuIn95CepWgfiaqyIBWlj1uzr0LMfWIHBESSa+f84Zll9SjIX7Jj0+xNs/FlhH5zEkPO6k+SRQX1dfv3zPg==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/win-export-certificate-and-key/-/win-export-certificate-and-key-2.1.0.tgz", + "integrity": "sha512-WeMLa/2uNZcS/HWGKU2G1Gzeh3vHpV/UFvwLhJLKxPHYFAbubxxVcJbqmPXaqySWK1Ymymh16zKK5WYIJ3zgzA==", "optional": true, "requires": { "bindings": "^1.5.0", diff --git a/packages/arg-parser/package.json b/packages/arg-parser/package.json index 2d02572e3..546c2e27a 100644 --- a/packages/arg-parser/package.json +++ b/packages/arg-parser/package.json @@ -40,7 +40,7 @@ "mongodb-connection-string-url": "^3.0.1" }, "devDependencies": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongodb-js/eslint-config-mongosh": "^1.0.0", "@mongodb-js/prettier-config-devtools": "^1.0.1", "@mongodb-js/tsconfig-mongosh": "^1.0.0", diff --git a/packages/arg-parser/src/arg-mapper.ts b/packages/arg-parser/src/arg-mapper.ts index f3d6937d6..29b6160fd 100644 --- a/packages/arg-parser/src/arg-mapper.ts +++ b/packages/arg-parser/src/arg-mapper.ts @@ -222,7 +222,6 @@ const MAPPINGS: { tlsCertificateKeyFile: (i, v) => setUrlParam(i, 'tlsCertificateKeyFile', v), tlsCertificateKeyFilePassword: (i, v) => setUrlParam(i, 'tlsCertificateKeyFilePassword', v), - tlsUseSystemCA: (i, v) => setDriver(i, 'useSystemCA', v), username: (i, v) => setUrl(i, 'username', encodeURIComponent(v)), oidcRedirectUri: (i, v) => setOIDC(i, 'redirectURI', v), oidcTrustedEndpoint: (i, v) => diff --git a/packages/arg-parser/src/cli-options.ts b/packages/arg-parser/src/cli-options.ts index d7a30e9a2..c54f23336 100644 --- a/packages/arg-parser/src/cli-options.ts +++ b/packages/arg-parser/src/cli-options.ts @@ -48,7 +48,6 @@ export interface CliOptions { tlsCRLFile?: string; tlsDisabledProtocols?: boolean; tlsFIPSMode?: boolean; - tlsUseSystemCA?: boolean; username?: string; verbose?: boolean; // No-op since driver v5.0.0 (see also MONGOSH-970) version?: boolean; diff --git a/packages/cli-repl/README.md b/packages/cli-repl/README.md index b86e57ea4..a905462ef 100644 --- a/packages/cli-repl/README.md +++ b/packages/cli-repl/README.md @@ -52,7 +52,6 @@ of mongosh, visit https://www.mongodb.com/try/download/shell. --tlsCertificateSelector [arg] TLS Certificate in system store (Windows and macOS only) --tlsCRLFile [arg] Specifies the .pem file that contains the Certificate Revocation List --tlsDisabledProtocols [arg] Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2] - --tlsUseSystemCA Load the operating system trusted certificate list --tlsFIPSMode Enable the system TLS library's FIPS mode API version options: diff --git a/packages/cli-repl/package.json b/packages/cli-repl/package.json index 8471c3268..2435d2b0f 100644 --- a/packages/cli-repl/package.json +++ b/packages/cli-repl/package.json @@ -116,8 +116,8 @@ "optionalDependencies": { "get-console-process-list": "^1.0.5", "glibc-version": "^1.0.0", - "macos-export-certificate-and-key": "^1.1.2", + "macos-export-certificate-and-key": "^1.2.2", "mongodb-crypt-library-version": "^1.0.5", - "win-export-certificate-and-key": "^2.0.1" + "win-export-certificate-and-key": "^2.1.0" } } diff --git a/packages/cli-repl/src/constants.ts b/packages/cli-repl/src/constants.ts index d84224e37..614280be9 100644 --- a/packages/cli-repl/src/constants.ts +++ b/packages/cli-repl/src/constants.ts @@ -101,9 +101,6 @@ export const USAGE = ` --tlsDisabledProtocols [arg] ${i18n.__( 'cli-repl.args.tlsDisabledProtocols' )} - --tlsUseSystemCA ${i18n.__( - 'cli-repl.args.tlsUseSystemCA' - )} --tlsFIPSMode ${i18n.__( 'cli-repl.args.tlsFIPSMode' )} diff --git a/packages/cli-repl/src/run.ts b/packages/cli-repl/src/run.ts index 9ef5fe304..5240f7aac 100644 --- a/packages/cli-repl/src/run.ts +++ b/packages/cli-repl/src/run.ts @@ -198,7 +198,7 @@ async function main() { const connectionInfo = generateConnectionInfoFromCliArgs(options); connectionInfo.driverOptions = { ...connectionInfo.driverOptions, - ...getTlsCertificateSelector(options.tlsCertificateSelector), + ...