/**
  * Utility method which is called by the testcase sending a DELETE request.
  *
  * @param authentication The flag to set the authentication on and off.
  * @return The error code of operation performed.
  * @throws Exception If an unexpected problem occurs.
  */
 private int performDeleteOperation(boolean authentication) throws Exception {
   String[] args = null;
   if (authentication)
     args =
         new String[] {
           "--noPropertiesFile",
           "-h",
           "127.0.0.1",
           "-p",
           String.valueOf(TestCaseUtils.getServerLdapPort()),
           "-V",
           "3",
           "-D",
           "cn=Directory Manager",
           "-w",
           "password",
           "o=mod_rejectTestCase,o=test"
         };
   else
     args =
         new String[] {
           "--noPropertiesFile",
           "-h",
           "127.0.0.1",
           "-p",
           String.valueOf(TestCaseUtils.getServerLdapPort()),
           "o=mod_rejectTestCase,o=test"
         };
   return LDAPDelete.mainDelete(args, false, null, null);
 }
  /**
   * Tests the use of the StartTLS extended operation to communicate with the server in conjunction
   * with no authentication and using a client trust store to validate the server certificate.
   */
  @Test()
  public void testStartTLSNoAuthTrustStore() {
    String trustStorePath =
        DirectoryServer.getInstanceRoot()
            + File.separator
            + "config"
            + File.separator
            + "client.truststore";

    String[] args = {
      "--noPropertiesFile",
      "-h",
      "127.0.0.1",
      "-p",
      String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-q",
      "-P",
      trustStorePath,
      "-b",
      "",
      "-s",
      "base",
      "(objectClass=*)"
    };

    assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
  }
  /**
   * Tests whether the who am I? extended operation with an unauthenticated connection fails with
   * new setting of "ds-cfg-reject-unauthenticated-requests".
   *
   * @throws UnsupportedEncodingException If an unexpected problem occurs.
   * @throws IOException If an unexpected problem occurs.
   * @throws ClientException If an unexpected problem occurs.
   */
  @Test
  public void testUnauthWAINewCfg()
      throws UnsupportedEncodingException, IOException, ClientException {
    try {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
      LDAPReader reader = new LDAPReader(s);
      LDAPWriter writer = new LDAPWriter(s);
      AtomicInteger nextMessageID = new AtomicInteger(1);
      LDAPAuthenticationHandler authHandler =
          new LDAPAuthenticationHandler(reader, writer, "localhost", nextMessageID);
      ByteString authzID = null;
      try {
        authzID = authHandler.requestAuthorizationIdentity();
      } catch (LDAPException e) {
        assertNull(authzID);
      } finally {
        LDAPMessage unbindMessage =
            new LDAPMessage(nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
        writer.writeMessage(unbindMessage);
        s.close();
      }
    } finally {
      DirectoryServer.setRejectUnauthenticatedRequests(false);
    }
  }
  /**
   * Tests the use of the StartTLS extended operation to communicate with the server in conjunction
   * with no authentication and using blind trust.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test
  public void testStartTLSNoAuthTrustAll() throws Exception {
    try {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      String[] argSearch = {
        "--noPropertiesFile",
        "-h",
        "127.0.0.1",
        "-p",
        String.valueOf(TestCaseUtils.getServerLdapPort()),
        "-D",
        "cn=directory manager",
        "-w",
        "password",
        "-q",
        "-X",
        "-b",
        "",
        "-s",
        "base",
        "(objectClass=*)"
      };
      assertEquals(LDAPSearch.mainSearch(argSearch, false, null, System.err), 0);
    } finally {
      DirectoryServer.setRejectUnauthenticatedRequests(false);
    }
  }
  /**
   * Tests whether the Who Am I? extended operation with an internal authenticated connection
   * succeeds with default setting of "ds-cfg-reject-unauthenticated-requests".
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testAuthWAIDefCfg() throws Exception {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
    LDAPReader reader = new LDAPReader(s);
    LDAPWriter writer = new LDAPWriter(s);

    AtomicInteger nextMessageID = new AtomicInteger(1);
    LDAPAuthenticationHandler authHandler =
        new LDAPAuthenticationHandler(reader, writer, "localhost", nextMessageID);
    authHandler.doSimpleBind(
        3,
        ByteString.valueOf("cn=Directory Manager"),
        ByteString.valueOf("password"),
        new ArrayList<Control>(),
        new ArrayList<Control>());
    ByteString authzID = authHandler.requestAuthorizationIdentity();
    assertNotNull(authzID);

    LDAPMessage unbindMessage =
        new LDAPMessage(nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
    writer.writeMessage(unbindMessage);
    s.close();
  }
  /**
   * Tests the use of the StartTLS extended operation to communicate with the server in conjunction
   * with SASL EXTERNAL authentication and using a client trust store to validate the server
   * certificate.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testStartTLSExternalAuthTrustStore() throws Exception {
    TestCaseUtils.initializeTestBackend(true);

    Entry e =
        TestCaseUtils.makeEntry(
            "dn: cn=Test User,o=test",
            "objectClass: top",
            "objectClass: person",
            "objectClass: organizationalPerson",
            "objectClass: inetOrgPerson",
            "cn: Test User",
            "givenName: Test",
            "sn: User");

