// tries to authenticate
// returns a result if successful
// returns null if failed due to credentials (may want to retry)
// throws if anything else went wrong
private async ValueTask <AuthenticationResult> TryAuthenticateAsync(MemberConnection client, string clusterName, Guid clusterClientId, string clusterClientName, ISet <string> labels, ICredentialsFactory credentialsFactory, CancellationToken cancellationToken)
{
const string clientType = "CSP"; // CSharp
var serializationVersion = _serializationService.GetVersion();
var clientVersion = ClientVersion;
var credentials = credentialsFactory.NewCredentials();
ClientMessage requestMessage;
switch (credentials)
{
case IPasswordCredentials passwordCredentials:
requestMessage = ClientAuthenticationCodec.EncodeRequest(clusterName, passwordCredentials.Name, passwordCredentials.Password, clusterClientId, clientType, serializationVersion, clientVersion, clusterClientName, labels);
break;
case ITokenCredentials tokenCredentials:
requestMessage = ClientAuthenticationCustomCodec.EncodeRequest(clusterName, tokenCredentials.GetToken(), clusterClientId, clientType, serializationVersion, clientVersion, clusterClientName, labels);
break;
default:
var bytes = _serializationService.ToData(credentials).ToByteArray();
requestMessage = ClientAuthenticationCustomCodec.EncodeRequest(clusterName, bytes, clusterClientId, clientType, serializationVersion, clientVersion, clusterClientName, labels);
break;
}
cancellationToken.ThrowIfCancellationRequested();
HConsole.WriteLine(this, "Send auth request");
var responseMessage = await client.SendAsync(requestMessage).CfAwait();
HConsole.WriteLine(this, "Rcvd auth response");
var response = ClientAuthenticationCodec.DecodeResponse(responseMessage);
HConsole.WriteLine(this, "Auth response is: " + (AuthenticationStatus)response.Status);
return((AuthenticationStatus)response.Status switch
{
AuthenticationStatus.Authenticated
=> new AuthenticationResult(response.ClusterId, response.MemberUuid, response.Address, response.ServerHazelcastVersion, response.FailoverSupported, response.PartitionCount, response.SerializationVersion, credentials.Name),
AuthenticationStatus.CredentialsFailed
=> null, // could want to retry
AuthenticationStatus.NotAllowedInCluster
=> throw new AuthenticationException("Client is not allowed in cluster."),
AuthenticationStatus.SerializationVersionMismatch
=> throw new AuthenticationException("Serialization mismatch."),
_ => throw new AuthenticationException($"Received unsupported status code {response.Status}.")
});
private void Authenticate(ClientConnection connection, bool isOwnerConnection)
{
if (Logger.IsFinestEnabled())
{
Logger.Finest(string.Format("Authenticating against the {0} node", isOwnerConnection?"owner":"non-owner"));
}
string uuid = null;
string ownerUuid = null;
if (ClientPrincipal != null)
{
uuid = ClientPrincipal.GetUuid();
ownerUuid = ClientPrincipal.GetOwnerUuid();
}
var ss = _client.GetSerializationService();
ClientMessage request;
var credentials = _credentialsFactory.NewCredentials();
LastCredentials = credentials;
if (credentials.GetType() == typeof(UsernamePasswordCredentials))
{
var usernamePasswordCr = (UsernamePasswordCredentials)credentials;
request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.Username, usernamePasswordCr.Password, uuid,
ownerUuid, isOwnerConnection, ClientTypes.Csharp, ss.GetVersion(), VersionUtil.GetDllVersion());
}
else
{
var data = ss.ToData(credentials);
request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, isOwnerConnection,
ClientTypes.Csharp, ss.GetVersion(), VersionUtil.GetDllVersion());
}
IClientMessage response;
try
{
var invocationService = (ClientInvocationService)_client.GetInvocationService();
response = ThreadUtil.GetResult(invocationService.InvokeOnConnection(request, connection), _heartbeatTimeout);
}
catch (Exception e)
{
var ue = ExceptionUtil.Rethrow(e);
Logger.Finest("Member returned an exception during authentication.", ue);
throw ue;
}
var result = ClientAuthenticationCodec.DecodeResponse(response);
if (result.address == null)
{
throw new HazelcastException("Could not resolve address for member.");
}
switch (result.status)
{
case AuthenticationStatus.Authenticated:
if (isOwnerConnection)
{
var member = new Member(result.address, result.ownerUuid);
ClientPrincipal = new ClientPrincipal(result.uuid, result.ownerUuid);
connection.Member = member;
connection.SetOwner();
connection.ConnectedServerVersionStr = result.serverHazelcastVersion;
}
else
{
var member = _client.GetClientClusterService().GetMember(result.address);
if (member == null)
{
throw new HazelcastException(string.Format("Node with address '{0}' was not found in the member list",
result.address));
}
connection.Member = member;
}
break;
case AuthenticationStatus.CredentialsFailed:
throw new AuthenticationException("Invalid credentials! Principal: " + ClientPrincipal);
case AuthenticationStatus.SerializationVersionMismatch:
throw new InvalidOperationException("Server serialization version does not match to client");
default:
throw new AuthenticationException("Authentication status code not supported. status: " + result.status);
}
}