mirrors/mongodb
mirrors/mongodb
0
0
Fork 0
mirror of https://github.com/mongodb/mongo.git synced 2024-12-01 09:32:32 +01:00
Code Issues Releases Activity
5a7537b07d
mongodb/jstests/libs
History
Sean Tao acdbc57731 SERVER-33998 Remove the parallelCollectionScan command
2018-07-12 17:54:34 -04:00
..
command_line
config_files SERVER-35591 Remove MMAPv1 testing 2018-06-25 16:47:18 -04:00
jstestfuzz SERVER-33633 Create jstestfuzz_interrupt and jstestfuzz_interrupt_replication suites to enable checkForInterrupt failpoint 2018-03-28 13:41:51 -04:00
override_methods SERVER-33998 Remove the parallelCollectionScan command 2018-07-12 17:54:34 -04:00
txns SERVER-35388 Improve misleading error messages for operations banned in transactions 2018-06-25 16:50:34 -04:00
8k-prime.dhparam
analyze_plan.js SERVER-23202: Query planner does not trim certain bounds-generating inequality predicates from expression tree 2018-03-14 20:35:15 -04:00
assert_schema_match.js SERVER-31335 cmd assertions check write errors 2018-01-11 10:47:49 -05:00
authTestsKey
badSAN.pem
ca.pem
change_stream_util.js SERVER-35280: Add handling for drops of sharded collections in change stream tests 2018-07-09 14:07:55 -04:00
check_log.js SERVER-34034 Test log format, slowms, logLevel and sampleRate on mongoD and mongoS 2018-04-04 17:42:14 +01:00
check_unique_indexes.js SERVER-32825 Add upgrade/downgrade infrastructure for timestamp safe unique index. 2018-05-18 10:41:22 +10:00
check_uuids.js SERVER-35131 Remove system.namespaces and system.indexes-specific UUID handling for 4.2 2018-07-03 13:44:16 -04:00
chunk_manipulation_util.js SERVER-35152 update tests for 4.0 2018-05-22 15:15:53 -04:00
cleanup_orphaned_util.js
client_email.pem SERVER-34831 Add support for emailAddress in subject name 2018-05-07 11:35:41 -04:00
client_escape.pem SERVER-34413 Converting Certificate Subject Names to strings need to obey RFC 2253 2018-04-17 12:07:46 -04:00
client_privatekey.pem SERVER-35541 Support PKCS#8 PrivateKeyInfo in SChannel Provider 2018-06-11 23:32:42 -04:00
client_revoked.pem
client_roles.pem SERVER-34387 Create client_roles.pem test certificate with long expiration date 2018-04-10 16:55:20 -04:00
client_title.pem SERVER-34831 Add support for emailAddress in subject name 2018-05-07 11:35:41 -04:00
client_utf8.cnf SERVER-34413 Converting Certificate Subject Names to strings need to obey RFC 2253 2018-04-17 12:07:46 -04:00
client_utf8.pem SERVER-34413 Converting Certificate Subject Names to strings need to obey RFC 2253 2018-04-17 12:07:46 -04:00
client-all-the-oids.csr.in SERVER-35196 Map additional X509 OIDs 2018-06-05 21:55:10 -04:00
client-all-the-oids.pem SERVER-35196 Map additional X509 OIDs 2018-06-05 21:55:10 -04:00
client-custom-oids.csr.in SERVER-34735 Extract structured data from X509 subject names 2018-05-15 22:11:45 -04:00
client-custom-oids.pem SERVER-34735 Extract structured data from X509 subject names 2018-05-15 22:11:45 -04:00
client-multivalue-rdn.pem SERVER-34735 Extract structured data from X509 subject names 2018-05-15 22:11:45 -04:00
client-self-signed.pem SERVER-34888 Do not store subject name without validation 2018-05-09 11:49:47 -04:00
client.pem
cluster_cert.pem
collection_drop_recreate.js
command_sequence_with_retries.js
crl_client_revoked.pem
crl_expired.pem
crl.pem
csrs_upgrade_util.js
cycle_detection.js SERVER-34293 Add test for atomicity and isolation of transactions. 2018-04-16 19:27:18 -04:00
database_versioning.js SERVER-34459 Clear in-memory database versions on setFCV downgrade on shard primaries and secondaries 2018-04-13 18:27:07 -04:00
dateutil.js
discover_topology.js SERVER-34289 add new sharded cluster wrapper for connecting to an existing cluster 2018-04-12 09:19:28 -04:00
expired.pem
feature_compatibility_version.js SERVER-35655 Update FCV constants throughout server code. 2018-07-02 10:50:53 -04:00
fixture_helpers.js SERVER-34302 Add passthrough suite(s) replacing single-collection $changeStream with whole-db streams filtered by namespace 2018-04-19 11:21:12 +01:00
fsm_serial_client.js
ftdc.js
fts.js
geo_math.js
geo_near_random.js SERVER-35043, SERVER-22949: move geoNear implementation into aggregation 2018-06-18 23:34:49 -04:00
get_index_helpers.js
global_snapshot_reads_util.js SERVER-33991 Pass txnNumber in getMore requests through mongos 2018-04-23 14:20:43 -04:00
host_ipaddr.js
json_schema_test_runner.js
key1
key1_644
key2
kill_sessions.js
localhostnameCN.pem
localhostnameSAN.pem
mockkrb5.conf
mockservice.keytab
mockuser.keytab
mongodbauthorizationgrant.cnf SERVER-33549 Refactor OpenSSL to use common ASN.1 code and add test 2018-03-15 13:24:39 -04:00
mongoebench.js SERVER-35537 Create mongoebench for running benchRun against mobile. 2018-07-10 01:39:36 -04:00
mql_model_mongod_test_runner.js WRITING-2731 Build integration test running script for testing the mql-model command line tool 2018-06-09 08:56:32 -04:00
namespace_utils.js SERVER-29134: Support change streams on an entire database in a sharded cluster 2018-04-11 15:53:03 -04:00
not_yet_valid.pem
parallel_shell_helpers.js SERVER-34615 Make UUIDCatalog updates for renameCollection atomic 2018-06-06 16:54:44 -04:00
parallelTester.js SERVER-33998 Remove the parallelCollectionScan command 2018-07-12 17:54:34 -04:00
password_protected.pem
profiler.js SERVER-33339 add jstest that documents and verifies whether each command sends a database version 2018-02-23 10:52:11 -05:00
read_committed_lib.js
README.ssl SERVER-34735 Extract structured data from X509 subject names 2018-05-15 22:11:45 -04:00
retryable_writes_util.js SERVER-35591 Remove MMAPv1 testing 2018-06-25 16:47:18 -04:00
server.pem
sessions_collection.js
smoke.pem
specific_secondary_reader_mongo.js SERVER-32883 Add concurrency_replication_causal_consistency suite 2018-05-23 18:01:13 -04:00
ssl_test.js
stats.js
test_background_ops.js
testconfig
trace_missing_docs.js
trusted-ca.pem
trusted-client.pem
trusted-client.pfx SERVER-32979 Windows Certificate Selectors 2018-03-23 11:28:17 -04:00
trusted-server.pem
trusted-server.pfx SERVER-34139 Add certificate selector for Apple for SecureTransport 2018-04-02 19:58:23 -04:00
uuid_util.js
write_concern_util.js

