SERVER-7455 x.509 cluster auth tests

4 files changed, 104 insertions, 1 deletions

diff --git a/jstests/replsets/initial_sync1.js b/jstests/replsets/initial_sync1.js
index 373015afb1c..fe04aeefe5a 100644
--- a/jstests/replsets/initial_sync1.js
+++ b/jstests/replsets/initial_sync1.js
@@ -130,3 +130,5 @@ master.getDB("admin").runCommand({replSetTest:1, sethbmsg:"foo bar baz"});
 var status = master.getDB("admin").runCommand({replSetGetStatus:1});
 printjson(status);
 assert.eq(status.members[0].errmsg, "foo bar baz");
+stopMongod(ports[2]);
+replTest.stopSet();
diff --git a/jstests/replsets/rslib.js b/jstests/replsets/rslib.js
index 0a12a45e838..8b7d2ed1263 100644
--- a/jstests/replsets/rslib.js
+++ b/jstests/replsets/rslib.js
@@ -44,7 +44,7 @@ var reconnect = function(a) {
           db = a;
         }
         db.bar.stats();
-        if (jsTest.options().keyFile) { // SERVER-4241: Shell connections don't re-authenticate on reconnect
+        if (jsTest.options().keyFile || jsTest.options().useX509) { // SERVER-4241: Shell connections don't re-authenticate on reconnect
           return jsTest.authenticate(db.getMongo());
         }
         return true;
diff --git a/jstests/ssl/initial_sync1_x509.js b/jstests/ssl/initial_sync1_x509.js
new file mode 100644
index 00000000000..7206e98402c
--- /dev/null
+++ b/jstests/ssl/initial_sync1_x509.js
@@ -0,0 +1,37 @@
+// Basic tests for cluster authentication using x509
+// This test is launching replsets/initial_sync1.js with different 
+// values for clusterAuthMode to emulate an upgrade process.
+
+var common_options = {sslOnNormalPorts : "",
+                      sslPEMKeyFile : "jstests/libs/server.pem",
+                      sslCAFile: "jstests/libs/ca.pem",
+                      keyFile : "jstests/libs/key1"};
+
+// Standard case, clusterAuthMode: x509
+x509_options1 = Object.merge(common_options, 
+                             {sslClusterFile: "jstests/libs/cluster-cert.pem",
+                              clusterAuthMode: "x509"});
+var x509_options2 = x509_options1;
+load("jstests/replsets/initial_sync1.js");
+
+// Mixed clusterAuthMode: sendX509 and sendKeyfile and try adding --auth 
+x509_options1 = Object.merge(common_options, 
+                             {sslClusterFile: "jstests/libs/cluster-cert.pem",
+                              clusterAuthMode: "x509",
+                              auth: ""});
+x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendKeyfile"});
+load("jstests/replsets/initial_sync1.js");
+
+// Mixed clusterAuthMode: x509 and sendX509, use the PEMKeyFile for outgoing connections 
+x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"});
+x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendX509"});
+load("jstests/replsets/initial_sync1.js");
+
+// verify that replset initiate fails if using a self-signed cert
+x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"});
+x509_options2 = Object.merge(common_options, 
+                             {sslClusterFile: "jstests/libs/smoke.pem",
+                              clusterAuthMode: "x509"});
+var replTest = new ReplSetTest({nodes : {node0 : x509_options1, node1 : x509_options2}});
+var conns = replTest.startSet();
+assert.throws( function() { replTest.initiate() } );
diff --git a/jstests/ssl/sharding_with_x509.js b/jstests/ssl/sharding_with_x509.js
new file mode 100644
index 00000000000..6daf9e23675
--- /dev/null
+++ b/jstests/ssl/sharding_with_x509.js
@@ -0,0 +1,64 @@
+// Tests basic sharding with x509 cluster auth 
+// The purpose is to verify the connectivity between mongos and the shards
+
+var x509_options = {sslOnNormalPorts : "",
+                    sslPEMKeyFile : "jstests/libs/server.pem",
+                    sslCAFile: "jstests/libs/ca.pem",
+                    sslClusterFile: "jstests/libs/cluster-cert.pem",
+                    clusterAuthMode: "x509"};
+
+var st = new ShardingTest({ name : "sharding_with_x509" ,
+                            shards : 2,
+                            mongos : 1,
+                            keyFile : "jstests/libs/key1",
+                            other: {
+                                configOptions : x509_options,
+                                mongosOptions : x509_options,
+                                rsOptions : x509_options,
+                                shardOptions : x509_options
+                            }});
+
+var mongos = new Mongo( "localhost:" + st.s0.port )
+var coll = mongos.getCollection( "test.foo" )
+
+st.shardColl( coll, { _id : 1 }, false )
+
+// Create an index so we can find by num later
+coll.ensureIndex({ insert : 1 })
+
+print( "starting insertion phase" )
+
+// Insert a bunch of data
+var toInsert = 2000
+for( var i = 0; i < toInsert; i++ ){
+    coll.insert({ my : "test", data : "to", insert : i })
+}
+
+assert.eq( coll.getDB().getLastError(), null )
+
+print( "starting updating phase" )
+
+// Update a bunch of data
+var toUpdate = toInsert
+for( var i = 0; i < toUpdate; i++ ){
+    var id = coll.findOne({ insert : i })._id
+    coll.update({ insert : i, _id : id }, { $inc : { counter : 1 } })
+}
+
+assert.eq( coll.getDB().getLastError(), null )
+
+print( "starting deletion" )
+
+// Remove a bunch of data
+var toDelete = toInsert / 2
+for( var i = 0; i < toDelete; i++ ){
+    coll.remove({ insert : i })
+}
+
+assert.eq( coll.getDB().getLastError(), null )
+
+// Make sure the right amount of data is there
+assert.eq( coll.find().count(), toInsert / 2 )
+
+// Finish
+st.stop()