mirror of https://github.com/mongodb/mongo
68 lines
2.1 KiB
JavaScript
68 lines
2.1 KiB
JavaScript
// Check that attempt at OCSP verification when the OCSP server is not running. The
|
|
// MongoDB server should not throw an exception. The MongoDB server should also
|
|
// correctly handle transitioning from certificates with OCSP to ones without
|
|
// @tags: [
|
|
// requires_http_client,
|
|
// ]
|
|
|
|
import {assertCreateCollection} from "jstests/libs/collection_drop_recreate.js";
|
|
import {
|
|
clearOCSPCache,
|
|
OCSP_CA_PEM,
|
|
OCSP_NO_OCSP_SERVER_CERT,
|
|
OCSP_SERVER_CERT,
|
|
} from "jstests/ocsp/lib/ocsp_helpers.js";
|
|
import {copyCertificateFile} from "jstests/ssl/libs/ssl_helpers.js";
|
|
|
|
// dataDir is defined in jstest.py
|
|
const dbPath = MongoRunner.toRealDir("$dataDir");
|
|
mkdir(dbPath);
|
|
const serverCertificatePath = dbPath + "/server_test.pem";
|
|
|
|
let ocsp_options = {
|
|
tlsMode: "requireTLS",
|
|
tlsCertificateKeyFile: serverCertificatePath,
|
|
tlsCAFile: OCSP_CA_PEM,
|
|
};
|
|
|
|
// Clear the OCSP cache from any previous runs
|
|
clearOCSPCache();
|
|
|
|
// Start with the OCSP-enabled server certificate
|
|
copyCertificateFile(OCSP_SERVER_CERT, serverCertificatePath);
|
|
|
|
let mongod = null;
|
|
|
|
assert.doesNotThrow(() => {
|
|
// Start the Mongo server without the mock OCSP server, but with ocspEnabled=true.
|
|
// The server uses a certificate with the following X509v3 extension:
|
|
// Authority Information Access:
|
|
// OCSP -
|
|
// URI: http: // localhost:8100/status
|
|
// We expect the server to continue working as usual and should not crash
|
|
mongod = MongoRunner.runMongod(ocsp_options);
|
|
});
|
|
|
|
// Insert some data
|
|
const dbName = jsTestName();
|
|
const collName = jsTestName();
|
|
const testDB = mongod.getDB(dbName);
|
|
assertCreateCollection(testDB, collName);
|
|
const coll = testDB.getCollection(collName);
|
|
assert.commandWorked(coll.insert({"_id": 1, "title": "employee"}));
|
|
|
|
// Rotate to a certificate without OCSP
|
|
copyCertificateFile(OCSP_NO_OCSP_SERVER_CERT, serverCertificatePath);
|
|
|
|
assert.doesNotThrow(() => {
|
|
const success = mongod.adminCommand({rotateCertificates: 1}).ok;
|
|
});
|
|
|
|
// Try inserting more data to ensure mongod continues to work with the new
|
|
// certificate
|
|
assert.commandWorked(coll.insert({"_id": 2, "title": "contractor"}));
|
|
|
|
MongoRunner.stopMongod(mongod);
|
|
|
|
clearOCSPCache();
|