77 "encoding/base64"
88 "errors"
99 "fmt"
10+ "log"
1011 "net/http"
1112 "strings"
1213 "time"
@@ -140,6 +141,7 @@ func getRegion(host string) (string, error) {
140141// "client-final" payload containing the SigV4-signed STS GetCallerIdentity
141142// request.
142143func (client * awsSdkSaslClient ) Next (ctx context.Context , challenge []byte ) ([]byte , error ) {
144+ log .Println ("challenge received" )
143145 if client .state != conversationStateServerFirst {
144146 return nil , fmt .Errorf ("invalid state: %v" , client .state )
145147 }
@@ -155,6 +157,8 @@ func (client *awsSdkSaslClient) Next(ctx context.Context, challenge []byte) ([]b
155157 return nil , err
156158 }
157159
160+ log .Printf ("SASL h (sts host): %s" , sm .Host )
161+
158162 // Check nonce prefix
159163 if sm .Nonce .Subtype != 0x00 {
160164 return nil , errors .New ("server reply contained unexpected binary subtype" )
@@ -175,6 +179,7 @@ func (client *awsSdkSaslClient) Next(ctx context.Context, challenge []byte) ([]b
175179 req , _ := http .NewRequest ("POST" , "/" , strings .NewReader (body ))
176180 req .Header .Set ("Content-Type" , "application/x-www-form-urlencoded" )
177181 req .Header .Set ("Content-Length" , "43" )
182+ req .URL .Scheme = "https"
178183 req .Host = sm .Host
179184 req .Header .Set ("X-Amz-Date" , currentTime .Format (amzDateFormat ))
180185
@@ -186,29 +191,41 @@ func (client *awsSdkSaslClient) Next(ctx context.Context, challenge []byte) ([]b
186191 req .Header .Set ("X-MongoDB-Server-Nonce" , base64 .StdEncoding .EncodeToString (sm .Nonce .Data ))
187192 req .Header .Set ("X-MongoDB-GS2-CB-Flag" , "n" )
188193
194+ region , err := getRegion (sm .Host )
195+ if err != nil {
196+ return nil , fmt .Errorf ("failed to get AWS region: %w" , err )
197+ }
198+
189199 // Retrieve AWS creds and sign the request using AWS SDK v4.
190200 creds , err := client .awsCfg .Credentials .Retrieve (ctx )
191201 if err != nil {
192202 return nil , fmt .Errorf ("failed to retrieve AWS credentials: %w" , err )
193203 }
194204
205+ log .Printf ("SASL r (region): %s" , region )
206+
195207 // Create signer with credentials
196- err = client .signer .SignHTTP (ctx , creds , req , body , "sts" , sm . Host , currentTime )
208+ err = client .signer .SignHTTP (ctx , creds , req , body , "sts" , region , currentTime )
197209 if err != nil {
198210 return nil , fmt .Errorf ("failed to sign request: %w" , err )
199211 }
200212
213+ for k , v := range req .Header {
214+ log .Printf ("Header %q: %s" , k , v )
215+ }
216+
201217 // create message
202218 // { a: Authorization, d: X-Amz-Date, t: X-Amz-Security-Token }
203219 idx , msg := bsoncore .AppendDocumentStart (nil )
204220 msg = bsoncore .AppendStringElement (msg , "a" , req .Header .Get ("Authorization" ))
205221 msg = bsoncore .AppendStringElement (msg , "d" , req .Header .Get ("X-Amz-Date" ))
206222 if tok := req .Header .Get ("X-Amz-Security-Token" ); tok != "" {
223+ log .Println ("token received" )
207224 msg = bsoncore .AppendStringElement (msg , "t" , tok )
208225 }
209226 msg , _ = bsoncore .AppendDocumentEnd (msg , idx )
210227
211- return nil , nil
228+ return msg , nil
212229}
213230
214231// complete signals that the SASL conversation is done.
0 commit comments