SERVER-8864 Tests for SSL mixed-mode

author: Andreas Nilsson <andreas.nilsson@10gen.com> 2013-10-11 13:56:29 -0400
committer: Andreas Nilsson <andreas.nilsson@10gen.com> 2013-10-22 14:34:45 -0400
commit: 1452ef1ef0439bb9ee7a44df6d3bce73f4b12f63 (patch)
tree: f78421786692ce146d0480c541a3b5d630234105 /jstests/sslSpecial
parent: 75135b965a7d9af110bd42bc40e9ad6dfac254ab (diff)
download: mongo-1452ef1ef0439bb9ee7a44df6d3bce73f4b12f63.tar.gz
2 files changed, 63 insertions, 0 deletions
diff --git a/jstests/sslSpecial/ssl_mixedmode.js b/jstests/sslSpecial/ssl_mixedmode.js
new file mode 100644
index 00000000000..dba6fd57b2b
--- /dev/null
+++ b/jstests/sslSpecial/ssl_mixedmode.js
@@ -0,0 +1,55 @@
+// Test the --sslMode parameter
+// This tests runs through the 8 possible combinations of sslMode values
+// and SSL-enabled and disabled shell respectively. For each combination
+// expected behavior is verified. 
+var SERVER_CERT = "jstests/libs/server.pem"
+var CA_CERT = "jstests/libs/ca.pem" 
+var CLIENT_CERT = "jstests/libs/client.pem"
+
+var baseName = "jstests_mixed_mode_ssl"
+port = allocatePorts(1)[0];
+
+function testCombination(sslMode, sslShell, shouldSucceed) {
+    if (sslMode == "noSSL") {
+        MongoRunner.runMongod({port: port});
+    }
+    else {
+        MongoRunner.runMongod({port: port,
+                               sslMode: sslMode, 
+                               sslPEMKeyFile: SERVER_CERT,
+                               sslCAFile: CA_CERT});
+    }
+
+    var mongo;
+    if (sslShell) {
+        mongo = runMongoProgram("mongo", "--port", port, "--ssl", 
+                                "--sslPEMKeyFile", CLIENT_CERT,
+                                "--eval", ";");
+    }
+    else {
+        mongo = runMongoProgram("mongo", "--port", port,
+                                "--eval", ";");
+    }
+
+    if (shouldSucceed) {
+        // runMongoProgram returns 0 on success
+        assert.eq(0, mongo, "Connection attempt failed when it should succeed sslMode:" + 
+                  sslMode + " SSL-shell:" + sslShell);
+    }
+    else {
+        // runMongoProgram returns 1 on failure
+        assert.eq(1, mongo, "Connection attempt succeeded when it should fail sslMode:" + 
+                  sslMode + " SSL-shell:" + sslShell);
+    }
+    stopMongod(port);
+}
+
+testCombination("noSSL", false, true);
+testCombination("acceptSSL", false, true);
+testCombination("sendAcceptSSL", false, true);
+testCombination("sslOnly", false, false);
+testCombination("noSSL", true, false);
+testCombination("acceptSSL", true, true);
+testCombination("sendAcceptSSL", true, true);
+testCombination("sslOnly", true, true);
+
diff --git a/jstests/sslSpecial/ssl_mixedmode2.js b/jstests/sslSpecial/ssl_mixedmode2.js
new file mode 100644
index 00000000000..75e8c1c69d4
--- /dev/null
+++ b/jstests/sslSpecial/ssl_mixedmode2.js
@@ -0,0 +1,8 @@
+// Test mixed sslMode noSSL/acceptSSL, this test cannot be run
+// from the /ssl directory since the --use-ssl passthrough
+// will make it impossible for the shell to connect to the replicas
+ssl_options1 = {sslMode : "noSSL"};
+ssl_options2 = {sslMode : "acceptSSL",
+               sslPEMKeyFile : "jstests/libs/server.pem",
+               sslCAFile: "jstests/libs/ca.pem"};
+load("jstests/replsets/replset1.js");
author	Andreas Nilsson <andreas.nilsson@10gen.com>	2013-10-11 13:56:29 -0400
committer	Andreas Nilsson <andreas.nilsson@10gen.com>	2013-10-22 14:34:45 -0400
commit	1452ef1ef0439bb9ee7a44df6d3bce73f4b12f63 (patch)
tree	f78421786692ce146d0480c541a3b5d630234105 /jstests/sslSpecial
parent	75135b965a7d9af110bd42bc40e9ad6dfac254ab (diff)
download	mongo-1452ef1ef0439bb9ee7a44df6d3bce73f4b12f63.tar.gz