mirrors/mongodb
mirrors/mongodb
0
0
Fork 0
mirror of https://github.com/mongodb/mongo.git synced 2024-11-27 23:27:11 +01:00
Code Issues Releases Activity
c67a3df2aa
mongodb/jstests/ocsp/ocsp_basic_ca_responder.js
Matt Broadstone a4f458fe4d SERVER-79735 Convert jstest corpus to use es modules
2023-08-06 20:48:04 +00:00

70 lines
2.0 KiB
JavaScript
Raw Blame History

// Check that OCSP verification works
// @tags: [requires_http_client]
import {
FAULT_REVOKED,
MockOCSPServer,
OCSP_CA_RESPONDER,
OCSP_INTERMEDIATE_RESPONDER,
} from "jstests/ocsp/lib/mock_ocsp.js";
import {
clearOCSPCache,
OCSP_CA_PEM,
OCSP_INTERMEDIATE_CA_WITH_ROOT_PEM,
OCSP_SERVER_AND_INTERMEDIATE_APPENDED_PEM,
OCSP_SERVER_CERT,
OCSP_SERVER_SIGNED_BY_INTERMEDIATE_CA_PEM
} from "jstests/ocsp/lib/ocsp_helpers.js";
import {determineSSLProvider} from "jstests/ssl/libs/ssl_helpers.js";
if (determineSSLProvider() === "apple") {
quit();
}
function test(serverCert, caCert, responderCertPair) {
clearOCSPCache();
const ocsp_options = {
sslMode: "requireSSL",
sslPEMKeyFile: serverCert,
sslCAFile: caCert,
sslAllowInvalidHostnames: "",
setParameter: {
"failpoint.disableStapling": "{'mode':'alwaysOn'}",
"ocspEnabled": "true",
},
};
// This is to test what happens when the responder is down,
// making sure that we soft fail.
let conn = null;
let mock_ocsp = new MockOCSPServer("", 1, responderCertPair);
mock_ocsp.start();
assert.doesNotThrow(() => {
conn = MongoRunner.runMongod(ocsp_options);
});
mock_ocsp.stop();
mock_ocsp = new MockOCSPServer(FAULT_REVOKED, 1, responderCertPair);
mock_ocsp.start();
assert.throws(() => {
new Mongo(conn.host);
});
MongoRunner.stopMongod(conn);
// The mongoRunner spawns a new Mongo Object to validate the collections which races
// with the shutdown logic of the mock_ocsp responder on some platforms. We need this
// sleep to make sure that the threads don't interfere with each other.
sleep(1000);
mock_ocsp.stop();
}
test(OCSP_SERVER_CERT, OCSP_CA_PEM, OCSP_CA_RESPONDER);
test(OCSP_SERVER_SIGNED_BY_INTERMEDIATE_CA_PEM,
OCSP_INTERMEDIATE_CA_WITH_ROOT_PEM,
OCSP_INTERMEDIATE_RESPONDER);
test(OCSP_SERVER_AND_INTERMEDIATE_APPENDED_PEM, OCSP_CA_PEM, OCSP_INTERMEDIATE_RESPONDER);
View Git Blame Copy Permalink