SERVER-7455 x.509 cluster auth tests

author: Andreas Nilsson <andreas.nilsson@10gen.com> 2013-10-02 17:43:16 -0400
committer: Andreas Nilsson <andreas.nilsson@10gen.com> 2013-10-03 12:25:08 -0400
commit: 7db361fe2dac4a533f3f51bf51a2c35b99488cc1 (patch)
tree: 4402202fd76a28e5292df9326a0174bf471ec458 /jstests/ssl
parent: b9420625a99eca29a02946ee24e9cfa1a4311342 (diff)
download: mongo-7db361fe2dac4a533f3f51bf51a2c35b99488cc1.tar.gz
2 files changed, 101 insertions, 0 deletions
diff --git a/jstests/ssl/initial_sync1_x509.js b/jstests/ssl/initial_sync1_x509.js
new file mode 100644
index 00000000000..7206e98402c
--- /dev/null
+++ b/jstests/ssl/initial_sync1_x509.js
@@ -0,0 +1,37 @@
+// Basic tests for cluster authentication using x509
+// This test is launching replsets/initial_sync1.js with different 
+// values for clusterAuthMode to emulate an upgrade process.
+
+var common_options = {sslOnNormalPorts : "",
+                      sslPEMKeyFile : "jstests/libs/server.pem",
+                      sslCAFile: "jstests/libs/ca.pem",
+                      keyFile : "jstests/libs/key1"};
+
+// Standard case, clusterAuthMode: x509
+x509_options1 = Object.merge(common_options, 
+                             {sslClusterFile: "jstests/libs/cluster-cert.pem",
+                              clusterAuthMode: "x509"});
+var x509_options2 = x509_options1;
+load("jstests/replsets/initial_sync1.js");
+
+// Mixed clusterAuthMode: sendX509 and sendKeyfile and try adding --auth 
+x509_options1 = Object.merge(common_options, 
+                             {sslClusterFile: "jstests/libs/cluster-cert.pem",
+                              clusterAuthMode: "x509",
+                              auth: ""});
+x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendKeyfile"});
+load("jstests/replsets/initial_sync1.js");
+
+// Mixed clusterAuthMode: x509 and sendX509, use the PEMKeyFile for outgoing connections 
+x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"});
+x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendX509"});
+load("jstests/replsets/initial_sync1.js");
+
+// verify that replset initiate fails if using a self-signed cert
+x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"});
+x509_options2 = Object.merge(common_options, 
+                             {sslClusterFile: "jstests/libs/smoke.pem",
+                              clusterAuthMode: "x509"});
+var replTest = new ReplSetTest({nodes : {node0 : x509_options1, node1 : x509_options2}});
+var conns = replTest.startSet();
+assert.throws( function() { replTest.initiate() } );
diff --git a/jstests/ssl/sharding_with_x509.js b/jstests/ssl/sharding_with_x509.js
new file mode 100644
index 00000000000..6daf9e23675
--- /dev/null
+++ b/jstests/ssl/sharding_with_x509.js
@@ -0,0 +1,64 @@
+// Tests basic sharding with x509 cluster auth 
+// The purpose is to verify the connectivity between mongos and the shards
+
+var x509_options = {sslOnNormalPorts : "",
+                    sslPEMKeyFile : "jstests/libs/server.pem",
+                    sslCAFile: "jstests/libs/ca.pem",
+                    sslClusterFile: "jstests/libs/cluster-cert.pem",
+                    clusterAuthMode: "x509"};
+
+var st = new ShardingTest({ name : "sharding_with_x509" ,
+                            shards : 2,
+                            mongos : 1,
+                            keyFile : "jstests/libs/key1",
+                            other: {
+                                configOptions : x509_options,
+                                mongosOptions : x509_options,
+                                rsOptions : x509_options,
+                                shardOptions : x509_options
+                            }});
+
+var mongos = new Mongo( "localhost:" + st.s0.port )
+var coll = mongos.getCollection( "test.foo" )
+
+st.shardColl( coll, { _id : 1 }, false )
+
+// Create an index so we can find by num later
+coll.ensureIndex({ insert : 1 })
+
+print( "starting insertion phase" )
+
+// Insert a bunch of data
+var toInsert = 2000
+for( var i = 0; i < toInsert; i++ ){
+    coll.insert({ my : "test", data : "to", insert : i })
+}
+
+assert.eq( coll.getDB().getLastError(), null )
+
+print( "starting updating phase" )
+
+// Update a bunch of data
+var toUpdate = toInsert
+for( var i = 0; i < toUpdate; i++ ){
+    var id = coll.findOne({ insert : i })._id
+    coll.update({ insert : i, _id : id }, { $inc : { counter : 1 } })
+}
+
+assert.eq( coll.getDB().getLastError(), null )
+
+print( "starting deletion" )
+
+// Remove a bunch of data
+var toDelete = toInsert / 2
+for( var i = 0; i < toDelete; i++ ){
+    coll.remove({ insert : i })
+}
+
+assert.eq( coll.getDB().getLastError(), null )
+
+// Make sure the right amount of data is there
+assert.eq( coll.find().count(), toInsert / 2 )
+
+// Finish
+st.stop()
author	Andreas Nilsson <andreas.nilsson@10gen.com>	2013-10-02 17:43:16 -0400
committer	Andreas Nilsson <andreas.nilsson@10gen.com>	2013-10-03 12:25:08 -0400
commit	7db361fe2dac4a533f3f51bf51a2c35b99488cc1 (patch)
tree	4402202fd76a28e5292df9326a0174bf471ec458 /jstests/ssl
parent	b9420625a99eca29a02946ee24e9cfa1a4311342 (diff)
download	mongo-7db361fe2dac4a533f3f51bf51a2c35b99488cc1.tar.gz