Only one CA certificate is loaded for smart card authentication

Summary

If multiple certificates are present in the file specified in GitLab.rb gitlab_rails['smartcard_ca_file'], only one certificate is loaded. This appears to prevent successful smart card authentication for customers where multiple root CAs or intermediate certificates are needed.

Steps to reproduce

1. Configure a standalone gitlab instance for smart card authentication
2. Use a file with multiple certificates as the ca file specified in gitlab_rails['smartcard_ca_file']
3. Attempt to log in using smart card authentication

Example Project

@SteveTerhar can suggest a customer who can work with us on this.

What is the current bug behavior?

Users who attempt to authenticate are redirected to the login page and presented with a "Failed to signing using smartcard authentication" alert message.

What is the expected correct behavior?

The system should perform a match on e-mail and log the user into the correct GitLab account.

Possible fixes

Because the store function in smartcard/base.rb calls store.add_cert, only one cert in the smartcard_ca_file is loaded. By changing that call to store.add_file we were able to load multiple certs and log in successfully.

https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/gitlab/auth/smartcard/base.rb#L15

Note: If we use add_file and include intermediate certificates in the file, I believe the intermediate certs would be treated like root certs and trusted without any verification. We would have to validate that this wouldn't introduce a vulnerability.