Class: Mongo::Auth::X509::Conversation Private

Inherits:

ConversationBase

• Object
• ConversationBase
• Mongo::Auth::X509::Conversation

Defined in:

lib/mongo/auth/x509/conversation.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Defines behavior around a single X.509 conversation between the client and server.

Since:

• 2.0.0

Constant Summary

LOGIN =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

The login message.

Since:

• 2.0.0

{ authenticate: 1, mechanism: X509::MECHANISM }.freeze

Instance Attribute Summary

Attributes inherited from ConversationBase

#connection, #user

Instance Method Summary

• #speculative_auth_document ⇒ Hash | nil private

  Returns the hash to provide to the server in the handshake as value of the speculativeAuthenticate key.

• #start(connection) ⇒ Protocol::Query private

  Start the X.509 conversation.

Methods inherited from ConversationBase

#initialize

Constructor Details

This class inherits a constructor from Mongo::Auth::ConversationBase

Instance Method Details

#speculative_auth_document ⇒ Hash | nil

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns the hash to provide to the server in the handshake as value of the speculativeAuthenticate key.

If the auth mechanism does not support speculative authentication, this method returns nil.

Returns:

• (Hash | nil) —

  Speculative authentication document.

Since:

• 2.0.0

# File 'lib/mongo/auth/x509/conversation.rb', line 74

def speculative_auth_document
  client_first_document
end

#start(connection) ⇒ Protocol::Query

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Start the X.509 conversation. This returns the first message that needs to be sent to the server.

Parameters:

• connection (Server::Connection) —

  The connection being authenticated.

Returns:

• (Protocol::Query) —

  The first X.509 conversation message.

Since:

• 2.0.0

# File 'lib/mongo/auth/x509/conversation.rb', line 40

def start(connection)
  login = client_first_document
  if connection && connection.features.op_msg_enabled?
    selector = login
    # The only valid database for X.509 authentication is $external.
    if user.auth_source != '$external'
      user_name_msg = if user.name
        " #{user.name}"
      else
        ''
      end
      raise Auth::InvalidConfiguration, "User#{user_name_msg} specifies auth source '#{user.auth_source}', but the only valid auth source for X.509 is '$external'"
    end
    selector[Protocol::Msg::DATABASE_IDENTIFIER] = '$external'
    cluster_time = connection.mongos? && connection.cluster_time
    selector[Operation::CLUSTER_TIME] = cluster_time if cluster_time
    Protocol::Msg.new([], {}, selector)
  else
    Protocol::Query.new(
      Auth::EXTERNAL,
      Database::COMMAND,
      login,
      limit: -1
    )
  end
end