mongo 1.10.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/LICENSE +190 -0
- data/README.md +149 -0
- data/Rakefile +31 -0
- data/VERSION +1 -0
- data/bin/mongo_console +43 -0
- data/ext/jsasl/target/jsasl.jar +0 -0
- data/lib/mongo.rb +90 -0
- data/lib/mongo/bulk_write_collection_view.rb +380 -0
- data/lib/mongo/collection.rb +1164 -0
- data/lib/mongo/collection_writer.rb +364 -0
- data/lib/mongo/connection.rb +19 -0
- data/lib/mongo/connection/node.rb +239 -0
- data/lib/mongo/connection/pool.rb +347 -0
- data/lib/mongo/connection/pool_manager.rb +325 -0
- data/lib/mongo/connection/sharding_pool_manager.rb +67 -0
- data/lib/mongo/connection/socket.rb +18 -0
- data/lib/mongo/connection/socket/socket_util.rb +37 -0
- data/lib/mongo/connection/socket/ssl_socket.rb +95 -0
- data/lib/mongo/connection/socket/tcp_socket.rb +86 -0
- data/lib/mongo/connection/socket/unix_socket.rb +39 -0
- data/lib/mongo/cursor.rb +719 -0
- data/lib/mongo/db.rb +735 -0
- data/lib/mongo/exception.rb +88 -0
- data/lib/mongo/functional.rb +21 -0
- data/lib/mongo/functional/authentication.rb +318 -0
- data/lib/mongo/functional/logging.rb +85 -0
- data/lib/mongo/functional/read_preference.rb +174 -0
- data/lib/mongo/functional/sasl_java.rb +48 -0
- data/lib/mongo/functional/uri_parser.rb +374 -0
- data/lib/mongo/functional/write_concern.rb +66 -0
- data/lib/mongo/gridfs.rb +18 -0
- data/lib/mongo/gridfs/grid.rb +112 -0
- data/lib/mongo/gridfs/grid_ext.rb +53 -0
- data/lib/mongo/gridfs/grid_file_system.rb +163 -0
- data/lib/mongo/gridfs/grid_io.rb +484 -0
- data/lib/mongo/legacy.rb +140 -0
- data/lib/mongo/mongo_client.rb +702 -0
- data/lib/mongo/mongo_replica_set_client.rb +523 -0
- data/lib/mongo/mongo_sharded_client.rb +159 -0
- data/lib/mongo/networking.rb +370 -0
- data/lib/mongo/utils.rb +19 -0
- data/lib/mongo/utils/conversions.rb +110 -0
- data/lib/mongo/utils/core_ext.rb +70 -0
- data/lib/mongo/utils/server_version.rb +69 -0
- data/lib/mongo/utils/support.rb +80 -0
- data/lib/mongo/utils/thread_local_variable_manager.rb +25 -0
- data/mongo.gemspec +36 -0
- data/test/functional/authentication_test.rb +35 -0
- data/test/functional/bulk_api_stress_test.rb +133 -0
- data/test/functional/bulk_write_collection_view_test.rb +1129 -0
- data/test/functional/client_test.rb +565 -0
- data/test/functional/collection_test.rb +2073 -0
- data/test/functional/collection_writer_test.rb +83 -0
- data/test/functional/conversions_test.rb +163 -0
- data/test/functional/cursor_fail_test.rb +63 -0
- data/test/functional/cursor_message_test.rb +57 -0
- data/test/functional/cursor_test.rb +625 -0
- data/test/functional/db_api_test.rb +819 -0
- data/test/functional/db_connection_test.rb +27 -0
- data/test/functional/db_test.rb +344 -0
- data/test/functional/grid_file_system_test.rb +285 -0
- data/test/functional/grid_io_test.rb +252 -0
- data/test/functional/grid_test.rb +273 -0
- data/test/functional/pool_test.rb +62 -0
- data/test/functional/safe_test.rb +98 -0
- data/test/functional/ssl_test.rb +29 -0
