summaryrefslogtreecommitdiff
path: root/jstests/ssl/x509_client.js
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/ssl/x509_client.js')
-rw-r--r--jstests/ssl/x509_client.js94
1 files changed, 54 insertions, 40 deletions
diff --git a/jstests/ssl/x509_client.js b/jstests/ssl/x509_client.js
index 769909f14b4..82c726fc0fd 100644
--- a/jstests/ssl/x509_client.js
+++ b/jstests/ssl/x509_client.js
@@ -1,21 +1,23 @@
// Check if this build supports the authenticationMechanisms startup parameter.
-var conn = MongoRunner.runMongod({smallfiles: "",
- auth: "",
- sslMode: "requireSSL",
- sslPEMKeyFile: "jstests/libs/server.pem",
- sslCAFile: "jstests/libs/ca.pem"});
+var conn = MongoRunner.runMongod({
+ smallfiles: "",
+ auth: "",
+ sslMode: "requireSSL",
+ sslPEMKeyFile: "jstests/libs/server.pem",
+ sslCAFile: "jstests/libs/ca.pem"
+});
conn.getDB('admin').createUser({user: "root", pwd: "pass", roles: ["root"]});
conn.getDB('admin').auth("root", "pass");
var cmdOut = conn.getDB('admin').runCommand({getParameter: 1, authenticationMechanisms: 1});
if (cmdOut.ok) {
- TestData.authMechanism = "MONGODB-X509"; // SERVER-10353
+ TestData.authMechanism = "MONGODB-X509"; // SERVER-10353
}
conn.getDB('admin').dropAllUsers();
conn.getDB('admin').logout();
MongoRunner.stopMongod(conn);
var SERVER_CERT = "jstests/libs/server.pem";
-var CA_CERT = "jstests/libs/ca.pem";
+var CA_CERT = "jstests/libs/ca.pem";
var SERVER_USER = "C=US,ST=New York,L=New York City,O=MongoDB,OU=Kernel,CN=server";
var INTERNAL_USER = "C=US,ST=New York,L=New York City,O=MongoDB,OU=Kernel,CN=internal";
@@ -27,49 +29,59 @@ function authAndTest(mongo) {
test = mongo.getDB("test");
// It should be impossible to create users with the same name as the server's subject
- assert.throws( function() {
- external.createUser({user: SERVER_USER,
- roles: [{'role':'userAdminAnyDatabase', 'db':'admin'}]
- });
+ assert.throws(function() {
+ external.createUser(
+ {user: SERVER_USER, roles: [{'role': 'userAdminAnyDatabase', 'db': 'admin'}]});
}, {}, "Created user with same name as the server's x.509 subject");
// It should be impossible to create users with names recognized as cluster members
- assert.throws( function() {
- external.createUser({user: INTERNAL_USER,
- roles: [{'role':'userAdminAnyDatabase', 'db':'admin'}]
- });
+ assert.throws(function() {
+ external.createUser(
+ {user: INTERNAL_USER, roles: [{'role': 'userAdminAnyDatabase', 'db': 'admin'}]});
}, {}, "Created user which would be recognized as a cluster member");
// Add user using localhost exception
- external.createUser({user: CLIENT_USER, roles:[
- {'role':'userAdminAnyDatabase', 'db':'admin'},
- {'role':'readWriteAnyDatabase', 'db':'admin'}]});
+ external.createUser({
+ user: CLIENT_USER,
+ roles: [
+ {'role': 'userAdminAnyDatabase', 'db': 'admin'},
+ {'role': 'readWriteAnyDatabase', 'db': 'admin'}
+ ]
+ });
// It should be impossible to create users with an internal name
- assert.throws( function() {external.createUser({user: SERVER_USER, roles: [
- {'role':'userAdminAnyDatabase', 'db':'admin'}]});});
+ assert.throws(function() {
+ external.createUser(
+ {user: SERVER_USER, roles: [{'role': 'userAdminAnyDatabase', 'db': 'admin'}]});
+ });
// Localhost exception should not be in place anymore
- assert.throws( function() { test.foo.findOne();}, {}, "read without login" );
+ assert.throws(function() {
+ test.foo.findOne();
+ }, {}, "read without login");
- assert( !external.auth({user: INVALID_CLIENT_USER, mechanism: 'MONGODB-X509'}),
- "authentication with invalid user failed" );
- assert( external.auth({user: CLIENT_USER, mechanism: 'MONGODB-X509'}),
- "authentication with valid user failed" );
+ assert(!external.auth({user: INVALID_CLIENT_USER, mechanism: 'MONGODB-X509'}),
+ "authentication with invalid user failed");
+ assert(external.auth({user: CLIENT_USER, mechanism: 'MONGODB-X509'}),
+ "authentication with valid user failed");
// Check that we can add a user and read data
- test.createUser({user: "test", pwd: "test", roles:[
- {'role': 'readWriteAnyDatabase', 'db': 'admin'}]});
+ test.createUser(
+ {user: "test", pwd: "test", roles: [{'role': 'readWriteAnyDatabase', 'db': 'admin'}]});
test.foo.findOne();
external.logout();
- assert.throws( function() { test.foo.findOne();}, {}, "read after logout" );
+ assert.throws(function() {
+ test.foo.findOne();
+ }, {}, "read after logout");
}
print("1. Testing x.509 auth to mongod");
-var x509_options = {sslMode : "requireSSL",
- sslPEMKeyFile : SERVER_CERT,
- sslCAFile : CA_CERT};
+var x509_options = {
+ sslMode: "requireSSL",
+ sslPEMKeyFile: SERVER_CERT,
+ sslCAFile: CA_CERT
+};
var mongo = MongoRunner.runMongod(Object.merge(x509_options, {auth: ""}));
@@ -78,14 +90,16 @@ MongoRunner.stopMongod(mongo.port);
print("2. Testing x.509 auth to mongos");
-var st = new ShardingTest({ shards : 1,
- mongos : 1,
- other: {
- extraOptions : {"keyFile" : "jstests/libs/key1"},
- configOptions : x509_options,
- mongosOptions : x509_options,
- shardOptions : x509_options,
- useHostname: false,
- }});
+var st = new ShardingTest({
+ shards: 1,
+ mongos: 1,
+ other: {
+ extraOptions: {"keyFile": "jstests/libs/key1"},
+ configOptions: x509_options,
+ mongosOptions: x509_options,
+ shardOptions: x509_options,
+ useHostname: false,
+ }
+});
authAndTest(new Mongo("localhost:" + st.s0.port));
View Lorry Controller Status