1
2 /**
3 * Copyright (C) 2018-present MongoDB, Inc.
4 *
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the Server Side Public License, version 1,
7 * as published by MongoDB, Inc.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * Server Side Public License for more details.
13 *
14 * You should have received a copy of the Server Side Public License
15 * along with this program. If not, see
16 * <http://www.mongodb.com/licensing/server-side-public-license>.
17 *
18 * As a special exception, the copyright holders give permission to link the
19 * code of portions of this program with the OpenSSL library under certain
20 * conditions as described in each individual source file and distribute
21 * linked combinations including the program with the OpenSSL library. You
22 * must comply with the Server Side Public License in all respects for
23 * all of the code used other than as permitted herein. If you modify file(s)
24 * with this exception, you may extend this exception to your version of the
25 * file(s), but you are not obligated to do so. If you do not wish to do so,
26 * delete this exception statement from your version. If you delete this
27 * exception statement from all source files in the program, then also delete
28 * it in the license file.
29 */
30
31 #define MONGO_LOG_DEFAULT_COMPONENT ::mongo::logger::LogComponent::kNetwork
32
33 #include "mongo/platform/basic.h"
34
35 #include "mongo/util/net/ssl_manager.h"
36
37 #include "mongo/config.h"
38 #include "mongo/unittest/unittest.h"
39 #include "mongo/util/log.h"
40
41
42 namespace mongo {
43 namespace {
TEST(SSLManager,matchHostname)44 TEST(SSLManager, matchHostname) {
45 #ifdef MONGO_CONFIG_SSL
46 enum Expected : bool { match = true, mismatch = false };
47 const struct {
48 Expected expected;
49 std::string hostname;
50 std::string certName;
51 } tests[] = {
52 // clang-format off
53 // Matches? | Hostname and possibly FQDN | Certificate name
54 {match, "foo.bar.bas" , "*.bar.bas."},
55 {mismatch, "foo.subdomain.bar.bas" , "*.bar.bas."},
56 {match, "foo.bar.bas.", "*.bar.bas."},
57 {mismatch, "foo.subdomain.bar.bas.", "*.bar.bas."},
58
59 {match, "foo.bar.bas" , "*.bar.bas"},
60 {mismatch, "foo.subdomain.bar.bas" , "*.bar.bas"},
61 {match, "foo.bar.bas.", "*.bar.bas"},
62 {mismatch, "foo.subdomain.bar.bas.", "*.bar.bas"},
63
64 {mismatch, "foo.evil.bas" , "*.bar.bas."},
65 {mismatch, "foo.subdomain.evil.bas" , "*.bar.bas."},
66 {mismatch, "foo.evil.bas.", "*.bar.bas."},
67 {mismatch, "foo.subdomain.evil.bas.", "*.bar.bas."},
68
69 {mismatch, "foo.evil.bas" , "*.bar.bas"},
70 {mismatch, "foo.subdomain.evil.bas" , "*.bar.bas"},
71 {mismatch, "foo.evil.bas.", "*.bar.bas"},
72 {mismatch, "foo.subdomain.evil.bas.", "*.bar.bas"},
73 // clang-format on
74 };
75 bool failure = false;
76 for (const auto& test : tests) {
77 if (bool(test.expected) != hostNameMatchForX509Certificates(test.hostname, test.certName)) {
78 failure = true;
79 LOG(1) << "Failure for Hostname: " << test.hostname
80 << " Certificate: " << test.certName;
81 } else {
82 LOG(1) << "Passed for Hostname: " << test.hostname << " Certificate: " << test.certName;
83 }
84 }
85 ASSERT_FALSE(failure);
86 #endif
87 }
88 } // namespace
89 } // namespace mongo
90