public void CreateAuthorizationRequest_should_have_expected_result() { var date = new DateTime(2020, 03, 12, 14, 23, 46); var accessKeyId = "permanentuser"; var secretAccessKey = "FAKEFAKEFAKEFAKEFAKEfakefakefakefakefake"; var salt = new byte[] { 64, 230, 20, 164, 223, 96, 92, 144, 3, 240, 27, 110, 97, 65, 200, 11, 157, 162, 141, 4, 149, 86, 91, 108, 189, 194, 100, 90, 249, 219, 155, 235, }; var host = "sts.amazonaws.com"; var expectedAuthorizationHeader = "AWS4-HMAC-SHA256 " + "Credential=permanentuser/20200312/us-east-1/sts/aws4_request, " + "SignedHeaders=content-length;content-type;host;x-amz-date;x-mongodb-gs2-cb-flag;x-mongodb-server-nonce, " + "Signature=6872b9199b47dc983a95f9113a096c9b4e63bb6ddf39030161b1f092ab616df2"; var expectedTimestamp = "20200312T142346Z"; AwsSignatureVersion4.CreateAuthorizationRequest( date, accessKeyId, SecureStringHelper.ToSecureString(secretAccessKey), sessionToken: null, salt, host, out var actualAuthorizationHeader, out var actualTimestamp); actualAuthorizationHeader.Should().Be(expectedAuthorizationHeader); actualTimestamp.Should().Be(expectedTimestamp); }
public void CreateAuthorizationRequest_with_session_token_should_have_expected_result() { var date = new DateTime(2020, 03, 12, 14, 23, 46); var accessKeyId = "permanentuser"; var secretAccessKey = "FAKEFAKEFAKEFAKEFAKEfakefakefakefakefake"; var sessionToken = "MXUpbuzwzPo67WKCNYtdBq47taFtIpt+SVx58hNx1/jSz37h9d67dtUOg0ejKrv83u8ai+VFZxMx="; var salt = new byte[] { 64, 230, 20, 164, 223, 96, 92, 144, 3, 240, 27, 110, 97, 65, 200, 11, 157, 162, 141, 4, 149, 86, 91, 108, 189, 194, 100, 90, 249, 219, 155, 235, }; var host = "sts.amazonaws.com"; var expectedAuthorizationHeader = "AWS4-HMAC-SHA256 " + "Credential=permanentuser/20200312/us-east-1/sts/aws4_request, " + "SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token;x-mongodb-gs2-cb-flag;x-mongodb-server-nonce, " + "Signature=d60ee7fe01c82631583a7534fe017e1840fd5975faf1593252e91c54573a93ae"; var expectedTimestamp = "20200312T142346Z"; AwsSignatureVersion4.CreateAuthorizationRequest( date, accessKeyId, SecureStringHelper.ToSecureString(secretAccessKey), sessionToken, salt, host, out var actualAuthorizationHeader, out var actualTimestamp); actualAuthorizationHeader.Should().Be(expectedAuthorizationHeader); actualTimestamp.Should().Be(expectedTimestamp); }
public void Authenticate_should_have_expected_result( [Values(false, true)] bool async) { var dateTime = DateTime.UtcNow; var clientNonce = __randomByteGenerator.Generate(ClientNonceLength); var serverNonce = Combine(clientNonce, __randomByteGenerator.Generate(ClientNonceLength)); var host = "sts.amazonaws.com"; var credential = new UsernamePasswordCredential("$external", "permanentuser", "FAKEFAKEFAKEFAKEFAKEfakefakefakefakefake"); AwsSignatureVersion4.CreateAuthorizationRequest( dateTime, credential.Username, credential.Password, null, serverNonce, host, out var authHeader, out var timestamp); var mockClock = new Mock <IClock>(); mockClock.Setup(x => x.UtcNow).Returns(dateTime); var mockRandomByteGenerator = new Mock <IRandomByteGenerator>(); mockRandomByteGenerator.Setup(x => x.Generate(It.IsAny <int>())).Returns(clientNonce); var expectedClientFirstMessage = new BsonDocument { { "r", clientNonce }, { "p", (int)'n' } }; var expectedClientSecondMessage = new BsonDocument { { "a", authHeader }, { "d", timestamp } }; var serverFirstMessage = new BsonDocument { { "s", serverNonce }, { "h", host } }; var saslStartCommandResponse = MessageHelper.BuildCommandResponse(RawBsonDocumentHelper.FromJson( $"{{ conversationId : 1, done : false, payload : BinData(0,\"{ToBase64(serverFirstMessage.ToBson())}\"), ok : 1 }}")); var saslContinueCommandResponse = MessageHelper.BuildCommandResponse(RawBsonDocumentHelper.FromJson( "{ conversationId : 1, done : true, payload : BinData(0,\"\"), ok : 1}")); var subject = new MongoAWSAuthenticator(credential, null, mockRandomByteGenerator.Object, mockClock.Object, serverApi: null); var connection = new