From c62c5e4592a1116afde9df8ac27adbafec91a079 Mon Sep 17 00:00:00 2001 From: Dawid Heyman Date: Fri, 29 Nov 2024 15:41:19 +0100 Subject: [PATCH] SNOW-1825471: Port and remove snowflake-common auth related codebase (#1976) --- .../net/snowflake/client/core/SFSession.java | 10 +-- .../snowflake/client/core/SessionUtil.java | 88 +++++++++---------- .../core/SessionUtilExternalBrowser.java | 7 +- .../client/core/auth/AuthenticatorType.java | 45 ++++++++++ .../client/core/auth/ClientAuthnDTO.java | 36 ++++++++ .../core/auth/ClientAuthnParameter.java | 24 +++++ .../core/SessionUtilExternalBrowserTest.java | 4 +- .../client/core/SessionUtilLatestIT.java | 5 +- .../client/jdbc/ConnectionLatestIT.java | 12 +-- .../client/jdbc/SSOConnectionTest.java | 6 +- .../client/jdbc/SnowflakeDriverIT.java | 3 +- 11 files changed, 165 insertions(+), 75 deletions(-) create mode 100644 src/main/java/net/snowflake/client/core/auth/AuthenticatorType.java create mode 100644 src/main/java/net/snowflake/client/core/auth/ClientAuthnDTO.java create mode 100644 src/main/java/net/snowflake/client/core/auth/ClientAuthnParameter.java diff --git a/src/main/java/net/snowflake/client/core/SFSession.java b/src/main/java/net/snowflake/client/core/SFSession.java index c3708ea7e..59aac9d5b 100644 --- a/src/main/java/net/snowflake/client/core/SFSession.java +++ b/src/main/java/net/snowflake/client/core/SFSession.java @@ -33,6 +33,7 @@ import java.util.concurrent.atomic.AtomicInteger; import java.util.logging.Level; import net.snowflake.client.config.SFClientConfig; +import net.snowflake.client.core.auth.AuthenticatorType; import net.snowflake.client.jdbc.DefaultSFConnectionHandler; import net.snowflake.client.jdbc.ErrorCode; import net.snowflake.client.jdbc.QueryStatusV2; @@ -49,7 +50,6 @@ import net.snowflake.client.log.SFLoggerFactory; import net.snowflake.client.log.SFLoggerUtil; import net.snowflake.client.util.Stopwatch; -import net.snowflake.common.core.ClientAuthnDTO; import net.snowflake.common.core.SqlState; import org.apache.http.HttpHeaders; import org.apache.http.client.methods.HttpGet; @@ -804,7 +804,7 @@ private boolean isSnowflakeAuthenticator() { && privateKey == null && privateKeyFileLocation == null && privateKeyBase64 == null) - || ClientAuthnDTO.AuthenticatorType.SNOWFLAKE.name().equalsIgnoreCase(authenticator); + || AuthenticatorType.SNOWFLAKE.name().equalsIgnoreCase(authenticator); } /** @@ -815,7 +815,7 @@ private boolean isSnowflakeAuthenticator() { boolean isExternalbrowserAuthenticator() { Map connectionPropertiesMap = getConnectionPropertiesMap(); String authenticator = (String) connectionPropertiesMap.get(SFSessionProperty.AUTHENTICATOR); - return ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER.name().equalsIgnoreCase(authenticator); + return AuthenticatorType.EXTERNALBROWSER.name().equalsIgnoreCase(authenticator); } /** @@ -837,9 +837,7 @@ boolean isOKTAAuthenticator() { boolean isUsernamePasswordMFAAuthenticator() { Map connectionPropertiesMap = getConnectionPropertiesMap(); String authenticator = (String) connectionPropertiesMap.get(SFSessionProperty.AUTHENTICATOR); - return ClientAuthnDTO.AuthenticatorType.USERNAME_PASSWORD_MFA - .name() - .equalsIgnoreCase(authenticator); + return AuthenticatorType.USERNAME_PASSWORD_MFA.name().equalsIgnoreCase(authenticator); } /** diff --git a/src/main/java/net/snowflake/client/core/SessionUtil.java b/src/main/java/net/snowflake/client/core/SessionUtil.java index de0eb3a87..e13c21162 100644 --- a/src/main/java/net/snowflake/client/core/SessionUtil.java +++ b/src/main/java/net/snowflake/client/core/SessionUtil.java @@ -25,6 +25,9 @@ import java.util.Set; import java.util.stream.Collectors; import java.util.stream.Stream; +import net.snowflake.client.core.auth.AuthenticatorType; +import net.snowflake.client.core.auth.ClientAuthnDTO; +import net.snowflake.client.core.auth.ClientAuthnParameter; import net.snowflake.client.jdbc.ErrorCode; import net.snowflake.client.jdbc.SnowflakeDriver; import net.snowflake.client.jdbc.SnowflakeReauthenticationRequest; @@ -38,8 +41,6 @@ import net.snowflake.client.log.SFLoggerFactory; import net.snowflake.client.util.SecretDetector; import net.snowflake.client.util.Stopwatch; -import net.snowflake.common.core.ClientAuthnDTO; -import net.snowflake.common.core.ClientAuthnParameter; import net.snowflake.common.core.SqlState; import org.apache.http.HttpHeaders; import org.apache.http.client.config.RequestConfig; @@ -209,31 +210,29 @@ public class SessionUtil { * @param loginInput login information * @return Authenticator type */ - private static ClientAuthnDTO.AuthenticatorType getAuthenticator(SFLoginInput loginInput) { + private static AuthenticatorType getAuthenticator(SFLoginInput loginInput) { if (loginInput.getAuthenticator() != null) { if (loginInput .getAuthenticator() - .equalsIgnoreCase(ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER.name())) { + .equalsIgnoreCase(AuthenticatorType.EXTERNALBROWSER.name())) { // SAML 2.0 compliant service/application - return ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER; - } else if (loginInput - .getAuthenticator() - .equalsIgnoreCase(ClientAuthnDTO.AuthenticatorType.OAUTH.name())) { + return AuthenticatorType.EXTERNALBROWSER; + } else if (loginInput.getAuthenticator().equalsIgnoreCase(AuthenticatorType.OAUTH.name())) { // OAuth Authentication - return ClientAuthnDTO.AuthenticatorType.OAUTH; + return AuthenticatorType.OAUTH; } else if (loginInput .getAuthenticator() - .equalsIgnoreCase(ClientAuthnDTO.AuthenticatorType.SNOWFLAKE_JWT.name())) { - return ClientAuthnDTO.AuthenticatorType.SNOWFLAKE_JWT; + .equalsIgnoreCase(AuthenticatorType.SNOWFLAKE_JWT.name())) { + return AuthenticatorType.SNOWFLAKE_JWT; } else if (loginInput .getAuthenticator() - .equalsIgnoreCase(ClientAuthnDTO.AuthenticatorType.USERNAME_PASSWORD_MFA.name())) { - return ClientAuthnDTO.AuthenticatorType.USERNAME_PASSWORD_MFA; + .equalsIgnoreCase(AuthenticatorType.USERNAME_PASSWORD_MFA.name())) { + return AuthenticatorType.USERNAME_PASSWORD_MFA; } else if (!loginInput .getAuthenticator() - .equalsIgnoreCase(ClientAuthnDTO.AuthenticatorType.SNOWFLAKE.name())) { + .equalsIgnoreCase(AuthenticatorType.SNOWFLAKE.name())) { // OKTA authenticator v1. - return ClientAuthnDTO.AuthenticatorType.OKTA; + return AuthenticatorType.OKTA; } } @@ -241,8 +240,8 @@ private static ClientAuthnDTO.AuthenticatorType getAuthenticator(SFLoginInput lo // if privateKey is specified or not. If yes, authenticator type will be // SNOWFLAKE_JWT, otherwise it will use SNOWFLAKE. return loginInput.isPrivateKeyProvided() - ? ClientAuthnDTO.AuthenticatorType.SNOWFLAKE_JWT - : ClientAuthnDTO.AuthenticatorType.SNOWFLAKE; + ? AuthenticatorType.SNOWFLAKE_JWT + : AuthenticatorType.SNOWFLAKE; } /** @@ -266,8 +265,8 @@ static SFLoginOutput openSession( AssertUtil.assertTrue( loginInput.getLoginTimeout() >= 0, "negative login timeout for opening session"); - final ClientAuthnDTO.AuthenticatorType authenticator = getAuthenticator(loginInput); - if (!authenticator.equals(ClientAuthnDTO.AuthenticatorType.OAUTH)) { + final AuthenticatorType authenticator = getAuthenticator(loginInput); + if (!authenticator.equals(AuthenticatorType.OAUTH)) { // OAuth does not require a username AssertUtil.assertTrue( loginInput.getUserName() != null, "missing user name for opening session"); @@ -277,7 +276,7 @@ static SFLoginOutput openSession( loginInput.getToken() != null || loginInput.getPassword() != null, "missing token or password for opening session"); } - if (authenticator.equals(ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER)) { + if (authenticator.equals(AuthenticatorType.EXTERNALBROWSER)) { if ((Constants.getOS() == Constants.OS.MAC || Constants.getOS() == Constants.OS.WINDOWS) && loginInput.isEnableClientStoreTemporaryCredential()) { // force to set the flag for Mac/Windows users @@ -299,7 +298,7 @@ static SFLoginOutput openSession( } } - if (authenticator.equals(ClientAuthnDTO.AuthenticatorType.USERNAME_PASSWORD_MFA)) { + if (authenticator.equals(AuthenticatorType.USERNAME_PASSWORD_MFA)) { if ((Constants.getOS() == Constants.OS.MAC || Constants.getOS() == Constants.OS.WINDOWS) && loginInput.isEnableClientRequestMfaToken()) { loginInput.getSessionParameters().put(CLIENT_REQUEST_MFA_TOKEN, true); @@ -371,7 +370,7 @@ private static SFLoginOutput newSession( int healthCheckInterval = DEFAULT_HEALTH_CHECK_INTERVAL; int httpClientSocketTimeout = loginInput.getSocketTimeoutInMillis(); int httpClientConnectionTimeout = loginInput.getConnectionTimeoutInMillis(); - final ClientAuthnDTO.AuthenticatorType authenticatorType = getAuthenticator(loginInput); + final AuthenticatorType authenticatorType = getAuthenticator(loginInput); Map commonParams; String oktaUsername = loginInput.getOKTAUserName(); @@ -406,7 +405,7 @@ private static SFLoginOutput newSession( uriBuilder.addParameter(SF_QUERY_ROLE, loginInput.getRole()); } - if (authenticatorType == ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER) { + if (authenticatorType == AuthenticatorType.EXTERNALBROWSER) { // try to reuse id_token if exists if (loginInput.getIdToken() == null) { // SAML 2.0 compliant service/application @@ -416,10 +415,10 @@ private static SFLoginOutput newSession( samlProofKey = s.getProofKey(); consentCacheIdToken = s.isConsentCacheIdToken(); } - } else if (authenticatorType == ClientAuthnDTO.AuthenticatorType.OKTA) { + } else if (authenticatorType == AuthenticatorType.OKTA) { // okta authenticator v1 tokenOrSamlResponse = getSamlResponseUsingOkta(loginInput); - } else if (authenticatorType == ClientAuthnDTO.AuthenticatorType.SNOWFLAKE_JWT) { + } else if (authenticatorType == AuthenticatorType.SNOWFLAKE_JWT) { SessionUtilKeyPair s = new SessionUtilKeyPair( loginInput.getPrivateKey(), @@ -453,9 +452,6 @@ private static SFLoginOutput newSession( HttpPost postRequest = null; try { - ClientAuthnDTO authnData = new ClientAuthnDTO(); - authnData.setInFlightCtx(loginInput.getInFlightCtx()); - Map data = new HashMap<>(); data.put(ClientAuthnParameter.CLIENT_APP_ID.name(), loginInput.getAppId()); @@ -472,22 +468,21 @@ private static SFLoginOutput newSession( * authenticate with the IDP provider only, and GS should not have any * trace for this information. */ - if (authenticatorType == ClientAuthnDTO.AuthenticatorType.SNOWFLAKE) { + if (authenticatorType == AuthenticatorType.SNOWFLAKE) { data.put(ClientAuthnParameter.PASSWORD.name(), loginInput.getPassword()); - } else if (authenticatorType == ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER) { + } else if (authenticatorType == AuthenticatorType.EXTERNALBROWSER) { if (loginInput.getIdToken() != null) { data.put(ClientAuthnParameter.AUTHENTICATOR.name(), ID_TOKEN_AUTHENTICATOR); data.put(ClientAuthnParameter.TOKEN.name(), loginInput.getIdToken()); } else { data.put( - ClientAuthnParameter.AUTHENTICATOR.name(), - ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER.name()); + ClientAuthnParameter.AUTHENTICATOR.name(), AuthenticatorType.EXTERNALBROWSER.name()); data.put(ClientAuthnParameter.PROOF_KEY.name(), samlProofKey); data.put(ClientAuthnParameter.TOKEN.name(), tokenOrSamlResponse); } - } else if (authenticatorType == ClientAuthnDTO.AuthenticatorType.OKTA) { + } else if (authenticatorType == AuthenticatorType.OKTA) { data.put(ClientAuthnParameter.RAW_SAML_RESPONSE.name(), tokenOrSamlResponse); - } else if (authenticatorType == ClientAuthnDTO.AuthenticatorType.OAUTH) { + } else if (authenticatorType == AuthenticatorType.OAUTH) { data.put(ClientAuthnParameter.AUTHENTICATOR.name(), authenticatorType.name()); // Fix for HikariCP refresh token issue:SNOW-533673. @@ -499,10 +494,10 @@ private static SFLoginOutput newSession( data.put(ClientAuthnParameter.TOKEN.name(), loginInput.getPassword()); } - } else if (authenticatorType == ClientAuthnDTO.AuthenticatorType.SNOWFLAKE_JWT) { + } else if (authenticatorType == AuthenticatorType.SNOWFLAKE_JWT) { data.put(ClientAuthnParameter.AUTHENTICATOR.name(), authenticatorType.name()); data.put(ClientAuthnParameter.TOKEN.name(), loginInput.getToken()); - } else if (authenticatorType == ClientAuthnDTO.AuthenticatorType.USERNAME_PASSWORD_MFA) { + } else if (authenticatorType == AuthenticatorType.USERNAME_PASSWORD_MFA) { // No authenticator name should be added here, since this will be treated as snowflake // default authenticator by backend data.put(ClientAuthnParameter.PASSWORD.name(), loginInput.getPassword()); @@ -621,8 +616,7 @@ private static SFLoginOutput newSession( } data.put(ClientAuthnParameter.CLIENT_APP_VERSION.name(), loginInput.getAppVersion()); - - authnData.setData(data); + ClientAuthnDTO authnData = new ClientAuthnDTO(data, loginInput.getInFlightCtx()); String json = mapper.writeValueAsString(authnData); postRequest = new HttpPost(loginURI); @@ -672,10 +666,10 @@ private static SFLoginOutput newSession( } catch (SnowflakeSQLException ex) { lastRestException = ex; if (ex.getErrorCode() == ErrorCode.AUTHENTICATOR_REQUEST_TIMEOUT.getMessageCode()) { - if (authenticatorType == ClientAuthnDTO.AuthenticatorType.SNOWFLAKE_JWT - || authenticatorType == ClientAuthnDTO.AuthenticatorType.OKTA) { + if (authenticatorType == AuthenticatorType.SNOWFLAKE_JWT + || authenticatorType == AuthenticatorType.OKTA) { - if (authenticatorType == ClientAuthnDTO.AuthenticatorType.SNOWFLAKE_JWT) { + if (authenticatorType == AuthenticatorType.SNOWFLAKE_JWT) { SessionUtilKeyPair s = new SessionUtilKeyPair( loginInput.getPrivateKey(), @@ -686,13 +680,14 @@ private static SFLoginOutput newSession( loginInput.getUserName()); data.put(ClientAuthnParameter.TOKEN.name(), s.issueJwtToken()); - } else if (authenticatorType == ClientAuthnDTO.AuthenticatorType.OKTA) { + } else if (authenticatorType == AuthenticatorType.OKTA) { logger.debug("Retrieve new token for Okta authentication."); // If we need to retry, we need to get a new Okta token tokenOrSamlResponse = getSamlResponseUsingOkta(loginInput); data.put(ClientAuthnParameter.RAW_SAML_RESPONSE.name(), tokenOrSamlResponse); - authnData.setData(data); - String