CSHARP-3196: Mongodb 4.4: Got MongoAuthenticationException : Server sent an invalid nonce.

Author: DmitryLukyanov

src/MongoDB.Driver.Core/Core/Authentication/AuthenticationHelper.cs

@@ -18,7 +18,6 @@
 using System.Runtime.InteropServices;
 using System.Security;
 using System.Security.Cryptography;
-using System.Text;
 using System.Threading;
 using System.Threading.Tasks;
 using MongoDB.Bson;
@@ -30,30 +29,32 @@ namespace MongoDB.Driver.Core.Authentication
 {
     internal static class AuthenticationHelper
     {
-        public static void Authenticate(IConnection connection, ConnectionDescription description, CancellationToken cancellationToken)
+        public static void Authenticate(IConnection connection, ConnectionDescription description, IReadOnlyList<IAuthenticator> authenticators, CancellationToken cancellationToken)
         {
             Ensure.IsNotNull(connection, nameof(connection));
             Ensure.IsNotNull(description, nameof(description));
+            Ensure.IsNotNull(authenticators, nameof(authenticators));
 
             // authentication is currently broken on arbiters
             if (!description.IsMasterResult.IsArbiter)
             {
-                foreach (var authenticator in connection.Settings.Authenticators)
+                foreach (var authenticator in authenticators)
                 {
                     authenticator.Authenticate(connection, description, cancellationToken);
                 }
             }
         }
 
-        public static async Task AuthenticateAsync(IConnection connection, ConnectionDescription description, CancellationToken cancellationToken)
+        public static async Task AuthenticateAsync(IConnection connection, ConnectionDescription description, IReadOnlyList<IAuthenticator> authenticators, CancellationToken cancellationToken)
         {
             Ensure.IsNotNull(connection, nameof(connection));
             Ensure.IsNotNull(description, nameof(description));
+            Ensure.IsNotNull(authenticators, nameof(authenticators));
 
             // authentication is currently broken on arbiters
             if (!description.IsMasterResult.IsArbiter)
             {
-                foreach (var authenticator in connection.Settings.Authenticators)
+                foreach (var authenticator in authenticators)
                 {
                     await authenticator.AuthenticateAsync(connection, description, cancellationToken).ConfigureAwait(false);
                 }

src/MongoDB.Driver.Core/Core/Authentication/AuthenticatorFactory.cs

@@ -0,0 +1,43 @@
+/* Copyright 2020-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using System;
+using MongoDB.Driver.Core.Misc;
+
+namespace MongoDB.Driver.Core.Authentication
+{
+    /// <summary>
+    /// Represents an authenticator factory.
+    /// </summary>
+    public class AuthenticatorFactory : IAuthenticatorFactory
+    {
+        private readonly Func<IAuthenticator> _authenticatorFactoryFunc;
+
+        /// <summary>
+        /// Create an authenticatorFactory.
+        /// </summary>
+        /// <param name="authenticatorFactoryFunc">The authenticatorFactoryFunc.</param>
+        public AuthenticatorFactory(Func<IAuthenticator> authenticatorFactoryFunc)
+        {
+            _authenticatorFactoryFunc = Ensure.IsNotNull(authenticatorFactoryFunc, nameof(authenticatorFactoryFunc));
+        }
+
+        /// <inheritdoc/>
+        public IAuthenticator Create()
+        {
+            return _authenticatorFactoryFunc();
+        }
+    }
+}

src/MongoDB.Driver.Core/Core/Authentication/IAuthenticatorFactory.cs

@@ -0,0 +1,29 @@
+/* Copyright 2020-present MongoDB Inc.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+namespace MongoDB.Driver.Core.Authentication
+{
+    /// <summary>
+    /// Represents an authenticator factory.
+    /// </summary>
+    public interface IAuthenticatorFactory
+    {
+        /// <summary>
+        /// Create an authenticator.
+        /// </summary>
+        /// <returns>The authenticator.</returns>
+        IAuthenticator Create();
+    }
+}

src/MongoDB.Driver.Core/Core/Configuration/ClusterBuilder.cs

@@ -252,7 +252,7 @@ private ServerFactory CreateServerFactory()
         private IServerMonitorFactory CreateServerMonitorFactory()
         {
             var serverMonitorConnectionSettings = _connectionSettings
-                .With(authenticators: new IAuthenticator[] { });
+                .With(authenticatorFactories: new IAuthenticatorFactory[] { });
 
             var heartbeatConnectTimeout = _tcpStreamSettings.ConnectTimeout;
             if (heartbeatConnectTimeout == TimeSpan.Zero || heartbeatConnectTimeout == Timeout.InfiniteTimeSpan)

