public void CreateAuthorizationRequest_with_session_token_should_have_expected_result()
{
var date = new DateTime(2020, 03, 12, 14, 23, 46);
var accessKeyId = "permanentuser";
var secretAccessKey = "FAKEFAKEFAKEFAKEFAKEfakefakefakefakefake";
var sessionToken = "MXUpbuzwzPo67WKCNYtdBq47taFtIpt+SVx58hNx1/jSz37h9d67dtUOg0ejKrv83u8ai+VFZxMx=";
var salt = new byte[] { 64, 230, 20, 164, 223, 96, 92, 144, 3, 240, 27, 110, 97, 65, 200, 11, 157, 162, 141, 4, 149, 86, 91, 108, 189, 194, 100, 90, 249, 219, 155, 235, };
var host = "sts.amazonaws.com";
var expectedAuthorizationHeader = "AWS4-HMAC-SHA256 " +
"Credential=permanentuser/20200312/us-east-1/sts/aws4_request, " +
"SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token;x-mongodb-gs2-cb-flag;x-mongodb-server-nonce, " +
"Signature=d60ee7fe01c82631583a7534fe017e1840fd5975faf1593252e91c54573a93ae";
var expectedTimestamp = "20200312T142346Z";
AwsSignatureVersion4.CreateAuthorizationRequest(
date,
accessKeyId,
SecureStringHelper.ToSecureString(secretAccessKey),
sessionToken,
salt,
host,
out var actualAuthorizationHeader,
out var actualTimestamp);
actualAuthorizationHeader.Should().Be(expectedAuthorizationHeader);
actualTimestamp.Should().Be(expectedTimestamp);
}
private static AwsCredentials CreateAwsCredentialsFromEnvironmentVariables()
{
var accessKeyId = Environment.GetEnvironmentVariable("AWS_ACCESS_KEY_ID");
var secretAccessKey = Environment.GetEnvironmentVariable("AWS_SECRET_ACCESS_KEY");
var sessionToken = Environment.GetEnvironmentVariable("AWS_SESSION_TOKEN");
if (accessKeyId == null && secretAccessKey == null && sessionToken == null)
{
return(null);
}
if (secretAccessKey != null && accessKeyId == null)
{
throw new InvalidOperationException("When using MONGODB-AWS authentication if a secret access key is provided via environment variables then an access key ID must be provided also.");
}
if (accessKeyId != null && secretAccessKey == null)
{
throw new InvalidOperationException("When using MONGODB-AWS authentication if an access key ID is provided via environment variables then a secret access key must be provided also.");
}
if (sessionToken != null && (accessKeyId == null || secretAccessKey == null))
{
throw new InvalidOperationException("When using MONGODB-AWS authentication if a session token is provided via environment variables then an access key ID and a secret access key must be provided also.");
}
return(new AwsCredentials(accessKeyId, SecureStringHelper.ToSecureString(secretAccessKey), sessionToken));
}
public void CreateAuthorizationRequest_should_have_expected_result()
{
var date = new DateTime(2020, 03, 12, 14, 23, 46);
var accessKeyId = "permanentuser";
var secretAccessKey = "FAKEFAKEFAKEFAKEFAKEfakefakefakefakefake";
var salt = new byte[] { 64, 230, 20, 164, 223, 96, 92, 144, 3, 240, 27, 110, 97, 65, 200, 11, 157, 162, 141, 4, 149, 86, 91, 108, 189, 194, 100, 90, 249, 219, 155, 235, };
var host = "sts.amazonaws.com";
var expectedAuthorizationHeader = "AWS4-HMAC-SHA256 " +
"Credential=permanentuser/20200312/us-east-1/sts/aws4_request, " +
"SignedHeaders=content-length;content-type;host;x-amz-date;x-mongodb-gs2-cb-flag;x-mongodb-server-nonce, " +
"Signature=6872b9199b47dc983a95f9113a096c9b4e63bb6ddf39030161b1f092ab616df2";
var expectedTimestamp = "20200312T142346Z";
AwsSignatureVersion4.CreateAuthorizationRequest(
date,
accessKeyId,
SecureStringHelper.ToSecureString(secretAccessKey),
sessionToken: null,
salt,
host,
out var actualAuthorizationHeader,
out var actualTimestamp);
actualAuthorizationHeader.Should().Be(expectedAuthorizationHeader);
actualTimestamp.Should().Be(expectedTimestamp);
}
/// <summary>
/// Adds a sink that sends log events to YouTrack.
