SCRAM-SHA Client & Server Key cache

JAVA-2510

Author: rozza

driver-core/src/main/com/mongodb/MongoCredential.java

@@ -378,7 +378,7 @@ public AuthenticationMechanism getAuthenticationMechanism() {
     /**
      * Gets the user name
      *
-     * @return the user name.  Can never be null.
+     * @return the user name.
      */
     @Nullable
     public String getUserName() {

driver-core/src/main/com/mongodb/connection/Authenticator.java

@@ -23,20 +23,25 @@
 import com.mongodb.lang.Nullable;
 
 abstract class Authenticator {
-    private final MongoCredential credential;
+    private final MongoCredentialWithCache credential;
 
-    Authenticator(@NonNull final MongoCredential credential) {
+    Authenticator(@NonNull final MongoCredentialWithCache credential) {
         this.credential = credential;
     }
 
     @NonNull
-    MongoCredential getCredential() {
+    MongoCredentialWithCache getMongoCredentialWithCache() {
         return credential;
     }
 
+    @NonNull
+    MongoCredential getMongoCredential() {
+        return credential.getCredential();
+    }
+
     @NonNull
     String getUserNameNonNull() {
-        String userName = credential.getUserName();
+        String userName = credential.getCredential().getUserName();
         if (userName == null) {
             throw new MongoInternalException("User name can not be null");
         }
@@ -45,16 +50,16 @@ String getUserNameNonNull() {
 
     @NonNull
     char[] getPasswordNonNull() {
-        char[] password = credential.getPassword();
+        char[] password = credential.getCredential().getPassword();
         if (password == null) {
             throw new MongoInternalException("Password can not be null");
         }
         return password;
     }
 
     @NonNull
-    public <T> T getNonNullMechanismProperty(final String key, @Nullable final T defaultValue) {
-        T mechanismProperty = credential.getMechanismProperty(key, defaultValue);
+    <T> T getNonNullMechanismProperty(final String key, @Nullable final T defaultValue) {
+        T mechanismProperty = credential.getCredential().getMechanismProperty(key, defaultValue);
         if (mechanismProperty == null) {
             throw new MongoInternalException("Mechanism property can not be null");
         }

driver-core/src/main/com/mongodb/connection/DefaultAuthenticator.java

@@ -22,7 +22,7 @@
 import static com.mongodb.assertions.Assertions.isTrueArgument;
 
 class DefaultAuthenticator extends Authenticator {
-    DefaultAuthenticator(final MongoCredential credential) {
+    DefaultAuthenticator(final MongoCredentialWithCache credential) {
         super(credential);
         isTrueArgument("unspecified authentication mechanism", credential.getAuthenticationMechanism() == null);
     }
@@ -40,9 +40,9 @@ void authenticateAsync(final InternalConnection connection, final ConnectionDesc
 
     Authenticator createAuthenticator(final ConnectionDescription connectionDescription) {
         if (connectionDescription.getServerVersion().compareTo(new ServerVersion(2, 7)) >= 0) {
-            return new ScramSha1Authenticator(getCredential());
+            return new ScramShaAuthenticator(getMongoCredentialWithCache());
         } else {
-            return new NativeAuthenticator(getCredential());
+            return new NativeAuthenticator(getMongoCredentialWithCache());
         }
     }
 }

driver-core/src/main/com/mongodb/connection/DefaultClusterFactory.java

@@ -173,6 +173,8 @@ public Cluster createCluster(final ClusterSettings clusterSettings, final Server
                                  final List<MongoCompressor> compressorList) {
 
         ClusterId clusterId = new ClusterId(clusterSettings.getDescription());
+
+
         ClusterableServerFactory serverFactory = new DefaultClusterableServerFactory(clusterId, clusterSettings, serverSettings,
                 connectionPoolSettings, streamFactory, heartbeatStreamFactory, credentialList, commandListener, applicationName,
                 mongoDriverInformation != null ? mongoDriverInformation : MongoDriverInformation.builder().build(), compressorList);

driver-core/src/main/com/mongodb/connection/DefaultClusterableServerFactory.java

@@ -18,8 +18,8 @@
 
 import com.mongodb.MongoCompressor;
 import com.mongodb.MongoCredential;
-import com.mongodb.ServerAddress;
 import com.mongodb.MongoDriverInformation;
+import com.mongodb.ServerAddress;
 import com.mongodb.event.CommandListener;
 import com.mongodb.event.ServerListener;
 
