summaryrefslogtreecommitdiff
path: root/jstests/ssl
diff options
context:
space:
mode:
authorCharlie Swanson <charlie.swanson@mongodb.com>2015-09-01 16:19:57 -0400
committerCharlie Swanson <charlie.swanson@mongodb.com>2015-09-09 13:14:48 -0400
commitc15f4bb96d2ee86874582d45d1865e9358168e7e (patch)
tree92c788863ae91a8b9c5801e1d536d7ef1a02ec05 /jstests/ssl
parentf5e063d4785b0460ab41de8cc4b537e5e2151338 (diff)
downloadmongo-c15f4bb96d2ee86874582d45d1865e9358168e7e.tar.gz
SERVER-18272 Update jstests to use allocatePort() instead of hard coding ports
Diffstat (limited to 'jstests/ssl')
-rw-r--r--jstests/ssl/set_parameter_ssl.js32
-rw-r--r--jstests/ssl/ssl_cert_password.js18
-rw-r--r--jstests/ssl/ssl_fips.js7
-rw-r--r--jstests/ssl/ssl_hostname_validation.js27
-rw-r--r--jstests/ssl/x509_client.js6
5 files changed, 43 insertions, 47 deletions
diff --git a/jstests/ssl/set_parameter_ssl.js b/jstests/ssl/set_parameter_ssl.js
index 801d4e15b72..98a4065b8a0 100644
--- a/jstests/ssl/set_parameter_ssl.js
+++ b/jstests/ssl/set_parameter_ssl.js
@@ -1,16 +1,15 @@
-// Test changing the --sslMode and --clusterAuthMode
-// parameters using setParameter
+// Test changing the --sslMode and --clusterAuthMode parameters using setParameter
var SERVER_CERT = "jstests/libs/server.pem"
var CA_CERT = "jstests/libs/ca.pem"
-port = allocatePorts(1)[0];
function testSSLTransition(oldMode, newMode, shouldSucceed) {
- var conn = MongoRunner.runMongod({port: port,
- sslMode: oldMode,
- sslPEMKeyFile: SERVER_CERT,
- sslCAFile: CA_CERT});
-
+ var conn = MongoRunner.runMongod({
+ sslMode: oldMode,
+ sslPEMKeyFile: SERVER_CERT,
+ sslCAFile: CA_CERT
+ });
+
var adminDB = conn.getDB("admin");
adminDB.createUser({user: "root", pwd: "pwd", roles: ['root']});
adminDB.auth("root", "pwd");
@@ -18,16 +17,17 @@ function testSSLTransition(oldMode, newMode, shouldSucceed) {
"sslMode" : newMode });
assert(res["ok"] == shouldSucceed, tojson(res));
- MongoRunner.stopMongod(port);
+ MongoRunner.stopMongod(conn.port);
}
function testAuthModeTransition(oldMode, newMode, sslMode, shouldSucceed) {
- var conn = MongoRunner.runMongod({port: port,
- sslMode: sslMode,
- sslPEMKeyFile: SERVER_CERT,
- sslCAFile: CA_CERT,
- clusterAuthMode: oldMode});
-
+ var conn = MongoRunner.runMongod({
+ sslMode: sslMode,
+ sslPEMKeyFile: SERVER_CERT,
+ sslCAFile: CA_CERT,
+ clusterAuthMode: oldMode
+ });
+
var adminDB = conn.getDB("admin");
adminDB.createUser({user: "root", pwd: "pwd", roles: ['root']});
adminDB.auth("root", "pwd");
@@ -35,7 +35,7 @@ function testAuthModeTransition(oldMode, newMode, sslMode, shouldSucceed) {
"clusterAuthMode" : newMode });
assert(res["ok"] == shouldSucceed, tojson(res));
- MongoRunner.stopMongod(port);
+ MongoRunner.stopMongod(conn.port);
}
testSSLTransition("allowSSL", "invalid", false);
diff --git a/jstests/ssl/ssl_cert_password.js b/jstests/ssl/ssl_cert_password.js
index 1c0e271be20..7e04755329a 100644
--- a/jstests/ssl/ssl_cert_password.js
+++ b/jstests/ssl/ssl_cert_password.js
@@ -2,7 +2,6 @@
// This tests that providing a proper password works and that providing no password or incorrect
// password fails. It uses both mongod and mongo to run the tests, since the mongod binary
// does not return error statuses to indicate an error.