README.ssl 

client-self-signed.pem represents the same RDN as client.pem, but using itself as a CA:

openssl req -nodes -new -subj '/CN=client/OU=KernelUser/O=MongoDB/L=New York City/ST=New York/C=US' -out css.csr -keyout css.rsa
openssl rsa -in css.rsa -out css.key
openssl x509 -in css.csr -out jstests/libs/client-self-signed.pem -req -signkey client-self-signed.key -days 3650
cat css.key >> jstests/libs/client-self-signed.pem
rm css.{csr,rsa,key}

---------------------------
client-multivalue-rdn.pem represents the same RDN as client.pem, but grouping some elements together:

openssl req -new -nodes -subj '/CN=client+OU=KernelUser+O=MongoDB/L=New York City+ST=New York+C=US' -multivalue-rdn \
            -keyout client-multivalue-rdn.key -out client-multivalue-rdn.csr
openssl rsa -in client-multivalue-rdn.key -out client-multivalue-rdn.rsa
openssl x509 -in client-multivalue-rdn.csr -out client-multivalue-rdn.pem -req -CA ca.pem -days 3650 -CAcreateserial
cat client-multivalue-rdn.rsa >> client-multivalue-rdn.pem
rm ca.srl client-multivalue-rdn.key client-multivalue-rdn.rsa client-multivalue-rdn.csr

---------------------------

The other ceriticates in this directory come from x509gen.
How to generate a certificate with a custom extension:

1. Generate a normal certificate signing request without an extension
2. Make a copy of the system openssl.cnf and append this text to the file
    On Redhat/Fedora, openssl.cnf is in /etc/pki/tls

See jstests\libs\mongodbauthorizationgrant.cnf for how to generate the text with the
'openssl asn1parse' command.

[MongoDBAuthorizationGrant]
1.3.6.1.4.1.34601.2.1.1 = DER:312B300F0C066261636B75700C0561646D696E30180C0F72656164416E7944617461626173650C0561646D696E

3. Sign the certificate and add the custom extension
4. Make a new pem with the certificate and key

Example Commands
----------------
openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout roles.key -out roles.csr

Example with subject name:
openssl req -config openssl.cnf -newkey rsa:2048 -nodes -keyout roles.key -out roles.csr -subj "/C=US/ST=New York/L=New York City/O=MongoDB/OU=KernelUser/CN=client/emailAddress=example@mongodb.com"

openssl x509 -req -sha256 -in roles.csr -days 3650 -out roles.pem -extfile openssl.cnf -extensions MongoDBAuthorizationGrant -CA jstests/libs/ca.pem -CAcreateserial

openssl rsa -in roles.key -out roles2.key

cat roles.pem roles2.key > roles_final.pem


Example Commands for UTF-8
--------------------------
openssl req -new -utf8 -nameopt multiline,utf8  -config .\jstests\libs\client_utf8.cnf -newkey rsa:2048 -nodes -keyout roles.key -out roles.csr