src/MongoDB.Driver.Core/Core/Configuration/ClusterBuilderExtensions.cs

@@ -111,8 +111,8 @@ public static ClusterBuilder ConfigureWithConnectionString(this ClusterBuilder b
             // Connection
             if (connectionString.Username != null)
             {
-                var authenticator = CreateAuthenticator(connectionString);
-                builder = builder.ConfigureConnection(s => s.With(authenticators: new[] { authenticator }));
+                var authenticatorFactory = new AuthenticatorFactory(() => CreateAuthenticator(connectionString));
+                builder = builder.ConfigureConnection(s => s.With(authenticatorFactories: new[] { authenticatorFactory }));
             }
             if (connectionString.ApplicationName != null)
             {

src/MongoDB.Driver.Core/Core/Configuration/ConnectionSettings.cs

@@ -27,14 +27,9 @@ namespace MongoDB.Driver.Core.Configuration
     /// </summary>
     public class ConnectionSettings
     {
-        #region static
-        // static fields
-        private static readonly IReadOnlyList<IAuthenticator> __noAuthenticators = new IAuthenticator[0];
-        #endregion
-
         // fields
         private readonly string _applicationName;
-        private readonly IReadOnlyList<IAuthenticator> _authenticators;
+        private readonly IReadOnlyList<IAuthenticatorFactory> _authenticatorFactories;
         private readonly IReadOnlyList<CompressorConfiguration> _compressors;
         private readonly TimeSpan _maxIdleTime;
         private readonly TimeSpan _maxLifeTime;
@@ -43,19 +38,19 @@ public class ConnectionSettings
         /// <summary>
         /// Initializes a new instance of the <see cref="ConnectionSettings" /> class.
         /// </summary>
-        /// <param name="authenticators">The authenticators.</param>
+        /// <param name="authenticatorFactories">The authenticator factories.</param>
         /// <param name="compressors">The compressors.</param>
         /// <param name="maxIdleTime">The maximum idle time.</param>
         /// <param name="maxLifeTime">The maximum life time.</param>
         /// <param name="applicationName">The application name.</param>
         public ConnectionSettings(
-            Optional<IEnumerable<IAuthenticator>> authenticators = default(Optional<IEnumerable<IAuthenticator>>),
+            Optional<IEnumerable<IAuthenticatorFactory>> authenticatorFactories = default,
             Optional<IEnumerable<CompressorConfiguration>> compressors = default(Optional<IEnumerable<CompressorConfiguration>>),
             Optional<TimeSpan> maxIdleTime = default(Optional<TimeSpan>),
             Optional<TimeSpan> maxLifeTime = default(Optional<TimeSpan>),
             Optional<string> applicationName = default(Optional<string>))
         {
-            _authenticators = Ensure.IsNotNull(authenticators.WithDefault(__noAuthenticators), "authenticators").ToList();
+            _authenticatorFactories = Ensure.IsNotNull(authenticatorFactories.WithDefault(Enumerable.Empty<IAuthenticatorFactory>()), nameof(authenticatorFactories)).ToList().AsReadOnly();
             _compressors = Ensure.IsNotNull(compressors.WithDefault(Enumerable.Empty<CompressorConfiguration>()), nameof(compressors)).ToList();
             _maxIdleTime = Ensure.IsGreaterThanZero(maxIdleTime.WithDefault(TimeSpan.FromMinutes(10)), "maxIdleTime");
             _maxLifeTime = Ensure.IsGreaterThanZero(maxLifeTime.WithDefault(TimeSpan.FromMinutes(30)), "maxLifeTime");
@@ -75,14 +70,14 @@ public string ApplicationName
         }
 
         /// <summary>
-        /// Gets the authenticators.
+        /// Gets the authenticator factories.
         /// </summary>
         /// <value>
-        /// The authenticators.
+        /// The authenticator factories.
         /// </value>
-        public IReadOnlyList<IAuthenticator> Authenticators
+        public IReadOnlyList<IAuthenticatorFactory> AuthenticatorFactories
         {
-            get { return _authenticators; }
+            get { return _authenticatorFactories; }
         }
 
