-
Notifications
You must be signed in to change notification settings - Fork 54
/
auth.go
146 lines (119 loc) · 4.33 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
package protocol
import (
"fmt"
"github.com/SAP/go-hdb/driver/internal/protocol/auth"
"github.com/SAP/go-hdb/driver/internal/protocol/encoding"
)
// AuthHnd holds the client authentication methods dependent on the driver.Connector attributes and handles the authentication hdb protocol.
type AuthHnd struct {
logonname string
methods auth.Methods
selected auth.Method // selected method
}
// NewAuthHnd creates a new AuthHnd instance.
func NewAuthHnd(logonname string) *AuthHnd {
return &AuthHnd{logonname: logonname, methods: auth.Methods{}}
}
func (a *AuthHnd) String() string { return "logonname " + a.logonname }
// AddSessionCookie adds session cookie authentication method.
func (a *AuthHnd) AddSessionCookie(cookie []byte, logonname, clientID string) {
a.methods[auth.MtSessionCookie] = auth.NewSessionCookie(cookie, logonname, clientID)
}
// AddBasic adds basic authentication methods.
func (a *AuthHnd) AddBasic(username, password string) {
a.methods[auth.MtSCRAMPBKDF2SHA256] = auth.NewSCRAMPBKDF2SHA256(username, password)
a.methods[auth.MtSCRAMSHA256] = auth.NewSCRAMSHA256(username, password)
}
// AddJWT adds JWT authentication method.
func (a *AuthHnd) AddJWT(token string) { a.methods[auth.MtJWT] = auth.NewJWT(token) }
// AddX509 adds X509 authentication method.
func (a *AuthHnd) AddX509(certKey *auth.CertKey) { a.methods[auth.MtX509] = auth.NewX509(certKey) }
// Selected returns the selected authentication method.
func (a *AuthHnd) Selected() auth.Method { return a.selected }
func (a *AuthHnd) setMethod(mt string) error {
var ok bool
if a.selected, ok = a.methods[mt]; !ok {
return fmt.Errorf("invalid method type: %s", mt)
}
return nil
}
// InitRequest returns the init request part.
func (a *AuthHnd) InitRequest() (*AuthInitRequest, error) {
prms := &auth.Prms{}
prms.AddCESU8String(a.logonname)
for _, m := range a.methods.Order() {
if err := m.PrepareInitReq(prms); err != nil {
return nil, err
}
}
return &AuthInitRequest{prms: prms}, nil
}
// InitReply returns the init reply part.
func (a *AuthHnd) InitReply() (*AuthInitReply, error) { return &AuthInitReply{authHnd: a}, nil }
// FinalRequest returns the final request part.
func (a *AuthHnd) FinalRequest() (*AuthFinalRequest, error) {
prms := &auth.Prms{}
if err := a.selected.PrepareFinalReq(prms); err != nil {
return nil, err
}
return &AuthFinalRequest{prms}, nil
}
// FinalReply returns the final reply part.
func (a *AuthHnd) FinalReply() (*AuthFinalReply, error) {
return &AuthFinalReply{method: a.selected}, nil
}
// AuthInitRequest represents an authentication initial request.
type AuthInitRequest struct {
prms *auth.Prms
}
func (r *AuthInitRequest) String() string { return r.prms.String() }
func (r *AuthInitRequest) size() int { return r.prms.Size() }
func (r *AuthInitRequest) decode(dec *encoding.Decoder) error { return r.prms.Decode(dec) }
func (r *AuthInitRequest) encode(enc *encoding.Encoder) error { return r.prms.Encode(enc) }
// AuthInitReply represents an authentication initial reply.
type AuthInitReply struct {
authHnd *AuthHnd
}
func (r *AuthInitReply) String() string { return r.authHnd.String() }
func (r *AuthInitReply) decode(dec *encoding.Decoder) error {
if r.authHnd == nil {
return nil
}
d := auth.NewDecoder(dec)
if err := d.NumPrm(2); err != nil {
return err
}
mt := d.String()
if err := r.authHnd.setMethod(mt); err != nil {
return err
}
if err := r.authHnd.selected.InitRepDecode(d); err != nil {
return err
}
return dec.Error()
}
// AuthFinalRequest represents an authentication final request.
type AuthFinalRequest struct {
prms *auth.Prms
}
func (r *AuthFinalRequest) String() string { return r.prms.String() }
func (r *AuthFinalRequest) size() int { return r.prms.Size() }
func (r *AuthFinalRequest) decode(dec *encoding.Decoder) error {
return nil
// panic("not implemented yet")
}
func (r *AuthFinalRequest) encode(enc *encoding.Encoder) error { return r.prms.Encode(enc) }
// AuthFinalReply represents an authentication final reply.
type AuthFinalReply struct {
method auth.Method
}
func (r *AuthFinalReply) String() string { return r.method.String() }
func (r *AuthFinalReply) decode(dec *encoding.Decoder) error {
if r.method == nil {
return nil
}
if err := r.method.FinalRepDecode(auth.NewDecoder(dec)); err != nil {
return err
}
return dec.Error()
}