jstests/ssl/mongo_uri_secondaries.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

// On OSX this test assumes that jstests/libs/trusted-ca.pem has been added as a trusted
// certificate to the login keychain of the evergreen user. See,
// https://github.com/10gen/buildslave-cookbooks/commit/af7cabe5b6e0885902ebd4902f7f974b64cc8961
// for details.
// To install trusted-ca.pem for local testing on OSX, invoke the following at a console:
//   security add-trusted-cert -d jstests/libs/trusted-ca.pem
(function() {
    'use strict';

    const HOST_TYPE = getBuildInfo().buildEnvironment.target_os;
    if (HOST_TYPE == "windows") {
        // OpenSSL backed imports Root CA and intermediate CA
        runProgram(
            "certutil.exe", "-addstore", "-user", "-f", "CA", "jstests\\libs\\trusted-ca.pem");

        // SChannel backed follows Windows rules and only trusts the Root store in Local Machine and
        // Current User.
        runProgram("certutil.exe", "-addstore", "-f", "Root", "jstests\\libs\\trusted-ca.pem");
    }

    const x509Options = {
        sslMode: 'requireSSL',
        sslPEMKeyFile: 'jstests/libs/trusted-server.pem',
        sslCAFile: 'jstests/libs/trusted-ca.pem',
        sslAllowInvalidCertificates: '',
        sslWeakCertificateValidation: '',
    };

    const rst = new ReplSetTest({
        nodes: 2,
        name: "sslSet",
        useHostName: false,
        nodeOptions: x509Options,
        waitForKeys: false
    });
    rst.startSet();
    rst.initiate();

    const subShellCommand = function(hosts) {
        var Ms = [];
        for (var i = 0; i < 10; i++) {
            Ms.push(new Mongo("mongodb://" + hosts[0] + "," + hosts[1] +
                              "/?ssl=true&replicaSet=sslSet"));
        }

        for (var i = 0; i < 10; i++) {
            var db = Ms[i].getDB("test");
            db.setSlaveOk(true);
            db.col.find().readPref("secondary").toArray();
        }
    };

    const subShellCommandFormatter = function(replSet) {
        var hosts = [];
        replSet.nodes.forEach((node) => {
            hosts.push("localhost:" + node.port);
        });

        let command = `
            (function () {
                'use strict';
                let command = ${subShellCommand.toString()};
                let hosts = ${tojson(hosts)};
                command(hosts);
            }());`;

        return command;
    };

    const subShellArgs = [
        "env",
        "SSL_CERT_FILE=jstests/libs/trusted-ca.pem",
        './mongo',
        '--nodb',
        '--eval',
        subShellCommandFormatter(rst)
    ];

    const retVal = _runMongoProgram(...subShellArgs);
    assert.eq(retVal, 0, 'mongo shell did not succeed with exit code 0');

    rst.stopSet();
}());