diff options
author | Sara Golemon <sara.golemon@mongodb.com> | 2018-03-17 14:40:13 -0400 |
---|---|---|
committer | Sara Golemon <sara.golemon@mongodb.com> | 2018-04-02 19:58:23 -0400 |
commit | c872bdd8d24a7beb9df42cbe227e99d6738ba71e (patch) | |
tree | 62ca0a42ae0ff5e20e13184c72ff2605c9b9feb8 /jstests/ssl/ssl_cert_selector_apple.js | |
parent | 069b34c332ea7e8330759037df7bc4bc7d207f2f (diff) | |
download | mongo-c872bdd8d24a7beb9df42cbe227e99d6738ba71e.tar.gz |
SERVER-34139 Add certificate selector for Apple for SecureTransport
Diffstat (limited to 'jstests/ssl/ssl_cert_selector_apple.js')
-rw-r--r-- | jstests/ssl/ssl_cert_selector_apple.js | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_cert_selector_apple.js b/jstests/ssl/ssl_cert_selector_apple.js new file mode 100644 index 00000000000..ae65612a98d --- /dev/null +++ b/jstests/ssl/ssl_cert_selector_apple.js @@ -0,0 +1,63 @@ +/** + * Validate that the server can load certificates from the + * Secure Transport certificate store. + * + * Don't actually try to connect via SSL, because without interactivity, + * we won't be able to click on the "Allow" button that Apple insists on presenting. + * + * Just verify that we can startup when we select a valid cert, + * and fail when we do not. + */ + +load('jstests/ssl/libs/ssl_helpers.js'); + +requireSSLProvider('apple', function() { + 'use strict'; + + const CLIENT = + 'C=US,ST=New York,L=New York City,O=MongoDB,OU=Kernel,CN=Trusted Kernel Test Client'; + const SERVER = + 'C=US,ST=New York,L=New York City,O=MongoDB,OU=Kernel,CN=Trusted Kernel Test Server'; + const INVALID = null; + + const testCases = [ + {selector: 'thumbprint=D7421F7442CA313821E19EE0509721F4D60B25A8', name: SERVER}, + {selector: 'subject=Trusted Kernel Test Server', name: SERVER}, + {selector: 'thumbprint=9CA511552F14D3FC2009D425873599BF77832238', name: CLIENT}, + {selector: 'subject=Trusted Kernel Test Client', name: CLIENT}, + {selector: 'thumbprint=D7421F7442CA313821E19EE0509721F4D60B25A9', name: INVALID}, + {selector: 'subject=Unknown Test Client', name: INVALID} + ]; + + function test(cert, cluster) { + const opts = { + sslMode: 'requireSSL', + sslCertificateSelector: cert.selector, + sslClusterCertificateSelector: cluster.selector, + waitForConnect: false + }; + clearRawMongoProgramOutput(); + const mongod = MongoRunner.runMongod(opts); + + assert.soon(function() { + const log = rawMongoProgramOutput(); + if ((cert.name === null) || (cluster.name === null)) { + // Invalid search criteria should fail. + return log.search('Certificate selector returned no results') >= 0; + } + // Valid search criteria should show our Subject Names. + const certOK = log.search('Server Certificate Name: ' + cert.name) >= 0; + const clusOK = log.search('Client Certificate Name: ' + cluster.name) >= 0; + return certOK && clusOK; + }, "Starting Mongod with " + tojson(opts), 10000); + + const killOpts = {allowedExitCode: MongoRunner.EXIT_SIGKILL}; + MongoRunner.stopMongod(mongod, undefined, killOpts); + } + + testCases.forEach(cert => { + testCases.forEach(cluster => { + test(cert, cluster); + }); + }); +}); |