/// </summary>
/// <param name="sinkConfiguration">The logger configuration.</param>
/// <param name="youTrackEndpoint">YouTrack base address.</param>
/// <param name="user">Username that is used to authenticate to YouTrack.</param>
/// <param name="password">Password that is used to authenticate to YouTrack.</param>
/// <param name="reportingConfiguration">Configure reporting parameters such as YouTrack project, issue types and templates. Project needs to always be configured.</param>
/// <param name="restrictedToMinimumLevel">The minimum log event level required in order to write an event to the sink.</param>///
/// <returns>Logger configuration, allowing configuration to continue.</returns>
public static LoggerConfiguration YouTrack(this LoggerSinkConfiguration sinkConfiguration, Uri youTrackEndpoint,
string user, string password,
Action <IYouTrackReportingConfigurationExpressions> reportingConfiguration, LogEventLevel restrictedToMinimumLevel = LevelAlias.Minimum)
{
return(YouTrack(sinkConfiguration, youTrackEndpoint, user, SecureStringHelper.ToSecureString(password),
reportingConfiguration, restrictedToMinimumLevel));
}
public void Should_acquire_gssapi_security_credential_with_username_and_password()
{
RequireEnvironment.Check().EnvironmentVariable("GSSAPI_TESTS_ENABLED");
var securePassword = SecureStringHelper.ToSecureString(_password);
var credential = GssapiSecurityCredential.Acquire(_username, securePassword);
credential.Should().NotBeNull();
}
private static AwsCredentials CreateAwsCredentialsFromEc2Response()
{
var response = AwsHttpClientHelper.GetEC2ResponseAsync().GetAwaiter().GetResult();
var parsedResponse = BsonDocument.Parse(response);
var accessKeyId = parsedResponse.GetValue("AccessKeyId", null)?.AsString;
var secretAccessKey = parsedResponse.GetValue("SecretAccessKey", null)?.AsString;
var sessionToken = parsedResponse.GetValue("Token", null)?.AsString;
return(new AwsCredentials(accessKeyId, SecureStringHelper.ToSecureString(secretAccessKey), sessionToken));
}
/// <summary>
/// Initializes a new instance of the <see cref="UsernamePasswordCredential"/> class.
/// Less secure when used in conjunction with SCRAM-SHA-256, due to the need to store the password in a managed
/// string in order to SaslPrep it.
/// See <a href="https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst#scram-sha-256">Driver Authentication: SCRAM-SHA-256</a>
/// for additional details.
/// </summary>
/// <param name="source">The source.</param>
/// <param name="username">The username.</param>
/// <param name="password">The password.</param>
public UsernamePasswordCredential(string source, string username, SecureString password)
{
_source = Ensure.IsNotNullOrEmpty(source, nameof(source));
_username = Ensure.IsNotNullOrEmpty(username, nameof(username));
_password = Ensure.IsNotNull(password, nameof(password));
// defer computing the saslPreppedPassword until we need to since this will leak the password into managed
// memory
_saslPreppedPassword = new Lazy <SecureString>(
() => SecureStringHelper.ToSecureString(SaslPrepHelper.SaslPrepStored(GetInsecurePassword())));
}
// constructors
/// <summary>
/// Initializes a new instance of the <see cref="UsernamePasswordCredential"/> class.
/// </summary>
/// <param name="source">The source.</param>
/// <param name="username">The username.</param>
/// <param name="password">The password.</param>
public UsernamePasswordCredential(string source, string username, string password)
: this(source, username, SecureStringHelper.ToSecureString(password))
{
// Compute saslPreppedPassword immediately and store it securely while the password is already in
// managed memory. We don't create a closure over the password so that it will hopefully get
// garbage-collected sooner rather than later.
