diff options
Diffstat (limited to 'jstests/ssl/ssl_without_ca.js')
-rw-r--r-- | jstests/ssl/ssl_without_ca.js | 49 |
1 files changed, 28 insertions, 21 deletions
diff --git a/jstests/ssl/ssl_without_ca.js b/jstests/ssl/ssl_without_ca.js index 87e69eed7e4..0e865cc5fee 100644 --- a/jstests/ssl/ssl_without_ca.js +++ b/jstests/ssl/ssl_without_ca.js @@ -5,27 +5,30 @@ var CLIENT_USER = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=c jsTest.log("Assert x509 auth is not allowed when a standalone mongod is run without a CA file."); // allowSSL instead of requireSSL so that the non-SSL connection succeeds. -var conn = MongoRunner.runMongod({sslMode: 'allowSSL', - sslPEMKeyFile: SERVER_CERT, - auth: ''}); +var conn = MongoRunner.runMongod({sslMode: 'allowSSL', sslPEMKeyFile: SERVER_CERT, auth: ''}); var external = conn.getDB('$external'); external.createUser({ user: CLIENT_USER, roles: [ - {'role':'userAdminAnyDatabase', 'db':'admin'}, - {'role':'readWriteAnyDatabase', 'db':'admin'} - ]}); + {'role': 'userAdminAnyDatabase', 'db': 'admin'}, + {'role': 'readWriteAnyDatabase', 'db': 'admin'} + ] +}); // Should not be able to authenticate with x509. // Authenticate call will return 1 on success, 0 on error. -var exitStatus = runMongoProgram('mongo', '--ssl', '--sslAllowInvalidCertificates', - '--sslPEMKeyFile', CLIENT_CERT, - '--port', conn.port, - '--eval', ('quit(db.getSisterDB("$external").auth({' + - 'user: "' + CLIENT_USER + '" ,' + - 'mechanism: "MONGODB-X509"}));' - )); +var exitStatus = runMongoProgram('mongo', + '--ssl', + '--sslAllowInvalidCertificates', + '--sslPEMKeyFile', + CLIENT_CERT, + '--port', + conn.port, + '--eval', + ('quit(db.getSisterDB("$external").auth({' + + 'user: "' + CLIENT_USER + '" ,' + + 'mechanism: "MONGODB-X509"}));')); assert.eq(exitStatus, 0, "authentication via MONGODB-X509 without CA succeeded"); @@ -33,17 +36,21 @@ MongoRunner.stopMongod(conn.port); jsTest.log("Assert mongod doesn\'t start with CA file missing and clusterAuthMode=x509."); -var sslParams = {clusterAuthMode: 'x509', sslMode: 'requireSSL', sslPEMKeyFile: SERVER_CERT}; +var sslParams = { + clusterAuthMode: 'x509', + sslMode: 'requireSSL', + sslPEMKeyFile: SERVER_CERT +}; var conn = MongoRunner.runMongod(sslParams); assert.isnull(conn, "server started with x509 clusterAuthMode but no CA file"); jsTest.log("Assert mongos doesn\'t start with CA file missing and clusterAuthMode=x509."); assert.throws(function() { - new ShardingTest({shards: 1, mongos: 1, verbose: 2, - other: {configOptions: sslParams, - mongosOptions: sslParams, - shardOptions: sslParams}}); - }, - null, - "mongos started with x509 clusterAuthMode but no CA file"); + new ShardingTest({ + shards: 1, + mongos: 1, + verbose: 2, + other: {configOptions: sslParams, mongosOptions: sslParams, shardOptions: sslParams} + }); +}, null, "mongos started with x509 clusterAuthMode but no CA file"); |