diff options
Diffstat (limited to 'jstests/ssl/ssl_cert_selector_apple.js')
-rw-r--r-- | jstests/ssl/ssl_cert_selector_apple.js | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/jstests/ssl/ssl_cert_selector_apple.js b/jstests/ssl/ssl_cert_selector_apple.js new file mode 100644 index 00000000000..ae65612a98d --- /dev/null +++ b/jstests/ssl/ssl_cert_selector_apple.js @@ -0,0 +1,63 @@ +/** + * Validate that the server can load certificates from the + * Secure Transport certificate store. + * + * Don't actually try to connect via SSL, because without interactivity, + * we won't be able to click on the "Allow" button that Apple insists on presenting. + * + * Just verify that we can startup when we select a valid cert, + * and fail when we do not. + */ + +load('jstests/ssl/libs/ssl_helpers.js'); + +requireSSLProvider('apple', function() { + 'use strict'; + + const CLIENT = + 'C=US,ST=New York,L=New York City,O=MongoDB,OU=Kernel,CN=Trusted Kernel Test Client'; + const SERVER = + 'C=US,ST=New York,L=New York City,O=MongoDB,OU=Kernel,CN=Trusted Kernel Test Server'; + const INVALID = null; + + const testCases = [ + {selector: 'thumbprint=D7421F7442CA313821E19EE0509721F4D60B25A8', name: SERVER}, + {selector: 'subject=Trusted Kernel Test Server', name: SERVER}, + {selector: 'thumbprint=9CA511552F14D3FC2009D425873599BF77832238', name: CLIENT}, + {selector: 'subject=Trusted Kernel Test Client', name: CLIENT}, + {selector: 'thumbprint=D7421F7442CA313821E19EE0509721F4D60B25A9', name: INVALID}, + {selector: 'subject=Unknown Test Client', name: INVALID} + ]; + + function test(cert, cluster) { + const opts = { + sslMode: 'requireSSL', + sslCertificateSelector: cert.selector, + sslClusterCertificateSelector: cluster.selector, + waitForConnect: false + }; + clearRawMongoProgramOutput(); + const mongod = MongoRunner.runMongod(opts); + + assert.soon(function() { + const log = rawMongoProgramOutput(); + if ((cert.name === null) || (cluster.name === null)) { + // Invalid search criteria should fail. + return log.search('Certificate selector returned no results') >= 0; + } + // Valid search criteria should show our Subject Names. + const certOK = log.search('Server Certificate Name: ' + cert.name) >= 0; + const clusOK = log.search('Client Certificate Name: ' + cluster.name) >= 0; + return certOK && clusOK; + }, "Starting Mongod with " + tojson(opts), 10000); + + const killOpts = {allowedExitCode: MongoRunner.EXIT_SIGKILL}; + MongoRunner.stopMongod(mongod, undefined, killOpts); + } + + testCases.forEach(cert => { + testCases.forEach(cluster => { + test(cert, cluster); + }); + }); +}); |