- data/test/functional/support_test.rb +62 -0
- data/test/functional/timeout_test.rb +58 -0
- data/test/functional/uri_test.rb +330 -0
- data/test/functional/write_concern_test.rb +118 -0
- data/test/helpers/general.rb +50 -0
- data/test/helpers/test_unit.rb +317 -0
- data/test/replica_set/authentication_test.rb +35 -0
- data/test/replica_set/basic_test.rb +174 -0
- data/test/replica_set/client_test.rb +341 -0
- data/test/replica_set/complex_connect_test.rb +77 -0
- data/test/replica_set/connection_test.rb +138 -0
- data/test/replica_set/count_test.rb +64 -0
- data/test/replica_set/cursor_test.rb +212 -0
- data/test/replica_set/insert_test.rb +140 -0
- data/test/replica_set/max_values_test.rb +145 -0
- data/test/replica_set/pinning_test.rb +55 -0
- data/test/replica_set/query_test.rb +73 -0
- data/test/replica_set/read_preference_test.rb +214 -0
- data/test/replica_set/refresh_test.rb +175 -0
- data/test/replica_set/replication_ack_test.rb +94 -0
- data/test/replica_set/ssl_test.rb +32 -0
- data/test/sharded_cluster/basic_test.rb +197 -0
- data/test/shared/authentication/basic_auth_shared.rb +286 -0
- data/test/shared/authentication/bulk_api_auth_shared.rb +259 -0
- data/test/shared/authentication/gssapi_shared.rb +164 -0
- data/test/shared/authentication/sasl_plain_shared.rb +96 -0
- data/test/shared/ssl_shared.rb +235 -0
- data/test/test_helper.rb +56 -0
- data/test/threading/basic_test.rb +120 -0
- data/test/tools/mongo_config.rb +608 -0
- data/test/tools/mongo_config_test.rb +160 -0
- data/test/unit/client_test.rb +347 -0
- data/test/unit/collection_test.rb +166 -0
- data/test/unit/connection_test.rb +325 -0
- data/test/unit/cursor_test.rb +299 -0
- data/test/unit/db_test.rb +136 -0
- data/test/unit/grid_test.rb +76 -0
- data/test/unit/mongo_sharded_client_test.rb +48 -0
- data/test/unit/node_test.rb +93 -0
- data/test/unit/pool_manager_test.rb +142 -0
- data/test/unit/read_pref_test.rb +115 -0
- data/test/unit/read_test.rb +159 -0
- data/test/unit/safe_test.rb +158 -0
- data/test/unit/sharding_pool_manager_test.rb +84 -0
- data/test/unit/write_concern_test.rb +175 -0
- metadata +260 -0
- metadata.gz.sig +0 -0
@@ -0,0 +1,164 @@
|
|
1
|
+
# Copyright (C) 2009-2013 MongoDB, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module GSSAPITests
|
16
|
+
|
17
|
+
# Tests for the GSSAPI Authentication Mechanism.
|
18
|
+
#
|
19
|
+
# Note: These tests will be skipped automatically unless the test environment
|
20
|
+
# has been configured.
|
21
|
+
#
|
22
|
+
# In order to run these tests, you must be using JRuby and must set the following
|
23
|
+
# environment variables. The realm and KDC are required so that the corresponding
|
24
|
+
# system properties can be set:
|
25
|
+
#
|
26
|
+
# export MONGODB_GSSAPI_HOST='server.domain.com'
|
27
|
+
# export MONGODB_GSSAPI_USER='applicationuser@example.com'
|
28
|
+
# export MONGODB_GSSAPI_REALM='applicationuser@example.com'
|
29
|
+
# export MONGODB_GSSAPI_KDC='SERVER.DOMAIN.COM'
|
30
|
+
#
|