-port = allocatePorts( 1 )[ 0 ];
var baseName = "jstests_ssl_ssl_cert_password";
var dbpath = MongoRunner.dataPath + baseName;
var external_scratch_dir = MongoRunner.dataPath + baseName + "/external/";
@@ -11,7 +10,6 @@ mkdir(external_scratch_dir);
// Password is correct
var md = MongoRunner.runMongod({nopreallocj: "",
- port: port,
dbpath: dbpath,
sslMode: "requireSSL",
sslPEMKeyFile: "jstests/libs/password_protected.pem",
@@ -21,7 +19,7 @@ var md = MongoRunner.runMongod({nopreallocj: "",
// Password incorrect; error logged is:
// error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
-var exit_code = runMongoProgram("mongo", "--port", port,
+var exit_code = runMongoProgram("mongo", "--port", md.port,
"--ssl", "--sslAllowInvalidCertificates",
"--sslPEMKeyFile", "jstests/libs/password_protected.pem",
"--sslPEMKeyPassword", "barf");
@@ -36,7 +34,7 @@ c.save({ a : 22 });
assert.eq(1, c.count(), "failed to insert document into dumprestore_ssl.foo collection");
exit_code = runMongoProgram("mongodump", "--out", external_scratch_dir,
- "--port", port,
+ "--port", md.port,
"--ssl",
"--sslPEMKeyFile", "jstests/libs/password_protected.pem",
"--sslPEMKeyPassword", "qwerty");
@@ -47,7 +45,7 @@ c.drop();
assert.eq(0, c.count(), "dumprestore_ssl.foo collection is not empty after drop");
exit_code = runMongoProgram("mongorestore", "--dir", external_scratch_dir,
- "--port", port,
+ "--port", md.port,
"--ssl",
"--sslPEMKeyFile", "jstests/libs/password_protected.pem",
"--sslPEMKeyPassword", "qwerty");
@@ -71,7 +69,7 @@ var exportimport_file = "data.json";
exit_code = runMongoProgram("mongoexport", "--out", external_scratch_dir + exportimport_file,
"-d", exportimport_ssl_dbname, "-c", "foo",
- "--port", port,
+ "--port", md.port,
"--ssl",
"--sslPEMKeyFile", "jstests/libs/password_protected.pem",
"--sslPEMKeyPassword", "qwerty");
@@ -83,7 +81,7 @@ assert.eq(0, c.count(), "afterdrop", "-d", exportimport_ssl_dbname, "-c", "foo")
exit_code = runMongoProgram("mongoimport", "--file", external_scratch_dir + exportimport_file,
"-d", exportimport_ssl_dbname, "-c", "foo",
- "--port", port,
+ "--port", md.port,
"--ssl",
"--sslPEMKeyFile", "jstests/libs/password_protected.pem",
"--sslPEMKeyPassword", "qwerty");
@@ -104,7 +102,7 @@ source_filename = 'jstests/ssl/ssl_cert_password.js'
filename = 'ssl_cert_password.js'
exit_code = runMongoProgram("mongofiles", "-d", mongofiles_ssl_dbname, "put", source_filename,
- "--port", port,
+ "--port", md.port,
"--ssl",
"--sslPEMKeyFile", "jstests/libs/password_protected.pem",
"--sslPEMKeyPassword", "qwerty");
@@ -122,7 +120,7 @@ assert.eq(md5, md5_computed, "md5 computed incorrectly by server");
exit_code = runMongoProgram("mongofiles", "-d", mongofiles_ssl_dbname, "get", source_filename,
"-l", external_scratch_dir + filename,
- "--port", port,
+ "--port", md.port,
"--ssl",
"--sslPEMKeyFile", "jstests/libs/password_protected.pem",
"--sslPEMKeyPassword", "qwerty");
@@ -134,6 +132,6 @@ assert.eq(md5, md5_stored, "hash of stored file does not match the expected valu
if (!_isWindows()) {
// Stop the server
- var exitCode = MongoRunner.stopMongod(port, 15);
+ var exitCode = MongoRunner.stopMongod(md.port, 15);
assert(exitCode == 0);
}
diff --git a/jstests/ssl/ssl_fips.js b/jstests/ssl/ssl_fips.js
index 3de4696d582..c831a040f52 100644
--- a/jstests/ssl/ssl_fips.js