@@ -32,7 +32,7 @@ class DefaultClusterableServerFactory implements ClusterableServerFactory {
     private final ServerSettings serverSettings;
     private final ConnectionPoolSettings connectionPoolSettings;
     private final StreamFactory streamFactory;
-    private final List<MongoCredential> credentialList;
+    private final List<MongoCredentialWithCache> credentialList;
     private final StreamFactory heartbeatStreamFactory;
     private final CommandListener commandListener;
     private final String applicationName;
@@ -50,7 +50,7 @@ class DefaultClusterableServerFactory implements ClusterableServerFactory {
         this.serverSettings = serverSettings;
         this.connectionPoolSettings = connectionPoolSettings;
         this.streamFactory = streamFactory;
-        this.credentialList = credentialList;
+        this.credentialList = MongoCredentialWithCache.wrapCredentialList(credentialList);
         this.heartbeatStreamFactory = heartbeatStreamFactory;
         this.commandListener = commandListener;
         this.applicationName = applicationName;

driver-core/src/main/com/mongodb/connection/GSSAPIAuthenticator.java

@@ -42,14 +42,14 @@
 class GSSAPIAuthenticator extends SaslAuthenticator {
     private static final String GSSAPI_MECHANISM_NAME = "GSSAPI";
     private static final String GSSAPI_OID = "1.2.840.113554.1.2.2";
-    public static final String SERVICE_NAME_DEFAULT_VALUE = "mongodb";
-    public static final Boolean CANONICALIZE_HOST_NAME_DEFAULT_VALUE = false;
+    private static final String SERVICE_NAME_DEFAULT_VALUE = "mongodb";
+    private static final Boolean CANONICALIZE_HOST_NAME_DEFAULT_VALUE = false;
 
-    GSSAPIAuthenticator(final MongoCredential credential) {
+    GSSAPIAuthenticator(final MongoCredentialWithCache credential) {
         super(credential);
 
-        if (getCredential().getAuthenticationMechanism() != GSSAPI) {
-            throw new MongoException("Incorrect mechanism: " + this.getCredential().getMechanism());
+        if (getMongoCredential().getAuthenticationMechanism() != GSSAPI) {
+            throw new MongoException("Incorrect mechanism: " + getMongoCredential().getMechanism());
         }
     }
 
@@ -60,9 +60,9 @@ public String getMechanismName() {
 
     @Override
     protected SaslClient createSaslClient(final ServerAddress serverAddress) {
-        MongoCredential credential = getCredential();
+        MongoCredential credential = getMongoCredential();
         try {
-            Map<String, Object> saslClientProperties = getCredential().getMechanismProperty(JAVA_SASL_CLIENT_PROPERTIES_KEY, null);
+            Map<String, Object> saslClientProperties = credential.getMechanismProperty(JAVA_SASL_CLIENT_PROPERTIES_KEY, null);
             if (saslClientProperties == null) {
                 saslClientProperties = new HashMap<String, Object>();
                 saslClientProperties.put(Sasl.MAX_BUFFER, "0");

driver-core/src/main/com/mongodb/connection/InternalStreamConnectionFactory.java

@@ -16,9 +16,7 @@
 
 package com.mongodb.connection;
 
-import com.mongodb.AuthenticationMechanism;
 import com.mongodb.MongoCompressor;
-import com.mongodb.MongoCredential;
 import com.mongodb.MongoDriverInformation;
 import com.mongodb.event.CommandListener;
 import org.bson.BsonDocument;
@@ -36,7 +34,7 @@ class InternalStreamConnectionFactory implements InternalConnectionFactory {
     private final List<MongoCompressor> compressorList;
     private final CommandListener commandListener;
 
