CSHARP-603: update for changes to driver authentication spec.

Author: craiggwilson

MongoDB.Driver/Communication/Security/Authenticator.cs

@@ -28,12 +28,13 @@ namespace MongoDB.Driver.Communication.Security
     internal class Authenticator
     {
         // private static fields
-        private static readonly List<IAuthenticationMethod> __clientSupportedMethods = new List<IAuthenticationMethod>
+        private static readonly List<IAuthenticationProtocol> __clientSupportedProtocols = new List<IAuthenticationProtocol>
         {
-            new SaslAuthenticationMethod(new GssapiMechanism()),
-            new SaslAuthenticationMethod(new CramMD5Mechanism()),
-            new SaslAuthenticationMethod(new DigestMD5Mechanism()),
-            new MongoCRAuthenticationMethod() 
+            // when we start negotiating, MONGO-CR should be moved to the bottom of the list...
+            new MongoCRAuthenticationProtocol(),
+            new SaslAuthenticationProtocol(new GssapiMechanism()),
+            new SaslAuthenticationProtocol(new CramMD5Mechanism()),
+            new SaslAuthenticationProtocol(new DigestMD5Mechanism())
         };
 
         // private fields
@@ -63,50 +64,27 @@ public void Authenticate()
                 return;
             }
 
-            var serverSupportedMethods = GetServerSupportedMethods();
             foreach (var credential in _credentials)
             {
-                Authenticate(credential, serverSupportedMethods);
+                Authenticate(credential);
             }
         }
 
         // private methods
-        private void Authenticate(MongoCredential credential, List<string> serverSupportedMethods)
+        private void Authenticate(MongoCredential credential)
         {
-            foreach (var clientSupportedMethod in __clientSupportedMethods)
+            foreach (var clientSupportedProtocol in __clientSupportedProtocols)
             {
-                if (serverSupportedMethods.Contains(clientSupportedMethod.Name) && clientSupportedMethod.CanUse(credential))
+                if (clientSupportedProtocol.CanUse(credential))
                 {
-                    clientSupportedMethod.Authenticate(_connection, credential);
+                    clientSupportedProtocol.Authenticate(_connection, credential);
                     return;
                 }
             }
 
-            var message = string.Format("Unable to negotiate a protocol to authenticate. The credential for source {0}, username {1} over protocol {2} could not be authenticated.", credential.Source, credential.Username, credential.AuthenticationProtocol);
+            var message = string.Format("Unable to find a protocol to authenticate. The credential for source {0}, username {1} over mechanism {2} could not be authenticated.", credential.Source, credential.Username, credential.Mechanism);
             throw new MongoSecurityException(message);
         }
-
-        private List<string> GetServerSupportedMethods()
-        {
-            var command = new CommandDocument
-            {
-                { "saslStart", 1 },
-                { "mechanism", ""}, // forces a response that contains a list of supported mechanisms...
-                { "payload", new byte[0] }
-            };
-
-            var list = new List<string>();
-            var result = _connection.RunCommand("admin", QueryFlags.SlaveOk, command, false);
-            if (result.Response.Contains("supportedMechanisms"))
-            {
-                list.AddRange(result.Response["supportedMechanisms"].AsBsonArray.Select(x => x.AsString));
-            }
-
-            // because MONGO-CR is last in the list, we don't need to check if the server supports it...
-            // in the future, we may need to add a check.
-            list.Add("MONGO-CR");
-            return list;
-        }
     }
 
 }

MongoDB.Driver/Communication/Security/IAuthenticationMethod.cs renamed to MongoDB.Driver/Communication/Security/IAuthenticationProtocol.cs

@@ -24,7 +24,7 @@ namespace MongoDB.Driver.Communication.Security
     /// <summary>
     /// Authenticates a MongoConnection.
     /// </summary>
-    internal interface IAuthenticationMethod
+    internal interface IAuthenticationProtocol
     {
         /// <summary>
         /// Gets the name.

MongoDB.Driver/Communication/Security/Mechanisms/CramMD5Mechanism.cs

@@ -47,7 +47,7 @@ public string Name
         /// <exception cref="System.NotImplementedException"></exception>
         public bool CanUse(MongoCredential credential)
         {
-            return credential.AuthenticationProtocol == MongoAuthenticationProtocol.Strongest &&
+            return credential.Mechanism == MongoAuthenticationMechanism.CRAM_MD5 &&
                 credential.Evidence is PasswordEvidence;
         }
 

MongoDB.Driver/Communication/Security/Mechanisms/DigestMD5Mechanism.cs

@@ -47,7 +47,7 @@ public string Name
         /// <exception cref="System.NotImplementedException"></exception>
         public bool CanUse(MongoCredential credential)
         {
-            return credential.AuthenticationProtocol == MongoAuthenticationProtocol.Strongest &&
+            return credential.Mechanism == MongoAuthenticationMechanism.DIGEST_MD5 &&
                 credential.Evidence is PasswordEvidence;
         }
 

