summaryrefslogtreecommitdiff
path: root/src/mongo/db/server_options_test.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/server_options_test.cpp')
-rw-r--r--src/mongo/db/server_options_test.cpp322
1 files changed, 322 insertions, 0 deletions
diff --git a/src/mongo/db/server_options_test.cpp b/src/mongo/db/server_options_test.cpp
index 8eddeb88dfc..720265ab19b 100644
--- a/src/mongo/db/server_options_test.cpp
+++ b/src/mongo/db/server_options_test.cpp
@@ -51,6 +51,7 @@
#include "mongo/logger/logger.h"
#include "mongo/unittest/unittest.h"
#include "mongo/util/log.h"
+#include "mongo/util/net/ssl_options.h"
#include "mongo/util/options_parser/environment.h"
#include "mongo/util/options_parser/option_section.h"
#include "mongo/util/options_parser/options_parser.h"
@@ -762,6 +763,7 @@ TEST(SetupOptions, NonNumericSampleRateYAMLConfigOptionFailsToParse) {
moe::Environment environment;
moe::OptionSection options;
+
ASSERT_OK(::mongo::addGeneralServerOptions(&options));
std::vector<std::string> argv;
@@ -777,6 +779,326 @@ TEST(SetupOptions, NonNumericSampleRateYAMLConfigOptionFailsToParse) {
ASSERT_NOT_OK(parser.run(options, argv, env_map, &environment));
}
+TEST(SetupOptions, tlsModeDisabled) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--tlsMode");
+ argv.push_back("disabled");
+ std::map<std::string, std::string> env_map;
+
+ Status ret = ::mongo::addSSLServerOptions(&options);
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ ASSERT_EQ(::mongo::sslGlobalParams.sslMode.load(), ::mongo::sslGlobalParams.SSLMode_disabled);
+}
+
+TEST(SetupOptions, sslModeDisabled) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--sslMode");
+ argv.push_back("disabled");
+ std::map<std::string, std::string> env_map;
+
+ Status ret = ::mongo::addSSLServerOptions(&options);
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ ASSERT_EQ(::mongo::sslGlobalParams.sslMode.load(), ::mongo::sslGlobalParams.SSLMode_disabled);
+}
+
+TEST(SetupOptions, tlsModeRequired) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::string sslPEMKeyFile = "jstests/libs/server.pem";
+ std::string sslCAFFile = "jstests/libs/ca.pem";
+ std::string sslCRLFile = "jstests/libs/crl.pem";
+ std::string sslClusterFile = "jstests/libs/cluster_cert.pem";
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--tlsMode");
+ argv.push_back("requireTLS");
+ argv.push_back("--tlsPEMKeyFile");
+ argv.push_back(sslPEMKeyFile);
+ argv.push_back("--tlsCAFile");
+ argv.push_back(sslCAFFile);
+ argv.push_back("--tlsCRLFile");
+ argv.push_back(sslCRLFile);
+ argv.push_back("--tlsClusterFile");
+ argv.push_back(sslClusterFile);
+ argv.push_back("--tlsAllowInvalidHostnames");
+ argv.push_back("--tlsAllowInvalidCertificates");
+ argv.push_back("--tlsWeakCertificateValidation");
+ argv.push_back("--tlsFIPSMode");
+ argv.push_back("--tlsPEMKeyPassword");
+ argv.push_back("pw1");
+ argv.push_back("--tlsClusterPassword");
+ argv.push_back("pw2");
+ argv.push_back("--tlsDisabledProtocols");
+ argv.push_back("TLS1_1");
+ std::map<std::string, std::string> env_map;
+
+ Status addRet = mongo::addSSLServerOptions(&options);
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ Status storeRet = mongo::storeSSLServerOptions(environment);
+
+ ASSERT_EQ(::mongo::sslGlobalParams.sslMode.load(), ::mongo::sslGlobalParams.SSLMode_requireSSL);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslPEMKeyFile.substr(
+ ::mongo::sslGlobalParams.sslPEMKeyFile.length() - sslPEMKeyFile.length()),
+ sslPEMKeyFile);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslCAFile.substr(
+ ::mongo::sslGlobalParams.sslCAFile.length() - sslCAFFile.length()),
+ sslCAFFile);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslCRLFile.substr(
+ ::mongo::sslGlobalParams.sslCRLFile.length() - sslCRLFile.length()),
+ sslCRLFile);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslClusterFile.substr(
+ ::mongo::sslGlobalParams.sslClusterFile.length() - sslClusterFile.length()),
