Files
mongo/jstests/ssl/ssl_options.js
Gabriel Marks 77d90a66d3 SERVER-99750 Use generated certificates in jstests (#46650)
GitOrigin-RevId: 303ffa3be9ec56f70a9ff9e38d4430fd0c927599
2026-01-28 18:44:45 +00:00

57 lines
1.7 KiB
JavaScript

// Test redaction of passwords in command line SSL option parsing.
import {requireSSLProvider} from "jstests/ssl/libs/ssl_helpers.js";
requireSSLProvider("openssl", function () {
const baseName = "jstests_ssl_ssl_options";
jsTest.log("Testing censorship of ssl options");
const mongodConfig = {
tlsCertificateKeyFile: getX509Path("password_protected.pem"),
tlsMode: "requireTLS",
tlsCertificateKeyFilePassword: "qwerty",
tlsClusterPassword: "qwerty",
tlsCAFile: getX509Path("ca.pem"),
};
const mongodSource = MongoRunner.runMongod(mongodConfig);
const getCmdLineOptsResult = mongodSource.adminCommand("getCmdLineOpts");
let i;
let isPassword = false;
for (i = 0; i < getCmdLineOptsResult.argv.length; i++) {
if (isPassword) {
assert.eq(
getCmdLineOptsResult.argv[i],
"<password>",
"Password not properly censored: " + tojson(getCmdLineOptsResult),
);
isPassword = false;
continue;
}
if (
getCmdLineOptsResult.argv[i] === "--tlsPEMKeyPassword" ||
getCmdLineOptsResult.argv[i] === "--tlsClusterPassword"
) {
isPassword = true;
}
}
assert.eq(
getCmdLineOptsResult.parsed.net.tls.certificateKeyFilePassword,
"<password>",
"Password not properly censored: " + tojson(getCmdLineOptsResult),
);
assert.eq(
getCmdLineOptsResult.parsed.net.tls.clusterPassword,
"<password>",
"Password not properly censored: " + tojson(getCmdLineOptsResult),
);
MongoRunner.stopMongod(mongodSource);
print(baseName + " succeeded.");
});