MockConnection(__serverId); connection.EnqueueCommandResponseMessage(saslStartCommandResponse); connection.EnqueueCommandResponseMessage(saslContinueCommandResponse); connection.Description = __descriptionCommandWireProtocol; if (async) { subject.AuthenticateAsync(connection, __descriptionCommandWireProtocol, CancellationToken.None).GetAwaiter().GetResult(); } else { subject.Authenticate(connection, __descriptionCommandWireProtocol, CancellationToken.None); } SpinWait.SpinUntil(() => connection.GetSentMessages().Count >= 2, TimeSpan.FromSeconds(5)).Should().BeTrue(); var sentMessages = MessageHelper.TranslateMessagesToBsonDocuments(connection.GetSentMessages()); sentMessages.Count.Should().Be(2); var actualRequestId0 = sentMessages[0]["requestId"].AsInt32; var actualRequestId1 = sentMessages[1]["requestId"].AsInt32; var expectedFirstMessage = GetExpectedSaslStartCommandMessage(actualRequestId0, expectedClientFirstMessage); var expectedSecondMessage = GetExpectedSaslContinueCommandMessage(actualRequestId1, expectedClientSecondMessage); sentMessages[0].Should().Be(expectedFirstMessage); sentMessages[1].Should().Be(expectedSecondMessage); }
public void Authenticate_with_session_token_should_have_expected_result( [Values(false, true)] bool async) { var dateTime = DateTime.UtcNow; var clientNonce = __randomByteGenerator.Generate(ClientNonceLength); var serverNonce = Combine(clientNonce, __randomByteGenerator.Generate(ClientNonceLength)); var host = "sts.amazonaws.com"; var credential = new UsernamePasswordCredential("$external", "permanentuser", "FAKEFAKEFAKEFAKEFAKEfakefakefakefakefake"); var sessionToken = "MXUpbuzwzPo67WKCNYtdBq47taFtIpt+SVx58hNx1/jSz37h9d67dtUOg0ejKrv83u8ai+VFZxMx="; AwsSignatureVersion4.CreateAuthorizationRequest( dateTime, credential.Username, credential.Password, sessionToken, serverNonce, host, out var authorizationHeader, out var timestamp); var mockClock = new Mock <IClock>(); mockClock.Setup(x => x.UtcNow).Returns(dateTime); var mockRandomByteGenerator = new Mock <IRandomByteGenerator>(); mockRandomByteGenerator.Setup(x => x.Generate(It.IsAny <int>())).Returns(clientNonce); var expectedClientFirstMessage = new BsonDocument { { "r", clientNonce }, { "p", (int)'n' } }; var expectedClientSecondMessage = new BsonDocument { { "a", authorizationHeader }, { "d", timestamp }, { "t", sessionToken } }; var serverFirstMessage = new BsonDocument { { "s", serverNonce }, { "h", host } }; var saslStartReply = MessageHelper.BuildReply <RawBsonDocument>(RawBsonDocumentHelper.FromJson( $"{{ conversationId : 1, done : false, payload : BinData(0,\"{ToBase64(serverFirstMessage.ToBson())}\"), ok : 1}}")); var saslContinueReply = MessageHelper.BuildReply <RawBsonDocument>(RawBsonDocumentHelper.FromJson( "{ conversationId : 1, done : true, payload : BinData(0,\"\"), ok : 1}")); var properties = new[] { new KeyValuePair <string, string>("AWS_SESSION_TOKEN", sessionToken) }; var subject = new MongoAWSAuthenticator(credential, properties, mockRandomByteGenerator.Object, mockClock.Object, serverApi: null); var connection = new MockConnection(__serverId); connection.EnqueueReplyMessage(saslStartReply); connection.EnqueueReplyMessage(saslContinueReply); if (async) { subject.AuthenticateAsync(connection, __descriptionQueryWireProtocol, CancellationToken.None).GetAwaiter().GetResult(); } else { subject.Authenticate(connection, __descriptionQueryWireProtocol, CancellationToken.None); } SpinWait.SpinUntil(() => connection.GetSentMessages().Count >= 2, TimeSpan.FromSeconds(5)).Should().BeTrue(); var sentMessages = MessageHelper.TranslateMessagesToBsonDocuments(connection.GetSentMessages()); sentMessages.Count.Should().Be(2); var actualRequestId0 = sentMessages[0]["requestId"].AsInt32; var actualRequestId1 = sentMessages[1]["requestId"].AsInt32; var expectedFirstMessage = GetExpectedSaslStartQueryMessage(actualRequestId0, expectedClientFirstMessage); var expectedSecondMessage = GetExpectedSaslContinueQueryMessage(actualRequestId1, expectedClientSecondMessage); sentMessages[0].Should().Be(expectedFirstMessage); sentMessages[1].Should().Be(expectedSecondMessage); }