diff options
author | sergey.galtsev <sergey.galtsev@mongodb.com> | 2021-07-20 05:16:31 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-07-20 05:36:21 +0000 |
commit | 546487fe28e0a5679cecb6fb026692f3798c514a (patch) | |
tree | a0dc4b35d3ae77a772d98b3381ae80ee44bd9443 | |
parent | 094e5db99da6d022143b5aedc7e6131229e68495 (diff) | |
download | mongo-546487fe28e0a5679cecb6fb026692f3798c514a.tar.gz |
SERVER-57727 race conditions in x509_invalid.js
-rw-r--r-- | jstests/ssl/x509_invalid.js | 77 |
1 files changed, 49 insertions, 28 deletions
diff --git a/jstests/ssl/x509_invalid.js b/jstests/ssl/x509_invalid.js index abb9a1ada3f..385f22c435f 100644 --- a/jstests/ssl/x509_invalid.js +++ b/jstests/ssl/x509_invalid.js @@ -9,13 +9,48 @@ const SERVER_CERT = 'jstests/libs/server.pem'; const CA_CERT = 'jstests/libs/ca.pem'; const SELF_SIGNED_CERT = 'jstests/libs/client-self-signed.pem'; -function testClient(conn, cert, name, shouldSucceed) { +function hasX509AuthSucceeded(conn) { + if (checkLog.checkContainsOnce(conn, + 'Successfully authenticated as principal ' + CLIENT_NAME)) { + return true; + } + if (checkLog.checkContainsOnce(conn, 'No verified subject name available from client')) { + return false; + } + print("Not yet clear what was the result..."); + return null; +} + +function testClient(cert, name, shouldSucceed) { + print("Starting mongod..."); + const conn = MongoRunner.runMongod({ + auth: '', + sslMode: 'requireSSL', + sslPEMKeyFile: SERVER_CERT, + sslCAFile: CA_CERT, + sslAllowInvalidCertificates: '', + }); + + print("Creating admin user..."); + const admin = conn.getDB('admin'); + admin.createUser({user: "admin", pwd: "admin", roles: ["root"]}); + admin.auth('admin', 'admin'); + + print("Creating external user..."); + const external = conn.getDB('$external'); + external.createUser({user: CLIENT_NAME, roles: [{'role': 'readWrite', 'db': 'test'}]}); + let auth = {mechanism: 'MONGODB-X509'}; if (name !== null) { auth.user = name; } + + print("Running mongo shell script..."); + if (!shouldSucceed) { + print("Note: following shell command is expected to fail"); + } + const script = 'assert(db.getSiblingDB(\'$external\').auth(' + tojson(auth) + '));'; - clearRawMongoProgramOutput(); const exitCode = runMongoProgram('mongo', '--ssl', '--sslAllowInvalidHostnames', @@ -28,33 +63,19 @@ function testClient(conn, cert, name, shouldSucceed) { '--eval', script); + print("Analyzing results..."); assert.eq(shouldSucceed, exitCode === 0, "exitCode = " + tojson(exitCode)); - assert.eq(!shouldSucceed, - rawMongoProgramOutput().includes('No verified subject name available from client')); -} - -function runTest(conn) { - const admin = conn.getDB('admin'); - admin.createUser({user: "admin", pwd: "admin", roles: ["root"]}); - admin.auth('admin', 'admin'); - - const external = conn.getDB('$external'); - external.createUser({user: CLIENT_NAME, roles: [{'role': 'readWrite', 'db': 'test'}]}); + assert.soon(() => hasX509AuthSucceeded(admin) !== null, + "can not find in mongod logs whether it succeeded to authenticate", + 15000); + assert.eq(shouldSucceed, hasX509AuthSucceeded(admin)); - testClient(conn, CLIENT_CERT, CLIENT_NAME, true); - testClient(conn, SELF_SIGNED_CERT, CLIENT_NAME, false); - testClient(conn, CLIENT_CERT, null, true); - testClient(conn, SELF_SIGNED_CERT, null, false); + print("Stopping mongod..."); + MongoRunner.stopMongod(conn); } -// Standalone. -const mongod = MongoRunner.runMongod({ - auth: '', - sslMode: 'requireSSL', - sslPEMKeyFile: SERVER_CERT, - sslCAFile: CA_CERT, - sslAllowInvalidCertificates: '', -}); -runTest(mongod); -MongoRunner.stopMongod(mongod); -})(); +testClient(CLIENT_CERT, CLIENT_NAME, true); +testClient(SELF_SIGNED_CERT, CLIENT_NAME, false); +testClient(CLIENT_CERT, null, true); +testClient(SELF_SIGNED_CERT, null, false); +})();
\ No newline at end of file |