var saslPreppedPassword = SecureStringHelper.ToSecureString(SaslPrepHelper.SaslPrepStored(password));
_saslPreppedPassword = new Lazy <SecureString>(() => saslPreppedPassword);
}
public void Should_fail_to_acquire_gssapi_security_credential_with_username_and_bad_password()
{
RequireEnvironment.Check().EnvironmentVariable("GSSAPI_TESTS_ENABLED");
var securePassword = SecureStringHelper.ToSecureString("BADPASSWORD");
var exception = Record.Exception(() => GssapiSecurityCredential.Acquire(_username, securePassword));
exception.Should().BeOfType <LibgssapiException>();
}
private static AwsCredentials CreateAwsCredentialsFromEcsResponse()
{
var relativeUri = Environment.GetEnvironmentVariable("AWS_CONTAINER_CREDENTIALS_RELATIVE_URI");
if (relativeUri == null)
{
return(null);
}
var response = AwsHttpClientHelper.GetECSResponseAsync(relativeUri).GetAwaiter().GetResult();
var parsedResponse = BsonDocument.Parse(response);
var accessKeyId = parsedResponse.GetValue("AccessKeyId", null)?.AsString;
var secretAccessKey = parsedResponse.GetValue("SecretAccessKey", null)?.AsString;
var sessionToken = parsedResponse.GetValue("Token", null)?.AsString;
return(new AwsCredentials(accessKeyId, SecureStringHelper.ToSecureString(secretAccessKey), sessionToken));
}
private void InitConnectionStringMap(bool useHttps)
{
this.connectionStringMap = new Dictionary <string, SecureString>();
for (int i = 0; i < this.rtableTestConfiguration.StorageInformation.AccountNames.Count(); i++)
{
string connectionString = string.Format(Constants.LongConnectioStringTemplate,
useHttps ? "https" : "http",
this.rtableTestConfiguration.StorageInformation.AccountNames[i],
this.rtableTestConfiguration.StorageInformation.AccountKeys[i],
this.rtableTestConfiguration.StorageInformation.DomainName);
this.connectionStringMap.Add(
this.rtableTestConfiguration.StorageInformation.AccountNames[i],
SecureStringHelper.ToSecureString(connectionString));
}
}
public static void Main(string[] args)
{
ConfigurationAgentArguments parsedArguments = new ConfigurationAgentArguments();
List <ConfigurationStoreLocationInfo> configLocationInfo = new List <ConfigurationStoreLocationInfo>();
List <ReplicaInfo> replicaChain = new List <ReplicaInfo>();
Dictionary <string, SecureString> connectionStringMap = new Dictionary <string, SecureString>();
if (Parser.ParseArgumentsWithUsage(args, parsedArguments))
{
Console.WriteLine("The storage accounts for configuration store are:");
for (int i = 0; i < parsedArguments.configStoreAccountName.Length; i++)
{
Console.WriteLine("Account Name: {0}, Account Key: {1}", parsedArguments.configStoreAccountName[i], parsedArguments.configStoreAccountKey[i]);
configLocationInfo.Add(new ConfigurationStoreLocationInfo()
{
StorageAccountName = parsedArguments.configStoreAccountName[i],
StorageAccountKey = parsedArguments.configStoreAccountKey[i],
BlobPath = Constants.RTableConfigurationBlobLocationContainerName + "/" + parsedArguments.configLocation
});
}
Console.WriteLine("The Replica Chain is:");
for (int i = 0; i < parsedArguments.replicaChainAccountName.Length; i++)
{
if (i != parsedArguments.replicaChainAccountName.Length - 1)
{
Console.Write("{0} -> ", parsedArguments.replicaChainAccountName[i]);
}
else
{
Console.WriteLine("{0}", parsedArguments.replicaChainAccountName[i]);
}
replicaChain.Add(new ReplicaInfo()
{
StorageAccountName = parsedArguments.replicaChainAccountName[i]
});
// connection strings (use short format)
string connectionString = string.Format(Constants.ShortConnectioStringTemplate,
"http",
parsedArguments.replicaChainAccountName[i],
parsedArguments.replicaChainAccountKey[i]);
connectionStringMap.Add(
parsedArguments.replicaChainAccountName[i],
SecureStringHelper.ToSecureString(connectionString));
}
Console.WriteLine("The head index in read view is : {0}", parsedArguments.readViewHeadIndex);
if (parsedArguments.readViewHeadIndex == 0)
{
Console.WriteLine("The read and write views are identical.");
}
else
{
Console.WriteLine("The read and write views are different.");
}
}
Console.WriteLine("Updating the configuration store...");
ReplicatedTableConfigurationService agent = new ReplicatedTableConfigurationService(configLocationInfo, connectionStringMap, false);
agent.UpdateConfiguration(replicaChain, parsedArguments.readViewHeadIndex, parsedArguments.convertXStoreTableMode);
Console.WriteLine("Done updating the configuration store");
Console.WriteLine("New Read View is:");
View readView = agent.GetReadView();
for (int i = 0; i < readView.Chain.Count; i++)
{
Console.WriteLine("{0} -> ", readView.GetReplicaInfo(i));
}
Console.WriteLine("New Write View is:");
View writeView = agent.GetWriteView();
for (int i = 0; i < writeView.Chain.Count; i++)
{
Console.Write("{0} -> ", writeView.GetReplicaInfo(i));
}
}
/// <summary>
/// Adds a sink that sends log events to YouTrack.
/// </summary>
/// <param name="sinkConfiguration">The logger configuration.</param>
/// <param name="youTrackEndpoint">YouTrack base address.</param>
/// <param name="user">Username that is used to authenticate to YouTrack.</param>
/// <param name="password">Password that is used to authenticate to YouTrack.</param>
/// <param name="project">YouTrack project ID identifying the project to which issues are created to.</param>
/// <returns>Logger configuration, allowing configuration to continue.</returns>
public static LoggerConfiguration YouTrack(this LoggerSinkConfiguration sinkConfiguration, Uri youTrackEndpoint,
string user, string password, string project)
{
return(YouTrack(sinkConfiguration, youTrackEndpoint, user, SecureStringHelper.ToSecureString(password), project));
}