1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
// Test passwords on private keys for SSL
// This tests that providing a proper password works and that providing no password or incorrect
// password fails. It uses both mongod and mongo to run the tests, since the mongod binary
// does not return error statuses to indicate an error.
// This test requires ssl support in mongo-tools
// @tags: [requires_ssl_mongo_tools]
load('jstests/ssl/libs/ssl_helpers.js');
requireSSLProvider('openssl', function() {
var baseName = "jstests_ssl_ssl_cert_password";
var dbpath = MongoRunner.dataPath + baseName;
var external_scratch_dir = MongoRunner.dataPath + baseName + "/external/";
resetDbpath(dbpath);
mkdir(external_scratch_dir);
// Password is correct
var md = MongoRunner.runMongod({
nopreallocj: "",
dbpath: dbpath,
sslMode: "requireSSL",
sslPEMKeyFile: "jstests/libs/password_protected.pem",
sslPEMKeyPassword: "qwerty"
});
// MongoRunner.runMongod connects a Mongo shell, so if we get here, the test is successful.
// Password incorrect; error logged is:
// error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
var exit_code = runMongoProgram("mongo",
"--port",
md.port,
"--ssl",
"--sslAllowInvalidCertificates",
"--sslCAFile",
"jstests/libs/ca.pem",
"--sslPEMKeyFile",
"jstests/libs/password_protected.pem",
"--sslPEMKeyPassword",
"barf");
// 1 is the exit code for failure
assert(exit_code == 1);
// Test that mongodump and mongorestore support ssl
c = md.getDB("dumprestore_ssl").getCollection("foo");
assert.eq(0, c.count(), "dumprestore_ssl.foo collection is not initially empty");
c.save({a: 22});
assert.eq(1, c.count(), "failed to insert document into dumprestore_ssl.foo collection");
exit_code = MongoRunner.runMongoTool("mongodump", {
out: external_scratch_dir,
port: md.port,
ssl: "",
sslPEMKeyFile: "jstests/libs/password_protected.pem",
sslCAFile: "jstests/libs/ca.pem",
sslPEMKeyPassword: "qwerty",
});
assert.eq(exit_code, 0, "Failed to start mongodump with ssl");
c.drop();
assert.eq(0, c.count(), "dumprestore_ssl.foo collection is not empty after drop");
exit_code = MongoRunner.runMongoTool("mongorestore", {
dir: external_scratch_dir,
port: md.port,
ssl: "",
sslCAFile: "jstests/libs/ca.pem",
sslPEMKeyFile: "jstests/libs/password_protected.pem",
sslPEMKeyPassword: "qwerty",
});
assert.eq(exit_code, 0, "Failed to start mongorestore with ssl");
assert.soon("c.findOne()",
"no data after sleep. Expected a document after calling mongorestore");
assert.eq(
1,
c.count(),
"did not find expected document in dumprestore_ssl.foo collection after mongorestore");
assert.eq(22, c.findOne().a, "did not find correct value in document after mongorestore");
// Test that mongoimport and mongoexport support ssl
var exportimport_ssl_dbname = "exportimport_ssl";
c = md.getDB(exportimport_ssl_dbname).getCollection("foo");
assert.eq(0, c.count(), "exportimport_ssl.foo collection is not initially empty");
c.save({a: 22});
assert.eq(1, c.count(), "failed to insert document into exportimport_ssl.foo collection");
var exportimport_file = "data.json";
exit_code = MongoRunner.runMongoTool("mongoexport", {
out: external_scratch_dir + exportimport_file,
db: exportimport_ssl_dbname,
collection: "foo",
port: md.port,
ssl: "",
sslCAFile: "jstests/libs/ca.pem",
sslPEMKeyFile: "jstests/libs/password_protected.pem",
sslPEMKeyPassword: "qwerty",
});
assert.eq(exit_code, 0, "Failed to start mongoexport with ssl");
c.drop();
assert.eq(0, c.count(), "afterdrop", "-d", exportimport_ssl_dbname, "-c", "foo");
exit_code = MongoRunner.runMongoTool("mongoimport", {
file: external_scratch_dir + exportimport_file,
db: exportimport_ssl_dbname,
collection: "foo",
port: md.port,
ssl: "",
sslCAFile: "jstests/libs/ca.pem",
sslPEMKeyFile: "jstests/libs/password_protected.pem",
sslPEMKeyPassword: "qwerty",
});
assert.eq(exit_code, 0, "Failed to start mongoimport with ssl");
assert.soon("c.findOne()",
"no data after sleep. Expected a document after calling mongoimport");
assert.eq(1,
c.count(),
"did not find expected document in dumprestore_ssl.foo collection after mongoimport");
assert.eq(22, c.findOne().a, "did not find correct value in document after mongoimport");
// Test that mongofiles supports ssl
var mongofiles_ssl_dbname = "mongofiles_ssl";
mongofiles_db = md.getDB(mongofiles_ssl_dbname);
source_filename = 'jstests/ssl/ssl_cert_password.js';
filename = 'ssl_cert_password.js';
exit_code = MongoRunner.runMongoTool("mongofiles",
{
db: mongofiles_ssl_dbname,
port: md.port,
ssl: "",
sslCAFile: "jstests/libs/ca.pem",
sslPEMKeyFile: "jstests/libs/password_protected.pem",
sslPEMKeyPassword: "qwerty",
},
"put",
source_filename);
assert.eq(exit_code, 0, "Failed to start mongofiles with ssl");
md5 = md5sumFile(source_filename);
file_obj = mongofiles_db.fs.files.findOne();
assert(file_obj, "failed to find file object in mongofiles_ssl db using gridfs");
md5_stored = file_obj.md5;
md5_computed = mongofiles_db.runCommand({filemd5: file_obj._id}).md5;
assert.eq(md5, md5_stored, "md5 incorrect for file");
assert.eq(md5, md5_computed, "md5 computed incorrectly by server");
exit_code = MongoRunner.runMongoTool("mongofiles",
{
db: mongofiles_ssl_dbname,
local: external_scratch_dir + filename,
port: md.port,
ssl: "",
sslCAFile: "jstests/libs/ca.pem",
sslPEMKeyFile: "jstests/libs/password_protected.pem",
sslPEMKeyPassword: "qwerty",
},
"get",
source_filename);
assert.eq(exit_code, 0, "Failed to start mongofiles with ssl");
md5 = md5sumFile(external_scratch_dir + filename);
assert.eq(md5, md5_stored, "hash of stored file does not match the expected value");
if (!_isWindows()) {
// Stop the server
var exitCode = MongoRunner.stopMongod(md);
assert(exitCode == 0);
} else {
MongoRunner.stopMongod(md);
}
});
|