+ sslClusterFile);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslAllowInvalidHostnames, true);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslAllowInvalidCertificates, true);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslWeakCertificateValidation, true);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslFIPSMode, true);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslPEMKeyPassword, "pw1");
+ ASSERT_EQ(::mongo::sslGlobalParams.sslClusterPassword, "pw2");
+ ASSERT_EQ(static_cast<int>(::mongo::sslGlobalParams.sslDisabledProtocols.back()),
+ static_cast<int>(::mongo::SSLParams::Protocols::TLS1_1));
+}
+
+TEST(SetupOptions, sslModeRequired) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::string sslPEMKeyFile = "jstests/libs/server.pem";
+ std::string sslCAFFile = "jstests/libs/ca.pem";
+ std::string sslCRLFile = "jstests/libs/crl.pem";
+ std::string sslClusterFile = "jstests/libs/cluster_cert.pem";
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--sslMode");
+ argv.push_back("requireSSL");
+ argv.push_back("--sslPEMKeyFile");
+ argv.push_back(sslPEMKeyFile);
+ argv.push_back("--sslCAFile");
+ argv.push_back(sslCAFFile);
+ argv.push_back("--sslCRLFile");
+ argv.push_back(sslCRLFile);
+ argv.push_back("--sslClusterFile");
+ argv.push_back(sslClusterFile);
+ argv.push_back("--sslAllowInvalidHostnames");
+ argv.push_back("--sslAllowInvalidCertificates");
+ argv.push_back("--sslWeakCertificateValidation");
+ argv.push_back("--sslFIPSMode");
+ argv.push_back("--sslPEMKeyPassword");
+ argv.push_back("pw1");
+ argv.push_back("--sslClusterPassword");
+ argv.push_back("pw2");
+ argv.push_back("--sslDisabledProtocols");
+ argv.push_back("TLS1_1");
+ std::map<std::string, std::string> env_map;
+
+ Status addRet = mongo::addSSLServerOptions(&options);
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ Status storeRet = mongo::storeSSLServerOptions(environment);
+
+ ASSERT_EQ(::mongo::sslGlobalParams.sslMode.load(), ::mongo::sslGlobalParams.SSLMode_requireSSL);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslPEMKeyFile.substr(
+ ::mongo::sslGlobalParams.sslPEMKeyFile.length() - sslPEMKeyFile.length()),
+ sslPEMKeyFile);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslCAFile.substr(
+ ::mongo::sslGlobalParams.sslCAFile.length() - sslCAFFile.length()),
+ sslCAFFile);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslCRLFile.substr(
+ ::mongo::sslGlobalParams.sslCRLFile.length() - sslCRLFile.length()),
+ sslCRLFile);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslClusterFile.substr(
+ ::mongo::sslGlobalParams.sslClusterFile.length() - sslClusterFile.length()),
+ sslClusterFile);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslAllowInvalidHostnames, true);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslAllowInvalidCertificates, true);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslWeakCertificateValidation, true);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslFIPSMode, true);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslPEMKeyPassword, "pw1");
+ ASSERT_EQ(::mongo::sslGlobalParams.sslClusterPassword, "pw2");
+ ASSERT_EQ(static_cast<int>(::mongo::sslGlobalParams.sslDisabledProtocols.back()),
+ static_cast<int>(::mongo::SSLParams::Protocols::TLS1_1));
+}
+
+#ifdef MONGO_CONFIG_SSL_CERTIFICATE_SELECTORS
+TEST(SetupOptions, tlsModeRequiredCertificateSelector) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--tlsMode");
+ argv.push_back("requireTLS");
+ argv.push_back("--tlsCertificateSelector");
+ argv.push_back("subject=Subject 1");
+ argv.push_back("--tlsClusterCertificateSelector");
+ argv.push_back("subject=Subject 2");
+ std::map<std::string, std::string> env_map;
+
+ Status addRet = mongo::addSSLServerOptions(&options);
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ Status storeRet = mongo::storeSSLServerOptions(environment);
+
