SERVER-42933 Implement a Mock OCSP responder for testing

2 files changed, 148 insertions, 0 deletions

diff --git a/jstests/ocsp/lib/mock_ocsp.js b/jstests/ocsp/lib/mock_ocsp.js
new file mode 100644
index 00000000000..3795cf2fee2
--- /dev/null
+++ b/jstests/ocsp/lib/mock_ocsp.js
@@ -0,0 +1,78 @@
+/**
+ * Starts a mock OCSP Server to test
+ * OCSP certificate revocation.
+ */
+
+// These are a list of faults to match the list of faults
+// in ocsp_mock.py.
+const FAULT_REVOKED = "revoked";
+const FAULT_UNKNOWN = "unknown";
+
+const OCSP_PROGRAM = "jstests/ocsp/lib/ocsp_mock.py";
+
+class MockOCSPServer {
+    /**
+     * Create a new OCSP Server.
+     *
+     * @param {string} fault_type
+     */
+    constructor(fault_type) {
+        this.python = "python3";
+        this.fault_type = fault_type;
+
+        if (_isWindows()) {
+            this.python = "python.exe";
+        }
+
+        print("Using python interpreter: " + this.python);
+        this.ca_file = "jstests/libs/ocsp/ca.crt";
+        this.ocsp_cert_file = "jstests/libs/ocsp/ocsp_cert.crt";
+        this.ocsp_cert_key = "jstests/libs/ocsp/ocsp_cert.key";
+        // The port must be hard coded to match the port of the
+        // responder in the certificates.
+        this.port = 8100;
+    }
+
+    start() {
+        print("Mock OCSP Server will listen on port: " + this.port);
+        let args = [
+            this.python,
+            "-u",
+            OCSP_PROGRAM,
+            "-p=" + this.port,
+            "--ca_file=" + this.ca_file,
+            "--ocsp_responder_cert=" + this.ocsp_cert_file,
+            "--ocsp_responder_key=" + this.ocsp_cert_key
+        ];
+
+        this.pid = _startMongoProgram({args: args});
+        assert(checkProgram(this.pid).alive);
+
+        if (this.fault_type) {
+            args.push("--fault=" + this.fault_type);
+        }
+
+        assert.soon(function() {
+            return rawMongoProgramOutput().search("Mock OCSP Responder is running") !== -1;
+        });
+
+        sleep(1000);
+        print("Mock OCSP Server successfully started");
+    }
+
+    /**
+     * Get the URL.
+     *
+     * @return {string} url of http server
+     */
+    getURL() {
+        return "http://localhost:" + this.port;
+    }
+
+    /**
+     * Stop the web server
+     */
+    stop() {
+        stopMongoProgramByPid(this.pid);
+    }
+}
\ No newline at end of file
diff --git a/jstests/ocsp/lib/ocsp_mock.py b/jstests/ocsp/lib/ocsp_mock.py
new file mode 100644
index 00000000000..eeba8bf184d
--- /dev/null
+++ b/jstests/ocsp/lib/ocsp_mock.py
@@ -0,0 +1,70 @@
+#! /usr/bin/env python3
+"""
+Python script to interface as a mock OCSP responder.
+"""
+
+import argparse
+import logging
+from datetime import datetime
+from ocspresponder import OCSPResponder, CertificateStatus
+
+FAULT_REVOKED = "revoked"
+FAULT_UNKNOWN = "unknown"
+
+fault = None
+
+def validate(serial: int):
+    if fault == FAULT_REVOKED:
+        return (CertificateStatus.revoked, datetime.today())
+    elif fault == FAULT_UNKNOWN:
+        return (CertificateStatus.unknown, None)
+    return (CertificateStatus.good, None)
+
+def get_cert(serial: int):
+    """
+    Assume the certificates are stored in the ``certs`` directory with the
+    serial as base filename.
+    """
+    with open('jstests/libs/ocsp/serial/server-%s.pem' % serial, 'r') as f:
+        return f.read().strip()
+
+def main():
+    """Main entry point"""
+    parser = argparse.ArgumentParser(description="MongoDB Mock OCSP Responder.")
+
+    parser.add_argument('-p', '--port', type=int, default=8080, help="Port to listen on")
+
+    parser.add_argument('--ca_file', type=str, required=True, help="CA file for OCSP responder")
+
+    parser.add_argument('-v', '--verbose', action='count', help="Enable verbose tracing")
+
+    parser.add_argument('--ocsp_responder_cert', type=str, required=True, help="OCSP Responder Certificate")
+
+    parser.add_argument('--ocsp_responder_key', type=str, required=True, help="OCSP Responder Keyfile")
+
+    parser.add_argument('--fault', choices=[FAULT_REVOKED, FAULT_UNKNOWN], type=str, help="Specify a specific fault to test")
+
+    args = parser.parse_args()
+    if args.verbose:
+        logging.basicConfig(level=logging.DEBUG)
+
+    global fault
+    if args.fault:
+        fault = args.fault
+
+    print('Initializing OCSP Responder')
+    app = OCSPResponder(
+        args.ca_file, args.ocsp_responder_cert, args.ocsp_responder_key,
+        validate_func=validate,
+        cert_retrieve_func=get_cert,
+    )
+
+    if args.verbose:
+        app.serve(args.port, debug=True)
+    else:
+        app.serve(args.port)
+
+    print('Mock OCSP Responder is running on port %s' % (str(args.port)))
+
+if __name__ == '__main__':
+    main()