Skip to content

Commit 68f3844

Browse files
rozzarozza
committed
Updated ScramSha Auth tests
Updated the tests to the new ones in DRIVERS 439
1 parent 732acdb commit 68f3844

File tree

1 file changed

+157
-33
lines changed

1 file changed

+157
-33
lines changed

driver-core/src/test/unit/com/mongodb/connection/ScramShaAuthenticatorSpecification.groovy

Lines changed: 157 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -38,15 +38,21 @@ class ScramShaAuthenticatorSpecification extends Specification {
3838
private final static MongoCredentialWithCache SHA256_CREDENTIAL =
3939
new MongoCredentialWithCache(createScramSha256Credential('user', 'database', 'pencil' as char[]))
4040

41-
def 'should successfully authenticate with sha1 to RFC spec'() {
42-
when:
41+
def 'should successfully authenticate with sha1 as per RFC spec'() {
42+
given:
43+
def user = 'user'
44+
def password = 'pencil'
45+
def preppedPassword = 'pencil'
4346
def payloads = '''
4447
C: n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL
4548
S: r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096
4649
C: c=biws,r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,p=v0X8v3Bz2T0CJGbJQyF0X+HI4Ts=
4750
S: v=rmF9pqV8S7suAoZWja4dJRkFsKQ=
4851
'''
49-
def authenticator = new ScramShaAuthenticator(SHA1_CREDENTIAL, { 'fyko+d2lbbFgONRv9qkxdawL' }, { 'pencil' })
52+
53+
when:
54+
def credential = new MongoCredentialWithCache(createScramSha1Credential(user, 'database', password as char[]))
55+
def authenticator = new ScramShaAuthenticator(credential, { 'fyko+d2lbbFgONRv9qkxdawL' }, { preppedPassword })
5056

5157
then:
5258
validateAuthentication(payloads, authenticator, async)
@@ -55,15 +61,21 @@ class ScramShaAuthenticatorSpecification extends Specification {
5561
async << [true, false]
5662
}
5763

58-
def 'should successfully authenticate with sha256 to RFC spec'() {
59-
when:
64+
def 'should successfully authenticate with sha256 as per RFC spec'() {
65+
given:
66+
def user = 'user'
67+
def password = 'pencil'
68+
def preppedPassword = 'pencil'
6069
def payloads = '''
6170
C: n,,n=user,r=rOprNGfwEbeRWgbNEkqO
6271
S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096
6372
C: c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=
6473
S: v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=
6574
'''
66-
def authenticator = new ScramShaAuthenticator(SHA256_CREDENTIAL, { 'rOprNGfwEbeRWgbNEkqO' }, { 'pencil' })
75+
76+
when:
77+
def credential = new MongoCredentialWithCache(createScramSha256Credential(user, 'database', password as char[]))
78+
def authenticator = new ScramShaAuthenticator(credential, { 'rOprNGfwEbeRWgbNEkqO' }, { preppedPassword })
6779

6880
then:
6981
validateAuthentication(payloads, authenticator, async)
@@ -72,16 +84,45 @@ class ScramShaAuthenticatorSpecification extends Specification {
7284
async << [true, false]
7385
}
7486

75-
def 'should successfully authenticate with sha1 to MongoDB spec'() {
87+
88+
def 'should successfully authenticate with SHA-1 ASCII'() {
89+
given:
90+
def user = 'user'
91+
def password = 'pencil'
92+
def preppedPassword = 'pencil'
93+
def payloads = '''
94+
C: n,,n=user,r=clientNONCE
95+
S: r=clientNONCEserverNONCE,s=c2FsdFNBTFRzYWx0,i=4096
96+
C: c=biws,r=clientNONCEserverNONCE,p=I4oktcY7BOL0Agn0NlWRXlRP1mg=
97+
S: v=oKPvB1bE/9ydptJ+kohMgL+NdM0=
98+
'''
99+
76100
when:
101+
def credential = new MongoCredentialWithCache(createScramSha1Credential(user, 'database', password as char[]))
102+
def authenticator = new ScramShaAuthenticator(credential, { 'clientNONCE' }, { preppedPassword })
103+
104+
then:
105+
validateAuthentication(payloads, authenticator, async)
106+
107+
where:
108+
async << [true, false]
109+
}
110+
111+
def 'should successfully authenticate with SHA-1 ASCII user'() {
112+
given:
113+
def user = 'user'
114+
def password = 'p\u00e8ncil'
115+
def preppedPassword = 'p\u00e8ncil'
77116
def payloads = '''
78-
C: n,,n=user,r=fyko+d2lbbFgONRv9qkxdawL
79-
S: r=fyko+d2lbbFgONRv9qkxdawLHo+Vgk7qvUOKUwuWLIWg4l/9SraGMHEE,s=rQ9ZY3MntBeuP3E1TDVC4w==,i=10000
80-
C: c=biws,r=fyko+d2lbbFgONRv9qkxdawLHo+Vgk7qvUOKUwuWLIWg4l/9SraGMHEE,p=MC2T8BvbmWRckDw8oWl5IVghwCY=
81-
S: v=UMWeI25JD1yNYZRMpZ4VHvhZ9e0=
117+
C: n,,n=user,r=clientNONCE
118+
S: r=clientNONCEserverNONCE,s=c2FsdFNBTFRzYWx0,i=4096
119+
C: c=biws,r=clientNONCEserverNONCE,p=yn797N2/XhIwZBB29LhEs6D6XVw=
120+
S: v=a6QRQikpGygizEM4/rCOvkgdglI=
82121
'''
83122

