private ClientMessage EncodeAuthenticationRequest()
{
var serializationService = _client.SerializationService;
var serializationVersion = serializationService.GetVersion();
var credentials = _client.CredentialsFactory.NewCredentials();
var clusterName = _client.ClientConfig.GetClusterName();
var dllVersion = VersionUtil.GetDllVersion();
var clientGuid = _client.ClientGuid;
if (credentials is IPasswordCredentials passwordCredentials)
{
return(ClientAuthenticationCodec.EncodeRequest(clusterName, passwordCredentials.Name,
passwordCredentials.Password, clientGuid, ClientTypeCsharp, serializationVersion, dllVersion, _client.Name,
_labels));
}
byte[] secretBytes;
if (credentials is ITokenCredentials tokenCredentials)
{
secretBytes = tokenCredentials.Token;
}
else
{
secretBytes = serializationService.ToData(credentials).ToByteArray();
}
return(ClientAuthenticationCustomCodec.EncodeRequest(clusterName, secretBytes, clientGuid, ClientTypeCsharp,
serializationVersion, dllVersion, _client.Name, _labels));
}
private ClientMessage EncodeAuthenticationRequest()
{
var serializationService = _client.SerializationService;
var serializationVersion = serializationService.GetVersion();
var credentials = _client.CredentialsFactory.NewCredentials();
var clusterName = _client.Configuration.ClusterName;
var dllVersion = VersionUtil.GetDllVersion();
var clientGuid = _client.ClientGuid;
switch (credentials)
{
case IPasswordCredentials passwordCredentials:
return(ClientAuthenticationCodec.EncodeRequest(clusterName,
passwordCredentials.Name, passwordCredentials.Password,
clientGuid, ClientTypeCsharp, serializationVersion, dllVersion, _client.Name, _labels));
case ITokenCredentials tokenCredentials:
return(ClientAuthenticationCustomCodec.EncodeRequest(clusterName,
tokenCredentials.Token,
clientGuid, ClientTypeCsharp, serializationVersion, dllVersion, _client.Name, _labels));
default:
return(ClientAuthenticationCustomCodec.EncodeRequest(clusterName,
serializationService.ToData(credentials).ToByteArray(),
clientGuid, ClientTypeCsharp, serializationVersion, dllVersion, _client.Name, _labels));
}
}
private void ManagerAuthenticator(ClientConnection connection)
{
Logger.Finest("Authenticating against the owner node");
var ss = _client.GetSerializationService();
string uuid = null;
string ownerUuid = null;
if (_principal != null)
{
uuid = _principal.GetUuid();
ownerUuid = _principal.GetOwnerUuid();
}
ClientMessage request;
if (_credentials is UsernamePasswordCredentials)
{
var usernamePasswordCr = (UsernamePasswordCredentials)_credentials;
request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.GetUsername(),
usernamePasswordCr.GetPassword(), uuid, ownerUuid, true, ClientTypes.Csharp,
_client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion());
}
else
{
var data = ss.ToData(_credentials);
request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, false, ClientTypes.Csharp,
_client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion());
}
IClientMessage response;
try
{
var invocationService = (ClientInvocationService)_client.GetInvocationService();
response = ThreadUtil.GetResult(invocationService.InvokeOnConnection(request, connection));
}
catch (Exception e)
{
throw ExceptionUtil.Rethrow(e);
}
var result = ClientAuthenticationCodec.DecodeResponse(response);
if (result.address == null)
{
throw new HazelcastException("Could not resolve address for owner node.");
}
var member = new Member(result.address, result.ownerUuid);
_principal = new ClientPrincipal(result.uuid, result.ownerUuid);
connection.Member = member;
connection.SetOwner();
connection.ConnectedServerVersionStr = result.serverHazelcastVersion;
}
// tries to authenticate
// returns a result if successful
// returns null if failed due to credentials (may want to retry)
// throws if anything else went wrong
private async ValueTask <AuthenticationResult> TryAuthenticateAsync(MemberConnection client, string clusterName, Guid clusterClientId, string clusterClientName, ISet <string> labels, ICredentialsFactory credentialsFactory, CancellationToken cancellationToken)
{
const string clientType = "CSP"; // CSharp
var serializationVersion = _serializationService.GetVersion();
var clientVersion = ClientVersion;
var credentials = credentialsFactory.NewCredentials();
ClientMessage requestMessage;
switch (credentials)
{
case IPasswordCredentials passwordCredentials:
requestMessage = ClientAuthenticationCodec.EncodeRequest(clusterName, passwordCredentials.Name, passwordCredentials.Password, clusterClientId, clientType, serializationVersion, clientVersion, clusterClientName, labels);
break;
case ITokenCredentials tokenCredentials:
requestMessage = ClientAuthenticationCustomCodec.EncodeRequest(clusterName, tokenCredentials.GetToken(), clusterClientId, clientType, serializationVersion, clientVersion, clusterClientName, labels);
break;
default:
var bytes = _serializationService.ToData(credentials).ToByteArray();
requestMessage = ClientAuthenticationCustomCodec.EncodeRequest(clusterName, bytes, clusterClientId, clientType, serializationVersion, clientVersion, clusterClientName, labels);
break;
}
cancellationToken.ThrowIfCancellationRequested();
HConsole.WriteLine(this, "Send auth request");
var responseMessage = await client.SendAsync(requestMessage).CfAwait();
HConsole.WriteLine(this, "Rcvd auth response");
var response = ClientAuthenticationCodec.DecodeResponse(responseMessage);
HConsole.WriteLine(this, "Auth response is: " + (AuthenticationStatus)response.Status);
return((AuthenticationStatus)response.Status switch
{
AuthenticationStatus.Authenticated
=> new AuthenticationResult(response.ClusterId, response.MemberUuid, response.Address, response.ServerHazelcastVersion, response.FailoverSupported, response.PartitionCount, response.SerializationVersion, credentials.Name),
AuthenticationStatus.CredentialsFailed
=> null, // could want to retry
AuthenticationStatus.NotAllowedInCluster
=> throw new AuthenticationException("Client is not allowed in cluster."),
AuthenticationStatus.SerializationVersionMismatch
=> throw new AuthenticationException("Serialization mismatch."),
_ => throw new AuthenticationException($"Received unsupported status code {response.Status}.")
});
private void ClusterAuthenticator(ClientConnection connection)
{
var ss = _client.GetSerializationService();
var clusterService = (ClientClusterService)_client.GetClientClusterService();
var principal = clusterService.GetPrincipal();
var uuid = principal.GetUuid();
var ownerUuid = principal.GetOwnerUuid();
ClientMessage request;
var usernamePasswordCr = _credentials as UsernamePasswordCredentials;
if (usernamePasswordCr != null)
{
request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.GetUsername(),
usernamePasswordCr.GetPassword(), uuid, ownerUuid, false,
ClientTypes.Csharp, _client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion());
}
else
{
var data = ss.ToData(_credentials);
request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, false,
ClientTypes.Csharp, _client.GetSerializationService().GetVersion(), VersionUtil.GetDllVersion());
}
IClientMessage response;
try
{
var future = ((ClientInvocationService)_client.GetInvocationService()).InvokeOnConnection(request,
connection);
response = ThreadUtil.GetResult(future);
}
catch (Exception e)
{
throw ExceptionUtil.Rethrow(e);
}
var rp = ClientAuthenticationCodec.DecodeResponse(response);
if (rp.address == null)
{
throw new HazelcastException("Could not resolve address for member.");
}
var member = _client.GetClientClusterService().GetMember(rp.address);
if (member == null)
{
throw new HazelcastException("Node with address '" + rp.address + "' was not found in the member list");
}
connection.Member = member;
}
private void AuthenticateOnCluster(Connection connection)
{
var request = EncodeAuthenticationRequest();
var future = _client.InvocationService.InvokeOnConnection(request, connection);
ClientAuthenticationCodec.ResponseParameters response;
try
{
var responseMsg = ThreadUtil.GetResult(future, _authenticationTimeout);
response = ClientAuthenticationCodec.DecodeResponse(responseMsg);
}
catch (Exception e)
{
connection.Close("Failed to authenticate connection", e);
throw Rethrow(e);
}
var authenticationStatus = (AuthenticationStatus)response.Status;
switch (authenticationStatus)
{
case AuthenticationStatus.Authenticated:
HandleSuccessfulAuth(connection, response);
break;
case AuthenticationStatus.CredentialsFailed:
var authException = new AuthenticationException("Invalid credentials!");
connection.Close("Failed to authenticate connection", authException);
throw authException;
case AuthenticationStatus.NotAllowedInCluster:
var notAllowedException = new ClientNotAllowedInClusterException("Client is not allowed in the cluster");
connection.Close("Failed to authenticate connection", notAllowedException);
throw notAllowedException;
case AuthenticationStatus.SerializationVersionMismatch:
var operationException =
new InvalidOperationException("Server serialization version does not match to client");
connection.Close("Failed to authenticate connection", operationException);
throw operationException;
default:
var exception =
new AuthenticationException("Authentication status code not supported. status: " + authenticationStatus);
connection.Close("Failed to authenticate connection", exception);
throw exception;
}
}
public async Task Auth()
{
// need to start a real server (not the RC thing!)