(await getTlsCertificateSelector(options.tlsCertificateSelector)), driverInfo: { name: 'mongosh', version }, }; diff --git a/packages/cli-repl/src/tls-certificate-selector.spec.ts b/packages/cli-repl/src/tls-certificate-selector.spec.ts index fdc13a8f3..db0438286 100644 --- a/packages/cli-repl/src/tls-certificate-selector.spec.ts +++ b/packages/cli-repl/src/tls-certificate-selector.spec.ts @@ -23,26 +23,34 @@ describe('arg-mapper.applyTlsCertificateSelector', function () { delete process.env.TEST_OS_EXPORT_CERTIFICATE_AND_KEY_PATH; }); - it('leaves node options unchanged when no selector is given', function () { - const applyTlsCertificateSelector = getTlsCertificateSelector(undefined); + it('leaves node options unchanged when no selector is given', async function () { + const applyTlsCertificateSelector = await getTlsCertificateSelector( + undefined + ); expect(applyTlsCertificateSelector).to.not.exist; }); - it('throws when the selector has an odd format', function () { - expect(() => getTlsCertificateSelector('foo=bar')).to.throw( - /tlsCertificateSelector needs to include subject or thumbprint/ - ); + it('throws when the selector has an odd format', async function () { + try { + await getTlsCertificateSelector('foo=bar'); + expect.fail('missed exception'); + } catch (err) { + expect(err).to.match( + /tlsCertificateSelector needs to include subject or thumbprint/ + ); + } }); - it('returns passphrase and pfx as given by the (fake) OS', function () { + it('returns passphrase and pfx as given by the (fake) OS', async function () { const passphrase = 'abc'; const pfx = Buffer.from('abcdef'); exportCertificateAndPrivateKey.returns({ passphrase, pfx, }); - const applyTlsCertificateSelector = - getTlsCertificateSelector('subject=Foo Bar'); + const applyTlsCertificateSelector = await getTlsCertificateSelector( + 'subject=Foo Bar' + ); expect(applyTlsCertificateSelector).to.deep.equal({ passphrase, pfx, @@ -51,31 +59,44 @@ describe('arg-mapper.applyTlsCertificateSelector', function () { }); context('with what the OS gives us', function () { - it('throws an error on non-win32 and non-darwin', function () { + it('throws an error on non-win32 and non-darwin', async function () { if (process.platform === 'win32' || process.platform === 'darwin') { return this.skip(); } - expect(() => getTlsCertificateSelector('subject=Foo Bar')).to.throw( - /tlsCertificateSelector is not supported on this platform/ - ); + try { + await getTlsCertificateSelector('subject=Foo Bar'); + expect.fail('missed exception'); + } catch (err) { + expect(err).to.match( + /tlsCertificateSelector is not supported on this platform/ + ); + } }); - it('tries to search the OS CA store on win32', function () { + it('tries to search the OS CA store on win32', async function () { if (process.platform !== 'win32') { return this.skip(); } - expect(() => getTlsCertificateSelector('subject=Foo Bar')).to.throw( - /Could not resolve certificate specification/ - ); + try { + await getTlsCertificateSelector('subject=Foo Bar'); + expect.fail('missed exception'); + } catch (err) { + expect(err).to.match(/Could not resolve certificate specification/); + } }); - it('tries to search the OS keychain on darwin', function () { + it('tries to search the OS keychain on darwin', async function () { if (process.platform !