/// <summary>
/// Generate the authenticator given the session
/// </summary>
/// <param name="session">session that requires the authentication</param>
/// <returns>authenticator</returns>
/// <exception cref="SnowflakeDbException">when authenticator is unknown</exception>
internal static IAuthenticator GetAuthenticator(SFSession session)
{
string type = session.properties[SFSessionProperty.AUTHENTICATOR];
if (type.Equals(BasicAuthenticator.AUTH_NAME, StringComparison.InvariantCultureIgnoreCase))
{
return(new BasicAuthenticator(session));
}
else if (type.Equals(ExternalBrowserAuthenticator.AUTH_NAME, StringComparison.InvariantCultureIgnoreCase))
{
return(new ExternalBrowserAuthenticator(session));
}
else if (type.Equals(KeyPairAuthenticator.AUTH_NAME, StringComparison.InvariantCultureIgnoreCase))
{
// Get private key path or private key from connection settings
if (!session.properties.TryGetValue(SFSessionProperty.PRIVATE_KEY_FILE, out var pkPath) &&
!session.properties.TryGetValue(SFSessionProperty.PRIVATE_KEY, out var pkContent))
{
// There is no PRIVATE_KEY_FILE defined, can't authenticate with key-pair
string invalidStringDetail =
"Missing required PRIVATE_KEY_FILE or PRIVATE_KEY for key pair authentication";
var error = new SnowflakeDbException(
SFError.INVALID_CONNECTION_STRING,
new object[] { invalidStringDetail });
logger.Error(error.Message, error);
throw error;
}
return(new KeyPairAuthenticator(session));
}
else if (type.Equals(OAuthAuthenticator.AUTH_NAME, StringComparison.InvariantCultureIgnoreCase))
{
// Get private key path or private key from connection settings
if (!session.properties.TryGetValue(SFSessionProperty.TOKEN, out var pkPath))
{
// There is no TOKEN defined, can't authenticate with oauth
string invalidStringDetail =
"Missing required TOKEN for Oauth authentication";
var error = new SnowflakeDbException(
SFError.INVALID_CONNECTION_STRING,
new object[] { invalidStringDetail });
logger.Error(error.Message, error);
throw error;
}
return(new OAuthAuthenticator(session));
}
// Okta would provide a url of form: https://xxxxxx.okta.com or https://xxxxxx.oktapreview.com
else if ((type.EndsWith("okta.com") || type.EndsWith("oktapreview.com")) &&
type.StartsWith("https://"))
{
return(new OktaAuthenticator(session, type));
}
var e = new SnowflakeDbException(SFError.UNKNOWN_AUTHENTICATOR, type);
logger.Error("Unknown authenticator", e);
throw e;
}
/// <summary>
/// The abstract base for all authenticators.
/// </summary>
/// <param name="session">The session which created the authenticator.</param>
public BaseAuthenticator(SFSession session, string authName)
{
this.session = session;
this.authName = authName;
// Update the value for insecureMode because it can be different for each session
ClientEnv.insecureMode = session.properties[SFSessionProperty.INSECUREMODE];
}
/// <summary>
/// Generate the authenticator given the session
/// </summary>
/// <param name="session">session that requires the authentication</param>
/// <returns>authenticator</returns>
/// <exception cref="SnowflakeDbException">when authenticator is unknown</exception>
internal static IAuthenticator GetAuthenticator(SFSession session)
{
string type = session.properties[SFSessionProperty.AUTHENTICATOR];
if (type.Equals(BasicAuthenticator.AUTH_NAME, StringComparison.InvariantCultureIgnoreCase))
{
return(new BasicAuthenticator(session));
}
else if (type.Equals(ExternalBrowserAuthenticator.AUTH_NAME, StringComparison.InvariantCultureIgnoreCase))
{
return(new ExternalBrowserAuthenticator(session));
}
// Okta would provide a url of form: https://xxxxxx.okta.com
else if (type.EndsWith("okta.com") && type.StartsWith("https://"))
{
return(new OktaAuthenticator(session, type));
}
else if (type.Equals(OAuthAuthenticator.AUTH_NAME, StringComparison.InvariantCultureIgnoreCase))
{
return(new OAuthAuthenticator(session));
}
var e = new SnowflakeDbException(SFError.UNKNOWN_AUTHENTICATOR, type);
logger.Error("Unknown authenticator", e);
throw e;
}
public void TestSessionGoneWhenClose()
{
Mock.MockCloseSessionGone restRequester = new Mock.MockCloseSessionGone();
SFSession sfSession = new SFSession("account=test;user=test;password=test", null, restRequester);
sfSession.Open();
sfSession.close(); // no exception is raised.
