summaryrefslogtreecommitdiff
path: root/jstests/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'jstests/ssl')
-rw-r--r--jstests/ssl/initial_sync1_x509.js37
-rw-r--r--jstests/ssl/sharding_with_x509.js64
2 files changed, 101 insertions, 0 deletions
diff --git a/jstests/ssl/initial_sync1_x509.js b/jstests/ssl/initial_sync1_x509.js
new file mode 100644
index 00000000000..7206e98402c
--- /dev/null
+++ b/jstests/ssl/initial_sync1_x509.js
@@ -0,0 +1,37 @@
+// Basic tests for cluster authentication using x509
+// This test is launching replsets/initial_sync1.js with different
+// values for clusterAuthMode to emulate an upgrade process.
+
+var common_options = {sslOnNormalPorts : "",
+ sslPEMKeyFile : "jstests/libs/server.pem",
+ sslCAFile: "jstests/libs/ca.pem",
+ keyFile : "jstests/libs/key1"};
+
+// Standard case, clusterAuthMode: x509
+x509_options1 = Object.merge(common_options,
+ {sslClusterFile: "jstests/libs/cluster-cert.pem",
+ clusterAuthMode: "x509"});
+var x509_options2 = x509_options1;
+load("jstests/replsets/initial_sync1.js");
+
+// Mixed clusterAuthMode: sendX509 and sendKeyfile and try adding --auth
+x509_options1 = Object.merge(common_options,
+ {sslClusterFile: "jstests/libs/cluster-cert.pem",
+ clusterAuthMode: "x509",
+ auth: ""});
+x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendKeyfile"});
+load("jstests/replsets/initial_sync1.js");
+
+// Mixed clusterAuthMode: x509 and sendX509, use the PEMKeyFile for outgoing connections
+x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"});
+x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendX509"});
+load("jstests/replsets/initial_sync1.js");
+
+// verify that replset initiate fails if using a self-signed cert
+x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"});
+x509_options2 = Object.merge(common_options,
+ {sslClusterFile: "jstests/libs/smoke.pem",
+ clusterAuthMode: "x509"});
+var replTest = new ReplSetTest({nodes : {node0 : x509_options1, node1 : x509_options2}});
+var conns = replTest.startSet();
+assert.throws( function() { replTest.initiate() } );
diff --git a/jstests/ssl/sharding_with_x509.js b/jstests/ssl/sharding_with_x509.js
new file mode 100644
index 00000000000..6daf9e23675
--- /dev/null
+++ b/jstests/ssl/sharding_with_x509.js
@@ -0,0 +1,64 @@
+// Tests basic sharding with x509 cluster auth
+// The purpose is to verify the connectivity between mongos and the shards
+
+var x509_options = {sslOnNormalPorts : "",
+ sslPEMKeyFile : "jstests/libs/server.pem",
+ sslCAFile: "jstests/libs/ca.pem",
+ sslClusterFile: "jstests/libs/cluster-cert.pem",
+ clusterAuthMode: "x509"};
+
+var st = new ShardingTest({ name : "sharding_with_x509" ,
+ shards : 2,
+ mongos : 1,
+ keyFile : "jstests/libs/key1",
+ other: {
+ configOptions : x509_options,
+ mongosOptions : x509_options,
+ rsOptions : x509_options,
+ shardOptions : x509_options
+ }});
+
+var mongos = new Mongo( "localhost:" + st.s0.port )
+var coll = mongos.getCollection( "test.foo" )
+
+st.shardColl( coll, { _id : 1 }, false )
+
+// Create an index so we can find by num later
+coll.ensureIndex({ insert : 1 })
+
+print( "starting insertion phase" )
+
+// Insert a bunch of data
+var toInsert = 2000
+for( var i = 0; i < toInsert; i++ ){
+ coll.insert({ my : "test", data : "to", insert : i })
+}
+
+assert.eq( coll.getDB().getLastError(), null )
+
+print( "starting updating phase" )
+
+// Update a bunch of data
+var toUpdate = toInsert
+for( var i = 0; i < toUpdate; i++ ){
+ var id = coll.findOne({ insert : i })._id
+ coll.update({ insert : i, _id : id }, { $inc : { counter : 1 } })
+}
+
+assert.eq( coll.getDB().getLastError(), null )
+
+print( "starting deletion" )
+
+// Remove a bunch of data
+var toDelete = toInsert / 2
+for( var i = 0; i < toDelete; i++ ){
+ coll.remove({ insert : i })
+}
+
+assert.eq( coll.getDB().getLastError(), null )
+
+// Make sure the right amount of data is there
+assert.eq( coll.find().count(), toInsert / 2 )
+
+// Finish
+st.stop()
View Lorry Controller Status