Rewrite tests for SSL with X509 auth

Author: jmikola

tests/connect/standalone-x509-0001.phpt

@@ -0,0 +1,33 @@
+--TEST--
+Connect to MongoDB with SSL and X509 auth
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; NEEDS("STANDALONE_X509"); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+$SSL_DIR = realpath(__DIR__ . '/../../scripts/ssl/');
+
+$driverOptions = [
+    // libmongoc does not allow the hostname to be overridden as "server"
+    'allow_invalid_hostname' => true,
+    'weak_cert_validation' => false,
+    'ca_file' => $SSL_DIR . '/ca.pem',
+    'pem_file' => $SSL_DIR . '/client.pem',
+    // TODO: this doesn't appear to have any effect. Does the PEM file not have a password?
+    'pem_pwd' => 'qwerty',
+];
+
+$manager = new MongoDB\Driver\Manager(STANDALONE_X509, ['ssl' => true], $driverOptions);
+$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1]));
+var_dump($cursor->toArray()[0]);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+object(stdClass)#%d (%d) {
+  ["ok"]=>
+  float(1)
+}
+===DONE===

tests/connect/standalone-x509-0002.phpt

@@ -0,0 +1,37 @@
+--TEST--
+Connect to MongoDB with SSL and X509 auth (stream context)
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; NEEDS("STANDALONE_X509"); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+$SSL_DIR = realpath(__DIR__ . '/../../scripts/ssl/');
+
+$driverOptions = [
+    'context' => stream_context_create([
+        'ssl' => [
+            // libmongoc does not allow the hostname to be overridden as "server"
+            'allow_invalid_hostname' => true,
+            'allow_self_signed' => false, // "weak_cert_validation" alias
+            'cafile' => $SSL_DIR . '/ca.pem', // "ca_file" alias
+            'local_cert' => $SSL_DIR . '/client.pem', // "pem_file" alias
+            // TODO: this doesn't appear to have any effect. Does the PEM file not have a password?
+            'passphrase' => 'qwerty', // "pem_pwd" alias
+        ],
+    ]),
+];
+
+$manager = new MongoDB\Driver\Manager(STANDALONE_X509, ['ssl' => true], $driverOptions);
+$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1]));
+var_dump($cursor->toArray()[0]);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+object(stdClass)#%d (%d) {
+  ["ok"]=>
+  float(1)
+}
+===DONE===

tests/connect/standalone-x509-0003.phpt

@@ -6,44 +6,34 @@ X509 connection should not reuse previous stream after an auth failure
 <?php
 require_once __DIR__ . "/../utils/basic.inc";
 
-function connect($dsn, $opts) {
-    try {
-        $manager = new MongoDB\Driver\Manager($dsn, array(), $opts);
+$SSL_DIR = realpath(__DIR__ . '/../../scripts/ssl/');
 
-        $bulk = new MongoDB\Driver\BulkWrite();
-        $bulk->insert(array("very" => "important"));
-        $manager->executeBulkWrite(NS, $bulk);
-        echo "Connected\n";
-    } catch(Exception $e) {
-        echo get_class($e), ": ", $e->getMessage(), "\n";
-    }
-    return $manager;
-}
-
-$SSL_DIR = realpath(__DIR__ . "/" . "./../../scripts/ssl/");
-$opts = array(
-        "peer_name" => "server",
-        "verify_peer" => true,
-        "verify_peer_name" => true,
-        "allow_self_signed" => false,
-        "cafile" => $SSL_DIR . "/ca.pem", /* Defaults to openssl.cafile */
-        "capath" => $SSL_DIR, /* Defaults to openssl.capath */
-        "local_cert" => $SSL_DIR . "/client.pem",
-);
+$driverOptions = [
+    // libmongoc does not allow the hostname to be overridden as "server"
+    'allow_invalid_hostname' => true,
+    'ca_file' => $SSL_DIR . '/ca.pem',
+    'pem_file' => $SSL_DIR . '/client.pem',
+];
 
-/* Wrong username */
+// Wrong username for X509 authentication
 $parsed = parse_url(STANDALONE_X509);
-$dsn = sprintf("mongodb://username@%s:%d/%s?ssl=true&authMechanism=MONGODB-X509", $parsed["host"], $parsed["port"], DATABASE_NAME);
+$dsn = sprintf('mongodb://username@%s:%d/?ssl=true&authMechanism=MONGODB-X509', $parsed['host'], $parsed['port']);
 
-$m1 = connect($dsn, $opts);
-$m2 = connect($dsn, $opts);
+// Both should fail with auth failure, without reusing the previous stream
+for ($i = 0; $i < 2; $i++) {
+    echo throws(function() use ($dsn, $driverOptions) {
+        $manager = new MongoDB\Driver\Manager($dsn, [], $driverOptions);
+        $cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1]));
+        var_dump($cursor->toArray()[0]);
+    }, 'MongoDB\Driver\Exception\AuthenticationException', 'executeCommand'), "\n";
+}
 
-echo "Both should have failed with auth failure - without reusing previous stream\n";
 ?>
 ===DONE===
 <?php exit(0); ?>
 --EXPECTF--
-MongoDB\Driver\Exception\AuthenticationException: auth failed
-MongoDB\Driver\Exception\AuthenticationException: auth failed
-Both should have failed with auth failure - without reusing previous stream
+OK: Got MongoDB\Driver\Exception\AuthenticationException thrown from executeCommand
+auth failed
+OK: Got MongoDB\Driver\Exception\AuthenticationException thrown from executeCommand
+auth failed
 ===DONE===

tests/connect/standalone-x509-0004.phpt

@@ -0,0 +1,35 @@
+--TEST--
+Connect to MongoDB with SSL and X509 auth and username retrieved from cert
+--SKIPIF--
+<?php require __DIR__ . "/../utils/basic-skipif.inc"; NEEDS("STANDALONE_X509"); ?>
+--FILE--
+<?php
+require_once __DIR__ . "/../utils/basic.inc";
+
+$SSL_DIR = realpath(__DIR__ . '/../../scripts/ssl/');
+
+$driverOptions = [
+    // libmongoc does not allow the hostname to be overridden as "server"
+    'allow_invalid_hostname' => true,
+    'weak_cert_validation' => false,
+    'ca_file' => $SSL_DIR . '/ca.pem',
+    'pem_file' => $SSL_DIR . '/client.pem',
+];
+
+$parsed = parse_url(STANDALONE_X509);
+// TODO: authMechanism cannot be parsed from URI options array (PHPC-772)
+$uri = sprintf('mongodb://%s:%d/?ssl=true&authMechanism=MONGODB-X509', $parsed['host'], $parsed['port']);
+
+$manager = new MongoDB\Driver\Manager($uri, [], $driverOptions);
+$cursor = $manager->executeCommand(DATABASE_NAME, new MongoDB\Driver\Command(['ping' => 1]));
+var_dump($cursor->toArray()[0]);
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+object(stdClass)#%d (%d) {
+  ["ok"]=>
+  float(1)
+}
+===DONE===