//var address = NetworkAddress.Parse("sgay-l4");
var address = NetworkAddress.Parse("localhost");
HConsole.Configure(this, config => config.SetIndent(0).SetPrefix("TEST"));
HConsole.WriteLine(this, "Begin");
HConsole.WriteLine(this, "Start client ");
var client1 = new MemberConnection(address, new MessagingOptions(), new SocketOptions(), new SslOptions(), new Int64Sequence(), new NullLoggerFactory());
await client1.ConnectAsync(CancellationToken.None).CAF();
// RC assigns a GUID but the default cluster name is 'dev'
var clusterName = "dev";
var username = (string)null; // null
var password = (string)null; // null
var clientId = Guid.NewGuid();
var clientType = "CSP"; // CSharp
var serializationVersion = (byte)0x01;
var clientVersion = "4.0";
var clientName = "hz.client_0";
var labels = new HashSet <string>();
var requestMessage = ClientAuthenticationCodec.EncodeRequest(clusterName, username, password, clientId, clientType, serializationVersion, clientVersion, clientName, labels);
HConsole.WriteLine(this, "Send auth request");
var invocation = new Invocation(requestMessage, new MessagingOptions(), null, CancellationToken.None);
var responseMessage = await client1.SendAsync(invocation, CancellationToken.None).CAF();
HConsole.WriteLine(this, "Rcvd auth response " +
HConsole.Lines(this, 1, responseMessage.Dump()));
var response = ClientAuthenticationCodec.DecodeResponse(responseMessage);
var status = (AuthenticationStatus)response.Status;
NUnit.Framework.Assert.AreEqual(AuthenticationStatus.Authenticated, status);
HConsole.WriteLine(this, "Stop client");
await client1.DisposeAsync().CAF();
HConsole.WriteLine(this, "End");
await Task.Delay(100).CAF();
}
private void Authenticate(ClientConnection connection, bool isOwnerConnection)
{
if (Logger.IsFinestEnabled())
{
Logger.Finest(string.Format("Authenticating against the {0} node", isOwnerConnection?"owner":"non-owner"));
}
string uuid = null;
string ownerUuid = null;
if (ClientPrincipal != null)
{
uuid = ClientPrincipal.GetUuid();
ownerUuid = ClientPrincipal.GetOwnerUuid();
}
var ss = _client.GetSerializationService();
ClientMessage request;
var credentials = _credentialsFactory.NewCredentials();
LastCredentials = credentials;
if (credentials.GetType() == typeof(UsernamePasswordCredentials))
{
var usernamePasswordCr = (UsernamePasswordCredentials)credentials;
request = ClientAuthenticationCodec.EncodeRequest(usernamePasswordCr.Username, usernamePasswordCr.Password, uuid,
ownerUuid, isOwnerConnection, ClientTypes.Csharp, ss.GetVersion(), VersionUtil.GetDllVersion());
}
else
{
var data = ss.ToData(credentials);
request = ClientAuthenticationCustomCodec.EncodeRequest(data, uuid, ownerUuid, isOwnerConnection,
ClientTypes.Csharp, ss.GetVersion(), VersionUtil.GetDllVersion());
}
IClientMessage response;
try
{
var invocationService = (ClientInvocationService)_client.GetInvocationService();
response = ThreadUtil.GetResult(invocationService.InvokeOnConnection(request, connection), _heartbeatTimeout);
}
catch (Exception e)
{
var ue = ExceptionUtil.Rethrow(e);
Logger.Finest("Member returned an exception during authentication.", ue);
throw ue;
}
var result = ClientAuthenticationCodec.DecodeResponse(response);
if (result.address == null)
{
throw new HazelcastException("Could not resolve address for member.");
}
switch (result.status)
{
case AuthenticationStatus.Authenticated:
if (isOwnerConnection)
{
var member = new Member(result.address, result.ownerUuid);
ClientPrincipal = new ClientPrincipal(result.uuid, result.ownerUuid);
connection.Member = member;
connection.SetOwner();
connection.ConnectedServerVersionStr = result.serverHazelcastVersion;
}
else
{
var member = _client.GetClientClusterService().GetMember(result.address);
if (member == null)
{
throw new HazelcastException(string.Format("Node with address '{0}' was not found in the member list",
result.address));
}
connection.Member = member;
}
break;
case AuthenticationStatus.CredentialsFailed:
throw new AuthenticationException("Invalid credentials! Principal: " + ClientPrincipal);
case AuthenticationStatus.SerializationVersionMismatch:
throw new InvalidOperationException("Server serialization version does not match to client");
default:
throw new AuthenticationException("Authentication status code not supported. status: " + result.status);
}
}