31
|
+
# You must either use kinit or provide a config file that references a keytab file:
|
32
|
+
#
|
33
|
+
# export JAAS_LOGIN_CONFIG_FILE='file:///path/to/config/file'
|
34
|
+
#
|
35
|
+
MONGODB_GSSAPI_HOST = ENV['MONGODB_GSSAPI_HOST']
|
36
|
+
MONGODB_GSSAPI_USER = ENV['MONGODB_GSSAPI_USER']
|
37
|
+
MONGODB_GSSAPI_REALM = ENV['MONGODB_GSSAPI_REALM']
|
38
|
+
MONGODB_GSSAPI_KDC = ENV['MONGODB_GSSAPI_KDC']
|
39
|
+
MONGODB_GSSAPI_PORT = ENV['MONGODB_GSSAPI_PORT'] || '27017'
|
40
|
+
JAAS_LOGIN_CONFIG_FILE = ENV['JAAS_LOGIN_CONFIG_FILE']
|
41
|
+
|
42
|
+
if ENV.key?('MONGODB_GSSAPI_HOST') && ENV.key?('MONGODB_GSSAPI_USER') &&
|
43
|
+
ENV.key?('MONGODB_GSSAPI_REALM') && ENV.key?('MONGODB_GSSAPI_KDC') && RUBY_PLATFORM =~ /java/
|
44
|
+
def test_gssapi_authenticate
|
45
|
+
client = Mongo::MongoClient.new(MONGODB_GSSAPI_HOST, MONGODB_GSSAPI_PORT)
|
46
|
+
if client['admin'].command(:isMaster => 1)['setName']
|
47
|
+
client = Mongo::MongoReplicaSetClient.new(["#{MONGODB_GSSAPI_HOST}:#{MONGODB_GSSAPI_PORT}"])
|
48
|
+
end
|
49
|
+
|
50
|
+
set_system_properties
|
51
|
+
db = client['kerberos']
|
52
|
+
db.authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI')
|
53
|
+
assert db.command(:dbstats => 1)
|
54
|
+
|
55
|
+
threads = []
|
56
|
+
4.times do
|
57
|
+
threads << Thread.new do
|
58
|
+
assert db.command(:dbstats => 1)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
threads.each(&:join)
|
62
|
+
end
|
63
|
+
|
64
|
+
def test_gssapi_authenticate_uri
|
65
|
+
require 'cgi'
|
66
|
+
set_system_properties
|
67
|
+
username = CGI::escape(ENV['MONGODB_GSSAPI_USER'])
|
68
|
+
uri = "mongodb://#{username}@#{ENV['MONGODB_GSSAPI_HOST']}:#{ENV['MONGODB_GSSAPI_PORT']}/?" +
|
69
|
+
"authMechanism=GSSAPI"
|
70
|
+
client = @client.class.from_uri(uri)
|
71
|
+
assert client['kerberos'].command(:dbstats => 1)
|
72
|
+
end
|
73
|
+
|
74
|
+
def test_wrong_service_name_fails
|
75
|
+
extra_opts = { :gssapi_service_name => 'example' }
|
76
|
+
client = Mongo::MongoClient.new(MONGODB_GSSAPI_HOST, MONGODB_GSSAPI_PORT)
|
77
|
+
if client['admin'].command(:isMaster => 1)['setName']
|
78
|
+
client = Mongo::MongoReplicaSetClient.new(["#{MONGODB_GSSAPI_HOST}:#{MONGODB_GSSAPI_PORT}"])
|
79
|
+
end
|
80
|
+
|
81
|
+
set_system_properties
|
82
|
+
assert_raise_error Java::OrgMongodbSasl::MongoSecurityException do
|
83
|
+
client['kerberos'].authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
def test_wrong_service_name_fails_uri
|
88
|
+
set_system_properties
|
89
|
+
|
90
|
+
require 'cgi'
|
91
|
+
username = CGI::escape(ENV['MONGODB_GSSAPI_USER'])
|
92
|
+
uri = "mongodb://#{username}@#{ENV['MONGODB_GSSAPI_HOST']}:#{ENV['MONGODB_GSSAPI_PORT']}/?" +
|
93
|
+
"authMechanism=GSSAPI&gssapiServiceName=example"
|
94
|
+
client = @client.class.from_uri(uri)
|
95
|
+
assert_raise_error Java::OrgMongodbSasl::MongoSecurityException do
|
96
|
+
client['kerberos'].command(:dbstats => 1)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
def test_extra_opts