}
public override void Open()
{
sfSession = new SFSession(ConnectionString, Password);
this.connectionTimeout = sfSession.connectionTimeout;
connectionState = ConnectionState.Connecting;
sfSession.open();
connectionState = ConnectionState.Open;
}
private void SetMockSession()
{
var restRequester = new MockRetryUntilRestTimeoutRestRequester();
SfSession = new SFSession(ConnectionString, Password, restRequester);
_connectionTimeout = (int)SfSession.connectionTimeout.TotalSeconds;
_connectionState = ConnectionState.Connecting;
}
public void TestSessionRenewDuringQueryExec()
{
Mock.MockRestSessionExpiredInQueryExec restRequester = new Mock.MockRestSessionExpiredInQueryExec();
SFSession sfSession = new SFSession("account=test;user=test;password=test", null, restRequester);
sfSession.Open();
SFStatement statement = new SFStatement(sfSession, restRequester);
SFBaseResultSet resultSet = statement.Execute(0, "select 1", null, false);
Assert.AreEqual(true, resultSet.Next());
Assert.AreEqual("1", resultSet.GetString(0));
}
public void TestSessionRenew()
{
Mock.MockRestSessionExpired restRequester = new Mock.MockRestSessionExpired();
SFSession sfSession = new SFSession("account=test;user=test;password=test", null, restRequester);
sfSession.Open();
SFStatement statement = new SFStatement(sfSession, restRequester);
SFBaseResultSet resultSet = statement.Execute(0, "select 1", null, false);
Assert.AreEqual(true, resultSet.Next());
Assert.AreEqual("1", resultSet.GetString(0));
Assert.AreEqual("new_session_token", sfSession.sessionToken);
Assert.AreEqual("new_master_token", sfSession.masterToken);
}
public void TestServiceName()
{
var restRequester = new Mock.MockServiceName();
SFSession sfSession = new SFSession("account=test;user=test;password=test", null, restRequester);
sfSession.Open();
string expectServiceName = Mock.MockServiceName.INIT_SERVICE_NAME;
Assert.AreEqual(expectServiceName, sfSession.ParameterMap[SFSessionParameter.SERVICE_NAME]);
for (int i = 0; i < 5; i++)
{
SFStatement statement = new SFStatement(sfSession, restRequester);
SFBaseResultSet resultSet = statement.Execute(0, "SELECT 1", null, false);
expectServiceName += "a";
Assert.AreEqual(expectServiceName, sfSession.ParameterMap[SFSessionParameter.SERVICE_NAME]);
}
}
public void TestSsoTokenUrlMismatch()
{
try
{
var restRequester = new Mock.MockOktaRestRequester()
{
TokenUrl = "https://snowflakecomputing.okta1.com/api/v1/sessions?additionalFields=cookieToken",
SSOUrl = "https://snowflakecomputing.okta.com/app/snowflake_testaccountdev_1/blah/sso/saml",
};
var sfSession = new SFSession("account=test;user=test;password=test;authenticator=https://snowflake.okta.com", null, restRequester);
sfSession.Open();
Assert.Fail("Should not pass");
} catch (SnowflakeDbException e)
{
Assert.AreEqual(SFError.IDP_SSO_TOKEN_URL_MISMATCH.GetAttribute <SFErrorAttr>().errorCode, e.ErrorCode);
}
}
public void TestWrongPostbackUrl()
{
try
{
var restRequester = new Mock.MockOktaRestRequester()
{
TokenUrl = "https://snowflakecomputing.okta.com/api/v1/sessions?additionalFields=cookieToken",
SSOUrl = "https://snowflakecomputing.okta.com/app/snowflake_testaccountdev_1/blah/sso/saml",
ResponseContent = wrongPostbackContent,
};
var sfSession = new SFSession("account=test;user=test;password=test;authenticator=https://snowflakecomputing.okta.com;host=test", null, restRequester);
sfSession.Open();
Assert.Fail("Should not pass");
} catch (SnowflakeDbException e)
{