         /// <summary>
@@ -122,21 +117,21 @@ public TimeSpan MaxLifeTime
         /// <summary>
         /// Returns a new ConnectionSettings instance with some settings changed.
         /// </summary>
-        /// <param name="authenticators">The authenticators.</param>
+        /// <param name="authenticatorFactories">The authenticator factories.</param>
         /// <param name="compressors">The compressors.</param>
         /// <param name="maxIdleTime">The maximum idle time.</param>
         /// <param name="maxLifeTime">The maximum life time.</param>
         /// <param name="applicationName">The application name.</param>
         /// <returns>A new ConnectionSettings instance.</returns>
         public ConnectionSettings With(
-            Optional<IEnumerable<IAuthenticator>> authenticators = default(Optional<IEnumerable<IAuthenticator>>),
+            Optional<IEnumerable<IAuthenticatorFactory>> authenticatorFactories = default,
             Optional<IEnumerable<CompressorConfiguration>> compressors = default(Optional<IEnumerable<CompressorConfiguration>>),
             Optional<TimeSpan> maxIdleTime = default(Optional<TimeSpan>),
             Optional<TimeSpan> maxLifeTime = default(Optional<TimeSpan>),
             Optional<string> applicationName = default(Optional<string>))
         {
             return new ConnectionSettings(
-                authenticators: Optional.Enumerable(authenticators.WithDefault(_authenticators)),
+                authenticatorFactories: Optional.Enumerable(authenticatorFactories.WithDefault(_authenticatorFactories)),
                 compressors: Optional.Enumerable(compressors.WithDefault(_compressors)),
                 maxIdleTime: maxIdleTime.WithDefault(_maxIdleTime),
                 maxLifeTime: maxLifeTime.WithDefault(_maxLifeTime),

src/MongoDB.Driver.Core/Core/Connections/ConnectionInitializer.cs

@@ -14,6 +14,7 @@
 */
 
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
 using MongoDB.Bson;
@@ -42,7 +43,8 @@ public ConnectionInitializer(string applicationName, IReadOnlyList<CompressorCon
         public ConnectionDescription InitializeConnection(IConnection connection, CancellationToken cancellationToken)
         {
             Ensure.IsNotNull(connection, nameof(connection));
-            var isMasterCommand = CreateInitialIsMasterCommand(connection.Settings.Authenticators);
+            var authenticators = connection.Settings.AuthenticatorFactories.Select(f => f.Create()).ToList();
+            var isMasterCommand = CreateInitialIsMasterCommand(authenticators);
             var isMasterProtocol = IsMasterHelper.CreateProtocol(isMasterCommand);
             var isMasterResult = IsMasterHelper.GetResult(connection, isMasterProtocol, cancellationToken);
 
@@ -51,7 +53,7 @@ public ConnectionDescription InitializeConnection(IConnection connection, Cancel
 
             var description = new ConnectionDescription(connection.ConnectionId, isMasterResult, buildInfoResult);
 
-            AuthenticationHelper.Authenticate(connection, description, cancellationToken);
+            AuthenticationHelper.Authenticate(connection, description, authenticators, cancellationToken);
 
             var connectionIdServerValue = isMasterResult.ConnectionIdServerValue;
             if (connectionIdServerValue.HasValue)
@@ -79,7 +81,8 @@ public ConnectionDescription InitializeConnection(IConnection connection, Cancel
         public async Task<ConnectionDescription> InitializeConnectionAsync(IConnection connection, CancellationToken cancellationToken)
         {
             Ensure.IsNotNull(connection, nameof(connection));
-            var isMasterCommand = CreateInitialIsMasterCommand(connection.Settings.Authenticators);
+            var authenticators = connection.Settings.AuthenticatorFactories.Select(f => f.Create()).ToList();
+            var isMasterCommand = CreateInitialIsMasterCommand(authenticators);
             var isMasterProtocol = IsMasterHelper.CreateProtocol(isMasterCommand);
             var isMasterResult = await IsMasterHelper.GetResultAsync(connection, isMasterProtocol, cancellationToken).ConfigureAwait(false);
 
@@ -88,7 +91,7 @@ public async Task<ConnectionDescription> InitializeConnectionAsync(IConnection c
 
             var description = new ConnectionDescription(connection.ConnectionId, isMasterResult, buildInfoResult);
 
-            await AuthenticationHelper.AuthenticateAsync(connection, description, cancellationToken).ConfigureAwait(false);
+            await AuthenticationHelper.AuthenticateAsync(connection, description, authenticators, cancellationToken).ConfigureAwait(false);
 
             var connectionIdServerValue = isMasterResult.ConnectionIdServerValue;
             if (connectionIdServerValue.HasValue)

src/MongoDB.Driver/ClusterRegistry.cs

@@ -18,8 +18,8 @@
 using System.Net.Security;
 using System.Net.Sockets;
 using System.Security.Cryptography.X509Certificates;
+using MongoDB.Driver.Core.Authentication;
 using MongoDB.Driver.Core.Clusters;
-using MongoDB.Driver.Core.Clusters.ServerSelectors;
 using MongoDB.Driver.Core.Configuration;
 using MongoDB.Driver.Core.Misc;
 
