...

Source file src/go.mongodb.org/mongo-driver/mongo/ocsp_test.go

Documentation: go.mongodb.org/mongo-driver/mongo 

     1  // Copyright (C) MongoDB, Inc. 2017-present.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License"); you may
     4  // not use this file except in compliance with the License. You may obtain
     5  // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
     6  
     7  package mongo
     8  
     9  import (
    10  	"crypto/tls"
    11  	"os"
    12  	"runtime"
    13  	"strconv"
    14  	"testing"
    15  	"time"
    16  
    17  	"go.mongodb.org/mongo-driver/internal/assert"
    18  	"go.mongodb.org/mongo-driver/internal/integtest"
    19  	"go.mongodb.org/mongo-driver/mongo/options"
    20  	"go.mongodb.org/mongo-driver/mongo/readpref"
    21  )
    22  
    23  func TestOCSP(t *testing.T) {
    24  	successEnvVar := os.Getenv("OCSP_TLS_SHOULD_SUCCEED")
    25  	if successEnvVar == "" {
    26  		t.Skip("skipping because OCSP_TLS_SHOULD_SUCCEED not set")
    27  	}
    28  	shouldSucceed, err := strconv.ParseBool(successEnvVar)
    29  	assert.Nil(t, err, "invalid value for OCSP_TLS_SHOULD_SUCCEED; expected true or false, got %v", successEnvVar)
    30  
    31  	cs := integtest.ConnString(t)
    32  
    33  	t.Run("tls", func(t *testing.T) {
    34  		clientOpts := createOCSPClientOptions(cs.Original)
    35  		client, err := Connect(bgCtx, clientOpts)
    36  		assert.Nil(t, err, "Connect error: %v", err)
    37  		defer func() { _ = client.Disconnect(bgCtx) }()
    38  
    39  		err = client.Ping(bgCtx, readpref.Primary())
    40  		if shouldSucceed {
    41  			assert.Nil(t, err, "Ping error: %v", err)
    42  			return
    43  		}
    44  		// Log the error we got so it's visible in Evergreen and we can verify the tests are running as expected there.
    45  		t.Logf("got Ping error: %v\n", err)
    46  		assert.NotNil(t, err, "expected Ping error, got nil")
    47  	})
    48  	t.Run("tlsInsecure", func(t *testing.T) {
    49  		clientOpts := createInsecureOCSPClientOptions(cs.Original)
    50  		client, err := Connect(bgCtx, clientOpts)
    51  		assert.Nil(t, err, "Connect error: %v", err)
    52  		defer func() { _ = client.Disconnect(bgCtx) }()
    53  
    54  		err = client.Ping(bgCtx, readpref.Primary())
    55  		assert.Nil(t, err, "Ping error: %v", err)
    56  	})
    57  }
    58  
    59  func createOCSPClientOptions(uri string) *options.ClientOptions {
    60  	opts := options.Client().ApplyURI(uri)
    61  
    62  	timeout := 500 * time.Millisecond
    63  	if runtime.GOOS == "windows" {
    64  		// Non-stapled OCSP endpoint checks are slow on Windows.
    65  		timeout = 5 * time.Second
    66  	}
    67  	opts.SetServerSelectionTimeout(timeout)
    68  	return opts
    69  }
    70  
    71  func createInsecureOCSPClientOptions(uri string) *options.ClientOptions {
    72  	opts := createOCSPClientOptions(uri)
    73  
    74  	if opts.TLSConfig != nil {
    75  		opts.TLSConfig.InsecureSkipVerify = true
    76  		return opts
    77  	}
    78  	return opts.SetTLSConfig(&tls.Config{
    79  		InsecureSkipVerify: true,
    80  	})
    81  }
    82  

View as plain text