84-
def authenticator = new ScramShaAuthenticator(SHA1_CREDENTIAL, { 'fyko+d2lbbFgONRv9qkxdawL' })
123+
when:
124+
def credential = new MongoCredentialWithCache(createScramSha1Credential(user, 'database', password as char[]))
125+
def authenticator = new ScramShaAuthenticator(credential, { 'clientNONCE' }, { preppedPassword })
85126

86127
then:
87128
validateAuthentication(payloads, authenticator, async)
@@ -90,15 +131,44 @@ class ScramShaAuthenticatorSpecification extends Specification {
90131
async << [true, false]
91132
}
92133

93-
def 'should successfully authenticate with sha256 to MongoDB spec'() {
134+
def 'should successfully authenticate with SHA-1 ASCII pass'() {
135+
given:
136+
def user = 'ram\u00f5n'
137+
def password = 'pencil'
138+
def preppedPassword = 'pencil'
139+
def payloads = '''
140+
C: n,,n=ram\u00f5n,r=clientNONCE
141+
S: r=clientNONCEserverNONCE,s=c2FsdFNBTFRzYWx0,i=4096
142+
C: c=biws,r=clientNONCEserverNONCE,p=kvH02DJiH7oHwk+SKpN4plfpF04=
143+
S: v=BoA2mAPlV/b9A5WPDbHmHZi3EGc=
144+
'''
145+
94146
when:
147+
def credential = new MongoCredentialWithCache(createScramSha1Credential(user, 'database', password as char[]))
148+
def authenticator = new ScramShaAuthenticator(credential, { 'clientNONCE' }, { preppedPassword })
149+
150+
then:
151+
validateAuthentication(payloads, authenticator, async)
152+
153+
where:
154+
async << [true, false]
155+
}
156+
157+
def 'should successfully authenticate with SHA-256 ASCII'(){
158+
given:
159+
def user ='user'
160+
def password ='pencil'
161+
def preppedPassword ='pencil'
95162
def payloads = '''
96-
C: n,,n=user,r=rOprNGfwEbeRWgbNEkqO
97-
S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096
98-
C: c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ=
99-
S: v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=
163+
C: n,,n=user,r=clientNONCE
164+
S: r=clientNONCEserverNONCE,s=c2FsdFNBTFRzYWx0,i=4096
165+
C: c=biws,r=clientNONCEserverNONCE,p=ItXnHvCDW7VGij6H+4rv2o93HvkLwrQaLkfVjeSMfrc=
166+
S: v=P61v8wxOu6B9J7Uij+Sk4zewSK1e6en6f5rCFO4OUNE=
100167
'''
101-
def authenticator = new ScramShaAuthenticator(SHA256_CREDENTIAL, { 'rOprNGfwEbeRWgbNEkqO' })
168+
169+
when:
170+
def credential = new MongoCredentialWithCache(createScramSha256Credential(user, 'database', password as char[]))
171+
def authenticator = new ScramShaAuthenticator(credential, { 'clientNONCE' }, { preppedPassword })
102172

103173
then:
104174
validateAuthentication(payloads, authenticator, async)
@@ -107,17 +177,44 @@ class ScramShaAuthenticatorSpecification extends Specification {
107177
async << [true, false]
108178
}
109179

110-
def 'should prep username and password correctly for SHA1'() {
180+
def 'should successfully authenticate with SHA-256 ASCII user'(){
181+
given:
182+
def user ='user'
183+
def password ='p\u00e8ncil'
184+
def preppedPassword ='p\u00e8ncil'
185+
def payloads = '''
186+
C: n,,n=user,r=clientNONCE
187+
S: r=clientNONCEserverNONCE,s=c2FsdFNBTFRzYWx0,i=4096
188+
C: c=biws,r=clientNONCEserverNONCE,p=o6rKPfQCKSGHClFxHjdSeiVCPA6K53++gpY3XlP8lI8=
189+
S: v=rsyNAwnHfclZKxAKx1tKfInH3xPVAzCy237DQo5n/N8=
190+
'''
191+
111192
when:
193+
def credential = new MongoCredentialWithCache(createScramSha256Credential(user, 'database', password as char[]))
194+
def authenticator = new ScramShaAuthenticator(credential, { 'clientNONCE' }, { preppedPassword })
195+
196+
then:
197+
validateAuthentication(payloads, authenticator, async)
198+
199+
where:
200+
async << [true, false]
201+
}
202+
203+
def 'should successfully authenticate with SHA-256 ASCII pass'(){
204+
given:
205+
def user ='ram\u00f5n'
206+
def password ='pencil'
207+
def preppedPassword ='pencil'
112208
def payloads = '''
113-
C: n,,n=ramo̒n,r=R815pGP84+H0OFRk+U/48qC+kwjw5TYS
114-
S: r=R815pGP84+H0OFRk+U/48qC+kwjw5TYSYjSeMWrU25u8Q73D9uM5aI4dxwOMaY3V,s=c2FsdA==,i=4096
115-
C: c=biws,r=R815pGP84+H0OFRk+U/48qC+kwjw5TYSYjSeMWrU25u8Q73D9uM5aI4dxwOMaY3V,p=Ib+1kvxT12Bj2FhVE68qtijgNfo=
116-
S: v=+cMTpXM1VzX5fEjtLXuNji5DeyA=
209+
C: n,,n=ram\u00f5n,r=clientNONCE
210+
S: r=clientNONCEserverNONCE,s=c2FsdFNBTFRzYWx0,i=4096
211+
C: c=biws,r=clientNONCEserverNONCE,p=vRdD7SqiY5kMyAFX2enPOJK9BL+3YIVyuzCt1H2qc4o=
212+
S: v=sh7QPwVuquMatYobYpYOaPiNS+lqwTCmy3rdexRDDkE=
117213
'''
118214

