private ClientMessage EncodeAuthenticationRequest() { var serializationService = _client.SerializationService; var serializationVersion = serializationService.GetVersion(); var credentials = _client.CredentialsFactory.NewCredentials(); var clusterName = _client.ClientConfig.GetClusterName(); var dllVersion = VersionUtil.GetDllVersion(); var clientGuid = _client.ClientGuid; if (credentials is IPasswordCredentials passwordCredentials) { return(ClientAuthenticationCodec.EncodeRequest(clusterName, passwordCredentials.Name, passwordCredentials.Password, clientGuid, ClientTypeCsharp, serializationVersion, dllVersion, _client.Name, _labels)); } byte[] secretBytes; if (credentials is ITokenCredentials tokenCredentials) { secretBytes = tokenCredentials.Token; } else { secretBytes = serializationService.ToData(credentials).ToByteArray(); } return(ClientAuthenticationCustomCodec.EncodeRequest(clusterName, secretBytes, clientGuid, ClientTypeCsharp, serializationVersion, dllVersion, _client.Name, _labels)); }
private ClientMessage EncodeAuthenticationRequest() { var serializationService = _client.SerializationService; var serializationVersion = serializationService.GetVersion(); var credentials = _client.CredentialsFactory.NewCredentials(); var clusterName = _client.Configuration.ClusterName; var dllVersion = VersionUtil.GetDllVersion(); var clientGuid = _client.ClientGuid; switch (credentials) { case IPasswordCredentials passwordCredentials: return(ClientAuthenticationCodec.EncodeRequest(clusterName, passwordCredentials.Name, passwordCredentials.Password, clientGuid, ClientTypeCsharp, serializationVersion, dllVersion, _client.Name, _labels)); case ITokenCredentials tokenCredentials: return(ClientAuthenticationCustomCodec.EncodeRequest(clusterName, tokenCredentials.Token, clientGuid, ClientTypeCsharp, serializationVersion, dllVersion, _client.Name, _labels)); default: return(ClientAuthenticationCustomCodec.EncodeRequest(clusterName, serializationService.ToData(credentials).ToByteArray(), clientGuid, ClientTypeCsharp, serializationVersion, dllVersion, _client.Name, _labels)); } }
private void ManagerAuthenticator(ClientConnection connection) { Logger.Finest("Authenticating against the owner node"); var ss = _client.GetSerializationService(); string uuid = null; string ownerUuid = null; if (_principal != null) { uuid = _principal.GetUuid(); ownerUuid = _principal.GetOwnerUuid(); } ClientMessage request; if (_credentials is UsernamePasswordCredentials) { var usernamePasswordCr = (UsernamePasswordCredentials)_credentials; request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.GetUsername(), usernamePasswordCr.GetPassword(), uuid, ownerUuid, true, ClientTypes.Csharp, _client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion()); } else { var data = ss.ToData(_credentials); request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, false, ClientTypes.Csharp, _client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion()); } IClientMessage response; try { var invocationService = (ClientInvocationService)_client.GetInvocationService(); response = ThreadUtil.GetResult(invocationService.InvokeOnConnection(request, connection)); } catch (Exception e) { throw ExceptionUtil.Rethrow(e); } var result = ClientAuthenticationCodec.DecodeResponse(response); if (result.address == null) { throw new HazelcastException("Could not resolve address for owner node."); } var member = new Member(result.address, result.ownerUuid); _principal = new ClientPrincipal(result.uuid, result.ownerUuid); connection.Member = member; connection.SetOwner(); connection.ConnectedServerVersionStr = result.serverHazelcastVersion; }
// tries to authenticate // returns a result if successful // returns null if failed due to credentials (may want to retry) // throws if anything else went wrong private async ValueTask <AuthenticationResult> TryAuthenticateAsync(MemberConnection client, string clusterName, Guid clusterClientId, string clusterClientName, ISet <string> labels, ICredentialsFactory credentialsFactory, CancellationToken cancellationToken) { const string clientType = "CSP"; // CSharp var serializationVersion = _serializationService.GetVersion(); var clientVersion = ClientVersion; var credentials = credentialsFactory.NewCredentials(); ClientMessage requestMessage; switch (credentials) { case IPasswordCredentials passwordCredentials: requestMessage = ClientAuthenticationCodec.EncodeRequest(clusterName, passwordCredentials.Name, passwordCredentials.Password, clusterClientId, clientType, serializationVersion, clientVersion, clusterClientName, labels); break; case