Permalink
Browse files

SERVER-7202 adding tests for ssl private key password checking

  • Loading branch information...
1 parent d85c100 commit 13f77588a6a9997db841a5583a69ac961f3eb01c @milkie milkie committed Dec 14, 2012
Showing with 98 additions and 0 deletions.
  1. +51 −0 jstests/libs/password_protected.pem
  2. +47 −0 jstests/ssl/ssl_cert_password.js
@@ -0,0 +1,51 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIgWTIkEmBBfoCAggA
+MBQGCCqGSIb3DQMHBAjzL6xrCrEygwSCBMihG8kg3nTnTtWAbB+d1D+HJxriqm37
+7rwjkfa+T5w5ZBRGpsTt3QB5ep0maX72H55ns6ukkeMoDBSadhDWrGWcLQ2IOGt3
+E14KU6vMFe3gQkfF1fupp7F+3ma58/VNUKa4X5pzZ7OCf8inlLWejp8BRqbrPWqw
+Errgw1kNN3gWfQMr7JtIt1yI1xIMEB2Z976Jn0gaGnJAtzIW4thqjkDdb8b33S9f
+cb7N1Fq4cly22f9HdqNcLgVTi1zIlPXc/f/6mtsGTsJv/rMPthJ7c3Smvh3Fce2G
+w8e+ypfey+9QG3fk7RslaFRe8ShgqfdR8CAalp2UzwNbX91Agyuim3TA6s4jM8N9
+cF6CXlqEaA4sKhiOJmw69DfTC7QRee/gi2A8bz17pX85nKrGiLYn+Od8CEhTFxVk
+lNgBLv4+RcYHVqxWlbJMdDliMN53E+hYbh0y+GDLjteEXbrxRo1aSgd/9PGiSl97
+KY4F7b/OwRzRZh1F+cXY+uP5ZQMbx5EMMkhzuj3Hiy/AVlQrW2B1lXtcf11YFFJj
+xWq6YcpmEjL+xRq1PgoU7ahl6K0A3ScedQA5b1rLdPE8+bkRAfoN+0r8HVkIL7M+
+PorrwuWnvUmovZ0yDvm153HVvRnKZKHcelklphuUWfXvcRNITG/Rx6ssj+MVjqjb
+Xy7t7wgIrk10TFWNEcunGjSSjPDkjYPazJ2dasI0rODzhlQzrnlWM+El9P5zSu2z
+1Bvet44nmAKi2WLMda5YKbJcLSNbpBFB+rTwDt/D+dfwsJeC0sjpzzatKGXNJLJQ
+7x9BZfAbBn0QrIZYGMkaxWvcpJcaVUbCKiST4DK5ze584ptrlH+Bqw4u4xLcVrdk
+hu/8IBNybLrl4zahIz7bRRNmw5wo9zUVXPXEtuYak+MK+gmD3TzJ12OUKAlAj3Go
+Fj3NFQoxBJJjuXM3zZRvHp+/AAOUANBYIyV2WssF6C+SH4o+jKyxWC/GawPFvx/B
+gy55kdEt+ORdcOfV8L5Q2xI8Qpck6E3odmaHCvjz1bUVUWqhJcTuoewHRBfWiWgc
+UCXBS/YgendUQroBOPyYIwTtk4XY9fhhKGI4LhWcx4LfzntBnM9FGmDOwhu3HqEd
+HOs8p+HhB8LPjGRot63m7gkJ1T6AswSi9hTeZeSgXuSgL23zqwPGbGTwO3AmFs/M
+8luXQ4My9bk74K3d9lFdJPaxeTpeeWNodnBItbioT5aImptU+pkKWLTVmXi4V+JE
+1ootg+DSbz+bKp4A/LLOBO4Rsx5FCGAbBMnKc/n8lF86LjKq2PLRfgdPCaVfBrcd
+TnOkBZYU0HwJAc++4AZQJvA/KRB4UPUzMe2atjVxcrr6r6vL8G04+7TBFoynpzJ+
+4KZPCJz0Avb4wYKu/IHkdKL7UY8WEGz1mMDbAu4/xCriLg49D2f1eY3FTEjBotBI
+J9hE4ccmwqlxtl4qCVRezh0C+viJ6q2tCji2SPQviaVMNWiis9cZ52J+F9TC2p9R
+PdatJg0rjuVzfoPFE8Rq8V6+zf818b19vQ4F31J+VXTz7sF8it9IO0w/3MbtfBNE
+pKmMZ9h5RdSw1kXRWXbROR9XItS7gE1wkXAxw11z7jqNSNvhotkJXH/A5qGpTFBl
+Z8A=
+-----END ENCRYPTED PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAuqgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMx
+ETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MQ4wDAYD
+VQQKDAUxMEdlbjEPMA0GA1UECwwGS2VybmVsMRowGAYDVQQDDBFNeSBDZXJ0IEF1
+dGhvcml0eTEbMBkGCSqGSIb3DQEJARYMcm9vdEBsYXphcnVzMB4XDTEyMTIxNDE2
