forked from mongodb/mongo-go-driver
/
x509.go
66 lines (54 loc) · 2.13 KB
/
x509.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
// Copyright (C) MongoDB, Inc. 2017-present.
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License. You may obtain
// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
package auth
import (
"context"
"github.com/mongodb/mongo-go-driver/bson"
"github.com/mongodb/mongo-go-driver/core/command"
"github.com/mongodb/mongo-go-driver/core/description"
"github.com/mongodb/mongo-go-driver/core/wiremessage"
"github.com/mongodb/mongo-go-driver/internal/observability"
"go.opencensus.io/stats"
"go.opencensus.io/tag"
"go.opencensus.io/trace"
)
// MongoDBX509 is the mechanism name for MongoDBX509.
const MongoDBX509 = "MONGODB-X509"
func newMongoDBX509Authenticator(cred *Cred) (Authenticator, error) {
return &MongoDBX509Authenticator{User: cred.Username}, nil
}
// MongoDBX509Authenticator uses X.509 certificates over TLS to authenticate a connection.
type MongoDBX509Authenticator struct {
User string
}
// Auth implements the Authenticator interface.
func (a *MongoDBX509Authenticator) Auth(ctx context.Context, desc description.Server, rw wiremessage.ReadWriter) error {
ctx, _ = tag.New(ctx, tag.Insert(observability.KeyMethod, "mongodbx509_auth"))
ctx, span := trace.StartSpan(ctx, "mongo-go/core/auth.(*MongoDBX509Authenticator).Auth")
defer span.End()
authRequestDoc := bson.NewDocument(
bson.EC.Int32("authenticate", 1),
bson.EC.String("mechanism", MongoDBX509),
)
if desc.WireVersion.Max < 5 {
authRequestDoc.Append(bson.EC.String("user", a.User))
}
authCmd := command.Read{DB: "$external", Command: authRequestDoc}
ssdesc := description.SelectedServer{Server: desc}
span.Annotatef(nil, "Invoking authCmd.RoundTrip")
_, err := authCmd.RoundTrip(ctx, ssdesc, rw)
span.Annotatef(nil, "Finished invoking authCmd.RoundTrip")
if err != nil {
ctx, _ = tag.New(ctx, tag.Upsert(observability.KeyPart, "authcmd_roundtrip"))
stats.Record(ctx, observability.MErrors.M(1))
span.SetStatus(trace.Status{
Code: int32(trace.StatusCodeInternal),
Message: err.Error(),
})
return newAuthError("round trip error", err)
}
return nil
}