-    InternalStreamConnectionFactory(final StreamFactory streamFactory, final List<MongoCredential> credentialList,
+    InternalStreamConnectionFactory(final StreamFactory streamFactory, final List<MongoCredentialWithCache> credentialList,
                                     final String applicationName, final MongoDriverInformation mongoDriverInformation,
                                     final List<MongoCompressor> compressorList,
                                     final CommandListener commandListener) {
@@ -46,7 +44,7 @@ class InternalStreamConnectionFactory implements InternalConnectionFactory {
         this.clientMetadataDocument = createClientMetadataDocument(applicationName, mongoDriverInformation);
         notNull("credentialList", credentialList);
         this.authenticators = new ArrayList<Authenticator>(credentialList.size());
-        for (MongoCredential credential : credentialList) {
+        for (MongoCredentialWithCache credential : credentialList) {
             authenticators.add(createAuthenticator(credential));
         }
     }
@@ -58,13 +56,12 @@ public InternalConnection create(final ServerId serverId) {
                                                                                            compressorList));
     }
 
-    private Authenticator createAuthenticator(final MongoCredential credential) {
-        AuthenticationMechanism authenticationMechanism = credential.getAuthenticationMechanism();
-        if (authenticationMechanism == null) {
+    private Authenticator createAuthenticator(final MongoCredentialWithCache credential) {
+        if (credential.getAuthenticationMechanism() == null) {
             return new DefaultAuthenticator(credential);
         }
 
-        switch (authenticationMechanism) {
+        switch (credential.getAuthenticationMechanism()) {
             case GSSAPI:
                 return new GSSAPIAuthenticator(credential);
             case PLAIN:
@@ -77,7 +74,7 @@ private Authenticator createAuthenticator(final MongoCredential credential) {
             case MONGODB_CR:
                 return new NativeAuthenticator(credential);
             default:
-                throw new IllegalArgumentException("Unsupported authentication mechanism " + authenticationMechanism);
+                throw new IllegalArgumentException("Unsupported authentication mechanism " + credential.getAuthenticationMechanism());
         }
     }
 }

driver-core/src/main/com/mongodb/connection/MongoCredentialWithCache.java

@@ -0,0 +1,85 @@
+/*
+ * Copyright 2008-present MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.mongodb.connection;
+
+import com.mongodb.AuthenticationMechanism;
+import com.mongodb.MongoCredential;
+
+import java.util.ArrayList;
+import java.util.List;
+
+class MongoCredentialWithCache {
+    private final MongoCredential credential;
+    private final Cache cache;
+
+    static List<MongoCredentialWithCache> wrapCredentialList(final List<MongoCredential> credentialList) {
+        ArrayList<MongoCredentialWithCache> credentialListWithCache = new ArrayList<MongoCredentialWithCache>();
+        for (MongoCredential credential : credentialList) {
+            credentialListWithCache.add(new MongoCredentialWithCache(credential));
+        }
+        return credentialListWithCache;
+    }
+
+    MongoCredentialWithCache(final MongoCredential credential) {
+        this(credential, null);
+    }
+
+    MongoCredentialWithCache(final MongoCredential credential, final Cache cache) {
+        this.credential = credential;
+        this.cache = cache != null ? cache : new Cache();
+    }
+
+    MongoCredentialWithCache withMechanism(final AuthenticationMechanism mechanism) {
+        return new MongoCredentialWithCache(credential.withMechanism(mechanism), cache);
+    }
+
+    AuthenticationMechanism getAuthenticationMechanism() {
+        return credential.getAuthenticationMechanism();
+    }
+
+    public MongoCredential getCredential() {
+        return credential;
+    }
+
+    @SuppressWarnings("unchecked")
+    <T> T getFromCache(final Object key, final Class<T> clazz) {
+        return clazz.cast(cache.get(key));
+    }
+
+    void putInCache(final Object key, final Object value) {
+        cache.set(key, value);
+    }
+
+
+    static class Cache {
+        private Object cacheKey;
+        private Object cacheValue;
+
+        synchronized Object get(final Object key) {
+            if (cacheKey != null && cacheKey.equals(key)) {
+                return cacheValue;
+            }
+            return null;
+        }
+
+        synchronized void set(final Object key, final Object value) {
+            cacheKey = key;
+            cacheValue = value;
+        }
+    }
+}
+

