summaryrefslogtreecommitdiff
path: root/jstests/ssl/repl_ssl_noca.js
blob: 258530ccc9aff3b3de2dced6bc6f33deee6aa8bb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

(function() {
'use strict';
if (_isWindows()) {
    // OpenSSL backed imports Root CA and intermediate CA
    runProgram("certutil.exe", "-addstore", "-user", "-f", "CA", "jstests\\libs\\trusted-ca.pem");

    // SChannel backed follows Windows rules and only trusts the Root store in Local Machine and
    // Current User.
    runProgram("certutil.exe", "-addstore", "-f", "Root", "jstests\\libs\\trusted-ca.pem");
}

var replTest = new ReplSetTest({
    name: "ssltest",
    nodes: 1,
    nodeOptions: {
        sslMode: "requireSSL",
        sslPEMKeyFile: "jstests/libs/trusted-server.pem",
    },
    host: "localhost",
    useHostName: false,
});

replTest.startSet({
    env: {
        SSL_CERT_FILE: 'jstests/libs/trusted-ca.pem',
    },
});
replTest.initiate();

var nodeList = replTest.nodeList().join();

var checkShellOkay = function(url) {
    // Should not be able to authenticate with x509.
    // Authenticate call will return 1 on success, 0 on error.
    var argv = ['mongo', url, '--eval', ('db.runCommand({replSetGetStatus: 1})')];
    if (!_isWindows()) {
        // On Linux we override the default path to the system CA store to point to our
        // "trusted" CA. On Windows, this CA will have been added to the user's trusted CA list
        argv.unshift("env", "SSL_CERT_FILE=jstests/libs/trusted-ca.pem");
    }
    return runMongoProgram(...argv);
};

var noMentionSSLURL = `mongodb://${nodeList}/admin?replicaSet=${replTest.name}`;
jsTestLog(`Replica set url (doesn't mention SSL): ${noMentionSSLURL}`);
assert.neq(checkShellOkay(noMentionSSLURL), 0, "shell correctly failed to connect without SSL");

var useSSLURL = `mongodb://${nodeList}/admin?replicaSet=${replTest.name}&ssl=true`;
jsTestLog(`Replica set url (uses SSL): ${useSSLURL}`);
assert.eq(checkShellOkay(useSSLURL), 0, "successfully connected with SSL");

var disableSSLURL = `mongodb://${nodeList}/admin?replicaSet=${replTest.name}&ssl=false`;
jsTestLog(`Replica set url (doesnt use SSL): ${disableSSLURL}`);
assert.neq(checkShellOkay(disableSSLURL), 0, "shell correctly failed to connect without SSL");
replTest.stopSet();
})();
View Lorry Controller Status