github.com/mdaxf/iac@v0.0.0-20240519030858-58a061660378/vendor_skip/go.mongodb.org/mongo-driver/x/mongo/driver/auth/mongodbcr.go (about) 1 // Copyright (C) MongoDB, Inc. 2017-present. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); you may 4 // not use this file except in compliance with the License. You may obtain 5 // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 6 7 package auth 8 9 import ( 10 "context" 11 "fmt" 12 "io" 13 14 // Ignore gosec warning "Blocklisted import crypto/md5: weak cryptographic primitive". We need 15 // to use MD5 here to implement the MONGODB-CR specification. 16 /* #nosec G501 */ 17 "crypto/md5" 18 19 "go.mongodb.org/mongo-driver/bson" 20 "go.mongodb.org/mongo-driver/x/bsonx/bsoncore" 21 "go.mongodb.org/mongo-driver/x/mongo/driver" 22 "go.mongodb.org/mongo-driver/x/mongo/driver/operation" 23 ) 24 25 // MONGODBCR is the mechanism name for MONGODB-CR. 26 // 27 // The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in 28 // MongoDB 4.0. 29 const MONGODBCR = "MONGODB-CR" 30 31 func newMongoDBCRAuthenticator(cred *Cred) (Authenticator, error) { 32 return &MongoDBCRAuthenticator{ 33 DB: cred.Source, 34 Username: cred.Username, 35 Password: cred.Password, 36 }, nil 37 } 38 39 // MongoDBCRAuthenticator uses the MONGODB-CR algorithm to authenticate a connection. 40 // 41 // The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in 42 // MongoDB 4.0. 43 type MongoDBCRAuthenticator struct { 44 DB string 45 Username string 46 Password string 47 } 48 49 // Auth authenticates the connection. 50 // 51 // The MONGODB-CR authentication mechanism is deprecated in MongoDB 3.6 and removed in 52 // MongoDB 4.0. 53 func (a *MongoDBCRAuthenticator) Auth(ctx context.Context, cfg *Config) error { 54 55 db := a.DB 56 if db == "" { 57 db = defaultAuthDB 58 } 59 60 doc := bsoncore.BuildDocumentFromElements(nil, bsoncore.AppendInt32Element(nil, "getnonce", 1)) 61 cmd := operation.NewCommand(doc). 62 Database(db). 63 Deployment(driver.SingleConnectionDeployment{cfg.Connection}). 64 ClusterClock(cfg.ClusterClock). 65 ServerAPI(cfg.ServerAPI) 66 err := cmd.Execute(ctx) 67 if err != nil { 68 return newError(err, MONGODBCR) 69 } 70 rdr := cmd.Result() 71 72 var getNonceResult struct { 73 Nonce string `bson:"nonce"` 74 } 75 76 err = bson.Unmarshal(rdr, &getNonceResult) 77 if err != nil { 78 return newAuthError("unmarshal error", err) 79 } 80 81 doc = bsoncore.BuildDocumentFromElements(nil, 82 bsoncore.AppendInt32Element(nil, "authenticate", 1), 83 bsoncore.AppendStringElement(nil, "user", a.Username), 84 bsoncore.AppendStringElement(nil, "nonce", getNonceResult.Nonce), 85 bsoncore.AppendStringElement(nil, "key", a.createKey(getNonceResult.Nonce)), 86 ) 87 cmd = operation.NewCommand(doc). 88 Database(db). 89 Deployment(driver.SingleConnectionDeployment{cfg.Connection}). 90 ClusterClock(cfg.ClusterClock). 91 ServerAPI(cfg.ServerAPI) 92 err = cmd.Execute(ctx) 93 if err != nil { 94 return newError(err, MONGODBCR) 95 } 96 97 return nil 98 } 99 100 func (a *MongoDBCRAuthenticator) createKey(nonce string) string { 101 // Ignore gosec warning "Use of weak cryptographic primitive". We need to use MD5 here to 102 // implement the MONGODB-CR specification. 103 /* #nosec G401 */ 104 h := md5.New() 105 106 _, _ = io.WriteString(h, nonce) 107 _, _ = io.WriteString(h, a.Username) 108 _, _ = io.WriteString(h, mongoPasswordDigest(a.Username, a.Password)) 109 return fmt.Sprintf("%x", h.Sum(nil)) 110 }