mirrors/mongodb
mirrors/mongodb
0
0
Fork 0
mirror of https://github.com/mongodb/mongo.git synced 2024-11-27 23:27:11 +01:00
Code Issues Releases Activity
master
mongodb/jstests/ssl/sni_name_advertisement.js
kshitij 46fec6e0db SERVER-95434: Remove shardOptions from shardingtest.js. (#28068) 
GitOrigin-RevId: 1a6e80f2083120e3ae09e8d57694e730f2375f94
2024-10-22 18:29:27 +00:00

88 lines
3.3 KiB
JavaScript
Raw Permalink Blame History

/*
* Tests that SNI names are advertised if and only if they are a URL, and NOT an IP address.
*/
import {ShardingTest} from "jstests/libs/shardingtest.js";
import {determineSSLProvider} from "jstests/ssl/libs/ssl_helpers.js";
// Checking index consistency involves reconnecting to the mongos.
TestData.skipCheckingIndexesConsistentAcrossCluster = true;
TestData.skipCheckOrphans = true;
TestData.skipCheckRoutingTableConsistency = true;
TestData.skipCheckShardFilteringMetadata = true;
// Do not check metadata consistency as mongos is stopped for testing purposes.
TestData.skipCheckMetadataConsistency = true;
TestData.skipCheckingUUIDsConsistentAcrossCluster = true;
let path = "jstests/libs/";
let pemKeyFile = path + "server.pem";
let caFile = path + "ca.pem";
let testURL = "local.10gen.cc";
let testIP = "127.0.0.1";
let params = {
tlsCertificateKeyFile: pemKeyFile,
tlsCAFile: caFile,
tlsMode: "preferTLS",
bind_ip: testURL,
tlsAllowInvalidCertificates: ""
};
/* we will have two test server configurations: one that is bound to a URL, and one that is bound to
* an IP address
* The bind_ip here is only to confirm that mongod and the shell are on the same page. bind_ip is
* not what is used for testing SNI advertisement. That is the name supplied to the shell. */
let ipParams = Object.merge(params, {bind_ip: testIP});
let urlParams = params;
// returns the result of command "whatsmysni" from a regular mongod
function getSNI(params) {
let mongod = MongoRunner.runMongod(params);
let m = new Mongo(params.bind_ip + ":" + mongod.port);
let db = m.getDB("admin");
const sni = assert.commandWorked(db.runCommand({whatsmysni: 1}))["sni"];
MongoRunner.stopMongod(mongod);
return sni;
}
// returns the result of command "whatsmysni" performed between nodes of a sharded cluster
function getSNISharded(params) {
let s = new ShardingTest({
name: "shard",
shards: 2,
useHostname: true,
host: params.bind_ip,
other: {configOptions: params, mongosOptions: params, rsOptions: params}
});
let db = s.getDB("admin");
// sort of have to fish out the value from deep within the output of multicast
const multicastData =
assert.commandWorked(db.runCommand({multicast: {whatsmysni: 1}}))["hosts"];
const hostName = Object.keys(multicastData)[0];
const sni = multicastData[hostName]["data"]["sni"];
s.stop();
return sni;
}
jsTestLog("Testing mongod bound to host " + testURL);
assert.eq(testURL, getSNI(urlParams), "Hostname is not advertised as SNI name in basic mongod");
jsTestLog("Testing sharded configuration bound to host " + testURL);
assert.eq(
testURL, getSNISharded(urlParams), "Hostname is not advertised as SNI name in sharded mongod");
// apple's TLS stack does not allow us to selectively remove SNI names, so IP addresses are
// still advertised
const desiredOutput = determineSSLProvider() === "apple" ? testIP : false;
jsTestLog("Testing mongod bound to IP " + testIP);
assert.eq(desiredOutput, getSNI(ipParams), "IP address is advertised as SNI name in basic mongod");
jsTestLog("Testing sharded configuration bound to IP " + testIP);
assert.eq(desiredOutput,
getSNISharded(ipParams),
"IP address is advertised as SNI name in sharded mongod");
View Git Blame Copy Permalink