public void Authenticate_should_have_expected_result( [Values(false, true)] bool async) { var dateTime = DateTime.UtcNow; var clientNonce = __randomByteGenerator.Generate(ClientNonceLength); var serverNonce = Combine(clientNonce, __randomByteGenerator.Generate(ClientNonceLength)); var host = "sts.amazonaws.com"; var credential = new UsernamePasswordCredential("$external", "permanentuser", "FAKEFAKEFAKEFAKEFAKEfakefakefakefakefake"); AwsSignatureVersion4.CreateAuthorizationRequest( dateTime, credential.Username, credential.Password, null, serverNonce, host, out var authHeader, out var timestamp); var mockClock = new Mock <IClock>(); mockClock.Setup(x => x.UtcNow).Returns(dateTime); var mockRandomByteGenerator = new Mock <IRandomByteGenerator>(); mockRandomByteGenerator.Setup(x => x.Generate(It.IsAny <int>())).Returns(clientNonce); var expectedClientFirstMessage = new BsonDocument { { "r", clientNonce }, { "p", (int)'n' } }; var expectedClientSecondMessage = new BsonDocument { { "a", authHeader }, { "d", timestamp } }; var serverFirstMessage = new BsonDocument { { "s", serverNonce }, { "h", host } }; var saslStartReply = MessageHelper.BuildReply <RawBsonDocument>(RawBsonDocumentHelper.FromJson( $"{{ conversationId : 1, done : false, payload : BinData(0,\"{ToBase64(serverFirstMessage.ToBson())}\"), ok : 1 }}")); var saslContinueReply = MessageHelper.BuildReply <RawBsonDocument>(RawBsonDocumentHelper.FromJson( "{ conversationId : 1, done : true, payload : BinData(0,\"\"), ok : 1}")); var subject = new MongoAWSAuthenticator(credential, null, mockRandomByteGenerator.Object, mockClock.Object, serverApi: null); var connection = new MockConnection(__serverId); connection.EnqueueReplyMessage(saslStartReply); connection.EnqueueReplyMessage(saslContinueReply); if (async) { subject.AuthenticateAsync(connection, __descriptionQueryWireProtocol, CancellationToken.None).GetAwaiter().GetResult(); } else { subject.Authenticate(connection, __descriptionQueryWireProtocol, CancellationToken.None); } SpinWait.SpinUntil(() => connection.GetSentMessages().Count >= 2, TimeSpan.FromSeconds(5)).Should().BeTrue(); var sentMessages = MessageHelper.TranslateMessagesToBsonDocuments(connection.GetSentMessages()); sentMessages.Count.Should().Be(2); var actualRequestId0 = sentMessages[0]["requestId"].AsInt32; var actualRequestId1 = sentMessages[1]["requestId"].AsInt32; var expectedFirstMessage = GetExpectedSaslStartQueryMessage(actualRequestId0, expectedClientFirstMessage); var expectedSecondMessage = GetExpectedSaslContinueQueryMessage(actualRequestId1, expectedClientSecondMessage); sentMessages[0].Should().Be(expectedFirstMessage); sentMessages[1].Should().Be(expectedSecondMessage); }
// internal methods internal IAuthenticator ToAuthenticator(ServerApi serverApi) { var passwordEvidence = _evidence as PasswordEvidence; if (passwordEvidence != null) { var insecurePassword = SecureStringHelper.ToInsecureString(passwordEvidence.SecurePassword); var credential = new UsernamePasswordCredential( _identity.Source, _identity.Username, insecurePassword); if (_mechanism == null) { return(new DefaultAuthenticator(credential, serverApi)); } #pragma warning disable 618 if (_mechanism == MongoDBCRAuthenticator.MechanismName) { return(new MongoDBCRAuthenticator(credential, serverApi)); #pragma warning restore 618 } if (_mechanism == ScramSha1Authenticator.MechanismName) { return(new ScramSha1Authenticator(credential, serverApi)); } if (_mechanism == ScramSha256Authenticator.MechanismName) { return(new ScramSha256Authenticator(credential, serverApi)); } if (_mechanism == PlainAuthenticator.MechanismName) { return(new PlainAuthenticator(credential, serverApi)); } if (_mechanism == GssapiAuthenticator.MechanismName) { return(new GssapiAuthenticator( credential, _mechanismProperties.Select(x => new KeyValuePair <string, string>(x.Key, x.Value.ToString())), serverApi)); } if (_mechanism == MongoAWSAuthenticator.MechanismName) { return(new MongoAWSAuthenticator( credential, _mechanismProperties.Select(x => new KeyValuePair <string, string>(x.Key, x.Value.ToString())), serverApi)); } } else if (_identity.Source == "$external" && _evidence is ExternalEvidence) { if (_mechanism == MongoDBX509Authenticator.MechanismName) { return(new MongoDBX509Authenticator(_identity.Username, serverApi)); } if (_mechanism == GssapiAuthenticator.MechanismName) { return(new GssapiAuthenticator( _identity.Username, _mechanismProperties.Select(x => new KeyValuePair <string, string>(x.Key, x.Value.ToString())), serverApi)); } if (_mechanism == MongoAWSAuthenticator.MechanismName) { return(new MongoAWSAuthenticator( _identity.Username, _mechanismProperties.Select(x => new KeyValuePair <string, string>(x.Key, x.Value.ToString())), serverApi)); } } throw new NotSupportedException("Unable to create an authenticator."); }
public static AuthenticationContainer FromUsernamePasswordCredential(UsernamePasswordCredential credential) { return(credential != null ? new AuthenticationContainer(credential.ToNetworkCredential()) : null); }