diff --git a/.evergreen/.evg.yml b/.evergreen/.evg.yml index 302be327499..3ec7719c94d 100644 --- a/.evergreen/.evg.yml +++ b/.evergreen/.evg.yml @@ -728,6 +728,18 @@ functions: MONGODB_URIS="${atlas_free_tier_uri}|${atlas_replica_set_uri}|${atlas_sharded_uri}|${atlas_tls_v11_uri}|${atlas_tls_v12_uri}|${atlas_free_tier_uri_srv}|${atlas_replica_set_uri_srv}|${atlas_sharded_uri_srv}|${atlas_tls_v11_uri_srv}|${atlas_tls_v12_uri_srv}|${atlas_serverless_uri}|${atlas_serverless_uri_srv}" \ .evergreen/run-connectivity-tests.sh + run socks5 tests: + - command: shell.exec + type: test + params: + working_dir: src + script: | + ${PREPARE_SHELL} + SOCKS_AUTH="${SOCKS_AUTH}" \ + SSL="${SSL}" MONGODB_URI="${MONGODB_URI}" \ + JAVA_VERSION="${JAVA_VERSION}" \ + .evergreen/run-socks5-tests.sh + start-kms-mock-server: - command: shell.exec params: @@ -1605,6 +1617,14 @@ tasks: export AZUREKMS_VMNAME=${AZUREKMS_VMNAME} export AZUREKMS_PRIVATEKEYPATH=/tmp/testazurekms_privatekey AZUREKMS_CMD="MONGODB_URI=mongodb://localhost:27017 PROVIDER=azure AZUREKMS_KEY_VAULT_ENDPOINT=${testazurekms_keyvaultendpoint} AZUREKMS_KEY_NAME=${testazurekms_keyname} ./.evergreen/run-fle-on-demand-credential-test.sh" $DRIVERS_TOOLS/.evergreen/csfle/azurekms/run-command.sh + - name: test-socks5 + tags: [] + commands: + - func: bootstrap mongo-orchestration + vars: + VERSION: latest + TOPOLOGY: replica_set + - func: run socks5 tests axes: - id: version display_name: MongoDB Version @@ -1695,6 +1715,17 @@ axes: display_name: NoAuth variables: AUTH: "noauth" + - id: socks_auth + display_name: Socks Proxy Authentication + values: + - id: "auth" + display_name: Auth + variables: + SOCKS_AUTH: "auth" + - id: "noauth" + display_name: NoAuth + variables: + SOCKS_AUTH: "noauth" - id: ssl display_name: SSL values: @@ -2136,6 +2167,12 @@ buildvariants: tasks: - name: "csfle-tests-with-mongocryptd" +- matrix_name: "socks5-tests" + matrix_spec: { os: "linux", ssl: ["nossl", "ssl"], version: [ "latest" ], topology: ["replicaset"], socks_auth: ["auth", "noauth"] } + display_name: "SOCKS5 proxy ${socks_auth} : ${version} ${topology} ${ssl} ${jdk} ${os}" + tasks: + - name: test-socks5 + - name: testgcpkms-variant display_name: "GCP KMS" run_on: diff --git a/.evergreen/run-socks5-tests.sh b/.evergreen/run-socks5-tests.sh new file mode 100644 index 00000000000..b11460b8776 --- /dev/null +++ b/.evergreen/run-socks5-tests.sh @@ -0,0 +1,87 @@ +#!/bin/bash + +set -o xtrace # Write all commands first to stderr +set -o errexit # Exit the script with error if any of the commands fail + +SSL=${SSL:-nossl} +SOCKS_AUTH=${SOCKS_AUTH:-noauth} +MONGODB_URI=${MONGODB_URI:-} +SOCKS5_SERVER_SCRIPT="$DRIVERS_TOOLS/.evergreen/socks5srv.py" +PYTHON_BINARY=${PYTHON_BINARY:-python3} +# Grab a connection string that only refers to *one* of the hosts in MONGODB_URI +FIRST_HOST=$(echo "$MONGODB_URI" | awk -F[/:,] '{print $4":"$5}') +# Use 127.0.0.1:12345 as the URL for the single host that we connect to, +# we configure the Socks5 proxy server script to redirect from this to FIRST_HOST +export MONGODB_URI_SINGLEHOST="mongodb://127.0.0.1:12345" + +if [ "${SSL}" = "ssl" ]; then + MONGODB_URI="${MONGODB_URI}&ssl=true&sslInvalidHostNameAllowed=true" + MONGODB_URI_SINGLEHOST="${MONGODB_URI_SINGLEHOST}/?ssl=true&sslInvalidHostNameAllowed=true" +fi + +# Compute path to socks5 fake server script in a way that works on Windows +if [ "Windows_NT" == "$OS" ]; then + SOCKS5_SERVER_SCRIPT=$(cygpath -m $DRIVERS_TOOLS) +fi + +RELATIVE_DIR_PATH="$(dirname "${BASH_SOURCE:-$0}")" +. "${RELATIVE_DIR_PATH}/javaConfig.bash" + +############################################ +# Functions # +############################################ + +provision_ssl () { + # We generate the keystore and truststore on every run with the certs in the drivers-tools repo + if [ ! -f client.pkc ]; then + openssl pkcs12 -CAfile ${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem -export -in ${DRIVERS_TOOLS}/.evergreen/x509gen/client.pem -out client.pkc -password pass:bithere + fi + + cp ${JAVA_HOME}/lib/security/cacerts mongo-truststore + ${JAVA_HOME}/bin/keytool -importcert -trustcacerts -file ${DRIVERS_TOOLS}/.evergreen/x509gen/ca.pem -keystore mongo-truststore -storepass changeit -storetype JKS -noprompt + + # We add extra gradle arguments for SSL + export GRADLE_SSL_VARS="-Pssl.enabled=true -Pssl.keyStoreType=pkcs12 -Pssl.keyStore=`pwd`/client.pkc -Pssl.keyStorePassword=bithere -Pssl.trustStoreType=jks -Pssl.trustStore=`pwd`/mongo-truststore -Pssl.trustStorePassword=changeit" +} + + +run_socks5_proxy () { +if [ "$SOCKS_AUTH" == "auth" ]; then + "$PYTHON_BINARY" "$SOCKS5_SERVER_SCRIPT" --port 1080 --auth username:p4ssw0rd --map "127.0.0.1:12345 to $FIRST_HOST" & + SOCKS5_SERVER_PID_1=$! + trap "kill $SOCKS5_SERVER_PID_1" EXIT + else + "$PYTHON_BINARY" "$SOCKS5_SERVER_SCRIPT" --port 1080 --map "127.0.0.1:12345 to $FIRST_HOST" & + SOCKS5_SERVER_PID_1=$! + trap "kill $SOCKS5_SERVER_PID_1" EXIT +fi +} + +run_socks5_prose_tests () { +if [ "$SOCKS_AUTH" == "auth" ]; then + local AUTH_ENABLED="true" +else + local AUTH_ENABLED="false" +fi + +echo "Running Socks5 tests with Java ${JAVA_VERSION} over $SSL for $TOPOLOGY and connecting to $MONGODB_URI with socks auth enabled: $AUTH_ENABLED" +./gradlew -PjavaVersion=${JAVA_VERSION} -Dorg.mongodb.test.uri=${MONGODB_URI} \ + -Dorg.mongodb.test.uri.singleHost=${MONGODB_URI_SINGLEHOST} \ + -Dorg.mongodb.test.uri.proxyHost="127.0.0.1" \ + -Dorg.mongodb.test.uri.proxyPort="1080" \ + -Dorg.mongodb.test.uri.socks.auth.enabled=${AUTH_ENABLED} \ + ${GRADLE_SSL_VARS} \ + --stacktrace --info --continue \ + driver-sync:test \ + --tests "com.mongodb.client.Socks5ProseTest*" +} + +############################################ +# Main Program # +############################################ + +# Set up keystore/truststore +provision_ssl +./gradlew -version +run_socks5_proxy +run_socks5_prose_tests \ No newline at end of file diff --git a/THIRD-PARTY-NOTICES b/THIRD-PARTY-NOTICES index e13f724e349..971643143b8 100644 --- a/THIRD-PARTY-NOTICES +++ b/THIRD-PARTY-NOTICES @@ -154,3 +154,24 @@ https://github.com/mongodb/mongo-java-driver. LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +8) The following files (originally from https://github.com/google/guava): + + InetAddressUtils.java (formerly InetAddresses.java) + InetAddressUtilsTest.java (formerly InetAddressesTest.java) + + Copyright 2008-present MongoDB, Inc. + Copyright (C) 2008 The Guava Authors + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/config/spotbugs/exclude.xml b/config/spotbugs/exclude.xml index 96d7695af2b..d35f0a81c8a 100644 --- a/config/spotbugs/exclude.xml +++ b/config/spotbugs/exclude.xml @@ -192,7 +192,7 @@ - + diff --git a/driver-core/src/main/com/mongodb/ConnectionString.java b/driver-core/src/main/com/mongodb/ConnectionString.java index 116dc2fc9b1..c04202edee7 100644 --- a/driver-core/src/main/com/mongodb/ConnectionString.java +++ b/driver-core/src/main/com/mongodb/ConnectionString.java @@ -128,6 +128,15 @@ *
  • {@code maxIdleTimeMS=ms}: Maximum idle time of a pooled connection. A connection that exceeds this limit will be closed
  • *
  • {@code maxLifeTimeMS=ms}: Maximum life time of a pooled connection. A connection that exceeds this limit will be closed
  • * + *

    Proxy Configuration:

    + * *

    Connection pool configuration:

    *