diff options
| author | Shreyas Kalyan <shreyas.kalyan@10gen.com> | 2020-04-27 21:29:56 -0700 |
|---|---|---|
| committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2020-05-05 18:02:46 +0000 |
| commit | 3390cf27165d49ad7739b447b50927e874ec2c1e (patch) | |
| tree | 805f7a9528ccf756ea4ed1637819f0d4b12890ad /jstests/ocsp/ocsp_basic_ca_responder.js | |
| parent | 0f45c01312438ff8bd424033512a85af1b59b3bd (diff) | |
| download | mongo-3390cf27165d49ad7739b447b50927e874ec2c1e.tar.gz | |
SERVER-47811 Search the intermediate certificates for the issuer of the peer certificate
Diffstat (limited to 'jstests/ocsp/ocsp_basic_ca_responder.js')
| -rw-r--r-- | jstests/ocsp/ocsp_basic_ca_responder.js | 88 |
1 files changed, 49 insertions, 39 deletions
diff --git a/jstests/ocsp/ocsp_basic_ca_responder.js b/jstests/ocsp/ocsp_basic_ca_responder.js index 0a13d0acad7..f3a7ca3d9fe 100644 --- a/jstests/ocsp/ocsp_basic_ca_responder.js +++ b/jstests/ocsp/ocsp_basic_ca_responder.js @@ -9,44 +9,54 @@ load("jstests/ocsp/lib/mock_ocsp.js"); if (determineSSLProvider() === "apple") { return; } +function test(serverCert, caCert, responderCertPair) { + clearOCSPCache(); + + const ocsp_options = { + sslMode: "requireSSL", + sslPEMKeyFile: serverCert, + sslCAFile: caCert, + sslAllowInvalidHostnames: "", + setParameter: { + "failpoint.disableStapling": "{'mode':'alwaysOn'}", + "ocspEnabled": "true", + }, + }; + + // This is to test what happens when the responder is down, + // making sure that we soft fail. + let conn = null; + + let mock_ocsp = new MockOCSPServer("", 1, responderCertPair); + mock_ocsp.start(); + + assert.doesNotThrow(() => { + conn = MongoRunner.runMongod(ocsp_options); + }); + + mock_ocsp.stop(); + mock_ocsp = new MockOCSPServer(FAULT_REVOKED, 1, responderCertPair); + mock_ocsp.start(); + + assert.throws(() => { + new Mongo(conn.host); + }); + + MongoRunner.stopMongod(conn); + + // The mongoRunner spawns a new Mongo Object to validate the collections which races + // with the shutdown logic of the mock_ocsp responder on some platforms. We need this + // sleep to make sure that the threads don't interfere with each other. + sleep(1000); + mock_ocsp.stop(); +} + +test(OCSP_SERVER_CERT, OCSP_CA_PEM, OCSP_CA_RESPONDER); + +// TODO: SERVER-47963 - remove this platform check. +if (determineSSLProvider() === "windows") { + return; +} -clearOCSPCache(); - -const ocsp_options = { - sslMode: "requireSSL", - sslPEMKeyFile: OCSP_SERVER_CERT, - sslCAFile: OCSP_CA_PEM, - sslAllowInvalidHostnames: "", - setParameter: { - "failpoint.disableStapling": "{'mode':'alwaysOn'}", - "ocspEnabled": "true", - }, -}; - -// This is to test what happens when the responder is down, -// making sure that we soft fail. -let conn = null; - -let mock_ocsp = new MockOCSPServer("", 1, true); -mock_ocsp.start(); - -assert.doesNotThrow(() => { - conn = MongoRunner.runMongod(ocsp_options); -}); - -mock_ocsp.stop(); -mock_ocsp = new MockOCSPServer(FAULT_REVOKED, 1, true); -mock_ocsp.start(); - -assert.throws(() => { - new Mongo(conn.host); -}); - -MongoRunner.stopMongod(conn); - -// The mongoRunner spawns a new Mongo Object to validate the collections which races -// with the shutdown logic of the mock_ocsp responder on some platforms. We need this -// sleep to make sure that the threads don't interfere with each other. -sleep(1000); -mock_ocsp.stop(); +test(OCSP_SERVER_INTERMEDIATE_CA_CERT, OCSP_INTERMEDIATE_CA_PEM, OCSP_INTERMEDIATE_RESPONDER); }());
\ No newline at end of file |