== 'darwin') { return this.skip(); } - expect(() => getTlsCertificateSelector('subject=Foo Bar')).to.throw( - /Could not find a matching certificate|The specified item could not be found in the keychain/ - ); + try { + await getTlsCertificateSelector('subject=Foo Bar'); + expect.fail('missed exception'); + } catch (err) { + expect(err).to.match( + /Could not find a matching certificate|The specified item could not be found in the keychain/ + ); + } }); }); }); diff --git a/packages/cli-repl/src/tls-certificate-selector.ts b/packages/cli-repl/src/tls-certificate-selector.ts index 4435da218..1e1bb5fbf 100644 --- a/packages/cli-repl/src/tls-certificate-selector.ts +++ b/packages/cli-repl/src/tls-certificate-selector.ts @@ -6,10 +6,10 @@ import { createRequire } from 'module'; type TlsCertificateExporter = ( search: { subject: string } | { thumbprint: Buffer } -) => { passphrase: string; pfx: Buffer }; -export function getTlsCertificateSelector( +) => Promise<{ passphrase: string; pfx: Buffer }>; +export async function getTlsCertificateSelector( selector: string | undefined -): { passphrase: string; pfx: Buffer } | undefined { +): Promise<{ passphrase: string; pfx: Buffer } | undefined> { if (!selector) { return; } @@ -34,7 +34,7 @@ export function getTlsCertificateSelector( : { thumbprint: Buffer.from(value, 'hex') }; try { - const { passphrase, pfx } = exportCertificateAndPrivateKey(search); + const { passphrase, pfx } = await exportCertificateAndPrivateKey(search); return { passphrase, pfx }; } catch (err: any) { throw new MongoshInvalidInputError( @@ -58,9 +58,13 @@ function getCertificateExporter(): TlsCertificateExporter | undefined { try { switch (process.platform) { case 'win32': - return require('win-export-certificate-and-key'); + // eslint-disable-next-line @typescript-eslint/no-var-requires + return require('win-export-certificate-and-key') + .exportCertificateAndPrivateKeyAsync; case 'darwin': - return require('macos-export-certificate-and-key'); + // eslint-disable-next-line @typescript-eslint/no-var-requires + return require('macos-export-certificate-and-key') + .exportCertificateAndPrivateKeyAsync; default: return undefined; } diff --git a/packages/cli-repl/webpack.config.js b/packages/cli-repl/webpack.config.js index f5df4a1d8..6ff24eaa1 100644 --- a/packages/cli-repl/webpack.config.js +++ b/packages/cli-repl/webpack.config.js @@ -39,6 +39,7 @@ const enableReverseModuleLookupPlugin = /** @type import('webpack').Configuration */ const config = { + devtool: false, output: { path: path.resolve(__dirname, 'dist'), filename: 'mongosh.js', @@ -61,6 +62,11 @@ const config = { // b) uses http, which is not a supported module for snapshots at this point. express: makeLazyForwardModule('express'), 'openid-client': makeLazyForwardModule('openid-client'), + // some dependencies of @mongodb-js/devtools-proxy-support use WebAssembly, + // `new Buffer()` or the built-in http module + '@mongodb-js/devtools-proxy-support': makeLazyForwardModule( + '@mongodb-js/devtools-proxy-support' + ), ...Object.fromEntries( lazyNodeBuiltins.map((m) => [m, makeLazyForwardModule(m)]) ), diff --git a/packages/e2e-tests/test/e2e-oidc.spec.ts b/packages/e2e-tests/test/e2e-oidc.spec.ts index 2e4df628d..5fd7b693b 100644 --- a/packages/e2e-tests/test/e2e-oidc.spec.ts +++ b/packages/e2e-tests/test/e2e-oidc.spec.ts @@ -385,7 +385,7 @@ describe('OIDC auth e2e', function () { shell2.assertNoErrors(); }); - it('can apply --useSystemCA to the IdP https endpoint', async function () { + it('can specify --tlsUseSystemCA as a no-op', async function () { await fs.mkdir(path.join(tmpdir.path, 'certs'), { recursive: true }); await fs.copyFile( getCertPath('ca.crt'), @@ -413,8 +413,15 @@ describe('OIDC auth e2e', function () { // We cannot make the mongod server accept the mock IdP's certificate, // so the best we can verify here is that auth failed *on the server* shell.assertContainsOutput(/MongoServerError: Authentication failed/); + }); + + it('uses system ca by default when calling the IdP https endpoint', async function () { + await fs.mkdir(path.join(tmpdir.path, 