driver-core/src/main/com/mongodb/connection/NativeAuthenticator.java

@@ -17,7 +17,6 @@
 package com.mongodb.connection;
 
 import com.mongodb.MongoCommandException;
-import com.mongodb.MongoCredential;
 import com.mongodb.MongoSecurityException;
 import com.mongodb.async.SingleResultCallback;
 import org.bson.BsonDocument;
@@ -29,37 +28,37 @@
 import static com.mongodb.internal.authentication.NativeAuthenticationHelper.getNonceCommand;
 
 class NativeAuthenticator extends Authenticator {
-    NativeAuthenticator(final MongoCredential credential) {
+    NativeAuthenticator(final MongoCredentialWithCache credential) {
         super(credential);
     }
 
     @Override
     public void authenticate(final InternalConnection connection, final ConnectionDescription connectionDescription) {
         try {
-            BsonDocument nonceResponse = executeCommand(getCredential().getSource(),
+            BsonDocument nonceResponse = executeCommand(getMongoCredential().getSource(),
                                                          getNonceCommand(),
                                                          connection);
 
             BsonDocument authCommand = getAuthCommand(getUserNameNonNull(),
                                                       getPasswordNonNull(),
                                                       ((BsonString) nonceResponse.get("nonce")).getValue());
-            executeCommand(getCredential().getSource(), authCommand, connection);
+            executeCommand(getMongoCredential().getSource(), authCommand, connection);
         } catch (MongoCommandException e) {
-            throw new MongoSecurityException(getCredential(), "Exception authenticating", e);
+            throw new MongoSecurityException(getMongoCredential(), "Exception authenticating", e);
         }
     }
 
     @Override
     void authenticateAsync(final InternalConnection connection, final ConnectionDescription connectionDescription,
                            final SingleResultCallback<Void> callback) {
-        executeCommandAsync(getCredential().getSource(), getNonceCommand(), connection,
+        executeCommandAsync(getMongoCredential().getSource(), getNonceCommand(), connection,
                             new SingleResultCallback<BsonDocument>() {
                                 @Override
                                 public void onResult(final BsonDocument nonceResult, final Throwable t) {
                                     if (t != null) {
                                         callback.onResult(null, translateThrowable(t));
                                     } else {
-                                        executeCommandAsync(getCredential().getSource(),
+                                        executeCommandAsync(getMongoCredential().getSource(),
                                                             getAuthCommand(getUserNameNonNull(), getPasswordNonNull(),
                                                                            ((BsonString) nonceResult.get("nonce")).getValue()),
                                                             connection,
@@ -80,7 +79,7 @@ public void onResult(final BsonDocument result, final Throwable t) {
 
     private Throwable translateThrowable(final Throwable t) {
         if (t instanceof MongoCommandException) {
-            return new MongoSecurityException(getCredential(), "Exception authenticating", t);
+            return new MongoSecurityException(getMongoCredential(), "Exception authenticating", t);
         } else {
             return t;
         }

driver-core/src/main/com/mongodb/connection/PlainAuthenticator.java

@@ -36,7 +36,7 @@
 class PlainAuthenticator extends SaslAuthenticator {
     private static final String DEFAULT_PROTOCOL = "mongodb";
 
-    PlainAuthenticator(final MongoCredential credential) {
+    PlainAuthenticator(final MongoCredentialWithCache credential) {
         super(credential);
     }
 
@@ -47,7 +47,7 @@ public String getMechanismName() {
 
     @Override
     protected SaslClient createSaslClient(final ServerAddress serverAddress) {
-        final MongoCredential credential = getCredential();
+        final MongoCredential credential = getMongoCredential();
         isTrue("mechanism is PLAIN", credential.getAuthenticationMechanism() == PLAIN);
         try {
             return Sasl.createSaslClient(new String[]{PLAIN.getMechanismName()},