MongoDB.Driver/Communication/Security/Mechanisms/GssapiMechanism.cs

@@ -49,7 +49,7 @@ public string Name
         /// <exception cref="System.NotImplementedException"></exception>
         public bool CanUse(MongoCredential credential)
         {
-            if(credential.AuthenticationProtocol != MongoAuthenticationProtocol.Gssapi || !(credential.Identity is MongoExternalIdentity))
+            if(credential.Mechanism != MongoAuthenticationMechanism.GSSAPI || !(credential.Identity is MongoExternalIdentity))
             {
                 return false;	
             }

MongoDB.Driver/Communication/Security/Mechanisms/Sspi/SecurityContext.cs

@@ -292,7 +292,7 @@ public void Initialize(string servicePrincipalName, byte[] inBytes, out byte[] o
             {
                 try
                 {
-                    var flags = SspiContextFlags.MutualAuth | SspiContextFlags.Confidentiality | SspiContextFlags.InitIntegrity;
+                    var flags = SspiContextFlags.MutualAuth;
 
                     uint result;
                     long timestamp;

MongoDB.Driver/Communication/Security/MongoCRAuthenticationMethod.cs renamed to MongoDB.Driver/Communication/Security/MongoCRAuthenticationProtocol.cs

@@ -22,7 +22,7 @@ namespace MongoDB.Driver.Communication.Security
     /// <summary>
     /// Authenticates a credential using the MONGO-CR protocol.
     /// </summary>
-    internal class MongoCRAuthenticationMethod : IAuthenticationMethod
+    internal class MongoCRAuthenticationProtocol : IAuthenticationProtocol
     {
         // public properties
         public string Name
@@ -77,7 +77,7 @@ public void Authenticate(MongoConnection connection, MongoCredential credential)
         /// </returns>
         public bool CanUse(MongoCredential credential)
         {
-            return credential.AuthenticationProtocol == MongoAuthenticationProtocol.Strongest &&
+            return credential.Mechanism == MongoAuthenticationMechanism.MONGO_CR &&
                 credential.Evidence is PasswordEvidence;
         }
     }

MongoDB.Driver/Communication/Security/SaslAuthenticationMethod.cs renamed to MongoDB.Driver/Communication/Security/SaslAuthenticationProtocol.cs

@@ -25,17 +25,17 @@ namespace MongoDB.Driver.Communication.Security
     /// <summary>
     /// Authenticates a credential using the SASL protocol.
     /// </summary>
-    internal class SaslAuthenticationMethod : IAuthenticationMethod
+    internal class SaslAuthenticationProtocol : IAuthenticationProtocol
     {
         // private fields
         private readonly ISaslMechanism _mechanism;
 
         // constructors
         /// <summary>
-        /// Initializes a new instance of the <see cref="SaslAuthenticationMethod" /> class.
+        /// Initializes a new instance of the <see cref="SaslAuthenticationProtocol" /> class.
         /// </summary>
         /// <param name="mechanism">The mechanism.</param>
-        public SaslAuthenticationMethod(ISaslMechanism mechanism)
+        public SaslAuthenticationProtocol(ISaslMechanism mechanism)
         {
             _mechanism = mechanism;
         }

MongoDB.Driver/MongoAuthenticationProtocol.cs renamed to MongoDB.Driver/MongoAuthenticationMechanism.cs

@@ -16,17 +16,25 @@
 namespace MongoDB.Driver
 {
     /// <summary>
-    /// The protocol used to authenticate with MongoDB.
+    /// The mechanism used to authenticate with MongoDB.
     /// </summary>
-    public enum MongoAuthenticationProtocol
+    public enum MongoAuthenticationMechanism
     {
         /// <summary>
-        /// Authenticate to the server using the strongest means possible.
+        /// Authenticate to the server using the Mongo Challenge Response (MONGO-CR) protocol.
         /// </summary>
-        Strongest,
+        MONGO_CR,
+        /// <summary>
+        /// Authenticate to the server using CRAM-MD5.
+        /// </summary>
+        CRAM_MD5,
+        /// <summary>
+        /// Authenticate to the server using DIGEST-MD5.
+        /// </summary>
+        DIGEST_MD5,
         /// <summary>
         /// Authenticate to the server using GSSAPI.
         /// </summary>
-        Gssapi
+        GSSAPI
     }
 }

MongoDB.Driver/MongoClientSettings.cs

@@ -422,7 +422,7 @@ public WriteConcern WriteConcern
         public static MongoClientSettings FromConnectionStringBuilder(MongoConnectionStringBuilder builder)
         {
             var credential = MongoCredential.FromComponents(
-                builder.AuthenticationProtocol,
+                builder.AuthenticationMechanism,
                 builder.AuthenticationSource ?? builder.DatabaseName,
                 builder.Username,
                 builder.Password);
@@ -462,7 +462,7 @@ public static MongoClientSettings FromConnectionStringBuilder(MongoConnectionStr
         public static MongoClientSettings FromUrl(MongoUrl url)
         {
             var credential = MongoCredential.FromComponents(
-                url.AuthenticationProtocol,
+                url.AuthenticationMechanism,
                 url.AuthenticationSource ?? url.DatabaseName,
                 url.Username,
                 url.Password);