'certs'), { recursive: true }); + await fs.copyFile( + getCertPath('ca.crt'), + path.join(tmpdir.path, 'certs', 'somefilename.crt') + ); - // Negative test: Without --tlsUseSystemCA, mongosh fails earlier: shell = TestShell.start({ args: [ await testServer2.connectionString( @@ -425,11 +432,17 @@ describe('OIDC auth e2e', function () { '--oidcRedirectUri=http://localhost:0/', `--browser=${fetchBrowserFixture}`, ], + env: { + ...process.env, + SSL_CERT_DIR: path.join(tmpdir.path, 'certs') + '', + MONGOSH_E2E_TEST_CURL_ALLOW_INVALID_TLS: '1', + }, }); + await shell.waitForExit(); - shell.assertContainsOutput( - /Unable to fetch issuer metadata for "https:\/\/localhost:\d+"/ - ); + // We cannot make the mongod server accept the mock IdP's certificate, + // so the best we can verify here is that auth failed *on the server* + shell.assertContainsOutput(/MongoServerError: Authentication failed/); }); it('can successfully authenticate using the ID token rather than access token if requested', async function () { diff --git a/packages/e2e-tests/test/e2e-snapshot.spec.ts b/packages/e2e-tests/test/e2e-snapshot.spec.ts index b13e14a91..b1b4961c8 100644 --- a/packages/e2e-tests/test/e2e-snapshot.spec.ts +++ b/packages/e2e-tests/test/e2e-snapshot.spec.ts @@ -28,7 +28,7 @@ describe('e2e startup banners', function () { const connectionString = await testServer.connectionString(); const helperScript = ` const S = process.__mongosh_webpack_stats; - const L = (list) => list.map(S.lookupNaturalModuleName).filter(name => name && !name.endsWith('.json')); + const L = (list) => list.map(S.lookupNaturalModuleName); `; const commonArgs = ['--quiet', '--json=relaxed', '--eval', helperScript]; const argLists = [ @@ -64,7 +64,13 @@ describe('e2e startup banners', function () { ).map((output) => (JSON.parse(output) as string[]) .sort() - .map((pkg) => pkg.replace(/\\/g, '/')) + .map((pkg) => pkg?.replace(/\\/g, '/')) + .filter( + (name) => + name && + !name.endsWith('.json') && + !name.includes('/lazy-webpack-modules/') + ) ); // Ensure that: atSnapshotTime ⊆ atNodbEvalTime ⊆ atDbEvalTime ⊆ atReplEvalTime ⊆ all @@ -128,11 +134,11 @@ describe('e2e startup banners', function () { verifyAllInCategoryMatch('repl-eval', /^node_modules\/pretty-repl\//); verifyAllInCategoryMatch( 'db-eval', - /^node_modules\/(kerberos|os-dns-native|resolve-mongodb-srv)\// + /^node_modules\/(kerberos|os-dns-native|resolve-mongodb-srv|macos-export-certificate-and-key|win-export-certificate-and-key)\// ); verifyAllInCategoryMatch( 'nodb-eval', - /^node_modules\/(kerberos|mongodb-client-encryption|glibc-version)\// + /^node_modules\/(kerberos|mongodb-client-encryption|glibc-version|@mongodb-js\/devtools-proxy-support|@mongodb-js\/socksv5|system-ca)\// ); verifyAllThatMatchAreInCategory( 'not-loaded', diff --git a/packages/e2e-tests/test/e2e-tls.spec.ts b/packages/e2e-tests/test/e2e-tls.spec.ts index 6cd1a87d0..770874b95 100644 --- a/packages/e2e-tests/test/e2e-tls.spec.ts +++ b/packages/e2e-tests/test/e2e-tls.spec.ts @@ -238,7 +238,6 @@ describe('e2e TLS', function () { serverSelectionTimeoutMS: '1500', }), '--tls', - '--tlsUseSystemCA', ], env: { ...env, @@ -273,7 +272,6 @@ describe('e2e TLS', function () { serverSelectionTimeoutMS: '1500', }), '--tls', - '--tlsUseSystemCA', ], env: { ...env, @@ -303,7 +301,6 @@ describe('e2e TLS', function () { serverSelectionTimeoutMS: '1500', }), '--tls', - '--tlsUseSystemCA', ], env, }); diff --git a/packages/i18n/src/locales/en_US.ts b/packages/i18n/src/locales/en_US.ts index edc05abc5..278321184 100644 --- a/packages/i18n/src/locales/en_US.ts +++ b/packages/i18n/src/locales/en_US.ts @@ -56,7 +56,6 @@ const translations: Catalog = { 'Specifies the .pem file that contains the Certificate Revocation List', tlsDisabledProtocols: 'Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2]', - tlsUseSystemCA: 'Load the operating system trusted certificate list', tlsFIPSMode: "Enable the system TLS library's FIPS mode", apiVersionOptions: 'API version options:', apiVersion: 'Specifies the API version to connect with', diff --git a/packages/logging/package.json b/packages/logging/package.json index 0e49f6027..5273c9a7d 100644 --- a/packages/logging/package.json +++ b/packages/logging/package.json @@ -17,7 +17,7 @@ "node": ">=14.15.1" }, "dependencies": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/history": "0.0.0-dev.0", "@mongosh/types": "0.0.0-dev.0", diff --git a/packages/mongosh/README.md b/packages/mongosh/README.md index 125320cf8..db6c21792 100644 --- a/packages/mongosh/README.md +++ b/packages/mongosh/README.md @@ -56,7 +56,6 @@ of mongosh, visit https://www.mongodb.com/try/download/shell. --tlsCertificateSelector [arg] TLS Certificate in system store (Windows and macOS only) --tlsCRLFile [arg] Specifies the .pem file that contains the Certificate Revocation List --tlsDisabledProtocols [arg] Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2] - --tlsUseSystemCA Load the operating system trusted certificate list --tlsFIPSMode Enable the system TLS library's FIPS mode API version options: diff --git a/packages/node-runtime-worker-thread/package.json b/packages/node-runtime-worker-thread/package.json index 7d08f6f5a..50fbd219c 100644 --- a/packages/node-runtime-worker-thread/package.json +++ b/packages/node-runtime-worker-thread/package.json @@ -52,6 +52,6 @@ }, "dependencies": { "interruptor": "^1.0.1", - "system-ca": "^2.0.0" + "system-ca": "^2.0.1" } } diff --git a/packages/service-provider-server/package.json b/packages/service-provider-server/package.json index 5edb6efc7..a2c536955 100644 --- a/packages/service-provider-server/package.json +++ b/packages/service-provider-server/package.json @@ -47,7 +47,7 @@ } }, "dependencies": { - "@mongodb-js/devtools-connect": "^3.0.5", + "@mongodb-js/devtools-connect": "^3.2.2", "@mongodb-js/oidc-plugin": "^1.1.1", "@mongosh/errors": "0.0.0-dev.0", "@mongosh/service-provider-core": "0.0.0-dev.0", diff --git a/packages/service-provider-server/src/cli-service-provider.ts b/packages/service-provider-server/src/cli-service-provider.ts index b0f545d2f..c7eb99c13 100644 --- a/packages/service-provider-server/src/cli-service-provider.ts +++ b/packages/service-provider-server/src/cli-service-provider.ts @@ -236,7 +236,8 @@ class CliServiceProvider delete clientOptionsCopy.oidc; delete clientOptionsCopy.parentHandle; delete clientOptionsCopy.parentState; - delete clientOptionsCopy.useSystemCA; + delete clientOptionsCopy.proxy; + delete clientOptionsCopy.applyProxyToOIDC; client = new MongoClientCtor( connectionString.toString(), clientOptionsCopy diff --git a/packages/shell-api/src/mongo.ts b/packages/shell-api/src/mongo.ts index ecde9ecb0..a57fd1b08 100644 --- a/packages/shell-api/src/mongo.ts +++ b/packages/shell-api/src/mongo.ts @@ -128,7 +128,7 @@ export default class Mongo extends ShellApiClass { // the parent service provider. For example, it could // appear to be odd that --awsAccessKeyId applies to // programmatically created Mongo() instances but - // --apiVersion or --tlsUseSystemCA does not. + // --apiVersion does not. const spFleOptions = sp?.getFleOptions?.(); if (spFleOptions) { this._connectionInfo.driverOptions.autoEncryption = spFleOptions; diff --git a/packages/types/package.json b/packages/types/package.json index f3e56aff8..c29d11b4d 100644 --- a/packages/types/package.json +++ b/packages/types/package.json @@ -38,7 +38,7 @@ "unitTestsOnly": true }, "dependencies": { - "@mongodb-js/devtools-connect": "^3.0.5" + "@mongodb-js/devtools-connect": "^3.2.2" }, "devDependencies": { "@mongodb-js/eslint-config-mongosh": "^1.0.0",