|
101
|
+
extra_opts = { :gssapi_service_name => 'example', :canonicalize_host_name => true }
|
102
|
+
client = Mongo::MongoClient.new(MONGODB_GSSAPI_HOST, MONGODB_GSSAPI_PORT)
|
103
|
+
set_system_properties
|
104
|
+
|
105
|
+
Mongo::Sasl::GSSAPI.expects(:authenticate).with do |username, client, socket, opts|
|
106
|
+
opts[:gssapi_service_name] == extra_opts[:gssapi_service_name]
|
107
|
+
opts[:canonicalize_host_name] == extra_opts[:canonicalize_host_name]
|
108
|
+
end.returns('ok' => true )
|
109
|
+
client['kerberos'].authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
|
110
|
+
end
|
111
|
+
|
112
|
+
def test_extra_opts_uri
|
113
|
+
extra_opts = { :gssapi_service_name => 'example', :canonicalize_host_name => true }
|
114
|
+
set_system_properties
|
115
|
+
|
116
|
+
Mongo::Sasl::GSSAPI.expects(:authenticate).with do |username, client, socket, opts|
|
117
|
+
opts[:gssapi_service_name] == extra_opts[:gssapi_service_name]
|
118
|
+
opts[:canonicalize_host_name] == extra_opts[:canonicalize_host_name]
|
119
|
+
end.returns('ok' => true)
|
120
|
+
|
121
|
+
require 'cgi'
|
122
|
+
username = CGI::escape(ENV['MONGODB_GSSAPI_USER'])
|
123
|
+
uri = "mongodb://#{username}@#{ENV['MONGODB_GSSAPI_HOST']}:#{ENV['MONGODB_GSSAPI_PORT']}/?" +
|
124
|
+
"authMechanism=GSSAPI&gssapiServiceName=example&canonicalizeHostName=true"
|
125
|
+
client = @client.class.from_uri(uri)
|
126
|
+
client.expects(:receive_message).returns([[{ 'ok' => 1 }], 1, 1])
|
127
|
+
client['kerberos'].command(:dbstats => 1)
|
128
|
+
end
|
129
|
+
|
130
|
+
# In order to run this test, you must set the following environment variable:
|
131
|
+
#
|
132
|
+
# export MONGODB_GSSAPI_HOST_IP='---.---.---.---'
|
133
|
+
#
|
134
|
+
if ENV.key?('MONGODB_GSSAPI_HOST_IP')
|
135
|
+
def test_canonicalize_host_name
|
136
|
+
extra_opts = { :canonicalize_host_name => true }
|
137
|
+
set_system_properties
|
138
|
+
client = Mongo::MongoClient.new(ENV['MONGODB_GSSAPI_HOST_IP'], MONGODB_GSSAPI_PORT)
|
139
|
+
|
140
|
+
db = client['kerberos']
|
141
|
+
db.authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
|
142
|
+
assert db.command(:dbstats => 1)
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
def test_invalid_extra_options
|
147
|
+
extra_opts = { :invalid => true, :option => true }
|
148
|
+
client = Mongo::MongoClient.new(MONGODB_GSSAPI_HOST)
|
149
|
+
|
150
|
+
assert_raise Mongo::MongoArgumentError do
|
151
|
+
client['kerberos'].authenticate(MONGODB_GSSAPI_USER, nil, nil, nil, 'GSSAPI', extra_opts)
|
152
|
+
end
|
153
|
+
end
|
154
|
+
|
155
|
+
private
|
156
|
+
def set_system_properties
|
157
|
+
java.lang.System.set_property 'javax.security.auth.useSubjectCredsOnly', 'false'
|
158
|
+
java.lang.System.set_property "java.security.krb5.realm", MONGODB_GSSAPI_REALM
|
159
|
+
java.lang.System.set_property "java.security.krb5.kdc", MONGODB_GSSAPI_KDC
|
160
|
+
java.lang.System.set_property "java.security.auth.login.config", JAAS_LOGIN_CONFIG_FILE if JAAS_LOGIN_CONFIG_FILE
