public void Authenticate_should_have_expected_result(
[Values(false, true)] bool async)
{
var dateTime = DateTime.UtcNow;
var clientNonce = __randomByteGenerator.Generate(ClientNonceLength);
var serverNonce = Combine(clientNonce, __randomByteGenerator.Generate(ClientNonceLength));
var host = "sts.amazonaws.com";
var credential = new UsernamePasswordCredential("$external", "permanentuser", "FAKEFAKEFAKEFAKEFAKEfakefakefakefakefake");
AwsSignatureVersion4.CreateAuthorizationRequest(
dateTime,
credential.Username,
credential.Password,
null,
serverNonce,
host,
out var authHeader,
out var timestamp);
var mockClock = new Mock <IClock>();
mockClock.Setup(x => x.UtcNow).Returns(dateTime);
var mockRandomByteGenerator = new Mock <IRandomByteGenerator>();
mockRandomByteGenerator.Setup(x => x.Generate(It.IsAny <int>())).Returns(clientNonce);
var expectedClientFirstMessage = new BsonDocument
{
{ "r", clientNonce },
{ "p", (int)'n' }
};
var expectedClientSecondMessage = new BsonDocument
{
{ "a", authHeader },
{ "d", timestamp }
};
var serverFirstMessage = new BsonDocument
{
{ "s", serverNonce },
{ "h", host }
};
var saslStartReply = MessageHelper.BuildReply <RawBsonDocument>(RawBsonDocumentHelper.FromJson(
$"{{ conversationId : 1, done : false, payload : BinData(0,\"{ToBase64(serverFirstMessage.ToBson())}\"), ok : 1 }}"));
var saslContinueReply = MessageHelper.BuildReply <RawBsonDocument>(RawBsonDocumentHelper.FromJson(
"{ conversationId : 1, done : true, payload : BinData(0,\"\"), ok : 1}"));
var subject = new MongoAWSAuthenticator(credential, null, mockRandomByteGenerator.Object, mockClock.Object, serverApi: null);
var connection = new MockConnection(__serverId);
connection.EnqueueReplyMessage(saslStartReply);
connection.EnqueueReplyMessage(saslContinueReply);
if (async)
{
subject.AuthenticateAsync(connection, __descriptionQueryWireProtocol, CancellationToken.None).GetAwaiter().GetResult();
}
else
{
subject.Authenticate(connection, __descriptionQueryWireProtocol, CancellationToken.None);
}
SpinWait.SpinUntil(() => connection.GetSentMessages().Count >= 2, TimeSpan.FromSeconds(5)).Should().BeTrue();
var sentMessages = MessageHelper.TranslateMessagesToBsonDocuments(connection.GetSentMessages());
sentMessages.Count.Should().Be(2);
var actualRequestId0 = sentMessages[0]["requestId"].AsInt32;
var actualRequestId1 = sentMessages[1]["requestId"].AsInt32;
var expectedFirstMessage = GetExpectedSaslStartQueryMessage(actualRequestId0, expectedClientFirstMessage);
var expectedSecondMessage = GetExpectedSaslContinueQueryMessage(actualRequestId1, expectedClientSecondMessage);
sentMessages[0].Should().Be(expectedFirstMessage);
sentMessages[1].Should().Be(expectedSecondMessage);
}
// internal methods
internal IAuthenticator ToAuthenticator(ServerApi serverApi)
{
var passwordEvidence = _evidence as PasswordEvidence;
if (passwordEvidence != null)
{
var insecurePassword = SecureStringHelper.ToInsecureString(passwordEvidence.SecurePassword);
var credential = new UsernamePasswordCredential(
_identity.Source,
_identity.Username,
insecurePassword);
if (_mechanism == null)
{
return(new DefaultAuthenticator(credential, serverApi));
}
#pragma warning disable 618
if (_mechanism == MongoDBCRAuthenticator.MechanismName)
{
return(new MongoDBCRAuthenticator(credential, serverApi));
#pragma warning restore 618
}
if (_mechanism == ScramSha1Authenticator.MechanismName)
{
return(new ScramSha1Authenticator(credential, serverApi));
}
if (_mechanism == ScramSha256Authenticator.MechanismName)
{
return(new ScramSha256Authenticator(credential, serverApi));
}
if (_mechanism == PlainAuthenticator.MechanismName)
{
return(new PlainAuthenticator(credential, serverApi));
}
if (_mechanism == GssapiAuthenticator.MechanismName)
{
return(new GssapiAuthenticator(
credential,
_mechanismProperties.Select(x => new KeyValuePair <string, string>(x.Key, x.Value.ToString())),
serverApi));
}
if (_mechanism == MongoAWSAuthenticator.MechanismName)
{
return(new MongoAWSAuthenticator(
credential,
_mechanismProperties.Select(x => new KeyValuePair <string, string>(x.Key, x.Value.ToString())),
serverApi));
}
}
else if (_identity.Source == "$external" && _evidence is ExternalEvidence)
{
if (_mechanism == MongoDBX509Authenticator.MechanismName)
{
return(new MongoDBX509Authenticator(_identity.Username, serverApi));
}
if (_mechanism == GssapiAuthenticator.MechanismName)
{
return(new GssapiAuthenticator(
_identity.Username,
_mechanismProperties.Select(x => new KeyValuePair <string, string>(x.Key, x.Value.ToString())),
serverApi));
}
if (_mechanism == MongoAWSAuthenticator.MechanismName)
{
return(new MongoAWSAuthenticator(
_identity.Username,
_mechanismProperties.Select(x => new KeyValuePair <string, string>(x.Key, x.Value.ToString())),
serverApi));
}
}
throw new NotSupportedException("Unable to create an authenticator.");
}
public static AuthenticationContainer FromUsernamePasswordCredential(UsernamePasswordCredential credential)
{
return(credential != null
? new AuthenticationContainer(credential.ToNetworkCredential())
: null);
}
