diff options
Diffstat (limited to 'jstests/ssl')
| -rw-r--r-- | jstests/ssl/macos_encrypted_pem.js | 3 | ||||
| -rw-r--r-- | jstests/ssl/ssl_fips.js | 54 | ||||
| -rw-r--r-- | jstests/ssl/ssl_invalid_server_cert.js | 8 | ||||
| -rw-r--r-- | jstests/ssl/ssl_without_ca.js | 17 | ||||
| -rw-r--r-- | jstests/ssl/x509_enforce_user_cluster_separation.js | 5 |
5 files changed, 45 insertions, 42 deletions
diff --git a/jstests/ssl/macos_encrypted_pem.js b/jstests/ssl/macos_encrypted_pem.js index ca484fe2582..3db467dea3e 100644 --- a/jstests/ssl/macos_encrypted_pem.js +++ b/jstests/ssl/macos_encrypted_pem.js @@ -13,8 +13,7 @@ requireSSLProvider('apple', function() { sslCAFile: "jstests/libs/ca.pem", }); - const mongod = MongoRunner.runMongod(config); - assert(mongod === null, "MongoD unexpectedly started up"); + assert.throws(() => MongoRunner.runMongod(config), [], "MongoD unexpectedly started up"); assert.eq(rawMongoProgramOutput().includes( "Using encrypted PKCS#1/PKCS#8 PEM files is not supported on this platform"), diff --git a/jstests/ssl/ssl_fips.js b/jstests/ssl/ssl_fips.js index e1736f03e5e..818f93b21e2 100644 --- a/jstests/ssl/ssl_fips.js +++ b/jstests/ssl/ssl_fips.js @@ -1,36 +1,30 @@ -// Test mongod start with FIPS mode enabled -var port = allocatePort(); -var md = MongoRunner.runMongod({ - port: port, - sslMode: "requireSSL", - sslPEMKeyFile: "jstests/libs/server.pem", - sslCAFile: "jstests/libs/ca.pem", - sslFIPSMode: "" -}); - -var mongo = runMongoProgram("mongo", - "--port", - port, - "--ssl", - "--sslAllowInvalidCertificates", - "--sslPEMKeyFile", - "jstests/libs/client.pem", - "--sslFIPSMode", - "--eval", - ";"); +(function() { -// if mongo shell didn't start/connect properly -if (mongo != 0) { +// Test mongod start with FIPS mode enabled +const port = allocatePort(); +let md = undefined; +try { + md = MongoRunner.runMongod({ + port: port, + sslMode: "requireSSL", + sslPEMKeyFile: "jstests/libs/server.pem", + sslCAFile: "jstests/libs/ca.pem", + sslFIPSMode: "" + }); +} catch (e) { print("mongod failed to start, checking for FIPS support"); - mongoOutput = rawMongoProgramOutput(); + let mongoOutput = rawMongoProgramOutput(); assert(mongoOutput.match(/this version of mongodb was not compiled with FIPS support/) || mongoOutput.match(/FIPS modes is not enabled on the operating system/) || mongoOutput.match(/FIPS_mode_set:fips mode not supported/)); -} else { - // verify that auth works, SERVER-18051 - md.getDB("admin").createUser({user: "root", pwd: "root", roles: ["root"]}); - assert(md.getDB("admin").auth("root", "root"), "auth failed"); - - // kill mongod - MongoRunner.stopMongod(md); + return; } +assert(md); + +// verify that auth works, SERVER-18051 +md.getDB("admin").createUser({user: "root", pwd: "root", roles: ["root"]}); +assert(md.getDB("admin").auth("root", "root"), "auth failed"); + +// kill mongod +MongoRunner.stopMongod(md); +})(); diff --git a/jstests/ssl/ssl_invalid_server_cert.js b/jstests/ssl/ssl_invalid_server_cert.js index 96cca8c0075..6bb8cef2c57 100644 --- a/jstests/ssl/ssl_invalid_server_cert.js +++ b/jstests/ssl/ssl_invalid_server_cert.js @@ -7,7 +7,13 @@ function runTest(name, config, expect) { jsTest.log('Running test: ' + name); clearRawMongoProgramOutput(); - const mongod = MongoRunner.runMongod(config); + let mongod = null; + let err = null; + try { + mongod = MongoRunner.runMongod(config); + } catch (e) { + err = e; + } assert.eq(null, mongod, 'Mongod started unexpectedly'); const output = rawMongoProgramOutput(); diff --git a/jstests/ssl/ssl_without_ca.js b/jstests/ssl/ssl_without_ca.js index ef3f64949aa..9b0a62a5250 100644 --- a/jstests/ssl/ssl_without_ca.js +++ b/jstests/ssl/ssl_without_ca.js @@ -37,8 +37,9 @@ MongoRunner.stopMongod(conn); jsTest.log("Assert mongod doesn\'t start with CA file missing and clusterAuthMode=x509."); var sslParams = {clusterAuthMode: 'x509', sslMode: 'requireSSL', sslPEMKeyFile: SERVER_CERT}; -var conn = MongoRunner.runMongod(sslParams); -assert.isnull(conn, "server started with x509 clusterAuthMode but no CA file"); +assert.throws(() => MongoRunner.runMongod(sslParams), + [], + "server started with x509 clusterAuthMode but no CA file"); jsTest.log("Assert mongos doesn\'t start with CA file missing and clusterAuthMode=x509."); @@ -60,13 +61,15 @@ var startOptions = { var configRS = new ReplSetTest(rstOptions); configRS.startSet(startOptions); -var mongos = MongoRunner.runMongos({ + +// Make sure the mongoS failed to start up for the proper reason. +assert.throws(() => MongoRunner.runMongos({ clusterAuthMode: 'x509', sslMode: 'requireSSL', sslPEMKeyFile: SERVER_CERT, configdb: configRS.getURL() -}); -// Make sure the mongoS failed to start up for the proper reason. -assert.eq(null, mongos, "mongos started with x509 clusterAuthMode but no CA file"); +}), + [], + "mongos started with x509 clusterAuthMode but no CA file"); assert.neq(-1, rawMongoProgramOutput().search("No TLS certificate validation can be performed")); -configRS.stopSet();
\ No newline at end of file +configRS.stopSet(); diff --git a/jstests/ssl/x509_enforce_user_cluster_separation.js b/jstests/ssl/x509_enforce_user_cluster_separation.js index a27ca670be3..1b7f4bd5731 100644 --- a/jstests/ssl/x509_enforce_user_cluster_separation.js +++ b/jstests/ssl/x509_enforce_user_cluster_separation.js @@ -99,8 +99,9 @@ function runMongodTest(desc, func) { function runMongodFailTest(desc, options) { print(desc); - const mongo = MongoRunner.runMongod(Object.merge(mongodOptions, options)); - assert(!mongo, "MongoD started successfully with bad options"); + assert.throws(() => MongoRunner.runMongod(Object.merge(mongodOptions, options)), + [], + "MongoD started successfully with bad options"); } function runMongosTest(desc, func) { |