CDRIVER-5998 share SCHANNEL_CRED

[kevinAlbs]

Summary

Share SCHANNEL_CRED across connections.

Verified with this patch: https://spruce.mongodb.com/version/686298d51b4881000729652b/

Background & Motivation

Sharing the SCHANNEL_CRED is motivated by an upcoming fix for CDRIVER-5998. The private key for a client certificate is currently imported as an ephemeral key stored in-process (via call to CryptImportKey). Supporting SHA2 signatures appears to require importing a persisted private key stored on the file-system (with a unique name). This will be described further in a follow-up PR. But to avoid importing many duplicate keys, I want to change the current behavior from "import key per connection" to "import key per client/pool and share".

Though improving performance was not the main goal of this PR, it reduces file-reading from per-connection to per-client/per-pool. Sharing the credentials showed an improvement in a one-off benchmark creating 100 connections in 10 threads:

No sharing took: 8766.00ms
Sharing took: 8093.00ms

Sharing SCHANNEL_CRED follows a similar pattern to the shared OpenSSL context implemented in #1673.

Microsoft documentation does not appear to document thread-safety of sharing SCHANNEL_CRED. However, mongod shares the same SCHANNEL_CRED for client connections (via _clientCred). I expect the TLS handshake only needs to read SCHANNEL_CRED.

SCHANNEL_CRED is documented as deprecated. This is not addressed in this PR, but I expect can be replaced when adding support for TLS v1.3 (CDRIVER-6045).

Shared pointer

A mongoc_shared_ptr is used to manage SCHANNEL_CRED. This is to support changing the SSL options after creating connections (may have a use case for rotating certificates?). This behavior is tested in the OpenSSL implementation:

/* any operation - ping the server */
ret = mongoc_client_command_simple (client, "admin", tmp_bson ("{'ping': 1}"), NULL, NULL, &error);
ASSERT_OR_PRINT (ret, error);

/* change ssl opts before a second connection */
ssl_opts = test_framework_get_ssl_opts ();
mongoc_client_set_ssl_opts (client, ssl_opts);

/* any operation - ping the server */
ret = mongoc_client_command_simple (client, "admin", tmp_bson ("{'ping': 1}"), NULL, NULL, &error);
ASSERT_OR_PRINT (ret, error);

mongoc_client_pool_t however documents:

This function can only be called once on a pool, and must be called before the first call to mongoc_client_pool_pop().

Therefore, the updates to the mongoc_shared_ptr are assumed to not require thread-safety.

[vector-of-bool]

LGTM with only minor comments

[vector-of-bool]

Note: This line will break with #2047 because it changes the signature of this function. Whichever is merged first will require changing the other.

[vector-of-bool]

Can use the type-generic mlib_check macros

Suggested change

	ASSERT_CMPSIZE_T (1, ==, cf.failures);
	mlib_check (1, eq, cf.failures);

[eramongodb]

Minor feedback remaining; otherwise, LGTM.

[eramongodb]

Suggested change

	mongoc_stream_t *stream;
	mongoc_stream_tls_secure_channel_t *schannel_stream_view;

Stray changes?

[eramongodb]

Suggested change

	mongoc_ssl_opt_t ssl_opt = {.ca_file = CERT_TEST_DIR "/ca.pem", .pem_file = CERT_TEST_DIR "/client.pem"};
	const mongoc_ssl_opt_t ssl_opt = {.ca_file = CERT_TEST_DIR "/ca.pem", .pem_file = CERT_TEST_DIR "/client.pem"};

I believe ssl_opt can be made const. It is used by:

• connect_with_secure_channel_cred (OK: no modification)
  • mongoc_stream_tls_secure_channel_new_with_creds (OK: no modification)
    • mongoc_secure_channel_cred_new (OK: already const)
• mongoc_secure_channel_cred_new (OK: already const)

This reveals the opt param of mongoc_stream_tls_secure_channel_new can also be made const, even though it is invoked by mongoc_stream_tls_new_with_hostname with a non-const opt (after modification).

[kevinAlbs]

Good spot. Updated to use more const.