PHPC-33: Add tests for X509

This test does not currently work due to bug in Mongo Orchestration:
mongodb-labs/mongo-orchestration#159

Author: bjori

scripts/presets/standalone-ssl.json

@@ -11,8 +11,8 @@
         "setParameter": {"enableTestCommands": 1}
     }, 
     "sslParams": {
+	"sslMode": "requireSSL",
         "sslCAFile": "/phongo/scripts/ssl/ca.pem", 
-        "sslOnNormalPorts": true, 
         "sslPEMKeyFile": "/phongo/scripts/ssl/server.pem", 
         "sslWeakCertificateValidation": true
     }

scripts/presets/standalone-x509.json

@@ -14,8 +14,9 @@
         "setParameter": {"enableTestCommands": 1}
     }, 
     "sslParams": {
+	"clusterAuthMode": "x509",
+	"sslMode": "requireSSL",
         "sslCAFile": "/phongo/scripts/ssl/ca.pem", 
-        "sslOnNormalPorts": true, 
         "sslPEMKeyFile": "/phongo/scripts/ssl/server.pem", 
         "sslWeakCertificateValidation": true
     }

tests/connect/standalone-x509-0001.phpt

@@ -0,0 +1,91 @@
+--TEST--
+Connect to MongoDB with using SSL and verify the stream
+--SKIPIF--
+<?php require "tests/utils/basic-skipif.inc"?>
+--FILE--
+<?php 
+require_once "tests/utils/basic.inc";
+
+$SSL_DIR = realpath(__DIR__ . "/" . "./../../scripts/ssl/");
+
+$opts = array(
+    "ssl" => array(
+        "peer_name" => "MongoDB",
+        "verify_peer" => true,
+        "verify_peer_name" => true,
+        "allow_self_signed" => false,
+        "cafile" => $SSL_DIR . "/ca.pem", /* Defaults to openssl.cafile */
+        "capath" => $SSL_DIR, /* Defaults to openssl.capath */
+        "local_cert" => $SSL_DIR . "/client.pem",
+        "passphrase" => "Very secretive client.pem passphrase",
+        "CN_match" => "server",
+        "verify_depth" => 5,
+        "ciphers" => "HIGH:!EXPORT:!aNULL@STRENGTH",
+        "capture_peer_cert" => true,
+        "capture_peer_cert_chain" => true,
+        "SNI_enabled" => true,
+        "disable_compression" => false,
+        "peer_fingerprint" => "0d6dbd95",
+    ),
+);
+$context = stream_context_create($opts);
+
+$parsed = parse_url(MONGODB_STANDALONE_X509_URI);
+$adminuser = "root";
+$adminpass = "toor";
+$dsn = sprintf("mongodb://%s:%s@%s:%d/admin?ssl=true", $adminuser, $adminpass, $parsed["host"], $parsed["port"]);
+$adminmanager = new MongoDB\Manager($dsn, array(), array("context" => $context, "debug" => STDERR));
+
+$certusername = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=client";
+
+
+$cmd = array(
+    "createUser" => $certusername,
+    "roles" => [["role" => "readWrite", "db" => DATABASE_NAME]],
+);
+
+try {
+    echo "User Created\n";
+    $command = new MongoDB\Command($cmd);
+    $result = $adminmanager->executeCommand(DATABASE_NAME, $command);
+    echo "User Created\n";
+} catch(Exception $e) {
+    echo get_class($e), ": ", $e->getMessage(), "\n";
+}
+
+try {
+    $parsed = parse_url(MONGODB_STANDALONE_X509_URI);
+    $dsn = sprintf("mongodb://%s@%s:%d/%s?ssl=true&authMechanism=MONGODB-X509", urlencode($certusername), $parsed["host"], $parsed["port"], DATABASE_NAME);
+
+    $manager = new MongoDB\Manager($dsn, array(), array("context" => $context, "debug" => STDERR));
+
+    $batch = new MongoDB\WriteBatch();
+    $batch->insert(array("very" => "important"));
+    $manager->executeWriteBatch(NS, $batch);
+    $query = new MongoDB\Query(array("very" => "important"));
+    $cursor = $manager->executeQuery(NS, $query);
+    foreach($cursor as $document) {
+        var_dump($document["very"]);
+    }
+} catch(Exception $e) {
+    echo get_class($e), ": ", $e->getMessage(), "\n";
+}
+
+try {
+    echo "User dropped\n";
+    $command = new MongoDB\Command(array("drop" => COLLECTION_NAME));
+    $result = $adminmanager->executeCommand(DATABASE_NAME, $command);
+    echo "User dropped\n";
+} catch(Exception $e) {
+    echo get_class($e), ": ", $e->getMessage(), "\n";
+}
+
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+User Created
+string(9) "important"
+User dropped
+===DONE===

