JAVA-2771: Add prose integration test from auth spec

Author: jyemin

driver-core/src/test/functional/com/mongodb/ClusterFixture.java

@@ -65,6 +65,7 @@
 import org.bson.codecs.DocumentCodec;
 
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -294,6 +295,23 @@ public static Cluster createCluster(final StreamFactory streamFactory) {
         return createCluster(getConnectionString(), streamFactory);
     }
 
+
+    public static Cluster createCluster(final List<MongoCredential> credentials) {
+        return createCluster(credentials, getStreamFactory());
+    }
+
+    public static Cluster createAsyncCluster(final List<MongoCredential> credentials) {
+        return createCluster(credentials, getAsyncStreamFactory());
+    }
+
+    private static Cluster createCluster(final List<MongoCredential> credentials, final StreamFactory streamFactory) {
+        return new DefaultClusterFactory().createCluster(ClusterSettings.builder().hosts(asList(getPrimary())).build(),
+                ServerSettings.builder().build(),
+                ConnectionPoolSettings.builder().maxSize(1).maxWaitQueueSize(1).build(),
+                streamFactory, streamFactory, credentials, null, null, null,
+                Collections.<MongoCompressor>emptyList());
+    }
+
     @SuppressWarnings("deprecation")
     private static Cluster createCluster(final ConnectionString connectionString, final StreamFactory streamFactory) {
         return new DefaultClusterFactory().createCluster(ClusterSettings.builder().applyConnectionString(connectionString).build(),
@@ -305,6 +323,10 @@ private static Cluster createCluster(final ConnectionString connectionString, fi
                 connectionString.getCompressorList());
     }
 
+    public static StreamFactory getStreamFactory() {
+        return new SocketStreamFactory(SocketSettings.builder().build(), getSslSettings());
+    }
+
     public static StreamFactory getAsyncStreamFactory() {
         String streamType = System.getProperty("org.mongodb.async.type", "nio2");
 

driver-core/src/test/functional/com/mongodb/internal/connection/ScramSha256AuthenticationSpecification.groovy

@@ -0,0 +1,232 @@
+/*
+ * Copyright 2008-present MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.mongodb.internal.connection
+
+import com.mongodb.ClusterFixture
+import com.mongodb.MongoCredential
+import com.mongodb.MongoSecurityException
+import com.mongodb.ReadConcern
+import com.mongodb.ReadPreference
+import com.mongodb.async.FutureResultCallback
+import com.mongodb.binding.AsyncClusterBinding
+import com.mongodb.binding.ClusterBinding
+import com.mongodb.operation.CommandReadOperation
+import com.mongodb.operation.CommandWriteOperation
+import com.mongodb.operation.DropUserOperation
+import org.bson.BsonDocumentWrapper
+import org.bson.Document
+import org.bson.codecs.DocumentCodec
+import spock.lang.IgnoreIf
+import spock.lang.Specification
+
+import static com.mongodb.ClusterFixture.getBinding
+import static com.mongodb.ClusterFixture.createAsyncCluster
+import static com.mongodb.ClusterFixture.createCluster
+import static com.mongodb.ClusterFixture.isAuthenticated
+import static com.mongodb.MongoCredential.createCredential
+import static com.mongodb.MongoCredential.createScramSha1Credential
+import static com.mongodb.MongoCredential.createScramSha256Credential
+
+@IgnoreIf({ !ClusterFixture.serverVersionAtLeast(4, 0) || !isAuthenticated() })
+class ScramSha256AuthenticationSpecification extends Specification {
+
+    static MongoCredential sha1Implicit = createCredential('sha1', 'admin', 'sha1'.toCharArray())
+    static MongoCredential sha1Explicit = createScramSha1Credential('sha1', 'admin', 'sha1'.toCharArray())
+    static MongoCredential sha256Implicit = createCredential('sha256', 'admin', 'sha256'.toCharArray())
+    static MongoCredential sha256Explicit = createScramSha256Credential('sha256', 'admin', 'sha256'.toCharArray())
+    static MongoCredential bothImplicit = createCredential('both', 'admin', 'both'.toCharArray())
+    static MongoCredential bothExplicitSha1 = createScramSha1Credential('both', 'admin', 'both'.toCharArray())
+    static MongoCredential bothExplicitSha256 = createScramSha256Credential('both', 'admin', 'both'.toCharArray())
+
+    static MongoCredential sha1AsSha256 = createScramSha256Credential('sha1', 'admin', 'sha1'.toCharArray())
+    static MongoCredential sha256AsSha1 = createScramSha1Credential('sha256', 'admin', 'sha256'.toCharArray())
+    static MongoCredential nonExistentUserImplicit = createCredential('nonexistent', 'admin', 'pwd'.toCharArray())
+
+    static MongoCredential userNinePrepped = createScramSha256Credential('IX', 'admin', 'IX'.toCharArray())
+    static MongoCredential userNineUnprepped = createScramSha256Credential('IX', 'admin', 'I\u00ADX'.toCharArray())
+
+    static MongoCredential userFourPrepped = createScramSha256Credential('\u2168', 'admin', 'IV'.toCharArray())
+    static MongoCredential userFourUnprepped = createScramSha256Credential('\u2168', 'admin', 'I\u00ADV'.toCharArray())
+
+    def setupSpec() {
+        createUser('sha1', 'sha1', ['SCRAM-SHA-1'])
+        createUser('sha256', 'sha256', ['SCRAM-SHA-256'])
+        createUser('both', 'both', ['SCRAM-SHA-1', 'SCRAM-SHA-256'])
+        createUser('IX', 'IX', ['SCRAM-SHA-256'])
+        createUser('\u2168', '\u2163', ['SCRAM-SHA-256'])
+    }
+
+
+    def cleanupSpec() {
+        dropUser('sha1')
+        dropUser('sha256')
+        dropUser('both')
+        dropUser('IX')
+        dropUser('\u2168')
+    }
+
+    def createUser(final String userName, final String password, final List<String> mechanisms) {
+        def createUserCommand = new Document('createUser', userName)
+                .append('pwd', password)
+                .append('roles', ['root'])
+                .append('mechanisms', mechanisms)
+        new CommandWriteOperation<Document>('admin',
+                new BsonDocumentWrapper<Document>(createUserCommand, new DocumentCodec()), new DocumentCodec())
+                .execute(getBinding())
+    }
+
+    def dropUser(final String userName) {
+        new DropUserOperation('admin', userName).execute(getBinding())
+    }
+
+    def 'test authentication and authorization'() {
+        given:
+        def cluster = createCluster(credentials)
+
+        when:
+        new CommandReadOperation<Document>('admin',
+                new BsonDocumentWrapper<Document>(new Document('dbstats', 1), new DocumentCodec()), new DocumentCodec())
+                .execute(new ClusterBinding(cluster, ReadPreference.primary(), ReadConcern.DEFAULT))
+
+        then:
+        noExceptionThrown()
+
+        cleanup:
+        cluster.close()
+
+        where:
+        credentials << [[sha1Implicit],
+                        [sha1Explicit],
+                        [sha256Implicit],
+                        [sha256Explicit],
+                        [bothImplicit],
+                        [bothExplicitSha1],
+                        [bothExplicitSha256],
+                        [sha1Implicit, sha1Explicit, sha256Implicit, sha256Explicit, bothImplicit, bothExplicitSha1, bothExplicitSha256]
+        ]
+    }
+
+    def 'test authentication and authorization async'() {
+        given:
+        def cluster = createAsyncCluster(credentials)
+        def callback = new FutureResultCallback()
+
+        when:
+        // make this synchronous
+        new CommandReadOperation<Document>('admin',
+                new BsonDocumentWrapper<Document>(new Document('dbstats', 1), new DocumentCodec()), new DocumentCodec())
+                .executeAsync(new AsyncClusterBinding(cluster, ReadPreference.primary(), ReadConcern.DEFAULT), callback)
+        callback.get()
+
+        then:
+        noExceptionThrown()
+
+        cleanup:
+        cluster.close()
+
+        where:
+        credentials << [[sha1Implicit],
+                        [sha1Explicit],
+                        [sha256Implicit],
+                        [sha256Explicit],
+                        [bothImplicit],
+                        [bothExplicitSha1],
+                        [bothExplicitSha256],
+                        [sha1Implicit, sha1Explicit, sha256Implicit, sha256Explicit, bothImplicit, bothExplicitSha1, bothExplicitSha256]
+        ]
+    }
+
+    def 'test authentication and authorization failure with wrong mechanism'() {
+        given:
+        def cluster = createCluster(credentials)
+
+        when:
+        new CommandReadOperation<Document>('admin',
+                new BsonDocumentWrapper<Document>(new Document('dbstats', 1), new DocumentCodec()), new DocumentCodec())
+                .execute(new ClusterBinding(cluster, ReadPreference.primary(), ReadConcern.DEFAULT))
+
+        then:
+        thrown(MongoSecurityException)
+
+        cleanup:
+        cluster.close()
+
+        where:
+        credentials << [[sha1AsSha256], [sha256AsSha1], [nonExistentUserImplicit]]
+    }
+
+    def 'test authentication and authorization failure with wrong mechanism async'() {
+        given:
+        def cluster = createAsyncCluster(credentials)
+        def callback = new FutureResultCallback()
+
+        when:
+        new CommandReadOperation<Document>('admin',
+                new BsonDocumentWrapper<Document>(new Document('dbstats', 1), new DocumentCodec()), new DocumentCodec())
+                .executeAsync(new AsyncClusterBinding(cluster, ReadPreference.primary(), ReadConcern.DEFAULT), callback)
+        callback.get()
+
+        then:
+        thrown(MongoSecurityException)
+
+        cleanup:
+        cluster.close()
+
+        where:
+        credentials << [[sha1AsSha256], [sha256AsSha1], [nonExistentUserImplicit]]
+    }
+
+    def 'test SASL Prep'() {
+        given:
+        def cluster = createCluster(credentials)
+
+        when:
+        new CommandReadOperation<Document>('admin',
+                new BsonDocumentWrapper<Document>(new Document('dbstats', 1), new DocumentCodec()), new DocumentCodec())
+                .execute(new ClusterBinding(cluster, ReadPreference.primary(), ReadConcern.DEFAULT))
+
+        then:
+        noExceptionThrown()
+
+        cleanup:
+        cluster.close()
+
+        where:
+        credentials << [[userNinePrepped], [userNineUnprepped], [userFourPrepped], [userFourUnprepped]]
+    }
+
+    def 'test SASL Prep async'() {
+        given:
+        def cluster = createAsyncCluster(credentials)
+        def callback = new FutureResultCallback()
+
+        when:
+        new CommandReadOperation<Document>('admin',
+                new BsonDocumentWrapper<Document>(new Document('dbstats', 1), new DocumentCodec()), new DocumentCodec())
+                .executeAsync(new AsyncClusterBinding(cluster, ReadPreference.primary(), ReadConcern.DEFAULT), callback)
+        callback.get()
+
+        then:
+        noExceptionThrown()
+
+        cleanup:
+        cluster.close()
+
+        where:
+        credentials << [[userNinePrepped], [userNineUnprepped], [userFourPrepped], [userFourUnprepped]]
+    }
+}