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
end
|
@@ -0,0 +1,96 @@
|
|
1
|
+
# Copyright (C) 2009-2013 MongoDB, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module SASLPlainTests
|
16
|
+
|
17
|
+
# Tests for the PLAIN (LDAP) Authentication Mechanism.
|
18
|
+
#
|
19
|
+
# Note: These tests will be skipped automatically unless the test environment
|
20
|
+
# has been configured.
|
21
|
+
#
|
22
|
+
# In order to run these tests, set the following environment variables:
|
23
|
+
#
|
24
|
+
# export MONGODB_SASL_HOST='server.domain.com'
|
25
|
+
# export MONGODB_SASL_USER='application%2Fuser%40example.com'
|
26
|
+
# export MONGODB_SASL_PASS='password'
|
27
|
+
#
|
28
|
+
# # optional (defaults to '$external')
|
29
|
+
# export MONGODB_SASL_SOURCE='source_database'
|
30
|
+
#
|
31
|
+
if ENV.key?('MONGODB_SASL_HOST') && ENV.key?('MONGODB_SASL_USER') && ENV.key?('MONGODB_SASL_PASS')
|
32
|
+
|
33
|
+
def test_plain_authenticate
|
34
|
+
replica_set = @client.class.name == 'Mongo::MongoReplicaSetClient'
|
35
|
+
|
36
|
+
# TODO: Remove this once we have a replica set configured for SASL in CI
|
37
|
+
return if ENV.key?('CI') && replica_set
|
38
|
+
|
39
|
+
host = replica_set ? [ENV['MONGODB_SASL_HOST']] : ENV['MONGODB_SASL_HOST']
|
40
|
+
client = @client.class.new(host)
|
41
|
+
source = ENV['MONGODB_SASL_SOURCE'] || '$external'
|
42
|
+
db = client['test']
|
43
|
+
|
44
|
+
# should successfully authenticate
|
45
|
+
assert db.authenticate(ENV['MONGODB_SASL_USER'], ENV['MONGODB_SASL_PASS'], true, source, 'PLAIN')
|
46
|
+
assert client[source].logout
|
47
|
+
|
48
|
+
# should raise on missing password
|
49
|
+
ex = assert_raise Mongo::MongoArgumentError do
|
50
|
+
db.authenticate(ENV['MONGODB_SASL_USER'], nil, true, source, 'PLAIN')
|
51
|
+
end
|
52
|
+
assert_match /username and password are required/, ex.message
|
53
|
+
|
54
|
+
# should raise on invalid password
|
55
|
+
assert_raise Mongo::AuthenticationError do
|
56
|
+
db.authenticate(ENV['MONGODB_SASL_USER'], 'foo', true, source, 'PLAIN')
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def test_plain_authenticate_from_uri
|
61
|
+
source = ENV['MONGODB_SASL_SOURCE'] || '$external'
|
62
|
+
|
63
|
+
uri = "mongodb://#{ENV['MONGODB_SASL_USER']}:#{ENV['MONGODB_SASL_PASS']}@" +
|
64
|
+
"#{ENV['MONGODB_SASL_HOST']}/some_db?authSource=#{source}" +
|
65
|
+
"&authMechanism=PLAIN"
|
66
|
+
|
67
|
+
client = @client.class.from_uri(uri)
|
68
|
+
db = client['test']
|
69
|
+
|
70
|
+
# should be able to checkout a socket (authentication gets applied)
|
71
|
+
assert socket = client.checkout_reader(:mode => :primary)
|
72
|
+
client[source].logout(:socket => socket)
|
73
|
+
client.checkin(socket)
|
74
|
+
|
75
|
+
uri = "mongodb://#{ENV['MONGODB_SASL_USER']}@#{ENV['MONGODB_SASL_HOST']}/" +
|
76
|
+
"some_db?authSource=#{source}&authMechanism=PLAIN"
|
77
|
+
|
78
|
+
# should raise for missing password
|
79
|
+
ex = assert_raise Mongo::MongoArgumentError do
|
80
|
+
client = @client.class.from_uri(uri)
|
81
|
+
end
|
82
|
+
assert_match /username and password are required/, ex.message
|
83
|
+
|
84
|
+
uri = "mongodb://#{ENV['MONGODB_SASL_USER']}:foo@#{ENV['MONGODB_SASL_HOST']}/" +
|
85
|
+
"some_db?authSource=#{source}&authMechanism=PLAIN"
|
86
|
+
|
87
|
+
# should raise for invalid password
|
88
|
+
client = @client.class.from_uri(uri)
|
89
|
+
assert_raise Mongo::AuthenticationError do
|
90
|
+
client.checkout_reader(:mode => :primary)