updatedJson = mapper.writeValueAsString(authnData); + ClientAuthnDTO updatedAuthnData = + new ClientAuthnDTO(data, loginInput.getInFlightCtx()); + String updatedJson = mapper.writeValueAsString(updatedAuthnData); StringEntity updatedInput = new StringEntity(updatedJson, StandardCharsets.UTF_8); updatedInput.setContentType("application/json"); @@ -785,7 +780,7 @@ private static SFLoginOutput newSession( SnowflakeUtil.checkErrorAndThrowExceptionIncludingReauth(jsonNode); } - if (authenticatorType == ClientAuthnDTO.AuthenticatorType.USERNAME_PASSWORD_MFA) { + if (authenticatorType == AuthenticatorType.USERNAME_PASSWORD_MFA) { deleteMfaTokenCache(loginInput.getHostFromServerUrl(), loginInput.getUserName()); } @@ -1378,8 +1373,7 @@ private static JsonNode federatedFlowStep1(SFLoginInput loginInput) throws Snowf data.put(ClientAuthnParameter.CLIENT_APP_ID.name(), loginInput.getAppId()); data.put(ClientAuthnParameter.CLIENT_APP_VERSION.name(), loginInput.getAppVersion()); - ClientAuthnDTO authnData = new ClientAuthnDTO(); - authnData.setData(data); + ClientAuthnDTO authnData = new ClientAuthnDTO(data, null); String json = mapper.writeValueAsString(authnData); // attach the login info json body to the post request diff --git a/src/main/java/net/snowflake/client/core/SessionUtilExternalBrowser.java b/src/main/java/net/snowflake/client/core/SessionUtilExternalBrowser.java index 8d6008e38..0f83a9642 100644 --- a/src/main/java/net/snowflake/client/core/SessionUtilExternalBrowser.java +++ b/src/main/java/net/snowflake/client/core/SessionUtilExternalBrowser.java @@ -28,12 +28,12 @@ import java.util.Locale; import java.util.Map; import java.util.TimeZone; +import net.snowflake.client.core.auth.ClientAuthnDTO; +import net.snowflake.client.core.auth.ClientAuthnParameter; import net.snowflake.client.jdbc.ErrorCode; import net.snowflake.client.jdbc.SnowflakeSQLException; import net.snowflake.client.log.SFLogger; import net.snowflake.client.log.SFLoggerFactory; -import net.snowflake.common.core.ClientAuthnDTO; -import net.snowflake.common.core.ClientAuthnParameter; import net.snowflake.common.core.SqlState; import org.apache.http.NameValuePair; import org.apache.http.client.methods.HttpPost; @@ -175,7 +175,6 @@ private String getSSOUrl(int port) throws SFException, SnowflakeSQLException { HttpPost postRequest = this.handlers.build(fedUrlUri); - ClientAuthnDTO authnData = new ClientAuthnDTO(); Map data = new HashMap<>(); data.put(ClientAuthnParameter.AUTHENTICATOR.name(), authenticator); @@ -185,7 +184,7 @@ private String getSSOUrl(int port) throws SFException, SnowflakeSQLException { data.put(ClientAuthnParameter.CLIENT_APP_ID.name(), loginInput.getAppId()); data.put(ClientAuthnParameter.CLIENT_APP_VERSION.name(), loginInput.getAppVersion()); - authnData.setData(data); + ClientAuthnDTO authnData = new ClientAuthnDTO(data, null); String json = mapper.writeValueAsString(authnData); // attach the login info json body to the post request diff --git a/src/main/java/net/snowflake/client/core/auth/AuthenticatorType.java b/src/main/java/net/snowflake/client/core/auth/AuthenticatorType.java new file mode 100644 index 000000000..e25af718a --- /dev/null +++ b/src/main/java/net/snowflake/client/core/auth/AuthenticatorType.java @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2024 Snowflake Computing Inc. All right reserved. + */ +package net.snowflake.client.core.auth; + +import net.snowflake.client.core.SnowflakeJdbcInternalApi; + +@SnowflakeJdbcInternalApi +public enum AuthenticatorType { + /* + * regular login username+password via Snowflake, may or may not have MFA + */ + SNOWFLAKE, + + /* + * federated authentication, OKTA as IDP + */ + OKTA, + + /* + * Web browser based authenticator for SAML 2.0 compliant + * service/application + */ + EXTERNALBROWSER, + + /* + * OAUTH 2.0 flow + */ + OAUTH, + + /* + * Snowflake local authentication using jwt token as a user credential + */ + SNOWFLAKE_JWT, + + /* + * Internal authenticator to enable id_token for web browser based authenticator + */ + ID_TOKEN, + + /* + * Authenticator to enable token for regular login with mfa + */ + USERNAME_PASSWORD_MFA +} diff --git a/src/main/java/net/snowflake/client/core/auth/ClientAuthnDTO.java b/src/main/java/net/snowflake/client/core/auth/ClientAuthnDTO.java new file mode 100644 index 000000000..98626d86a --- /dev/null +++ b/src/main/java/net/snowflake/client/core/auth/ClientAuthnDTO.java @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2024 Snowflake Computing Inc. All right reserved. + */ +package net.snowflake.client.core.auth; + +import java.util.Map; +import javax.annotation.Nullable; +import net.snowflake.client.core.SnowflakeJdbcInternalApi; + +@SnowflakeJdbcInternalApi +public class ClientAuthnDTO { + + // contains all the required data for current authn step + private final Map data; + + /* + * current state + * tokenized string with all current parameters and the authn step + */ + private final String inFlightCtx; + + public ClientAuthnDTO(Map data, @Nullable String inFlightCtx) { + this.data = data; + this.inFlightCtx = inFlightCtx; + } + + /** Required by Jackson */ + public Map getData() { + return data; + } + + /** Required by Jackson */ + public String getInFlightCtx() { + return inFlightCtx; + } +} diff --git a/src/main/java/net/snowflake/client/core/auth/ClientAuthnParameter.java b/src/main/java/net/snowflake/client/core/auth/ClientAuthnParameter.java new file mode 100644 index 000000000..8571a013b --- /dev/null +++ b/src/main/java/net/snowflake/client/core/auth/ClientAuthnParameter.java @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2024 Snowflake Computing Inc. All right reserved. + */ +package net.snowflake.client.core.auth; + +import net.snowflake.client.core.SnowflakeJdbcInternalApi; + +@SnowflakeJdbcInternalApi +public enum ClientAuthnParameter { + LOGIN_NAME, + PASSWORD, + RAW_SAML_RESPONSE, + ACCOUNT_NAME, + CLIENT_APP_ID, + CLIENT_APP_VERSION, + EXT_AUTHN_DUO_METHOD, + PASSCODE, + CLIENT_ENVIRONMENT, + AUTHENTICATOR, + BROWSER_MODE_REDIRECT_PORT, + SESSION_PARAMETERS, + PROOF_KEY, + TOKEN +} diff --git a/src/test/java/net/snowflake/client/core/SessionUtilExternalBrowserTest.java b/src/test/java/net/snowflake/client/core/SessionUtilExternalBrowserTest.java index 02f6193d6..0470ef6e8 100644 --- a/src/test/java/net/snowflake/client/core/SessionUtilExternalBrowserTest.java +++ b/src/test/java/net/snowflake/client/core/SessionUtilExternalBrowserTest.java @@ -28,7 +28,6 @@ import net.snowflake.client.jdbc.SnowflakeBasicDataSource; import net.snowflake.client.jdbc.SnowflakeSQLException; import net.snowflake.client.jdbc.SnowflakeSQLLoggedException; -import net.snowflake.common.core.ClientAuthnDTO; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpRequestBase; import org.hamcrest.MatcherAssert; @@ -239,8 +238,7 @@ private SFLoginInput initMockLoginInput() { // mock SFLoginInput SFLoginInput loginInput = mock(SFLoginInput.class); when(loginInput.getServerUrl()).thenReturn("https://testaccount.snowflakecomputing.com/"); - when(loginInput.getAuthenticator()) - .thenReturn(ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER.name()); + when(loginInput.getAuthenticator()).thenReturn("EXTERNALBROWSER"); when(loginInput.getAccountName()).thenReturn("testaccount"); when(loginInput.getUserName()).thenReturn("testuser"); when(loginInput.getDisableConsoleLogin()).thenReturn(true); diff --git a/src/test/java/net/snowflake/client/core/SessionUtilLatestIT.java b/src/test/java/net/snowflake/client/core/SessionUtilLatestIT.java index 57dde2a7b..434dd8eac 100644 --- a/src/test/java/net/snowflake/client/core/SessionUtilLatestIT.java +++ b/src/test/java/net/snowflake/client/core/SessionUtilLatestIT.java @@ -22,10 +22,10 @@ import java.util.UUID; import java.util.concurrent.atomic.AtomicBoolean; import net.snowflake.client.category.TestTags; +import net.snowflake.client.core.auth.AuthenticatorType; import net.snowflake.client.jdbc.BaseJDBCTest; import net.snowflake.client.jdbc.ErrorCode; import net.snowflake.client.jdbc.SnowflakeSQLException; -import net.snowflake.common.core.ClientAuthnDTO; import net.snowflake.common.core.SqlState; import org.apache.commons.io.IOUtils; import org.apache.http.Header; @@ -85,8 +85,7 @@ private SFLoginInput initMockLoginInput() { // mock SFLoginInput SFLoginInput loginInput = mock(SFLoginInput.class); when(loginInput.getServerUrl()).thenReturn(systemGetEnv("SNOWFLAKE_TEST_HOST")); - when(loginInput.getAuthenticator()) - .thenReturn(ClientAuthnDTO.AuthenticatorType.SNOWFLAKE_JWT.name()); + when(loginInput.getAuthenticator()).thenReturn(AuthenticatorType.SNOWFLAKE_JWT.name()); when(loginInput.getPrivateKeyFile()) .thenReturn(systemGetEnv("SNOWFLAKE_TEST_PRIVATE_KEY_FILE")); when(loginInput.getPrivateKeyPwd()).thenReturn(systemGetEnv("SNOWFLAKE_TEST_PRIVATE_KEY_PWD")); diff --git a/src/test/java/net/snowflake/client/jdbc/ConnectionLatestIT.java b/src/test/java/net/snowflake/client/jdbc/ConnectionLatestIT.java index 68cd101bf..b58643460 100644 --- a/src/test/java/net/snowflake/client/jdbc/ConnectionLatestIT.java +++ b/src/test/java/net/snowflake/client/jdbc/ConnectionLatestIT.java @@ -63,11 +63,12 @@ import net.snowflake.client.core.SFSessionProperty; import net.snowflake.client.core.SecurityUtil; import net.snowflake.client.core.SessionUtil; +import net.snowflake.client.core.auth.AuthenticatorType; +import net.snowflake.client.core.auth.ClientAuthnDTO; +import net.snowflake.client.core.auth.ClientAuthnParameter; import net.snowflake.client.jdbc.telemetryOOB.TelemetryService; import net.snowflake.client.log.SFLogger; import net.snowflake.client.log.SFLoggerFactory; -import net.snowflake.common.core.ClientAuthnDTO; -import net.snowflake.common.core.ClientAuthnParameter; import net.snowflake.common.core.SqlState; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.utils.URIBuilder; @@ -570,7 +571,7 @@ public void testHttpsLoginTimeoutWithOutSSL() throws InterruptedException { properties.put("user", "fakeuser"); properties.put("password", "fakepassword"); // Adding authenticator type for code coverage purposes - properties.put("authenticator", ClientAuthnDTO.AuthenticatorType.SNOWFLAKE.toString()); + properties.put("authenticator", AuthenticatorType.SNOWFLAKE.toString()); properties.put("ssl", "off"); int count = TelemetryService.getInstance().getEventCount(); try { @@ -633,7 +634,7 @@ public void testWrongHostNameTimeout() throws InterruptedException { properties.put("user", "fakeuser"); properties.put("password", "fakepassword"); // Adding authenticator type for code coverage purposes - properties.put("authenticator", ClientAuthnDTO.AuthenticatorType.SNOWFLAKE.toString()); + properties.put("authenticator", AuthenticatorType.SNOWFLAKE.toString()); try { connStart = System.currentTimeMillis(); Map params = getConnectionParameters(); @@ -1252,8 +1253,7 @@ public void testAuthenticatorEndpointWithDashInAccountName() throws Exception { Map data = Collections.singletonMap(ClientAuthnParameter.ACCOUNT_NAME.name(), "snowhouse-local"); - ClientAuthnDTO authnData = new ClientAuthnDTO(); - authnData.setData(data); + ClientAuthnDTO authnData = new ClientAuthnDTO(data, null); ObjectMapper mapper = ObjectMapperFactory.getObjectMapper(); String json = mapper.writeValueAsString(authnData); diff --git a/src/test/java/net/snowflake/client/jdbc/SSOConnectionTest.java b/src/test/java/net/snowflake/client/jdbc/SSOConnectionTest.java index 6fbadd92f..71618c9e9 100644 --- a/src/test/java/net/snowflake/client/jdbc/SSOConnectionTest.java +++ b/src/test/java/net/snowflake/client/jdbc/SSOConnectionTest.java @@ -35,7 +35,6 @@ import net.snowflake.client.core.SFLoginInput; import net.snowflake.client.core.SessionUtil; import net.snowflake.client.core.SessionUtilExternalBrowser; -import net.snowflake.common.core.ClientAuthnDTO; import org.apache.commons.io.IOUtils; import org.apache.http.client.methods.HttpPost; import org.junit.jupiter.api.Test; @@ -259,7 +258,7 @@ public String answer(InvocationOnMock invocation) throws IOException { assertThat( "authenticator", jsonNode.path("data").path("AUTHENTICATOR").asText(), - equalTo(ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER.name())); + equalTo("EXTERNALBROWSER")); resp = retInitialAuthentication; } else if (callCount == 2) { jsonNode = parseRequest((HttpPost) args[0]); @@ -298,8 +297,7 @@ private void initMockSessionUtilExternalBrowser( private SFLoginInput initMockLoginInput() { SFLoginInput loginInput = mock(SFLoginInput.class); when(loginInput.getServerUrl()).thenReturn("https://testaccount.snowflakecomputing.com/"); - when(loginInput.getAuthenticator()) - .thenReturn(ClientAuthnDTO.AuthenticatorType.EXTERNALBROWSER.name()); + when(loginInput.getAuthenticator()).thenReturn("EXTERNALBROWSER"); when(loginInput.getAccountName()).thenReturn("testaccount"); when(loginInput.getUserName()).thenReturn("testuser"); when(loginInput.getDisableConsoleLogin()).thenReturn(true); diff --git a/src/test/java/net/snowflake/client/jdbc/SnowflakeDriverIT.java b/src/test/java/net/snowflake/client/jdbc/SnowflakeDriverIT.java index b245f8c0b..e23dfbfae 100644 --- a/src/test/java/net/snowflake/client/jdbc/SnowflakeDriverIT.java +++ b/src/test/java/net/snowflake/client/jdbc/SnowflakeDriverIT.java @@ -54,7 +54,6 @@ import net.snowflake.client.annotations.DontRunOnGithubActions; import net.snowflake.client.annotations.DontRunOnTestaccount; import net.snowflake.client.category.TestTags; -import net.snowflake.common.core.ClientAuthnDTO; import net.snowflake.common.core.SqlState; import org.apache.commons.io.FileUtils; import org.junit.jupiter.api.AfterAll; @@ -173,7 +172,7 @@ public void testOauthConnection() throws SQLException { } } Properties props = new Properties(); - props.put("authenticator", ClientAuthnDTO.AuthenticatorType.OAUTH.name()); + props.put("authenticator", "OAUTH"); props.put("token", token); props.put("role", role); try (Connection con = getConnection("s3testaccount", props);