Assert.AreEqual(SFError.IDP_SAML_POSTBACK_INVALID.GetAttribute <SFErrorAttr>().errorCode, e.ErrorCode);
}
}
/// <summary>
/// Generate the authenticator given the session
/// </summary>
/// <param name="session">session that requires the authentication</param>
/// <returns>authenticator</returns>
/// <exception cref="SnowflakeDbException">when authenticator is unknown</exception>
internal static IAuthenticator GetAuthenticator(SFSession session)
{
string type = session.properties[SFSessionProperty.AUTHENTICATOR];
if (type == "snowflake")
{
return(new BasicAuthenticator(session));
}
// Okta would provide a url of form: https://xxxxxx.okta.com
else if (type.EndsWith("okta.com") && type.StartsWith("https://"))
{
return(new OktaAuthenticator(session, type));
}
var e = new SnowflakeDbException(SFError.UNKNOWN_AUTHENTICATOR, type);
logger.Error("Unknown authenticator", e);
throw e;
}
/// <summary>
/// Constructor of the Okta authenticator
/// </summary>
/// <param name="session"></param>
/// <param name="oktaUriString"></param>
internal OktaAuthenticator(SFSession session, string oktaUriString)
{
this.session = session;
oktaUrl = new Uri(oktaUriString);
}
/// <summary>
/// Constructor of the External authenticator
/// </summary>
/// <param name="session"></param>
internal ExternalBrowserAuthenticator(SFSession session) : base(session, AUTH_NAME)
{
}
internal BasicAuthenticator(SFSession session) : base(session, AUTH_NAME)
{
}
/// <summary>
/// Constructor of the External authenticator
/// </summary>
/// <param name="session"></param>
internal ExternalBrowserAuthenticator(SFSession session)
{
this.session = session;
}
/// <summary>
/// Constructor for the oauth authenticator.
/// </summary>
/// <param name="session">Session which created this authenticator</param>
internal OAuthAuthenticator(SFSession session) : base(session, AUTH_NAME)
{
this.session = session;
}
/// <summary>
/// The abstract base for all authenticators.
/// </summary>
/// <param name="session">The session which created the authenticator.</param>
public BaseAuthenticator(SFSession session, string authName)
{
this.session = session;
this.authName = authName;
}
/// <summary>
/// Constructor of the Okta authenticator
/// </summary>
/// <param name="session"></param>
/// <param name="oktaUriString"></param>
internal OktaAuthenticator(SFSession session, string oktaUriString) :
base(session, oktaUriString)
{
oktaUrl = new Uri(oktaUriString);
}
private void SetSession()
{
SfSession = new SFSession(ConnectionString, Password);
_connectionTimeout = SfSession.connectionTimeout;
_connectionState = ConnectionState.Connecting;
}
/// <summary>
/// Constructor for the Key-Pair authenticator.
/// </summary>
/// <param name="session">Session which created this authenticator</param>
internal KeyPairAuthenticator(SFSession session) : base(session, AUTH_NAME)
{
this.session = session;
this.rsaProvider = new RSACryptoServiceProvider();
}
internal OAuthAuthenticator(SFSession session)
{
this.session = session;
}
internal BasicAuthenticator(SFSession session)
{
this.session = session;
}
/// <summary>
/// Create a new SFsession with the connection string settings.
/// </summary>
/// <exception cref="SnowflakeDbException">If the connection string can't be processed</exception>
private void SetSession()
{
SfSession = new SFSession(ConnectionString, Password);
_connectionTimeout = (int)SfSession.connectionTimeout.TotalSeconds;
_connectionState = ConnectionState.Connecting;
}