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
end
|
95
|
+
|
96
|
+
end
|
@@ -0,0 +1,235 @@
|
|
1
|
+
# Copyright (C) 2009-2013 MongoDB, Inc.
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module SSLTests
|
16
|
+
include Mongo
|
17
|
+
|
18
|
+
MONGODB_X509_USERNAME = 'CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US'
|
19
|
+
CERT_PATH = "#{Dir.pwd}/test/fixtures/certificates/"
|
20
|
+
CLIENT_CERT = "#{CERT_PATH}client.pem"
|
21
|
+
CLIENT_CERT_PASS = "#{CERT_PATH}password_protected.pem"
|
22
|
+
CA_CERT = "#{CERT_PATH}ca.pem"
|
23
|
+
PASS_PHRASE = ENV['SSL_KEY_PASS_PHRASE']
|
24
|
+
|
25
|
+
def create_client(*args)
|
26
|
+
if @client_class == MongoClient
|
27
|
+
@client_class.new(*args[0], args[1])
|
28
|
+
else
|
29
|
+
@client_class.new(args[0], args[1])
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
# Requires MongoDB not built with SSL
|
34
|
+
#
|
35
|
+
def test_ssl_not_configured
|
36
|
+
assert_raise Mongo::ConnectionTimeoutError do
|
37
|
+
create_client(['localhost', 27017], :connect_timeout => 2, :ssl => true)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# This test doesn't connect, no server config required
|
42
|
+
def test_ssl_configuration
|
43
|
+
# raises when ssl=false and ssl opts specified
|
44
|
+
assert_raise MongoArgumentError do
|
45
|
+
create_client(@connect_info, :connect => false,
|
46
|
+
:ssl => false,
|
47
|
+
:ssl_cert => CLIENT_CERT)
|
48
|
+
end
|
49
|
+
|
50
|
+
# raises when ssl=nil and ssl opts specified
|
51
|
+
assert_raise MongoArgumentError do
|
52
|
+
create_client(@connect_info, :connect => false,
|
53
|
+
:ssl_key => CLIENT_CERT)
|
54
|
+
end
|
55
|
+
|
56
|
+
# raises when verify=true and no ca_cert
|
57
|
+
assert_raise MongoArgumentError do
|
58
|
+
create_client(@connect_info, :connect => false,
|
59
|
+
:ssl => true,
|
60
|
+
:ssl_key => CLIENT_CERT,
|
61
|
+
:ssl_cert => CLIENT_CERT,
|
62
|
+
:ssl_verify => true)
|
63
|
+
end
|
64
|
+
|
65
|
+
# raises when key passphrase is given without key file
|
66
|
+
assert_raise MongoArgumentError do
|
67
|
+
create_client(@connect_info, :connect => false,
|
68
|
+
:ssl => true,
|
69
|
+
:ssl_key_pass_phrase => PASS_PHRASE)
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
# Requires MongoDB built with SSL and the following options:
|
74
|
+
#
|
75
|
+
# mongod --dbpath /path/to/data/directory --sslOnNormalPorts \
|
76
|
+
# --sslPEMKeyFile /path/to/server.pem \
|
77
|
+
# --sslCAFile /path/to/ca.pem \
|
78
|
+
# --sslCRLFile /path/to/crl.pem \
|
79
|
+
# --sslWeakCertificateValidation
|
80
|
+
#
|
81
|
+
# Make sure you have 'server' as an alias for localhost in /etc/hosts
|
82
|
+
#
|
83
|
+
def test_ssl_basic
|
84
|
+
client = create_client(@connect_info, :connect => false, :ssl => true)
|
85
|
+
assert client.connect
|
86
|
+
end
|
87
|
+
|
88
|
+
# Requires MongoDB built with SSL and the following options:
|
89
|
+
#
|
90
|
+
# mongod --dbpath /path/to/data/directory --sslOnNormalPorts \
|
91
|
+
# --sslPEMKeyFile /path/to/server.pem \
|
92
|
+
# --sslCAFile /path/to/ca.pem \
|
93
|
+
# --sslCRLFile /path/to/crl.pem
|
94
|
+
#
|
95
|
+
# Make sure you have 'server' as an alias for localhost in /etc/hosts
|
96
|
+
#
|
97
|
+
def test_ssl_with_cert
|
98
|
+
client = create_client(@connect_info, :connect => false,
|
99
|
+
:ssl => true,
|
100
|
+
:ssl_cert => CLIENT_CERT,
|
101
|
+
:ssl_key => CLIENT_CERT)
|
102
|
+
assert client.connect
|
103
|
+
end
|
104
|
+
|
105
|
+
def test_ssl_with_peer_cert_validation
|
106
|
+
client = create_client(@connect_info, :connect => false,
|
107
|
+
:ssl => true,
|
108
|
+
:ssl_key => CLIENT_CERT,
|
109
|
+
:ssl_cert => CLIENT_CERT,
|
110
|
+
:ssl_verify => true,
|
111
|
+
:ssl_ca_cert => CA_CERT)
|
112
|
+
assert client.connect
|
113
|
+
end
|
114
|
+
|
115
|
+
def test_ssl_peer_cert_validation_hostname_fail
|
116
|
+
client = create_client(@bad_connect_info, :connect => false,
|
117
|
+
:ssl => true,
|
118
|
+
:ssl_key => CLIENT_CERT,
|
119
|
+
:ssl_cert => CLIENT_CERT,
|
120
|
+
:ssl_verify => true,
|
121
|
+
:ssl_ca_cert => CA_CERT)
|
122
|
+
assert_raise ConnectionFailure do
|
123
|
+
client.connect
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
# Requires MongoDB built with SSL and the following options:
|
128
|
+
#
|
129
|
+
# mongod --dbpath /path/to/data/directory --sslOnNormalPorts \
|
130
|
+
# --sslPEMKeyFile /path/to/password_protected.pem \
|
131
|
+
# --sslCAFile /path/to/ca.pem \
|
132
|
+
# --sslCRLFile /path/to/crl.pem
|
133
|
+
#
|
134
|
+
# Make sure you have 'server' as an alias for localhost in /etc/hosts.
|
135
|
+
# If SSL_KEY_PASS_PHRASE is not set as an environment variable,
|
136
|
+
# you will be prompted to enter a passphrase at runtime.
|
137
|
+
#
|
138
|
+
def test_ssl_with_key_pass_phrase
|
139
|
+
client = create_client(@connect_info, :connect => false,
|
140
|
+
:ssl => true,
|
141
|
+
:ssl_cert => CLIENT_CERT_PASS,
|
142
|
+
:ssl_key => CLIENT_CERT_PASS,
|
143
|
+
:ssl_key_pass_phrase => PASS_PHRASE)
|
144
|
+
assert client.connect
|
145
|
+
end
|
146
|
+
|
147
|
+
def test_ssl_with_key_pass_phrase_fail
|
148
|
+
client = create_client(@connect_info, :connect => false,
|
149
|
+
:ssl => true,
|
150
|
+
:ssl_cert => CLIENT_CERT_PASS,
|
151
|
+
:ssl_key => CLIENT_CERT_PASS,
|
152
|
+
:ssl_key_pass_phrase => "secret")
|
153
|
+
assert_raise OpenSSL::PKey::RSAError do
|
154
|
+
client.connect
|
155
|
+
end
|
156
|
+
end
|
157
|
+
|
158
|
+
# Requires mongod built with SSL and the following options:
|
159
|
+
#
|
160
|
+
# mongod --dbpath /path/to/data/directory --sslOnNormalPorts \
|