ITokenCredentials tokenCredentials: requestMessage = ClientAuthenticationCustomCodec.EncodeRequest(clusterName, tokenCredentials.GetToken(), clusterClientId, clientType, serializationVersion, clientVersion, clusterClientName, labels); break; default: var bytes = _serializationService.ToData(credentials).ToByteArray(); requestMessage = ClientAuthenticationCustomCodec.EncodeRequest(clusterName, bytes, clusterClientId, clientType, serializationVersion, clientVersion, clusterClientName, labels); break; } cancellationToken.ThrowIfCancellationRequested(); HConsole.WriteLine(this, "Send auth request"); var responseMessage = await client.SendAsync(requestMessage).CfAwait(); HConsole.WriteLine(this, "Rcvd auth response"); var response = ClientAuthenticationCodec.DecodeResponse(responseMessage); HConsole.WriteLine(this, "Auth response is: " + (AuthenticationStatus)response.Status); return((AuthenticationStatus)response.Status switch { AuthenticationStatus.Authenticated => new AuthenticationResult(response.ClusterId, response.MemberUuid, response.Address, response.ServerHazelcastVersion, response.FailoverSupported, response.PartitionCount, response.SerializationVersion, credentials.Name), AuthenticationStatus.CredentialsFailed => null, // could want to retry AuthenticationStatus.NotAllowedInCluster => throw new AuthenticationException("Client is not allowed in cluster."), AuthenticationStatus.SerializationVersionMismatch => throw new AuthenticationException("Serialization mismatch."), _ => throw new AuthenticationException($"Received unsupported status code {response.Status}.") });
private void ClusterAuthenticator(ClientConnection connection) { var ss = _client.GetSerializationService(); var clusterService = (ClientClusterService)_client.GetClientClusterService(); var principal = clusterService.GetPrincipal(); var uuid = principal.GetUuid(); var ownerUuid = principal.GetOwnerUuid(); ClientMessage request; var usernamePasswordCr = _credentials as UsernamePasswordCredentials; if (usernamePasswordCr != null) { request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.GetUsername(), usernamePasswordCr.GetPassword(), uuid, ownerUuid, false, ClientTypes.Csharp, _client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion()); } else { var data = ss.ToData(_credentials); request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, false, ClientTypes.Csharp, _client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion()); } IClientMessage response; try { var future = ((ClientInvocationService)_client.GetInvocationService()).InvokeOnConnection(request, connection); response = ThreadUtil.GetResult(future); } catch (Exception e) { throw ExceptionUtil.Rethrow(e); } var rp = ClientAuthenticationCodec.DecodeResponse(response); if (rp.address == null) { throw new HazelcastException("Could not resolve address for member."); } var member = _client.GetClientClusterService().GetMember(rp.address); if (member == null) { throw new HazelcastException("Node with address '" + rp.address + "' was not found in the member list"); } connection.Member = member; }
private void AuthenticateOnCluster(Connection connection) { var request = EncodeAuthenticationRequest(); var future = _client.InvocationService.InvokeOnConnection(request, connection); ClientAuthenticationCodec.ResponseParameters response; try { var responseMsg = ThreadUtil.GetResult(future, _authenticationTimeout); response = ClientAuthenticationCodec.DecodeResponse(responseMsg); } catch (Exception e) { connection.Close("Failed to authenticate connection", e); throw Rethrow(e); } var authenticationStatus = (AuthenticationStatus)response.Status; switch (authenticationStatus) { case AuthenticationStatus.Authenticated: HandleSuccessfulAuth(connection, response); break; case AuthenticationStatus.CredentialsFailed: var authException = new AuthenticationException("Invalid credentials!"); connection.Close("Failed to authenticate connection", authException); throw authException; case AuthenticationStatus.NotAllowedInCluster: var notAllowedException = new ClientNotAllowedInClusterException("Client is not allowed in the cluster"); connection.Close("Failed to authenticate connection", notAllowedException); throw notAllowedException; case AuthenticationStatus.SerializationVersionMismatch: var operationException = new InvalidOperationException("Server serialization version does not match to client"); connection.Close("Failed to authenticate connection", operationException); throw operationException; default: var exception = new AuthenticationException("Authentication status code not supported. status: " + authenticationStatus); connection.Close("Failed to authenticate connection", exception); throw exception; } }
