-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathClusterNewInstanceRequestExtensions.cs
More file actions
141 lines (126 loc) · 5.51 KB
/
ClusterNewInstanceRequestExtensions.cs
File metadata and controls
141 lines (126 loc) · 5.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using Couchbase.AnalyticsClient.HTTP;
using Couchbase.AnalyticsClient.Options;
using Couchbase.Grpc.Protocol.Columnar;
namespace Couchbase.Analytics.Performer.Internal.Utils;
public static class ClusterNewInstanceRequestExtensions
{
public static ICredential ToSdkCredential(
this ClusterNewInstanceRequest request)
{
return request.Credential.ToSdkCredential();
}
public static ICredential ToSdkCredential(
this ClusterNewInstanceRequest.Types.Credential credential)
{
switch (credential.TypeCase)
{
case ClusterNewInstanceRequest.Types.Credential.TypeOneofCase.UsernameAndPassword:
return new Credential(credential.UsernameAndPassword.Username,
credential.UsernameAndPassword.Password);
case ClusterNewInstanceRequest.Types.Credential.TypeOneofCase.JwtAuth:
return new JwtCredential(credential.JwtAuth.Jwt);
case ClusterNewInstanceRequest.Types.Credential.TypeOneofCase.CertificateAuth:
var x509 = X509Certificate2.CreateFromPem(
credential.CertificateAuth.Cert,
credential.CertificateAuth.Key);
return new CertificateCredential(x509);
case ClusterNewInstanceRequest.Types.Credential.TypeOneofCase.None:
default:
throw new ArgumentException("No credential type specified");
}
}
public static ClusterOptions ToSdkQueryOptions(this ClusterNewInstanceRequest request)
{
var protoOptions = request.Options;
var clusterOptions = new ClusterOptions
{
ConnectionString = request.ConnectionString
};
if (protoOptions.Deserializer is not null)
{
if (protoOptions.Deserializer.Custom is not null)
{
}
else if (protoOptions.Deserializer.Json is not null)
{
}
else if (protoOptions.Deserializer.Passthrough is not null)
{
// Use default serializer
}
}
clusterOptions = clusterOptions.WithSecurityOptions(request.Options.Security.ToCore());
clusterOptions = clusterOptions.WithTimeoutOptions(request.Options.Timeout.ToCore());
return clusterOptions;
}
private static TimeoutOptions ToCore(this ClusterNewInstanceRequest.Types.Options.Types.TimeoutOptions? protoTimeout)
{
var timeoutOptions = new TimeoutOptions();
if (protoTimeout is null) return timeoutOptions;
if (protoTimeout.ConnectTimeout is not null)
{
timeoutOptions = timeoutOptions.WithConnectTimeout(protoTimeout.ConnectTimeout.ToTimeSpan());
}
if (protoTimeout.DispatchTimeout is not null)
{
timeoutOptions = timeoutOptions.WithDispatchTimeout(protoTimeout.DispatchTimeout.ToTimeSpan());
}
if (protoTimeout.QueryTimeout is not null)
{
timeoutOptions = timeoutOptions.WithQueryTimeout(protoTimeout.QueryTimeout.ToTimeSpan());
}
if (protoTimeout.HandleTimeout is not null)
{
timeoutOptions = timeoutOptions.WithHandleRequestTimeout(protoTimeout.HandleTimeout.ToTimeSpan());
}
return timeoutOptions;
}
private static SecurityOptions ToCore(
this ClusterNewInstanceRequest.Types.Options.Types.SecurityOptions? protoSecurity)
{
// FIT clusters (e.g. dinocluster) issue server certs without reachable OCSP/CRL endpoints,
// so revocation checking is always disabled in the performer.
var securityOptions = new SecurityOptions().WithEnableCertificateRevocationCheck(false);
if (protoSecurity is null) return securityOptions;
if (protoSecurity.TrustOnlyPlatform)
{
// what is this?
}
else if (protoSecurity.HasTrustOnlyCapella)
{
securityOptions = securityOptions.WithTrustOnlyCapella();
}
else if (protoSecurity.HasTrustOnlyPemString)
{
// The driver may send a bundle of multiple PEM-encoded certificates concatenated
// together (e.g. server cert + intermediate).
var collection = new X509Certificate2Collection();
collection.ImportFromPem(protoSecurity.TrustOnlyPemString);
securityOptions = collection.Count > 1
? securityOptions.WithTrustOnlyCertificates(collection)
: securityOptions.WithTrustOnlyPemString(protoSecurity.TrustOnlyPemString);
}
if (protoSecurity.HasDisableServerCertificateVerification)
{
securityOptions = securityOptions.WithDisableCertificateVerification(protoSecurity.DisableServerCertificateVerification);
}
if (protoSecurity.CipherSuites is not null)
{
foreach (var cipher in protoSecurity.CipherSuites)
{
Serilog.Log.Information("Trying to parse cipher {Cipher} as an SslProtocol", cipher);
if (Enum.TryParse<SslProtocols>(cipher, false, out var sslProtocol))
{
securityOptions = securityOptions.WithSslProtocols(sslProtocol);
}
else
{
Serilog.Log.Information("Failed to parse cipher {Cipher} as an SslProtocol. Valid members are: Tls12, Tls13", cipher);
}
}
}
return securityOptions;
}
}