added failure cases for x509 auth tests

mongodb · Feb 25, 2014 · 9bb7b73 · 9bb7b73
1 parent ea38602
commit 9bb7b73
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/test/test_ssl.py b/test/test_ssl.py
@@ -431,6 +431,29 @@ def test_mongodb_x509_auth(self):
                'MONGODB-X509' % (quote_plus(MONGODB_X509_USERNAME), host, port))
         # SSL options aren't supported in the URI...
         self.assertTrue(MongoClient(uri, ssl=True, ssl_certfile=CLIENT_PEM))
+
+        # Should require a username
+        uri = ('mongodb://%s:%d/?authMechanism=MONGODB-X509' % (host, port))
+        client_bad = MongoClient(uri, ssl=True, ssl_certfile=CLIENT_PEM)
+        self.assertRaises(OperationFailure, client_bad.pymongo_test.test.remove)
+
+        # Auth should fail if username and certificate do not match
+        uri = ('mongodb://%s@%s:%d/?authMechanism='
+               'MONGODB-X509' % (quote_plus("not the username"), host, port))
+        self.assertRaises(ConfigurationError, MongoClient, uri,
+                          ssl=True, ssl_certfile=CLIENT_PEM)
+        self.assertRaises(OperationFailure, client.admin.authenticate,
+                          "not the username",
+                          mechanism="MONGODB-X509")
+
+        # Invalid certificate (using CA certificate as client certificate)
+        uri = ('mongodb://%s@%s:%d/?authMechanism='
+               'MONGODB-X509' % (quote_plus(MONGODB_X509_USERNAME), host, port))
+        self.assertRaises(ConnectionFailure, MongoClient, uri,
+                          ssl=True, ssl_certfile=CA_PEM)
+        self.assertRaises(ConnectionFailure, MongoClient, pair,
+                          ssl=True, ssl_certfile=CA_PEM)
+
         # Cleanup
         remove_all_users(client['$external'])
         client['$external'].logout()