mirror of
https://github.com/mongodb/mongo.git
synced 2024-12-01 09:32:32 +01:00
74 lines
2.7 KiB
JavaScript
74 lines
2.7 KiB
JavaScript
load('jstests/ssl/libs/ssl_helpers.js');
|
|
|
|
const test = () => {
|
|
"use strict";
|
|
|
|
const ECDSA_CA_CERT = 'jstests/libs/ecdsa-ca.pem';
|
|
const ECDSA_CLIENT_CERT = 'jstests/libs/ecdsa-client.pem';
|
|
const ECDSA_SERVER_CERT = 'jstests/libs/ecdsa-server.pem';
|
|
|
|
const CLIENT_USER = 'CN=client,OU=KernelUser,O=MongoDB,L=New York City,ST=New York,C=US';
|
|
|
|
print('Testing if platform supports usage of ECDSA certificates');
|
|
const tlsOptions = {
|
|
tlsMode: 'preferTLS',
|
|
tlsCertificateKeyFile: ECDSA_SERVER_CERT,
|
|
tlsCAFile: ECDSA_CA_CERT,
|
|
ipv6: '',
|
|
bind_ip_all: '',
|
|
waitForConnect: true,
|
|
tlsAllowConnectionsWithoutCertificates: "",
|
|
};
|
|
|
|
let mongod = MongoRunner.runMongod(tlsOptions);
|
|
|
|
// Verify we can connect
|
|
assert.eq(0,
|
|
runMongoProgram('mongo',
|
|
'--tls',
|
|
'--tlsCAFile',
|
|
ECDSA_CA_CERT,
|
|
'--port',
|
|
mongod.port,
|
|
'--eval',
|
|
'db.hello()'),
|
|
"mongo did not initialize properly");
|
|
|
|
// Add an X509 user
|
|
const addUserCmd = {createUser: CLIENT_USER, roles: [{role: 'root', db: 'admin'}]};
|
|
assert.commandWorked(mongod.getDB('$external').runCommand(addUserCmd),
|
|
'Failed to create X509 user using ECDSA certificates');
|
|
|
|
const command = function() {
|
|
assert(db.getSiblingDB('$external').auth({mechanism: 'MONGODB-X509', user: "CLIENT_USER"}));
|
|
|
|
const connStatus = db.getSiblingDB('admin').runCommand({connectionStatus: 1});
|
|
assert(connStatus.authInfo.authenticatedUsers[0].user === "CLIENT_USER");
|
|
};
|
|
|
|
// Verify we can authenticate via X509
|
|
assert.eq(
|
|
0,
|
|
runMongoProgram('mongo',
|
|
'--tls',
|
|
'--tlsCertificateKeyFile',
|
|
ECDSA_CLIENT_CERT,
|
|
'--tlsCAFile',
|
|
ECDSA_CA_CERT,
|
|
'--port',
|
|
mongod.port,
|
|
'--eval',
|
|
'(' + command.toString().replace(/CLIENT_USER/g, CLIENT_USER) + ')();'),
|
|
"ECDSA X509 authentication failed");
|
|
MongoRunner.stopMongod(mongod);
|
|
};
|
|
|
|
const EXCLUDED_BUILDS = ['amazon', 'amzn64'];
|
|
if (EXCLUDED_BUILDS.includes(buildInfo().buildEnvironment.distmod)) {
|
|
print("*****************************************************");
|
|
print("Skipping test because Amazon Linux does not support ECDSA certificates");
|
|
print("*****************************************************");
|
|
} else {
|
|
requireSSLProvider('openssl', test);
|
|
}
|