jstests/ocsp/ocsp_rotate.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

// Validate rotate certificates works with ocsp
// @tags: [live_record_incompatible, requires_http_client, requires_ocsp_stapling]
(function() {
"use strict";

load('jstests/ssl/libs/ssl_helpers.js');
load('jstests/ocsp/lib/mock_ocsp.js');

if (!supportsStapling()) {
    return;
}

let mongod;

// Returns whether a rotation works with the given mockOCSP server.
function tryRotate(fault) {
    const ocspServer = new MockOCSPServer(fault);
    ocspServer.start();

    const success = mongod.adminCommand({rotateCertificates: 1}).ok;

    ocspServer.stop();

    return success;
}

mongod = MongoRunner.runMongod(
    {sslMode: "requireSSL", sslPEMKeyFile: OCSP_SERVER_CERT, sslCAFile: OCSP_CA_PEM});

// Positive: test with positive OCSP response
assert(tryRotate());

// Negative: test with revoked OCSP response
assert(!tryRotate(FAULT_REVOKED));

// Positive: test with positive OCSP response
assert(tryRotate());
}());