@@ -105,9 +105,9 @@ private ConnectionPoolSettings ConfigureConnectionPool(ConnectionPoolSettings se
 
         private ConnectionSettings ConfigureConnection(ConnectionSettings settings, ClusterKey clusterKey)
         {
-            var authenticators = clusterKey.Credentials.Select(c => c.ToAuthenticator());
+            var authenticatorFactories = clusterKey.Credentials.Select(c => new AuthenticatorFactory(() => c.ToAuthenticator()));
             return settings.With(
-                authenticators: Optional.Enumerable(authenticators),
+                authenticatorFactories: Optional.Enumerable<IAuthenticatorFactory>(authenticatorFactories),
                 compressors: Optional.Enumerable(clusterKey.Compressors),
                 maxIdleTime: clusterKey.MaxConnectionIdleTime,
                 maxLifeTime: clusterKey.MaxConnectionLifeTime,

tests/MongoDB.Driver.Core.Tests/Core/Authentication/AuthenticationHelperTests.cs

@@ -13,10 +13,10 @@
 * limitations under the License.
 */
 
+using System.Linq;
 using System.Net;
 using System.Security;
 using System.Threading;
-using System.Threading.Tasks;
 using FluentAssertions;
 using MongoDB.Bson;
 using MongoDB.Bson.TestHelpers.XunitExtensions;
@@ -59,21 +59,22 @@ public void Authenticate_should_invoke_authenticators_when_they_exist(
                 new BuildInfoResult(new BsonDocument("version", "2.8.0")));
 
             var mockAuthenticator = new Mock<IAuthenticator>();
-            var settings = new ConnectionSettings(authenticators: new[] { mockAuthenticator.Object });
+            var settings = new ConnectionSettings(authenticatorFactories: new[] { new AuthenticatorFactory(() => mockAuthenticator.Object) });
+            var authenticators = settings.AuthenticatorFactories.Select(a => a.Create()).ToList();
 
             var mockConnection = new Mock<IConnection>();
             mockConnection.SetupGet(c => c.Description).Returns(description);
             mockConnection.SetupGet(c => c.Settings).Returns(settings);
 
             if (async)
             {
-                AuthenticationHelper.AuthenticateAsync(mockConnection.Object, description, CancellationToken.None).GetAwaiter().GetResult();
+                AuthenticationHelper.AuthenticateAsync(mockConnection.Object, description, authenticators, CancellationToken.None).GetAwaiter().GetResult();
 
                 mockAuthenticator.Verify(a => a.AuthenticateAsync(mockConnection.Object, description, CancellationToken.None), Times.Once);
             }
             else
             {
-                AuthenticationHelper.Authenticate(mockConnection.Object, description, CancellationToken.None);
+                AuthenticationHelper.Authenticate(mockConnection.Object, description, authenticators, CancellationToken.None);
 
                 mockAuthenticator.Verify(a => a.Authenticate(mockConnection.Object, description, CancellationToken.None), Times.Once);
             }
@@ -91,21 +92,22 @@ public void Authenticate_should_not_invoke_authenticators_when_connected_to_an_a
                 new BuildInfoResult(new BsonDocument("version", "2.8.0")));
 
             var mockAuthenticator = new Mock<IAuthenticator>();
-            var settings = new ConnectionSettings(authenticators: new[] { mockAuthenticator.Object });
+            var settings = new ConnectionSettings(authenticatorFactories: new[] { new AuthenticatorFactory(() => mockAuthenticator.Object) });
+            var authenticators = settings.AuthenticatorFactories.Select(a => a.Create()).ToList();
 
             var mockConnection = new Mock<IConnection>();
             mockConnection.SetupGet(c => c.Description).Returns(description);
             mockConnection.SetupGet(c => c.Settings).Returns(settings);
 
             if (async)
             {
-                AuthenticationHelper.AuthenticateAsync(mockConnection.Object, description, CancellationToken.None).GetAwaiter().GetResult();
+                AuthenticationHelper.AuthenticateAsync(mockConnection.Object, description, authenticators, CancellationToken.None).GetAwaiter().GetResult();
 
                 mockAuthenticator.Verify(a => a.AuthenticateAsync(It.IsAny<IConnection>(), It.IsAny<ConnectionDescription>(), It.IsAny<CancellationToken>()), Times.Never);
             }
             else
             {
-                AuthenticationHelper.Authenticate(mockConnection.Object, description, CancellationToken.None);
+                AuthenticationHelper.Authenticate(mockConnection.Object, description, authenticators, CancellationToken.None);
 
                 mockAuthenticator.Verify(a => a.Authenticate(It.IsAny<IConnection>(), It.IsAny<ConnectionDescription>(), It.IsAny<CancellationToken>()), Times.Never);
             }