mongo 2.4.0.rc0 → 2.4.0.rc1

data/spec/mongo/server/connection_spec.rb

@@ -406,6 +406,41 @@ describe Mongo::Server::Connection do
       end
     end
 
+    context 'when a socket timeout is set' do
+
+      let(:connection) do
+        described_class.new(server, socket_timeout: 10)
+      end
+
+      it 'sets the timeout' do
+        expect(connection.timeout).to eq(10)
+      end
+
+      let(:client) do
+        authorized_client.with(socket_timeout: 1.5)
+      end
+
+      before do
+        authorized_collection.insert_one(a: 1)
+      end
+
+      after do
+        sleep(0.5)
+        authorized_collection.delete_many
+      end
+
+      it 'raises a timeout when it expires' do
+        start = Time.now
+        expect {
+          Timeout::timeout(3) do
+            client[authorized_collection.name].find("$where" => "sleep(2000) || true").first
+          end
+        }.to raise_exception(Timeout::Error, "Took more than 1.5 seconds to receive data.")
+        end_time = Time.now
+        expect(end_time - start).to be_within(0.2).of(1.5)
+      end
+    end
+
     context 'when the process is forked' do
 
       let(:insert) do
@@ -448,8 +483,8 @@ describe Mongo::Server::Connection do
         expect(connection.send(:socket)).to be_nil
       end
 
-      it 'sets the timeout to the default' do
-        expect(connection.timeout).to eq(5)
+      it 'does not set the timeout to the default' do
+        expect(connection.timeout).to be_nil
       end
     end
 
@@ -556,20 +591,14 @@ describe Mongo::Server::Connection do
 
     context 'when the ismaster response indicates the auth mechanism is :scram' do
 
-      let(:ismaster) do
-        {
-            'maxWireVersion' => 3,
-            'minWireVersion' => 0,
-            'ok' => 1
-        }
+      let(:features) do
+        Mongo::Server::Description::Features.new(0..3)
       end
 
       context 'when the server auth mechanism is scram', if: scram_sha_1_enabled? do
 
         it 'uses scram' do
-          socket = connection.instance_variable_get(:@socket)
-          max_message_size = connection.send(:max_message_size)
-          allow(Mongo::Protocol::Reply).to receive(:deserialize).with(socket, max_message_size).and_return(reply)
+          allow(Mongo::Server::Description::Features).to receive(:new).and_return(features)
           connection.send(:handshake!)
           expect(connection.send(:default_mechanism)).to eq(:scram)
         end
@@ -578,9 +607,7 @@ describe Mongo::Server::Connection do
       context 'when the server auth mechanism is the default (mongodb_cr)', unless: scram_sha_1_enabled?  do
 
         it 'uses scram' do
-          socket = connection.instance_variable_get(:@socket)
-          max_message_size = connection.send(:max_message_size)
-          allow(Mongo::Protocol::Reply).to receive(:deserialize).with(socket, max_message_size).and_return(reply)
+          allow(Mongo::Server::Description::Features).to receive(:new).and_return(features)
           connection.send(:handshake!)
           expect(connection.send(:default_mechanism)).to eq(:scram)
         end
@@ -589,20 +616,14 @@ describe Mongo::Server::Connection do
 
     context 'when the ismaster response indicates the auth mechanism is :mongodb_cr' do
 
-      let(:ismaster) do
-        {
-            'maxWireVersion' => 2,
-            'minWireVersion' => 0,
-            'ok' => 1
-        }
+      let(:features) do
+        Mongo::Server::Description::Features.new(0..2)
       end
 
       context 'when the server auth mechanism is scram', if: scram_sha_1_enabled? do
 
         it 'uses scram' do
-          socket = connection.instance_variable_get(:@socket)
-          max_message_size = connection.send(:max_message_size)
-          allow(Mongo::Protocol::Reply).to receive(:deserialize).with(socket, max_message_size).and_return(reply)
+          allow(Mongo::Server::Description::Features).to receive(:new).and_return(features)
           connection.send(:handshake!)
           expect(connection.send(:default_mechanism)).to eq(:scram)
         end
@@ -611,9 +632,7 @@ describe Mongo::Server::Connection do
       context 'when the server auth mechanism is the default (mongodb_cr)', unless: scram_sha_1_enabled?  do
 
         it 'uses mongodb_cr' do
-          socket = connection.instance_variable_get(:@socket)
-          max_message_size = connection.send(:max_message_size)
-          allow(Mongo::Protocol::Reply).to receive(:deserialize).with(socket, max_message_size).and_return(reply)
+          allow(Mongo::Server::Description::Features).to receive(:new).and_return(features)
           connection.send(:handshake!)
           expect(connection.send(:default_mechanism)).to eq(:mongodb_cr)
         end

data/spec/mongo/socket/ssl_spec.rb

@@ -9,12 +9,36 @@ describe Mongo::Socket::SSL, if: running_ssl? do
   let(:options) do
     {
       :ssl => true,
-      :ssl_cert => CLIENT_PEM,
-      :ssl_key => CLIENT_PEM,
+      :ssl_cert => CLIENT_CERT_PEM,
+      :ssl_key => CLIENT_KEY_PEM,
       :ssl_verify => false
     }
   end
 
+  let (:key_string) do
+    File.read(CLIENT_KEY_PEM)
+  end
+
+  let (:cert_string) do
+    File.read(CLIENT_CERT_PEM)
+  end
+
+  let (:ca_cert_string) do
+    File.read(CA_PEM)
+  end
+
+  let(:key_encrypted_string) do
+    File.read(CLIENT_KEY_ENCRYPTED_PEM)
+  end
+
+  let(:cert_object) do
+    OpenSSL::X509::Certificate.new(cert_string)
+  end
+
+  let(:key_object) do
+    OpenSSL::PKey.read(key_string)
+  end
+
   describe '#connect!' do
 
     context 'when a certificate is provided' do
@@ -51,45 +75,357 @@ describe Mongo::Socket::SSL, if: running_ssl? do
       end
     end
 
+    context 'when a certificate and key are provided as strings' do
+
+      let(:options) do
+        {
+          :ssl => true,
+          :ssl_cert_string => cert_string,
+          :ssl_key_string => key_string,
+          :ssl_verify => false
+        }
+      end
+
+      before do
+        socket.connect!
+      end
+
+      it 'connects to the server' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when certificate and an encrypted key are provided as strings' do
+
+      let(:options) do
+        {
+          :ssl => true,
+          :ssl_cert_string => cert_string,
+          :ssl_key_string => key_encrypted_string,
+          :ssl_key_pass_phrase => CLIENT_KEY_PASSPHRASE,
+          :ssl_verify => false
+        }
+      end
+
+      before do
+        socket.connect!
+      end
+
+      it 'connects to the server' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when a certificate and key are provided as objects' do
+
+      let(:options) do
+        {
+          :ssl => true,
+          :ssl_cert_object => cert_object,
+          :ssl_key_object => key_object,
+          :ssl_verify => false
+        }
+      end
+
+      before do
+        socket.connect!
+      end
+
+      it 'connects to the server' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when the certificate is specified using both a file and a PEM-encoded string' do
+
+      let(:options) do
+        super().merge(
+          :ssl_cert_string => 'This is a random string, not a PEM-encoded certificate'
+        )
+      end
+
+      before do
+        socket.connect!
+      end
+
+      # since the lower priority option is clearly invalid we verify priority by checking that it connects
+      it 'discards the value of :ssl_cert_string' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when the certificate is specified using both a file and an object' do
+
+      let(:options) do
+        super().merge(
+          :ssl_cert_object => 'This is a string, not a certificate'
+        )
+      end
+
+      before do
+        socket.connect!
+      end
+
+      # since the lower priority option is clearly invalid we verify priority by checking that it connects
+      it 'discards the value of :ssl_cert_object' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when the certificate is specified using both a PEM-encoded string and an object' do
+
+      let(:options) do
+        {
+          :ssl => true,
+          :ssl_cert_string => cert_string,
+          :ssl_cert_object => 'This is a string, not a Certificate',
+          :ssl_key => CLIENT_KEY_PEM,
+          :ssl_verify => false
+        }
+      end
+
+      before do
+        socket.connect!
+      end
+
+      # since the lower priority option is clearly invalid we verify priority by checking that it connects
+      it 'discards the value of :ssl_cert_object' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when the key is specified using both a file and a PEM-encoded string' do
+
+      let(:options) do
+        super().merge(
+          :ssl_key_string => 'This is a normal string, not a PEM-encoded key'
+        )
+      end
+
+      before do
+        socket.connect!
+      end
+
+      # since the lower priority option is clearly invalid we verify priority by checking that it connects
+      it 'discards the value of :ssl_key_string' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when the key is specified using both a file and an object' do
+
+      let(:options) do
+        super().merge(
+          :ssl_cert_object => 'This is a string, not a key'
+        )
+      end
+
+      before do
+        socket.connect!
+      end
+
+      # since the lower priority option is clearly invalid we verify priority by checking that it connects
+      it 'discards the value of :ssl_key_object' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when the key is specified using both a PEM-encoded string and an object' do
+
+      let(:options) do
+        {
+          :ssl => true,
+          :ssl_cert => CLIENT_CERT_PEM,
+          :ssl_key_string => key_string,
+          :ssl_key_object => 'This is a string, not a PKey',
+          :ssl_verify => false
+        }
+      end
+
+      before do
+        socket.connect!
+      end
+
+      # since the lower priority option is clearly invalid we verify priority by checking that it connects
+      it 'discards the value of :ssl_key_object' do
+        expect(socket).to be_alive
+      end
+    end
+
+    context 'when a certificate is passed, but it is not of the right type' do
+
+      let(:options) do
+        cert = "This is a string, not a X509 Certificate"
+        {
+          :ssl => true,
+          :ssl_cert_object => cert,
+          :ssl_key => CLIENT_KEY_PEM,
+          :ssl_verify => false
+        }
+      end
+
+      it 'raises a TypeError' do
+        expect{
+          socket.connect!
+        }.to raise_exception(TypeError)
+      end
+    end
+
+    context 'when a key is passed, but it is not of the right type' do
+      let(:options) do
+        key = "This is a string not a key"
+        {
+          :ssl => true,
+          :ssl_key_object => key,
+          :ssl_cert => CLIENT_CERT_PEM,
+          :ssl_verify => false
+        }
+      end
+
+      it 'raises a TypeError' do
+        expect{
+          socket.connect!
+        }.to raise_exception(TypeError)
+      end
+    end
+
     context 'when a bad certificate is provided' do
 
       let(:options) do
-        super().merge({
+        super().merge(
           :ssl_key => CRL_PEM
-        })
+        )
       end
 
       it 'raises an exception' do
         expect {
           socket.connect!
-        }.to raise_exception(OpenSSL::PKey::RSAError)
+        }.to raise_exception(ArgumentError)
       end
     end
 
     context 'when a CA certificate is provided', if: testing_ssl_locally? do
 
-      let(:options) do
-        super().merge({
-          :ssl_ca_cert => CA_PEM,
-          :ssl_verify => true
-        })
+      context 'as a path to a file' do
+
+        let(:options) do
+          super().merge(
+            :ssl_ca_cert => CA_PEM,
+            :ssl_verify => true
+          )
+        end
+
+        before do
+          socket.connect!
+        end
+
+        it 'connects to the server' do
+          expect(socket).to be_alive
+        end
       end
 
-      before do
-        socket.connect!
+      context 'as a string containg the PEM-encoded certificate' do
+
+        let (:options) do
+          super().merge(
+            :ssl_ca_cert_string => ca_cert_string,
+            :ssl_verify => true
+          )
+        end
+
+        before do
+          socket.connect!
+        end
+
+        it 'connects to the server' do
+          expect(socket).to be_alive
+        end
       end
 
-      it 'connects to the server' do
-        expect(socket).to be_alive
+      context 'as an array of Certificate objects' do
+        let (:options) do
+          cert = [OpenSSL::X509::Certificate.new(ca_cert_string)]
+          super().merge(
+            :ssl_ca_cert_object => cert,
+            :ssl_verify => true
+          )
+        end
+
+        before do
+          socket.connect!
+        end
+
+        it 'connects to the server' do
+          expect(socket).to be_alive
+        end
+      end
+
+      context 'both as a file and a PEM-encoded parameter' do
+
+        let(:options) do
+          super().merge(
+            :ssl_ca_cert => CA_PEM,
+            :ssl_ca_cert_string => 'This is a string, not a certificate',
+            :ssl_verify => true
+          )
+        end
+
+        before do
+          socket.connect!
+        end
+
+        # since the lower priority option is clearly invalid we verify priority by checking that it connects
+        it 'discards the value of :ssl_ca_cert_string' do
+          expect(socket).to be_alive
+        end
+      end
+
+      context 'both as a file and as object parameter' do
+
+        let(:options) do
+          super().merge(
+            :ssl_ca_cert => CA_PEM,
+            :ssl_ca_cert_object => 'This is a string, not an array of certificates',
+            :ssl_verify => true
+          )
+        end
+
+        before do
+          socket.connect!
+        end
+
+        it 'discards the value of :ssl_ca_cert_object' do
+          expect(socket).to be_alive
+        end
+      end
+
+      context 'both as a PEM-encoded string and as object parameter' do
+
+        let(:options) do
+          cert = File.read(CA_PEM)
+          super().merge(
+            :ssl_ca_cert_string => cert,
+            :ssl_ca_cert_object => 'This is a string, not an array of certificates',
+            :ssl_verify => true
+          )
+        end
+
+        before do
+          socket.connect!
+        end
+
+        it 'discards the value of :ssl_ca_cert_object' do
+          expect(socket).to be_alive
+        end
       end
     end
 
     context 'when a CA certificate is not provided', if: testing_ssl_locally? do
 
       let(:options) do
-        super().merge({
+        super().merge(
           :ssl_verify => true
-        })
+        )
       end
 
       before do
@@ -105,9 +441,9 @@ describe Mongo::Socket::SSL, if: running_ssl? do
     context 'when ssl_verify is not specified', if: testing_ssl_locally? do
 
       let(:options) do
-        super().merge({
+        super().merge(
           :ssl_ca_cert => CA_PEM
-        }).tap { |options| options.delete(:ssl_verify) }
+        ).tap { |options| options.delete(:ssl_verify) }
       end
 
       before do
@@ -122,10 +458,10 @@ describe Mongo::Socket::SSL, if: running_ssl? do
     context 'when ssl_verify is true', if: testing_ssl_locally? do
 
       let(:options) do
-        super().merge({
+        super().merge(
           :ssl_ca_cert => CA_PEM,
           :ssl_verify => true
-        })
+        )
       end
 
       before do
@@ -140,10 +476,10 @@ describe Mongo::Socket::SSL, if: running_ssl? do
     context 'when ssl_verify is false' do
 
       let(:options) do
-        super().merge({
+        super().merge(
           :ssl_ca_cert => 'invalid',
           :ssl_verify => false
-        })
+        )
       end
 
       before do