+++ b/jstests/ssl/ssl_fips.js
@@ -1,14 +1,11 @@
// Test mongod start with FIPS mode enabled
-ports = allocatePorts(1);
-port1 = ports[0];
-var md = MongoRunner.runMongod({port: port1,
- sslMode: "requireSSL",
+var md = MongoRunner.runMongod({sslMode: "requireSSL",
sslPEMKeyFile: "jstests/libs/server.pem",
sslCAFile: "jstests/libs/ca.pem",
sslFIPSMode: ""});
var mongo = runMongoProgram("mongo",
- "--port", port1,
+ "--port", md.port,
"--ssl",
"--sslAllowInvalidCertificates",
"--sslPEMKeyFile", "jstests/libs/client.pem",
diff --git a/jstests/ssl/ssl_hostname_validation.js b/jstests/ssl/ssl_hostname_validation.js
index 98f99b557e2..6ec02381094 100644
--- a/jstests/ssl/ssl_hostname_validation.js
+++ b/jstests/ssl/ssl_hostname_validation.js
@@ -7,31 +7,34 @@ var SAN_CERT = "jstests/libs/localhostnameSAN.pem";
var CLIENT_CERT = "jstests/libs/client.pem"
var BAD_SAN_CERT = "jstests/libs/badSAN.pem";
-port = allocatePorts(1)[0];
-
function testCombination(certPath, allowInvalidHost, allowInvalidCert, shouldSucceed) {
- MongoRunner.runMongod({port: port,
- sslMode: "requireSSL",
- sslPEMKeyFile: certPath,
- sslCAFile: CA_CERT});
+ var mongod = MongoRunner.runMongod({sslMode: "requireSSL",
+ sslPEMKeyFile: certPath,
+ sslCAFile: CA_CERT});
var mongo;
if (allowInvalidCert) {
- mongo = runMongoProgram("mongo", "--port", port, "--ssl",
- "--sslCAFile", CA_CERT,
+ mongo = runMongoProgram("mongo",
+ "--port", mongod.port,
+ "--ssl",
+ "--sslCAFile", CA_CERT,
"--sslPEMKeyFile", CLIENT_CERT,
"--sslAllowInvalidCertificates",
"--eval", ";");
}
else if (allowInvalidHost) {
- mongo = runMongoProgram("mongo", "--port", port, "--ssl",
+ mongo = runMongoProgram("mongo",
+ "--port", mongod.port,
+ "--ssl",
"--sslCAFile", CA_CERT,
"--sslPEMKeyFile", CLIENT_CERT,
"--sslAllowInvalidHostnames",
"--eval", ";");
} else {
- mongo = runMongoProgram("mongo", "--port", port, "--ssl",
- "--sslCAFile", CA_CERT,
+ mongo = runMongoProgram("mongo",
+ "--port", mongod.port,
+ "--ssl",
+ "--sslCAFile", CA_CERT,
"--sslPEMKeyFile", CLIENT_CERT,
"--eval", ";");
}
@@ -46,7 +49,7 @@ function testCombination(certPath, allowInvalidHost, allowInvalidCert, shouldSuc
assert.eq(1, mongo, "Connection attempt succeeded when it should fail certPath: " +
certPath);
}
- MongoRunner.stopMongod(port);
+ MongoRunner.stopMongod(mongod.port);
}
// 1. Test client connections with different server certificates
diff --git a/jstests/ssl/x509_client.js b/jstests/ssl/x509_client.js
index 642c87ff289..59b5b268e63 100644
--- a/jstests/ssl/x509_client.js
+++ b/jstests/ssl/x509_client.js
@@ -20,8 +20,6 @@ var CA_CERT = "jstests/libs/ca.pem"
var CLIENT_USER = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=client"
var INVALID_CLIENT_USER = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=invalid"
-port = allocatePorts(1)[0];
-
function authAndTest(mongo) {
external = mongo.getDB("$external")
test = mongo.getDB("test");
@@ -53,10 +51,10 @@ var x509_options = {sslMode : "requireSSL",
sslPEMKeyFile : SERVER_CERT,
sslCAFile : CA_CERT};
-var mongo = MongoRunner.runMongod(Object.merge(x509_options, {port: port, auth: ""}));
+var mongo = MongoRunner.runMongod(Object.merge(x509_options, {auth: ""}));
authAndTest(mongo);
-MongoRunner.stopMongod(port);
+MongoRunner.stopMongod(mongo.port);
print("2. Testing x.509 auth to mongos");
View Lorry Controller Status