161
|
+
# --sslPEMKeyFile /path/to/server.pem \
|
162
|
+
# --sslCAFile /path/to/ca.pem \
|
163
|
+
# --sslCRLFile /path/to/crl_client_revoked.pem
|
164
|
+
#
|
165
|
+
# Make sure you have 'server' as an alias for localhost in /etc/hosts
|
166
|
+
#
|
167
|
+
def test_ssl_with_invalid_cert
|
168
|
+
assert_raise ConnectionFailure do
|
169
|
+
create_client(@connect_info, :ssl => true,
|
170
|
+
:ssl_key => CLIENT_CERT,
|
171
|
+
:ssl_cert => CLIENT_CERT,
|
172
|
+
:ssl_verify => true,
|
173
|
+
:ssl_ca_cert => CA_CERT)
|
174
|
+
end
|
175
|
+
end
|
176
|
+
|
177
|
+
# X509 Authentication Tests
|
178
|
+
#
|
179
|
+
# Requires MongoDB built with SSL and the following options:
|
180
|
+
#
|
181
|
+
# mongod --auth --dbpath /path/to/data/directory --sslOnNormalPorts \
|
182
|
+
# --sslPEMKeyFile /path/to/server.pem \
|
183
|
+
# --sslCAFile /path/to/ca.pem \
|
184
|
+
# --sslCRLFile /path/to/crl.pem
|
185
|
+
#
|
186
|
+
# Note that the cert requires username:
|
187
|
+
# 'CN=client,OU=kerneluser,O=10Gen,L=New York City,ST=New York,C=US'
|
188
|
+
#
|
189
|
+
def test_x509_authentication
|
190
|
+
mechanism = 'MONGODB-X509'
|
191
|
+
|
192
|
+
client = create_client(@connect_info, :ssl => true,
|
193
|
+
:ssl_cert => CLIENT_CERT,
|
194
|
+
:ssl_key => CLIENT_CERT)
|
195
|
+
|
196
|
+
return unless client.server_version > '2.5.2'
|
197
|
+
|
198
|
+
db = client.db('$external')
|
199
|
+
|
200
|
+
# add user for test (enable auth)
|
201
|
+
roles = [{:role => 'readWriteAnyDatabase', :db => 'admin'},
|
202
|
+
{:role => 'userAdminAnyDatabase', :db => 'admin'}]
|
203
|
+
db.add_user(MONGODB_X509_USERNAME, nil, false, :roles => roles)
|
204
|
+
|
205
|
+
assert db.authenticate(MONGODB_X509_USERNAME, nil, nil, nil, mechanism)
|
206
|
+
assert db.collection_names
|
207
|
+
|
208
|
+
assert db.logout
|
209
|
+
assert_raise Mongo::OperationFailure do
|
210
|
+
db.collection_names
|
211
|
+
end
|
212
|
+
|
213
|
+
# username and valid certificate don't match
|
214
|
+
assert_raise Mongo::AuthenticationError do
|
215
|
+
db.authenticate('test', nil, nil, nil, mechanism)
|
216
|
+
end
|
217
|
+
|
218
|
+
# username required
|
219
|
+
assert_raise Mongo::AuthenticationError do
|
220
|
+
db.authenticate(nil, nil, nil, nil, mechanism)
|
221
|
+
end
|
222
|
+
|
223
|
+
assert MongoClient.from_uri(
|
224
|
+
"mongodb://#{MONGODB_X509_USERNAME}@#{@uri_info}/?ssl=true;authMechanism=#{mechanism}",
|
225
|
+
:ssl_cert => CLIENT_CERT,
|
226
|
+
:ssl_key => CLIENT_CERT)
|
227
|
+
assert db.authenticate(MONGODB_X509_USERNAME, nil, nil, nil, mechanism)
|
228
|
+
assert db.collection_names
|
229
|
+
|
230
|
+
# clean up and remove all users
|
231
|
+
db.command(:dropAllUsersFromDatabase => 1)
|
232
|
+
db.logout
|
233
|
+
end
|
234
|
+
|
235
|
+
end
|