tests/connect/standalone-x509-0002.phpt

@@ -0,0 +1,92 @@
+--TEST--
+Connect to MongoDB with using X509 retrieving username from certificate #002
+--SKIPIF--
+<?php require "tests/utils/basic-skipif.inc"?>
+--FILE--
+<?php 
+require_once "tests/utils/basic.inc";
+
+$SSL_DIR = realpath(__DIR__ . "/" . "./../../scripts/ssl/");
+
+$opts = array(
+    "ssl" => array(
+        "peer_name" => "MongoDB",
+        "verify_peer" => true,
+        "verify_peer_name" => true,
+        "allow_self_signed" => false,
+        "cafile" => $SSL_DIR . "/ca.pem", /* Defaults to openssl.cafile */
+        "capath" => $SSL_DIR, /* Defaults to openssl.capath */
+        "local_cert" => $SSL_DIR . "/client.pem",
+        "passphrase" => "Very secretive client.pem passphrase",
+        "CN_match" => "server",
+        "verify_depth" => 5,
+        "ciphers" => "HIGH:!EXPORT:!aNULL@STRENGTH",
+        "capture_peer_cert" => true,
+        "capture_peer_cert_chain" => true,
+        "SNI_enabled" => true,
+        "disable_compression" => false,
+        "peer_fingerprint" => "0d6dbd95",
+    ),
+);
+$context = stream_context_create($opts);
+
+$parsed = parse_url(MONGODB_STANDALONE_X509_URI);
+$adminuser = "root";
+$adminpass = "toor";
+$dsn = sprintf("mongodb://%s:%s@%s:%d/admin?ssl=true", $adminuser, $adminpass, $parsed["host"], $parsed["port"]);
+$adminmanager = new MongoDB\Manager($dsn, array(), array("context" => $context, "debug" => STDERR));
+
+$certusername = "C=US,ST=New York,L=New York City,O=MongoDB,OU=KernelUser,CN=client";
+
+
+$cmd = array(
+    "createUser" => $certusername,
+    "roles" => [["role" => "readWrite", "db" => DATABASE_NAME]],
+);
+
+try {
+    echo "User Created\n";
+    $command = new MongoDB\Command($cmd);
+    $result = $adminmanager->executeCommand(DATABASE_NAME, $command);
+    echo "User Created\n";
+} catch(Exception $e) {
+    echo get_class($e), ": ", $e->getMessage(), "\n";
+}
+
+try {
+    /* mongoc will pull the username of the certificate */
+    $parsed = parse_url(MONGODB_STANDALONE_X509_URI);
+    $dsn = sprintf("mongodb://%s:%d/%s?ssl=true&authMechanism=MONGODB-X509", $parsed["host"], $parsed["port"], DATABASE_NAME);
+
+    $manager = new MongoDB\Manager($dsn, array(), array("context" => $context, "debug" => STDERR));
+
+    $batch = new MongoDB\WriteBatch();
+    $batch->insert(array("very" => "important"));
+    $manager->executeWriteBatch(NS, $batch);
+    $query = new MongoDB\Query(array("very" => "important"));
+    $cursor = $manager->executeQuery(NS, $query);
+    foreach($cursor as $document) {
+        var_dump($document["very"]);
+    }
+} catch(Exception $e) {
+    echo get_class($e), ": ", $e->getMessage(), "\n";
+}
+
+try {
+    echo "User dropped\n";
+    $command = new MongoDB\Command(array("drop" => COLLECTION_NAME));
+    $result = $adminmanager->executeCommand(DATABASE_NAME, $command);
+    echo "User dropped\n";
+} catch(Exception $e) {
+    echo get_class($e), ": ", $e->getMessage(), "\n";
+}
+
+
+?>
+===DONE===
+<?php exit(0); ?>
+--EXPECTF--
+User Created
+string(9) "important"
+User dropped
+===DONE===

tests/utils/basic.inc

@@ -21,6 +21,7 @@ $consts = array(
     "MONGODB_STANDALONE_AUTH_URI" => $orch->getURI("standalone-auth.json"),
     "MONGODB_STANDALONE_SSL_URI"  => $orch->getURI("standalone-ssl.json"),
     "MONGODB_STANDALONE_PLAIN_URI"  => $orch->getURI("standalone-plain.json"),
+    "MONGODB_STANDALONE_X509_URI"  => $orch->getURI("standalone-x509.json"),
     "DATABASE_NAME"       => "phongo",
     "COLLECTION_NAME"     => makeCollectionNameFromFilename($_SERVER["SCRIPT_FILENAME"]),
     "DEBUG_DIR"           => sys_get_temp_dir() . "/PHONGO-TESTS/",