Source file src/go.mongodb.org/mongo-driver/x/mongo/driver/auth/x509.go

Documentation: go.mongodb.org/mongo-driver/x/mongo/driver/auth

     1  // Copyright (C) MongoDB, Inc. 2017-present.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License"); you may
     4  // not use this file except in compliance with the License. You may obtain
     5  // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
     6  
     7  package auth
     8  
     9  import (
    10  	"context"
    11  
    12  	"go.mongodb.org/mongo-driver/x/bsonx/bsoncore"
    13  	"go.mongodb.org/mongo-driver/x/mongo/driver"
    14  	"go.mongodb.org/mongo-driver/x/mongo/driver/operation"
    15  )
    16  
    17  // MongoDBX509 is the mechanism name for MongoDBX509.
    18  const MongoDBX509 = "MONGODB-X509"
    19  
    20  func newMongoDBX509Authenticator(cred *Cred) (Authenticator, error) {
    21  	return &MongoDBX509Authenticator{User: cred.Username}, nil
    22  }
    23  
    24  // MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.
    25  type MongoDBX509Authenticator struct {
    26  	User string
    27  }
    28  
    29  var _ SpeculativeAuthenticator = (*MongoDBX509Authenticator)(nil)
    30  
    31  // x509 represents a X509 authentication conversation. This type implements the SpeculativeConversation interface so the
    32  // conversation can be executed in multi-step speculative fashion.
    33  type x509Conversation struct{}
    34  
    35  var _ SpeculativeConversation = (*x509Conversation)(nil)
    36  
    37  // FirstMessage returns the first message to be sent to the server.
    38  func (c *x509Conversation) FirstMessage() (bsoncore.Document, error) {
    39  	return createFirstX509Message(), nil
    40  }
    41  
    42  // createFirstX509Message creates the first message for the X509 conversation.
    43  func createFirstX509Message() bsoncore.Document {
    44  	elements := [][]byte{
    45  		bsoncore.AppendInt32Element(nil, "authenticate", 1),
    46  		bsoncore.AppendStringElement(nil, "mechanism", MongoDBX509),
    47  	}
    48  
    49  	return bsoncore.BuildDocument(nil, elements...)
    50  }
    51  
    52  // Finish implements the SpeculativeConversation interface and is a no-op because an X509 conversation only has one
    53  // step.
    54  func (c *x509Conversation) Finish(context.Context, *Config, bsoncore.Document) error {
    55  	return nil
    56  }
    57  
    58  // CreateSpeculativeConversation creates a speculative conversation for X509 authentication.
    59  func (a *MongoDBX509Authenticator) CreateSpeculativeConversation() (SpeculativeConversation, error) {
    60  	return &x509Conversation{}, nil
    61  }
    62  
    63  // Auth authenticates the provided connection by conducting an X509 authentication conversation.
    64  func (a *MongoDBX509Authenticator) Auth(ctx context.Context, cfg *Config) error {
    65  	requestDoc := createFirstX509Message()
    66  	authCmd := operation.
    67  		NewCommand(requestDoc).
    68  		Database("$external").
    69  		Deployment(driver.SingleConnectionDeployment{cfg.Connection}).
    70  		ClusterClock(cfg.ClusterClock).
    71  		ServerAPI(cfg.ServerAPI)
    72  	err := authCmd.Execute(ctx)
    73  	if err != nil {
    74  		return newAuthError("round trip error", err)
    75  	}
    76  
    77  	return nil
    78  }
    79  

View as plain text