diff --git a/.evergreen/config.yml b/.evergreen/config.yml index 9c0e6ede6..0f83b08bf 100644 --- a/.evergreen/config.yml +++ b/.evergreen/config.yml @@ -510,22 +510,6 @@ functions: export PROJECT_DIRECTORY='${PROJECT_DIRECTORY}' ASYNC_RUNTIME=${ASYNC_RUNTIME} .evergreen/run-atlas-tests.sh - "run ocsp test": - - command: shell.exec - type: test - params: - shell: bash - working_dir: "src" - script: | - ${PREPARE_SHELL} - - ASYNC_RUNTIME=${ASYNC_RUNTIME} \ - MONGODB_URI=${MONGODB_URI} \ - OCSP_TLS_SHOULD_SUCCEED=${OCSP_TLS_SHOULD_SUCCEED} \ - OCSP_ALGORITHM=${OCSP_ALGORITHM} \ - MONGO_OCSP_TESTS=1 \ - .evergreen/run-ocsp-test.sh - "run kmip server": - command: shell.exec params: @@ -616,82 +600,6 @@ functions: .evergreen/run-csfle-tests.sh - run-valid-ocsp-server: - - command: shell.exec - params: - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - - command: shell.exec - params: - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - - ./venv/${VENV_BIN_DIR}/python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ca.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ca.key \ - -p 8100 -v - - run-revoked-ocsp-server: - - command: shell.exec - params: - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - - command: shell.exec - params: - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - - ./venv/${VENV_BIN_DIR}/python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ca.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ca.key \ - -p 8100 \ - -v \ - --fault revoked - - run-valid-delegate-ocsp-server: - - command: shell.exec - params: - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - - command: shell.exec - params: - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - - ./venv/${VENV_BIN_DIR}/python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ocsp-responder.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ocsp-responder.key \ - -p 8100 -v - - run-revoked-delegate-ocsp-server: - - command: shell.exec - params: - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - . ./activate-ocspvenv.sh - - command: shell.exec - params: - background: true - script: | - cd ${DRIVERS_TOOLS}/.evergreen/ocsp - - ./venv/${VENV_BIN_DIR}/python ocsp_mock.py \ - --ca_file ${OCSP_ALGORITHM}/ca.pem \ - --ocsp_responder_cert ${OCSP_ALGORITHM}/ocsp-responder.crt \ - --ocsp_responder_key ${OCSP_ALGORITHM}/ocsp-responder.key \ - -p 8100 \ - -v \ - --fault revoked - "build and upload gcp kms test": - command: shell.exec params: @@ -1447,330 +1355,6 @@ tasks: - func: "build and upload gcp kms test" - func: "run gcp kms test" - - name: test-ocsp-rsa-valid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: "run-valid-ocsp-server" - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-invalid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-revoked-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: "run-valid-ocsp-server" - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-revoked-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-soft-fail - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-revoked-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-malicious-no-responder-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-delegate-valid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-valid-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-delegate-invalid-cert-server-staples - tags: ["ocsp", "ocsp-rsa", "ocsp-staple"] - commands: - - func: run-revoked-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-delegate-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-valid-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-rsa-delegate-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-revoked-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-rsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-rsa"] - commands: - - func: run-revoked-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "rsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "rsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "rsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-valid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-valid-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-invalid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-revoked-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-valid-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-revoked-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-soft-fail - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-revoked-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-malicious-no-responder-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-delegate-valid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-valid-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-delegate-invalid-cert-server-staples - tags: ["ocsp", "ocsp-ecdsa", "ocsp-staple"] - commands: - - func: run-revoked-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-delegate-valid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-valid-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "true" - - - name: test-ocsp-ecdsa-delegate-invalid-cert-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-revoked-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - - name: test-ocsp-ecdsa-delegate-malicious-invalid-cert-mustStaple-server-does-not-staple - tags: ["ocsp", "ocsp-ecdsa"] - commands: - - func: run-revoked-delegate-ocsp-server - vars: - OCSP_ALGORITHM: "ecdsa" - - func: "bootstrap mongo-orchestration" - vars: - ORCHESTRATION_FILE: "ecdsa-basic-tls-ocsp-mustStaple-disableStapling.json" - - func: "run ocsp test" - vars: - OCSP_ALGORITHM: "ecdsa" - OCSP_TLS_SHOULD_SUCCEED: "false" - - name: "compile-only" commands: - func: "compile only" @@ -2397,49 +1981,6 @@ buildvariants: - ".aws-auth" - "test-connection-string" -# TODO: RUST-361 enable these tests once OCSP support is implemented -# - matrix_name: "ocsp" -# matrix_spec: -# os: -# - ubuntu-18.04 -# async-runtime: "*" -# mongodb-version: -# - latest -# - 5.0 -# - 4.4 -# display_name: "OCSP ${os} ${mongodb-version} with ${async-runtime}" -# batchtime: 20160 # 14 days -# tasks: -# - ".ocsp" -# - matrix_name: "ocsp-macos" -# matrix_spec: -# os: -# - macos-10.14 -# async-runtime: "*" -# mongodb-version: -# - latest -# - 5.0 -# - 4.4 -# display_name: "OCSP ${os} ${mongodb-version} with ${async-runtime}" -# batchtime: 20160 # 14 days -# tasks: -# # macOS MongoDB servers do not staple OCSP responses and only support RSA. -# - name: ".ocsp-rsa !.ocsp-staple" -# - matrix_name: "ocsp-windows" -# matrix_spec: -# os: -# - windows-64-vs2017 -# async-runtime: "*" -# mongodb-version: -# - latest -# - 5.0 -# - 4.4 -# display_name: "OCSP ${os} ${mongodb-version} with ${async-runtime}" -# batchtime: 20160 # 14 days -# tasks: -# # Windows MongoDB servers do not staple OCSP responses and only support RSA. -# - name: ".ocsp-rsa !.ocsp-staple" - - matrix_name: "compile-only" matrix_spec: os: diff --git a/.evergreen/run-ocsp-test.sh b/.evergreen/run-ocsp-test.sh deleted file mode 100755 index 11c2db9b1..000000000 --- a/.evergreen/run-ocsp-test.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -set -o xtrace -set -o errexit # Exit the script with error if any of the commands fail - -############################################ -# Main Program # -############################################ - -# Supported/used environment variables: -# MONGODB_URI Set the URI, including an optional username/password to use -# to connect to the server via -# ASYNC_RUNTIME Specify the async runtime to use. Must be either "tokio" or -# "async-std". -# OCSP_TLS_SHOULD_SUCCEED Whether the connection attempt should succeed or not with the -# given configuration. -# OCSP_ALGORITHM Specify the cyptographic algorithm used to sign the server's -# certificate. Must be either "rsa" or "ecdsa". - -echo "Running OCSP test" - -# show test output -set -x - -set -o errexit - -if [[ "$MONGODB_URI" == *"?"* ]]; then - export MONGODB_URI="${MONGODB_URI}&" -else - export MONGODB_URI="${MONGODB_URI}/?" -fi -CA_FILE=`echo "${DRIVERS_TOOLS}/.evergreen/ocsp/${OCSP_ALGORITHM}/ca.pem" | sed 's/\//%2F/g'` - -export MONGODB_URI="${MONGODB_URI}tls=true&tlsCAFile=${CA_FILE}" - -source ./.evergreen/configure-rust.sh - -RUST_BACKTRACE=1 cargo test spec::ocsp