Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SERVER-7455 x.509 cluster auth tests and expanded use-ssl passthrough
- Loading branch information
Showing
13 changed files
with
314 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
Certificate: | ||
Data: | ||
Version: 3 (0x2) | ||
Serial Number: 5 (0x5) | ||
Signature Algorithm: sha1WithRSAEncryption | ||
Issuer: C=US, ST=New York, L=New York City, O=10Gen, OU=Kernel, CN=My Cert Authority/emailAddress=root@lazarus | ||
Validity | ||
Not Before: Aug 7 17:19:17 2013 GMT | ||
Not After : Dec 22 17:19:17 2040 GMT | ||
Subject: C=US, ST=New York, L=New York City, O=10Gen, OU=Kernel, CN=clustertest | ||
Subject Public Key Info: | ||
Public Key Algorithm: rsaEncryption | ||
Public-Key: (2048 bit) | ||
Modulus: | ||
00:98:ec:01:6e:f4:ae:8e:16:c8:87:a2:44:86:a0: | ||
45:5c:ca:82:56:ba:0d:a9:60:bf:07:40:da:db:70: | ||
33:a6:c2:ec:9d:e1:f0:da:fe:b9:f9:ac:23:33:64: | ||
e6:63:71:cc:a2:0d:eb:86:bc:31:32:aa:30:e6:1d: | ||
5d:6d:fd:45:f4:2f:dc:72:93:bc:92:27:f7:6a:5a: | ||
18:04:f7:64:d0:6a:3c:a9:14:f6:9e:9d:58:26:f4: | ||
16:93:7e:3d:2e:3c:9e:54:41:4d:1a:e1:bd:b4:cf: | ||
d0:05:4c:4d:15:fb:5c:70:1e:0c:32:6d:d7:67:5b: | ||
ec:b2:61:83:e3:f0:b1:78:aa:30:45:86:f9:6d:f5: | ||
48:1f:f1:90:06:25:db:71:ed:af:d7:0d:65:65:70: | ||
89:d4:c8:c8:23:a0:67:22:de:d9:6e:1d:44:38:cf: | ||
0f:eb:2c:fe:79:01:d7:98:15:5f:22:42:3f:ee:c9: | ||
16:eb:b9:25:08:9a:2a:11:74:47:e0:51:75:8c:ae: | ||
eb:8d:b5:30:fe:48:98:0a:9e:ba:6e:a4:60:08:81: | ||
c6:05:a0:97:38:70:c0:1f:b4:27:96:8e:c3:d2:c1: | ||
14:5f:34:16:91:7d:ad:4c:e9:23:07:f0:42:86:78: | ||
11:a1:1e:9d:f3:d0:41:09:06:7d:5c:89:ef:d2:0d: | ||
6c:d5 | ||
Exponent: 65537 (0x10001) | ||
X509v3 extensions: | ||
X509v3 Basic Constraints: | ||
CA:FALSE | ||
Netscape Comment: | ||
OpenSSL Generated Certificate | ||
X509v3 Subject Key Identifier: | ||
C9:00:3A:28:CC:6A:75:57:82:81:00:A6:25:48:6C:CE:0A:A0:4A:59 | ||
X509v3 Authority Key Identifier: | ||
keyid:07:41:19:3A:9F:7E:C5:B7:22:4E:B7:BC:D5:DF:E4:FC:09:B8:64:16 | ||
|
||
Signature Algorithm: sha1WithRSAEncryption | ||
d1:55:e3:5c:43:8c:4f:d3:29:8d:74:4a:1d:23:50:17:27:b3: | ||
30:6f:c6:d7:4c:6c:96:7e:52:a0:2f:91:92:b3:f5:4c:a1:ca: | ||
88:62:31:e4:d6:64:ac:40:17:47:00:24:e8:0d:3b:7b:c7:d4: | ||
7f:3a:76:45:27:fd:9b:ae:9d:44:71:8f:ab:62:60:e5:9d:e8: | ||
59:dd:0e:25:17:14:f8:83:b0:b6:fc:5f:27:8b:69:a2:dc:31: | ||
b9:17:a1:27:92:96:c1:73:bf:a3:f0:b8:97:b9:e2:fb:97:6d: | ||