public async Task Auth() { // need to start a real server (not the RC thing!) //var address = NetworkAddress.Parse("sgay-l4"); var address = NetworkAddress.Parse("localhost"); HConsole.Configure(this, config => config.SetIndent(0).SetPrefix("TEST")); HConsole.WriteLine(this, "Begin"); HConsole.WriteLine(this, "Start client "); var client1 = new MemberConnection(address, new MessagingOptions(), new SocketOptions(), new SslOptions(), new Int64Sequence(), new NullLoggerFactory()); await client1.ConnectAsync(CancellationToken.None).CAF(); // RC assigns a GUID but the default cluster name is 'dev' var clusterName = "dev"; var username = (string)null; // null var password = (string)null; // null var clientId = Guid.NewGuid(); var clientType = "CSP"; // CSharp var serializationVersion = (byte)0x01; var clientVersion = "4.0"; var clientName = "hz.client_0"; var labels = new HashSet <string>(); var requestMessage = ClientAuthenticationCodec.EncodeRequest(clusterName, username, password, clientId, clientType, serializationVersion, clientVersion, clientName, labels); HConsole.WriteLine(this, "Send auth request"); var invocation = new Invocation(requestMessage, new MessagingOptions(), null, CancellationToken.None); var responseMessage = await client1.SendAsync(invocation, CancellationToken.None).CAF(); HConsole.WriteLine(this, "Rcvd auth response " + HConsole.Lines(this, 1, responseMessage.Dump())); var response = ClientAuthenticationCodec.DecodeResponse(responseMessage); var status = (AuthenticationStatus)response.Status; NUnit.Framework.Assert.AreEqual(AuthenticationStatus.Authenticated, status); HConsole.WriteLine(this, "Stop client"); await client1.DisposeAsync().CAF(); HConsole.WriteLine(this, "End"); await Task.Delay(100).CAF(); }
private void Authenticate(ClientConnection connection, bool isOwnerConnection) { if (Logger.IsFinestEnabled()) { Logger.Finest(string.Format("Authenticating against the {0} node", isOwnerConnection?"owner":"non-owner")); } string uuid = null; string ownerUuid = null; if (ClientPrincipal != null) { uuid = ClientPrincipal.GetUuid(); ownerUuid = ClientPrincipal.GetOwnerUuid(); } var ss = _client.GetSerializationService(); ClientMessage request; var credentials = _credentialsFactory.NewCredentials(); LastCredentials = credentials; if (credentials.GetType() == typeof(UsernamePasswordCredentials)) { var usernamePasswordCr = (UsernamePasswordCredentials)credentials; request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.Username, usernamePasswordCr.Password, uuid, ownerUuid, isOwnerConnection, ClientTypes.Csharp, ss.GetVersion(), VersionUtil.GetDllVersion()); } else { var data = ss.ToData(credentials); request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, isOwnerConnection, ClientTypes.Csharp, ss.GetVersion(), VersionUtil.GetDllVersion()); } IClientMessage response; try { var invocationService = (ClientInvocationService)_client.GetInvocationService(); response = ThreadUtil.GetResult(invocationService.InvokeOnConnection(request, connection), _heartbeatTimeout); } catch (Exception e) { var ue = ExceptionUtil.Rethrow(e); Logger.Finest("Member returned an exception during authentication.", ue); throw ue; } var result = ClientAuthenticationCodec.DecodeResponse(response); if (result.address == null) { throw new HazelcastException("Could not resolve address for member."); } switch (result.status) { case AuthenticationStatus.Authenticated: if (isOwnerConnection) { var member = new Member(result.address, result.ownerUuid); ClientPrincipal = new ClientPrincipal(result.uuid, result.ownerUuid); connection.Member = member; connection.SetOwner(); connection.ConnectedServerVersionStr = result.serverHazelcastVersion; } else { var member = _client.GetClientClusterService().GetMember(result.address); if (member == null) { throw new HazelcastException(string.Format("Node with address '{0}' was not found in the member list", result.address)); } connection.Member = member; } break; case AuthenticationStatus.CredentialsFailed: throw new AuthenticationException("Invalid credentials! Principal: " + ClientPrincipal); case AuthenticationStatus.SerializationVersionMismatch: throw new InvalidOperationException("Server serialization version does not match to client"); default: throw new AuthenticationException("Authentication status code not supported. status: " + result.status); } }