diff options
-rw-r--r-- | jstests/ssl/x509_invalid.js | 76 |
1 files changed, 47 insertions, 29 deletions
diff --git a/jstests/ssl/x509_invalid.js b/jstests/ssl/x509_invalid.js index 014d0aa4f62..0e713f8e84d 100644 --- a/jstests/ssl/x509_invalid.js +++ b/jstests/ssl/x509_invalid.js @@ -9,13 +9,47 @@ const SERVER_CERT = 'jstests/libs/server.pem'; const CA_CERT = 'jstests/libs/ca.pem'; const SELF_SIGNED_CERT = 'jstests/libs/client-self-signed.pem'; -function testClient(conn, cert, name, shouldSucceed) { +function hasX509AuthSucceeded(conn) { + if (checkLog.checkContainsOnce(conn, 'Successfully authenticated')) { + return true; + } + if (checkLog.checkContainsOnce(conn, 'No verified subject name available from client')) { + return false; + } + print("Not yet clear what was the result..."); + return null; +} + +function testClient(cert, name, shouldSucceed) { + print("Starting mongod..."); + const conn = MongoRunner.runMongod({ + auth: '', + sslMode: 'requireSSL', + sslPEMKeyFile: SERVER_CERT, + sslCAFile: CA_CERT, + sslAllowInvalidCertificates: '', + }); + + print("Creating admin user..."); + const admin = conn.getDB('admin'); + admin.createUser({user: "admin", pwd: "admin", roles: ["root"]}); + admin.auth('admin', 'admin'); + + print("Creating external user..."); + const external = conn.getDB('$external'); + external.createUser({user: CLIENT_NAME, roles: [{'role': 'readWrite', 'db': 'test'}]}); + let auth = {mechanism: 'MONGODB-X509'}; if (name !== null) { auth.user = name; } + + print("Running mongo shell script..."); + if (!shouldSucceed) { + print("Note: following shell command is expected to fail"); + } + const script = 'assert(db.getSiblingDB(\'$external\').auth(' + tojson(auth) + '));'; - clearRawMongoProgramOutput(); const exitCode = runMongoProgram('mongo', '--ssl', '--sslAllowInvalidHostnames', @@ -28,35 +62,19 @@ function testClient(conn, cert, name, shouldSucceed) { '--eval', script); + print("Analyzing results..."); assert.eq(shouldSucceed, exitCode === 0, "exitCode = " + tojson(exitCode)); - assert.soon(() => { - return !shouldSucceed === - rawMongoProgramOutput().includes('No verified subject name available from client'); - }); -} - -function runTest(conn) { - const admin = conn.getDB('admin'); - admin.createUser({user: "admin", pwd: "admin", roles: ["root"]}); - admin.auth('admin', 'admin'); - - const external = conn.getDB('$external'); - external.createUser({user: CLIENT_NAME, roles: [{'role': 'readWrite', 'db': 'test'}]}); + assert.soon(() => hasX509AuthSucceeded(admin) !== null, + "can not find in mongod logs whether it succeeded to authenticate", + 15000); + assert.eq(shouldSucceed, hasX509AuthSucceeded(admin)); - testClient(conn, CLIENT_CERT, CLIENT_NAME, true); - testClient(conn, SELF_SIGNED_CERT, CLIENT_NAME, false); - testClient(conn, CLIENT_CERT, null, true); - testClient(conn, SELF_SIGNED_CERT, null, false); + print("Stopping mongod..."); + MongoRunner.stopMongod(conn); } -// Standalone. -const mongod = MongoRunner.runMongod({ - auth: '', - sslMode: 'requireSSL', - sslPEMKeyFile: SERVER_CERT, - sslCAFile: CA_CERT, - sslAllowInvalidCertificates: '', -}); -runTest(mongod); -MongoRunner.stopMongod(mongod); +testClient(CLIENT_CERT, CLIENT_NAME, true); +testClient(SELF_SIGNED_CERT, CLIENT_NAME, false); +testClient(CLIENT_CERT, null, true); +testClient(SELF_SIGNED_CERT, null, false); })(); |