44:01:b0:68:68:47:4b:84:56:3b:19:66:f8:0b:6c:1b:f5:44: | ||
a9:ae | ||
-----BEGIN CERTIFICATE----- | ||
MIIDdzCCAuCgAwIBAgIBBTANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMx | ||
ETAPBgNVBAgMCE5ldyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MQ4wDAYD | ||
VQQKDAUxMEdlbjEPMA0GA1UECwwGS2VybmVsMRowGAYDVQQDDBFNeSBDZXJ0IEF1 | ||
dGhvcml0eTEbMBkGCSqGSIb3DQEJARYMcm9vdEBsYXphcnVzMB4XDTEzMDgwNzE3 | ||
MTkxN1oXDTQwMTIyMjE3MTkxN1owbzELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5l | ||
dyBZb3JrMRYwFAYDVQQHDA1OZXcgWW9yayBDaXR5MQ4wDAYDVQQKDAUxMEdlbjEP | ||
MA0GA1UECwwGS2VybmVsMRQwEgYDVQQDDAtjbHVzdGVydGVzdDCCASIwDQYJKoZI | ||
hvcNAQEBBQADggEPADCCAQoCggEBAJjsAW70ro4WyIeiRIagRVzKgla6DalgvwdA | ||
2ttwM6bC7J3h8Nr+ufmsIzNk5mNxzKIN64a8MTKqMOYdXW39RfQv3HKTvJIn92pa | ||
GAT3ZNBqPKkU9p6dWCb0FpN+PS48nlRBTRrhvbTP0AVMTRX7XHAeDDJt12db7LJh | ||
g+PwsXiqMEWG+W31SB/xkAYl23Htr9cNZWVwidTIyCOgZyLe2W4dRDjPD+ss/nkB | ||
15gVXyJCP+7JFuu5JQiaKhF0R+BRdYyu6421MP5ImAqeum6kYAiBxgWglzhwwB+0 | ||
J5aOw9LBFF80FpF9rUzpIwfwQoZ4EaEenfPQQQkGfVyJ79INbNUCAwEAAaN7MHkw | ||
CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy | ||
dGlmaWNhdGUwHQYDVR0OBBYEFMkAOijManVXgoEApiVIbM4KoEpZMB8GA1UdIwQY | ||
MBaAFAdBGTqffsW3Ik63vNXf5PwJuGQWMA0GCSqGSIb3DQEBBQUAA4GBANFV41xD | ||
jE/TKY10Sh0jUBcnszBvxtdMbJZ+UqAvkZKz9UyhyohiMeTWZKxAF0cAJOgNO3vH | ||
1H86dkUn/ZuunURxj6tiYOWd6FndDiUXFPiDsLb8XyeLaaLcMbkXoSeSlsFzv6Pw | ||
uJe54vuXbUQBsGhoR0uEVjsZZvgLbBv1RKmu | ||
-----END CERTIFICATE----- | ||
-----BEGIN PRIVATE KEY----- | ||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCY7AFu9K6OFsiH | ||
okSGoEVcyoJWug2pYL8HQNrbcDOmwuyd4fDa/rn5rCMzZOZjccyiDeuGvDEyqjDm | ||
HV1t/UX0L9xyk7ySJ/dqWhgE92TQajypFPaenVgm9BaTfj0uPJ5UQU0a4b20z9AF | ||
TE0V+1xwHgwybddnW+yyYYPj8LF4qjBFhvlt9Ugf8ZAGJdtx7a/XDWVlcInUyMgj | ||
oGci3tluHUQ4zw/rLP55AdeYFV8iQj/uyRbruSUImioRdEfgUXWMruuNtTD+SJgK | ||
nrpupGAIgcYFoJc4cMAftCeWjsPSwRRfNBaRfa1M6SMH8EKGeBGhHp3z0EEJBn1c | ||
ie/SDWzVAgMBAAECggEAfogRK5Dz+gfqByiCEO7+VagOrtolwbeWeNb2AEpXwq1Z | ||
Ac5Y76uDkI4ZVkYvx6r6ykBAWOzQvH5MFavIieDeiA0uF/QcPMcrFmnTpBBb74No | ||
C/OXmGjS7vBa2dHDp8VqsIaT2SFeSgUFt8yJoB2rP+3s47E1YYWTVYoQioO3JQJN | ||
f0mSuvTnvJO9lbTWiW+yWGVkQvIciCCnHkCEwU0fHht8IoFBGNFlpWZcGiMeietr | ||
16GdRcmAq95q8TTCeQxkgmmL+0ZJ1BrF7llG2pGYdacawXj1eVRqOHQaFIlcKe05 | ||
RITpuXVYOWBpBpfbQsBZaCGLe7WxHJedrFxdbqm0ZQKBgQDLUQrmIl2wz43t3sI+ | ||
