Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

added failure cases for x509 auth tests

  • Loading branch information...
commit 9bb7b73390b4987ca4616e5ccf6435a2328a8ad7 1 parent ea38602
@llvtt llvtt authored Bernie Hackett committed
Showing with 23 additions and 0 deletions.
  1. +23 −0 test/test_ssl.py
View
23 test/test_ssl.py
@@ -431,6 +431,29 @@ def test_mongodb_x509_auth(self):
'MONGODB-X509' % (quote_plus(MONGODB_X509_USERNAME), host, port))
# SSL options aren't supported in the URI...
self.assertTrue(MongoClient(uri, ssl=True, ssl_certfile=CLIENT_PEM))
+
+ # Should require a username
+ uri = ('mongodb://%s:%d/?authMechanism=MONGODB-X509' % (host, port))
+ client_bad = MongoClient(uri, ssl=True, ssl_certfile=CLIENT_PEM)
+ self.assertRaises(OperationFailure, client_bad.pymongo_test.test.remove)
+
+ # Auth should fail if username and certificate do not match
+ uri = ('mongodb://%s@%s:%d/?authMechanism='
+ 'MONGODB-X509' % (quote_plus("not the username"), host, port))
+ self.assertRaises(ConfigurationError, MongoClient, uri,
+ ssl=True, ssl_certfile=CLIENT_PEM)
+ self.assertRaises(OperationFailure, client.admin.authenticate,
+ "not the username",
+ mechanism="MONGODB-X509")
+
+ # Invalid certificate (using CA certificate as client certificate)
+ uri = ('mongodb://%s@%s:%d/?authMechanism='
+ 'MONGODB-X509' % (quote_plus(MONGODB_X509_USERNAME), host, port))
+ self.assertRaises(ConnectionFailure, MongoClient, uri,
+ ssl=True, ssl_certfile=CA_PEM)
+ self.assertRaises(ConnectionFailure, MongoClient, pair,
+ ssl=True, ssl_certfile=CA_PEM)
+
# Cleanup
remove_all_users(client['$external'])
client['$external'].logout()
Please sign in to comment.
Something went wrong with that request. Please try again.