JAVA-2403: Don't require a username in the connection string for MONGODB-X509 authentication mechanism

          For all other mechanisms throw an IllegalArgumentException if there is no username

Author: jyemin

driver-core/src/main/com/mongodb/ConnectionString.java

@@ -30,11 +30,6 @@
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
-import static com.mongodb.AuthenticationMechanism.GSSAPI;
-import static com.mongodb.AuthenticationMechanism.MONGODB_CR;
-import static com.mongodb.AuthenticationMechanism.MONGODB_X509;
-import static com.mongodb.AuthenticationMechanism.PLAIN;
-import static com.mongodb.AuthenticationMechanism.SCRAM_SHA_1;
 import static java.lang.String.format;
 import static java.util.Arrays.asList;
 import static java.util.Collections.singletonList;
@@ -474,10 +469,6 @@ private ReadPreference createReadPreference(final Map<String, List<String>> opti
 
     private MongoCredential createCredentials(final Map<String, List<String>> optionsMap, final String userName,
                                               final char[] password) {
-        if (userName == null) {
-            return null;
-        }
-
         AuthenticationMechanism mechanism = null;
         String authSource = (database == null) ? "admin" : database;
         String gssapiServiceName = null;
@@ -501,28 +492,38 @@ private MongoCredential createCredentials(final Map<String, List<String>> option
             }
         }
 
-        MongoCredential credential;
-        if (mechanism == GSSAPI) {
-            credential = MongoCredential.createGSSAPICredential(userName);
-            if (gssapiServiceName != null) {
-                credential = credential.withMechanismProperty("SERVICE_NAME", gssapiServiceName);
+
+        MongoCredential credential = null;
+        if (mechanism != null) {
+            switch (mechanism) {
+                case GSSAPI:
+                    credential = MongoCredential.createGSSAPICredential(userName);
+                    if (gssapiServiceName != null) {
+                        credential = credential.withMechanismProperty("SERVICE_NAME", gssapiServiceName);
+                    }
+                    break;
+                case PLAIN:
+                    credential = MongoCredential.createPlainCredential(userName, authSource, password);
+                    break;
+                case MONGODB_CR:
+                    credential = MongoCredential.createMongoCRCredential(userName, authSource, password);
+                    break;
+                case MONGODB_X509:
+                    credential = MongoCredential.createMongoX509Credential(userName);
+                    break;
+                case SCRAM_SHA_1:
+                    credential = MongoCredential.createScramSha1Credential(userName, authSource, password);
+                    break;
+                default:
+                    throw new UnsupportedOperationException(format("The connection string contains an invalid authentication mechanism'. "
+                                                                           + "'%s' is not a supported authentication mechanism",
+                            mechanism));
             }
-        } else if (mechanism == PLAIN) {
-            credential = MongoCredential.createPlainCredential(userName, authSource, password);
-        } else if (mechanism == MONGODB_CR) {
-            credential = MongoCredential.createMongoCRCredential(userName, authSource, password);
-        } else if (mechanism == MONGODB_X509) {
-            credential = MongoCredential.createMongoX509Credential(userName);
-        } else if (mechanism == SCRAM_SHA_1) {
-            credential = MongoCredential.createScramSha1Credential(userName, authSource, password);
-        } else if (mechanism == null) {
+        } else if (userName != null) {
             credential = MongoCredential.createCredential(userName, authSource, password);
-        } else {
-            throw new UnsupportedOperationException(format("The connection string contains an invalid authentication mechanism'. "
-                    + "'%s' is not a supported authentication mechanism", mechanism));
         }
 
-        if (authMechanismProperties != null) {
+        if (credential != null && authMechanismProperties != null) {
             for (String part : authMechanismProperties.split(",")) {
                 String[] mechanismPropertyKeyValue = part.split(":");
                 if (mechanismPropertyKeyValue.length != 2) {

driver-core/src/test/unit/com/mongodb/ConnectionStringSpecification.groovy

@@ -181,6 +181,10 @@ class ConnectionStringSpecification extends Specification {
         'contains tags and primary mode'            | 'mongodb://localhost:27017/?readPreference=primary&readPreferenceTags=dc:ny'
         'contains max staleness and primary mode'   | 'mongodb://localhost:27017/?readPreference=primary&maxStalenessSeconds=100'
         'contains non-integral max staleness'       | 'mongodb://localhost:27017/?readPreference=secondary&maxStalenessSeconds=100.0'
+        'contains GSSAPI mechanism with no user'    | 'mongodb://localhost:27017/?authMechanism=GSSAPI'
+        'contains SCRAM mechanism with no user'     | 'mongodb://localhost:27017/?authMechanism=SCRAM-SHA-1'
+        'contains MONGODB mechanism with no user'   | 'mongodb://localhost:27017/?authMechanism=MONGODB-CR'
+        'contains PLAIN mechanism with no user'     | 'mongodb://localhost:27017/?authMechanism=PLAIN'
     }
 
     def 'should have correct defaults for options'() {
@@ -228,6 +232,8 @@ class ConnectionStringSpecification extends Specification {
                            'authMechanism=PLAIN')             | asList(createPlainCredential('jeff', 'admin', '123'.toCharArray()))
         new ConnectionString('mongodb://jeff@localhost/?' +
                            'authMechanism=MONGODB-X509')      | asList(createMongoX509Credential('jeff'))
+        new ConnectionString('mongodb://localhost/?' +
+                           'authMechanism=MONGODB-X509')      | asList(createMongoX509Credential())
         new ConnectionString('mongodb://jeff@localhost/?' +
                            'authMechanism=GSSAPI' +
                            '&gssapiServiceName=foo')          | asList(createGSSAPICredential('jeff')
@@ -253,6 +259,18 @@ class ConnectionStringSpecification extends Specification {
                                                                           .withMechanismProperty('SERVICE_REALM', 'AWESOME'))
     }
 
+    def 'should ignore authSource if there is no credential'() {
+        expect:
+        new ConnectionString('mongodb://localhost/?authSource=test').credentialList == []
+
+    }
+
+    def 'should ignore authMechanismProperties if there is no credential'() {
+        expect:
+        new ConnectionString('mongodb://localhost/?&authMechanismProperties=SERVICE_REALM:AWESOME').credentialList == []
+
+    }
+
     @Unroll
     def 'should create immutable credential list'() {
         when: