1 files changed, 73 insertions, 0 deletions

diff --git a/jstests/sslSpecial/ssl_ecdsa_cert.js b/jstests/sslSpecial/ssl_ecdsa_cert.js
new file mode 100644
index 00000000000..000b042b319
--- /dev/null
+++ b/jstests/sslSpecial/ssl_ecdsa_cert.js
@@ -0,0 +1,73 @@
+load('jstests/ssl/libs/ssl_helpers.js');
+
+const test = () => {
+    "use strict";
+
+    const ECDSA_CA_CERT = 'jstests/libs/ecdsa-ca.pem';
+    const ECDSA_CLIENT_CERT = 'jstests/libs/ecdsa-client.pem';
+    const ECDSA_SERVER_CERT = 'jstests/libs/ecdsa-server.pem';
+
+    const CLIENT_USER = 'CN=client,OU=KernelUser,O=MongoDB,L=New York City,ST=New York,C=US';
+
+    print('Testing if platform supports usage of ECDSA certificates');
+    const tlsOptions = {
+        tlsMode: 'preferTLS',
+        tlsPEMKeyFile: ECDSA_SERVER_CERT,
+        tlsCAFile: ECDSA_CA_CERT,
+        ipv6: '',
+        bind_ip_all: '',
+        waitForConnect: true,
+        tlsAllowConnectionsWithoutCertificates: "",
+    };
+
+    let mongod = MongoRunner.runMongod(tlsOptions);
+
+    // Verify we can connect
+    assert.eq(0,
+              runMongoProgram('mongo',
+                              '--tls',
+                              '--tlsCAFile',
+                              ECDSA_CA_CERT,
+                              '--port',
+                              mongod.port,
+                              '--eval',
+                              'db.isMaster()'),
+              "mongo did not initialize properly");
+
+    // Add an X509 user
+    const addUserCmd = {createUser: CLIENT_USER, roles: [{role: 'root', db: 'admin'}]};
+    assert.commandWorked(mongod.getDB('$external').runCommand(addUserCmd),
+                         'Failed to create X509 user using ECDSA certificates');
+
+    const command = function() {
+        assert(db.getSiblingDB('$external').auth({mechanism: 'MONGODB-X509', user: "CLIENT_USER"}));
+
+        const connStatus = db.getSiblingDB('admin').runCommand({connectionStatus: 1});
+        assert(connStatus.authInfo.authenticatedUsers[0].user === "CLIENT_USER");
+    };
+
+    // Verify we can authenticate via X509
+    assert.eq(
+        0,
+        runMongoProgram('mongo',
+                        '--tls',
+                        '--tlsPEMKeyFile',
+                        ECDSA_CLIENT_CERT,
+                        '--tlsCAFile',
+                        ECDSA_CA_CERT,
+                        '--port',
+                        mongod.port,
+                        '--eval',
+                        '(' + command.toString().replace(/CLIENT_USER/g, CLIENT_USER) + ')();'),
+        "ECDSA X509 authentication failed");
+    MongoRunner.stopMongod(mongod);
+};
+
+const EXCLUDED_BUILDS = ['amazon', 'amzn64'];
+if (EXCLUDED_BUILDS.includes(buildInfo().buildEnvironment.distmod)) {
+    print("*****************************************************");
+    print("Skipping test because Amazon Linux does not support ECDSA certificates");
+    print("*****************************************************");
+} else {
+    requireSSLProvider('openssl', test);
+}