+MTUzNFoXDTEzMTIxNDE2MTUzNFoweTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5l
+dyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MQ4wDAYDVQQKDAUxMGdlbjEQ
+MA4GA1UEAwwHbGF6YXJ1czEdMBsGCSqGSIb3DQEJARYOdXNlckAxMGdlbi5jb20w
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT66r5RyiBNJL4Es1PDCwF
+Tv8ec02E2AsqeTyl1QJQU7MCNedeVcStq+ZuFZ4iPlOwISVzkU8Tro6+aKLEVTqX
+btnk/yCimOiTGWXt7UG6N4k5eDLmH4rvrF15D3QmZBfg47Qrmste80fe5+6EavY0
+5usHPqRsXlZ2ve6s+XqkVIsfTbM8uo8eGFS87yNxtQPdGtL/lkYeoT74X5BEy5h4
+JdOMQIDyIsO9CyKq9PqorXLThX/wrQFgl3/ITfUfdy9EtS7uZECQ3zuVjUCPSLd0
+oz+XZEBre2zLb+RIMfdV5RqqOg83w9N8lqgxnPvFXsL5mFr4lmHcTumrq+IxHpuT
+AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2Vu
+ZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRvDc5ZcsmmQMykactYzi/FJvBR
+IDAfBgNVHSMEGDAWgBQHQRk6n37FtyJOt7zV3+T8CbhkFjANBgkqhkiG9w0BAQUF
+AAOBgQCr65ppEiy5SW9QdCW4crbsKrRImL1o0qfNtfNJ8QypXMdcsYtDSBqwsUhn
+r3RXBNzRUKDEjXPSNiyxeukSMTElrd012GhtYkYglE31bJpAwO1bDGXp8pmjzm6z
+QhmIMcVLpJ1NNcSmgbAhGZpyD8xDuPz7Dnlpmlnq6cdieafWPw==
+-----END CERTIFICATE-----
@@ -0,0 +1,47 @@
+// Test passwords on private keys for SSL
+// This tests that providing a proper password works and that providing no password or incorrect
+// password fails. It uses both mongod and mongo to run the tests, since the mongod binary
+// does not return error statuses to indicate an error.
+port = allocatePorts( 1 )[ 0 ];
+var baseName = "jstests_ssl_ssl_cert_password";
+var dbpath = "/data/db" + baseName;
+resetDbpath(dbpath);
+
+// Password is correct
+md = startMongod("--nopreallocj",
+ "--port", port,
+ "--dbpath", dbpath,
+ "--sslOnNormalPorts",
+ "--sslPEMKeyFile", "jstests/libs/password_protected.pem",
+ "--sslPEMKeyPassword", "qwerty");
+// startMongod connects a Mongo shell, so if we get here, the test is successful.
+
+
+
+
+// Password missing; error logged is:
+// error:0907B068:PEM routines:PEM_READ_BIO_PRIVATEKEY:bad password read
+var md = runMongoProgram("mongo", "--port", port,
+ "--ssl",
+ "--sslPEMKeyFile", "jstests/libs/password_protected.pem");
+
+// 1 is the exit code for failure
+assert(md==1);
+
+
+
+// Password incorrect; error logged is:
+// error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
+md = runMongoProgram("mongo", "--port", port,
+ "--ssl",
+ "--sslPEMKeyFile", "jstests/libs/password_protected.pem",
+ "--sslPEMKeyPassword", "barf");
+
+// 1 is the exit code for failure
+assert(md==1);
+
+
+
+// Stop the server
+var exitCode = stopMongod(port, 15);
+assert(exitCode == 0);

0 comments on commit 13f7758

Please sign in to comment.