+ ASSERT_EQ(::mongo::sslGlobalParams.sslMode.load(), ::mongo::sslGlobalParams.SSLMode_requireSSL);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslCertificateSelector.subject, "Subject 1");
+ ASSERT_EQ(::mongo::sslGlobalParams.sslClusterCertificateSelector.subject, "Subject 2");
+}
+
+TEST(SetupOptions, sslModeRequiredCertificateSelector) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--sslMode");
+ argv.push_back("requireSSL");
+ argv.push_back("--sslCertificateSelector");
+ argv.push_back("subject=Subject 1");
+ argv.push_back("--sslClusterCertificateSelector");
+ argv.push_back("subject=Subject 2");
+ std::map<std::string, std::string> env_map;
+
+ Status addRet = mongo::addSSLServerOptions(&options);
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ Status storeRet = mongo::storeSSLServerOptions(environment);
+
+ ASSERT_EQ(::mongo::sslGlobalParams.sslMode.load(), ::mongo::sslGlobalParams.SSLMode_requireSSL);
+ ASSERT_EQ(::mongo::sslGlobalParams.sslCertificateSelector.subject, "Subject 1");
+ ASSERT_EQ(::mongo::sslGlobalParams.sslClusterCertificateSelector.subject, "Subject 2");
+}
+
+TEST(SetupOptions, disableNonSSLConnectionLoggingFalse) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--setParameter");
+ argv.push_back("disableNonSSLConnectionLogging=false");
+ std::map<std::string, std::string> env_map;
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ Status storeRet = mongo::storeServerOptions(environment);
+
+ ASSERT_EQ(::mongo::sslGlobalParams.disableNonSSLConnectionLogging, false);
+}
+
+TEST(SetupOptions, disableNonTLSConnectionLoggingFalse) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ::mongo::sslGlobalParams.disableNonSSLConnectionLoggingSet = false;
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--setParameter");
+ argv.push_back("disableNonTLSConnectionLogging=false");
+ std::map<std::string, std::string> env_map;
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ Status storeRet = mongo::storeServerOptions(environment);
+
+ ASSERT_EQ(::mongo::sslGlobalParams.disableNonSSLConnectionLogging, false);
+}
+
+TEST(SetupOptions, disableNonSSLConnectionLoggingTrue) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ::mongo::sslGlobalParams.disableNonSSLConnectionLoggingSet = false;
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--setParameter");
+ argv.push_back("disableNonSSLConnectionLogging=true");
+ std::map<std::string, std::string> env_map;
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ Status storeRet = mongo::storeServerOptions(environment);
+
+ ASSERT_EQ(::mongo::sslGlobalParams.disableNonSSLConnectionLogging, true);
+}
+
+TEST(SetupOptions, disableNonTLSConnectionLoggingTrue) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ::mongo::sslGlobalParams.disableNonSSLConnectionLoggingSet = false;
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--setParameter");
+ argv.push_back("disableNonTLSConnectionLogging=true");
+ std::map<std::string, std::string> env_map;
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ Status storeRet = mongo::storeServerOptions(environment);
+
+ ASSERT_EQ(::mongo::sslGlobalParams.disableNonSSLConnectionLogging, true);
+}
+
+TEST(SetupOptions, disableNonTLSConnectionLoggingInvalid) {
+ OptionsParserTester parser;
+ moe::Environment environment;
+ moe::OptionSection options;
+
+ ASSERT_OK(::mongo::addGeneralServerOptions(&options));
+
+ std::vector<std::string> argv;
+ argv.push_back("binaryname");
+ argv.push_back("--setParameter");
+ argv.push_back("disableNonTLSConnectionLogging=false");
+ argv.push_back("--setParameter");
+ argv.push_back("disableNonSSLConnectionLogging=false");
+ std::map<std::string, std::string> env_map;
+
+ ASSERT_OK(parser.run(options, argv, env_map, &environment));
+ ASSERT_NOT_OK(mongo::storeServerOptions(environment));
+}
+#endif
+
#if !defined(_WIN32) && !(defined(__APPLE__) && TARGET_OS_TV)
#define ASSERT_BOOST_SUCCESS(ec) ASSERT_FALSE(ec) << ec.message()
View Lorry Controller Status