mongodb/jstests/ssl/x509_startup_certificate_info.js

// Test for logging of certificate information

import {ShardingTest} from "jstests/libs/shardingtest.js";
import {determineSSLProvider} from "jstests/ssl/libs/ssl_helpers.js";

const CA_CERT = "jstests/libs/ca.pem";
const SERVER_CERT = "jstests/libs/server.pem";
const CLUSTER_CERT = "jstests/libs/cluster_cert.pem";
const CRL_FILE = "jstests/libs/crl.pem";

const SERVER_CERT_INFO = {
    "type": "Server",
    "subject": "CN=server,OU=Kernel,O=MongoDB,L=New York City,ST=New York,C=US",
    "issuer": "CN=Kernel Test CA,OU=Kernel,O=MongoDB,L=New York City,ST=New York,C=US",
    "thumbprint": cat(SERVER_CERT + ".digest.sha1")
};
const CLUSTER_CERT_INFO = {
    "type": "Cluster",
    "subject": "CN=clustertest,OU=Kernel,O=MongoDB,L=New York City,ST=New York,C=US",
    "issuer": "CN=Kernel Test CA,OU=Kernel,O=MongoDB,L=New York City,ST=New York,C=US",
    "thumbprint": cat(CLUSTER_CERT + ".digest.sha1")
};
const CRL_INFO = {
    "thumbprint": cat(CRL_FILE + ".digest.sha1")
};

function runTest(checkMongos,
                 opts,
                 expectServerInfo,
                 expectClusterInfo,
                 expectCRLInfo,
                 serverInfoToExpect,
                 clusterInfoToExpect,
                 CRLInfotoExpect) {
    let mongo;

    if (checkMongos) {
        var st = new ShardingTest({
            shards: 1,
            mongos: 1,
            other: {configOptions: opts, mongosOptions: opts, rsOptions: opts, useHostname: false}
        });
        mongo = st.s;
    } else {
        mongo = MongoRunner.runMongod(Object.assign(opts));
    }

    assert.soon(function() {
        return (expectServerInfo ===
                checkLog.checkContainsOnceJson(mongo, 4913010, serverInfoToExpect));
    });

    if (!(determineSSLProvider() === "windows" && !expectClusterInfo)) {
        assert.soon(function() {
            return (expectClusterInfo ===
                    checkLog.checkContainsOnceJson(mongo, 4913011, clusterInfoToExpect));
        });
    }

    if (!(determineSSLProvider() === "apple")) {
        assert.soon(function() {
            return (expectCRLInfo ===
                    checkLog.checkContainsOnceJson(mongo, 4913012, CRLInfotoExpect));
        });
    }

    if (checkMongos) {
        st.stop();
    } else {
        stopMongoProgramByPid(mongo.pid);
    }
}

function runTests(checkMongos) {
    runTest(checkMongos,
            {
                tlsMode: 'requireTLS',
                tlsCertificateKeyFile: SERVER_CERT,
                tlsCAFile: CA_CERT,
                tlsClusterFile: CLUSTER_CERT,
                tlsCRLFile: CRL_FILE,
                useHostname: false
            },
            true,
            true,
            true,
            SERVER_CERT_INFO,
            CLUSTER_CERT_INFO,
            CRL_INFO);

    runTest(checkMongos,
            {
                tlsMode: 'requireTLS',
                tlsCertificateKeyFile: SERVER_CERT,
                tlsCAFile: CA_CERT,
                tlsClusterFile: CLUSTER_CERT,
            },
            true,
            true,
            false,
            SERVER_CERT_INFO,
            CLUSTER_CERT_INFO,
            {});

    runTest(checkMongos,
            {
                tlsMode: 'requireTLS',
                tlsCertificateKeyFile: SERVER_CERT,
                tlsCAFile: CA_CERT,
                tlsCRLFile: CRL_FILE,
            },
            true,
            false,
            true,
            SERVER_CERT_INFO,
            CLUSTER_CERT_INFO,
            CRL_INFO);
}

// runTests(true);
runTests(false);