WjW6y1GwMPG9EjXUT1Boq6PNHKgw04/32QNn5IMmz4cp2Mgyz7Hc0ABDU/ZATujd | ||
yCkxVErPbKRDKSxSl6nLXtLpLbHFmVPfKPbNKIuyFMBsOFOtoFoVbo33wI5dI7aO | ||
i7sTGB3ngbq4pzCJ9dVt/t81QwKBgQDAjAtBXS8WB69l9w35tx+MgYG0LJ+ykAug | ||
d91pwiWqSt02fZ0nr/S/76G6B4C8eqeOnYh1RzF5isLD246rLD2Y+uuFrgasvSiS | ||
4qSKbpG2kk02R/DRTAglAyXI0rhYIDrYKCQPWqNMWpawT/FQQwbFjTuhmz10FyXS | ||
hmVztZWoBwKBgQCBdnptLibghllGxViEoaai6gJ7Ib9ceHMEXPjDnb+wxPWoGZ8L | ||
4AjWJ+EHXpAfqmVYTX5hL6VrOdSNAHIxftoUCiuUxwYVqesKMH6y/A9q4WjYfRi1 | ||
+fyliJLjc2lPv9IwtfGGwh3uS5ObZTlCrWES+IFaP/YozHUQ9BPSdb+lxwKBgB35 | ||
Lv9b3CqXw6why2EmKpkax/AeSjXnyoeOYT9HY8mgodMLtt0ovPbr/McSx+2PQmon | ||
B8kJ7h+3hB4tHYZz+prH5MYIky1svNYwxeBu2ewL1k0u4cQTC+mHFeivNNczHTXs | ||
+cASIf2O1IpZx3zxEirKk4/StLxPpimhlkVu7P8dAoGBAJVw2U70+PagVBPtvheu | ||
ZDEvxSEzrn90ivIh7Y6ZIwdSOSLW04sOVL2JAzO155u4g77jdmcxV3urr1vD9LbF | ||
qkBGLXx7FFC/Mn/H42qerxr16Bt6RtvVpms71UIQLYxA7caab9cqoyt0wkgqJFKX | ||
fj0TVODnIf+zPMDCu+frpLbA | ||
-----END PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
// Basic tests for cluster authentication using x509 | ||
// This test is launching replsets/initial_sync1.js with different | ||
// values for clusterAuthMode to emulate an upgrade process. | ||
|
||
var common_options = {sslOnNormalPorts : "", | ||
sslPEMKeyFile : "jstests/libs/server.pem", | ||
sslCAFile: "jstests/libs/ca.pem", | ||
keyFile : "jstests/libs/key1"}; | ||
|
||
// Standard case, clusterAuthMode: x509 | ||
x509_options1 = Object.merge(common_options, | ||
{sslClusterFile: "jstests/libs/cluster-cert.pem", | ||
clusterAuthMode: "x509"}); | ||
var x509_options2 = x509_options1; | ||
load("jstests/replsets/initial_sync_1.js"); | ||
|
||
// Mixed clusterAuthMode: sendX509 and sendKeyfile and try adding --auth | ||
x509_options1 = Object.merge(common_options, | ||
{sslClusterFile: "jstests/libs/cluster-cert.pem", | ||
clusterAuthMode: "x509", | ||
auth: ""}); | ||
x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendKeyfile"}); | ||
load("jstests/replsets/initial_sync1.js"); | ||
|
||
// Mixed clusterAuthMode: x509 and sendX509, use the PEMKeyFile for outgoing connections | ||
x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"}); | ||
x509_options2 = Object.merge(common_options, {clusterAuthMode: "sendX509"}); | ||
load("jstests/replsets/initial_sync1.js"); | ||
|
||
//verify that replset initiate fails if using an invalid cert | ||
x509_options1 = Object.merge(common_options, {clusterAuthMode: "x509"}); | ||