119-
def credential = new MongoCredentialWithCache(createScramSha1Credential('ramo\u0312n', 'database', 'p\u212Bssword' as char[]))
120-
def authenticator = new ScramShaAuthenticator(credential, { 'R815pGP84+H0OFRk+U/48qC+kwjw5TYS' })
215+
when:
216+
def credential = new MongoCredentialWithCache(createScramSha256Credential(user, 'database', password as char[]))
217+
def authenticator = new ScramShaAuthenticator(credential, { 'clientNONCE' }, { preppedPassword })
121218

122219
then:
123220
validateAuthentication(payloads, authenticator, async)
@@ -126,17 +223,44 @@ class ScramShaAuthenticatorSpecification extends Specification {
126223
async << [true, false]
127224
}
128225

129-
def 'should prep username and password correctly for SHA256'() {
226+
def 'should successfully authenticate with SHA-256 SASLprep normal'(){
227+
given:
228+
def user ='ram\u00f5n'
229+
def password ='p\u00c5assword'
230+
def preppedPassword ='p\u00c5assword'
231+
def payloads = '''
232+
C: n,,n=ram\u00f5n,r=clientNONCE
233+
S: r=clientNONCEserverNONCE,s=c2FsdFNBTFRzYWx0,i=4096
234+
C: c=biws,r=clientNONCEserverNONCE,p=Km2zqmf/GbLdkItzscNI5D0c1f+GmLDi2fScTPm6d4k=
235+
S: v=30soY0l2BiInoDyrHxIuamz2LBvci1lFKo/tOMpqo98=
236+
'''
237+
130238
when:
239+
def credential = new MongoCredentialWithCache(createScramSha256Credential(user, 'database', password as char[]))
240+
def authenticator = new ScramShaAuthenticator(credential, { 'clientNONCE' }, { preppedPassword })
241+
242+
then:
243+
validateAuthentication(payloads, authenticator, async)
244+
245+
where:
246+
async << [true, false]
247+
}
248+
249+
def 'should successfully authenticate with SHA-256 SASLprep non-normal'(){
250+
given:
251+
def user ='ramo\u0301n'
252+
def password ='p\u212bssword'
253+
def preppedPassword ='p\u00c5ssword'
131254
def payloads = '''
132-
C: n,,n=u=2Cs1⁄2e ́rIX=3D,r=rOfhDB+wEbeRWgbNEkq9
133-
S: r=rOfhDB+wEbeRWgbNEkq9%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,s=QSXCR+Q6sek8bf92,i=4096
134-
C: c=biws,r=rOfhDB+wEbeRWgbNEkq9%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0,p=+435koC4wp2/T9ORQmy75R13f1QGv9phV9LYQwssJZE=
135-
S: v=DKoN/Dii8S1ozDCVVJ7eAPHAe0KczTtxn2BsQtUeUgI=
255+
C: n,,n=ram\u00f3n,r=clientNONCE
256+
S: r=clientNONCEserverNONCE,s=c2FsdFNBTFRzYWx0,i=4096
257+
C: c=biws,r=clientNONCEserverNONCE,p=KXgIc8B+d5k3zx1P4rfs4TiybIlv11O85Jl1TrzEsfI=
258+
S: v=zG9u+MI5GPTROhnW/W1PUCKV4Uvp2SHzwFOZV9Hth/c=
136259
'''
137-
def credential = new MongoCredentialWithCache(
138-
createScramSha256Credential('u,s\u00BDe\u00B4r\u2168=', 'database', '\u2168pen\u00AAcil' as char[]))
139-
def authenticator = new ScramShaAuthenticator(credential, { 'rOfhDB+wEbeRWgbNEkq9' })
260+
261+
when:
262+
def credential = new MongoCredentialWithCache(createScramSha256Credential(user, 'database', password as char[]))
263+
def authenticator = new ScramShaAuthenticator(credential, { 'clientNONCE' }, { preppedPassword })
140264

141265
then:
142266
validateAuthentication(payloads, authenticator, async)

0 commit comments

Comments
 (0)