1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
// Test for logging of certificate information
// @tags: [live_record_incompatible]
(function() {
'use strict';
load("jstests/ssl/libs/ssl_helpers.js");
const CA_CERT = "jstests/libs/ca.pem";
const SERVER_CERT = "jstests/libs/server.pem";
const CLUSTER_CERT = "jstests/libs/cluster_cert.pem";
const CRL_FILE = "jstests/libs/crl.pem";
const SERVER_CERT_INFO = {
"type": "Server",
"subject": "CN=server,OU=Kernel,O=MongoDB,L=New York City,ST=New York,C=US",
"issuer": "CN=Kernel Test CA,OU=Kernel,O=MongoDB,L=New York City,ST=New York,C=US",
"thumbprint": "BF2E341D28D7CEAADA534A11D75189D4ECABB551"
};
const CLUSTER_CERT_INFO = {
"type": "Cluster",
"subject": "CN=clustertest,OU=Kernel,O=MongoDB,L=New York City,ST=New York,C=US",
"issuer": "CN=Kernel Test CA,OU=Kernel,O=MongoDB,L=New York City,ST=New York,C=US",
"thumbprint": "FD85F9F6F380EE53F46F497253453731DC885335"
};
const CRL_INFO = {
"thumbprint": "551FEF8D916CE363E5488AD7F4BD60E3D1EC2BD8"
};
function runTest(checkMongos,
opts,
expectServerInfo,
expectClusterInfo,
expectCRLInfo,
serverInfoToExpect,
clusterInfoToExpect,
CRLInfotoExpect) {
let mongo;
if (checkMongos) {
var st = new ShardingTest({
shards: 1,
mongos: 1,
other:
{configOptions: opts, mongosOptions: opts, shardOptions: opts, useHostname: false}
});
mongo = st.s;
} else {
mongo = MongoRunner.runMongod(Object.assign(opts));
}
assert.soon(function() {
return (expectServerInfo ===
checkLog.checkContainsOnceJson(mongo, 4913010, serverInfoToExpect));
});
if (!(determineSSLProvider() === "windows" && !expectClusterInfo)) {
assert.soon(function() {
return (expectClusterInfo ===
checkLog.checkContainsOnceJson(mongo, 4913011, clusterInfoToExpect));
});
}
if (!(determineSSLProvider() === "apple")) {
assert.soon(function() {
return (expectCRLInfo ===
checkLog.checkContainsOnceJson(mongo, 4913012, CRLInfotoExpect));
});
}
if (checkMongos) {
st.stop();
} else {
stopMongoProgramByPid(mongo.pid);
}
}
function runTests(checkMongos) {
runTest(checkMongos,
{
sslMode: 'requireSSL',
tlsCertificateKeyFile: SERVER_CERT,
tlsCAFile: CA_CERT,
tlsClusterFile: CLUSTER_CERT,
tlsCRLFile: CRL_FILE,
useHostname: false
},
true,
true,
true,
SERVER_CERT_INFO,
CLUSTER_CERT_INFO,
CRL_INFO);
runTest(checkMongos,
{
sslMode: 'requireSSL',
tlsCertificateKeyFile: SERVER_CERT,
tlsCAFile: CA_CERT,
tlsClusterFile: CLUSTER_CERT,
},
true,
true,
false,
SERVER_CERT_INFO,
CLUSTER_CERT_INFO,
{});
runTest(checkMongos,
{
sslMode: 'requireSSL',
tlsCertificateKeyFile: SERVER_CERT,
sslCAFile: CA_CERT,
sslCRLFile: CRL_FILE,
},
true,
false,
true,
SERVER_CERT_INFO,
CLUSTER_CERT_INFO,
CRL_INFO);
}
// runTests(true);
runTests(false);
})();
|