x509_options2 = Object.merge(common_options, | ||
{sslClusterFile: "jstests/libs/smoke.pem", | ||
clusterAuthMode: "x509"}); | ||
var replTest = new ReplSetTest({nodes : {node0 : x509_options1, node1 : x509_options2}}); | ||
var conns = replTest.startSet(); | ||
assert.throws( function() { replTest.initiate() } ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
// Tests basic sharding with x509 cluster auth | ||
// The purpose is to verify the connectivity between mongos and the shards | ||
|
||
var x509_options = {sslOnNormalPorts : "", | ||
sslPEMKeyFile : "jstests/libs/server.pem", | ||
sslCAFile: "jstests/libs/ca.pem", | ||
sslClusterFile: "jstests/libs/cluster-cert.pem", | ||
clusterAuthMode: "x509"}; | ||
|
||
var st = new ShardingTest({ name : "sharding_with_x509" , | ||
shards : 2, | ||
mongos : 1, | ||
keyFile : "jstests/libs/key1", | ||
other: { | ||
configOptions : x509_options, | ||
mongosOptions : x509_options, | ||
rsOptions : x509_options, | ||
shardOptions : x509_options | ||
}}); | ||
|
||
var mongos = new Mongo( "localhost:" + st.s0.port ) | ||
var coll = mongos.getCollection( "test.foo" ) | ||
|
||
st.shardColl( coll, { _id : 1 }, false ) | ||
|
||
// Create an index so we can find by num later | ||
coll.ensureIndex({ insert : 1 }) | ||
|
||
// For more logging | ||
// mongos.getDB("admin").runCommand({ setParameter : 1, logLevel : 3 }) | ||
|
||
print( "INSERT!" ) | ||
|
||
// Insert a bunch of data | ||
var toInsert = 2000 | ||
for( var i = 0; i < toInsert; i++ ){ | ||
coll.insert({ my : "test", data : "to", insert : i }) | ||
} | ||
|
||
assert.eq( coll.getDB().getLastError(), null ) | ||
|
||
print( "UPDATE!" ) | ||
|
||
// Update a bunch of data | ||
var toUpdate = toInsert | ||
for( var i = 0; i < toUpdate; i++ ){ | ||
var id = coll.findOne({ insert : i })._id | ||
coll.update({ insert : i, _id : id }, { $inc : { counter : 1 } }) | ||
} | ||
|
||
assert.eq( coll.getDB().getLastError(), null ) | ||
|
||
print( "DELETE" ) | ||
|
||
// Remove a bunch of data | ||
var toDelete = toInsert / 2 | ||
for( var i = 0; i < toDelete; i++ ){ | ||
coll.remove({ insert : i }) | ||
} | ||
|
||
assert.eq( coll.getDB().getLastError(), null ) | ||
|
||
// Make sure the right amount of data is there | ||
assert.eq( coll.find().count(), toInsert / 2 ) | ||
|
||
// Finish | ||
st.stop() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.