    InternalClientConnection conn = InternalClientConnection.getRootConnection();
    AddOperation addOperation =
        conn.processAdd(
            e.getDN(), e.getObjectClasses(), e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);

    String keyStorePath =
        DirectoryServer.getInstanceRoot()
            + File.separator
            + "config"
            + File.separator
            + "client.keystore";
    String trustStorePath =
        DirectoryServer.getInstanceRoot()
            + File.separator
            + "config"
            + File.separator
            + "client.truststore";

    String[] args = {
      "--noPropertiesFile",
      "-h",
      "127.0.0.1",
      "-p",
      String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-q",
      "-K",
      keyStorePath,
      "-W",
      "password",
      "-P",
      trustStorePath,
      "-r",
      "-b",
      "",
      "-s",
      "base",
      "(objectClass=*)"
    };

    assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
  }
  /**
   * Tests whether both authenticated and unauthenticated SEARCH requests will be allowed with the
   * new configuration settings for "ds-cfg-reject-unauthenticated-requests" .
   */
  @Test
  public void testSearchNewCfg() {
    try {
      DirectoryServer.setRejectUnauthenticatedRequests(true);

      String[] args = {
        "--noPropertiesFile",
        "-h",
        "127.0.0.1",
        "-p",
        String.valueOf(TestCaseUtils.getServerLdapPort()),
        "-b",
        "",
        "-s",
        "base",
        "(objectClass=*)"
      };

      assertFalse(LDAPSearch.mainSearch(args, false, null, null) == 0);

      String[] authArgs = {
        "--noPropertiesFile",
        "-h",
        "127.0.0.1",
        "-p",
        String.valueOf(TestCaseUtils.getServerLdapPort()),
        "-D",
        "cn=Directory Manager",
        "-w",
        "password",
        "-b",
        "",
        "-s",
        "base",
        "(objectClass=*)"
      };
      assertEquals(LDAPSearch.mainSearch(authArgs, false, null, System.err), 0);
    } finally {
      DirectoryServer.setRejectUnauthenticatedRequests(false);
    }
  }
 /**
  * Utility method which is called by the testcase sending an ADD request.
  *
  * @param authentication The flag to set the authentication on and off.
  * @return The error code of operation performed.
  * @throws Exception If an unexpected problem occurs.
  */
 private int performAddOperation(boolean authentication) throws Exception {
   String filePath =
       TestCaseUtils.createTempFile(
           "dn: o=rejectTestCase,o=test",
           "objectclass: top",
           "objectclass: organization",
           "o: rejectTestCase",
           "description: Reject Test Case");
   String[] args = null;
   if (authentication)
     args =
         new String[] {
           "--noPropertiesFile",
           "-h",
           "127.0.0.1",
           "-p",
           String.valueOf(TestCaseUtils.getServerLdapPort()),
           "-D",
           "cn=directory manager",
           "-w",
           "password",
           "-a",
           "-f",
           filePath,
         };
   else
     args =
         new String[] {
           "--noPropertiesFile",
           "-h",
           "127.0.0.1",
           "-p",
           String.valueOf(TestCaseUtils.getServerLdapPort()),
           "-a",
           "-f",
           filePath,
         };
   return LDAPModify.mainModify(args, false, null, null);
 }
 /**
  * Utility method which is called by the testcase sending a MODRDN request.
  *
  * @param authentication The flag to set the authentication on and off.
  * @return The error code of operation performed.
  * @throws Exception If an unexpected problem occurs.
  */
 private int performModRdnOperation(boolean authentication) throws Exception {
   String path =
       TestCaseUtils.createTempFile(
           "dn: o=rejectTestCase,o=Test",
           "changetype: modrdn",
           "newrdn: o=mod_rejectTestCase",
           "deleteoldrdn: 0");
   String[] args = null;
   if (authentication)
     args =
         new String[] {
           "--noPropertiesFile",
           "-h",
           "127.0.0.1",
           "-p",
           String.valueOf(TestCaseUtils.getServerLdapPort()),
           "-D",
           "cn=directory manager",
           "-w",
           "password",
           "-f",
           path
         };
   else
     args =
         new String[] {
           "--noPropertiesFile",
           "-h",
           "127.0.0.1",
           "-p",
           String.valueOf(TestCaseUtils.getServerLdapPort()),
           "-f",
           path
         };
   return LDAPModify.mainModify(args, false, null, null);
 }
  /**
   * Performs a successful LDAP bind using CRAM-MD5 using the dn: form of the authentication ID
   * using a long password (longer than 64 bytes).
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testLDAPBindSuccessWithDNAndLongPassword() throws Exception {
    TestCaseUtils.initializeTestBackend(true);

    String password = "******";

    Entry e =
        TestCaseUtils.makeEntry(
            "dn: uid=test.user,o=test",
            "objectClass: top",
            "objectClass: person",
            "objectClass: organizationalPerson",
            "objectClass: inetOrgPerson",
            "uid: test.user",
            "givenName: Test",
            "sn: User",
            "cn: Test User",
            "userPassword: "******"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy,"
                + "cn=Password Policies,cn=config");

    InternalClientConnection conn = InternalClientConnection.getRootConnection();
    AddOperation addOperation =
        conn.processAdd(
            e.getDN(), e.getObjectClasses(),
            e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);

    String[] args = {
      "--noPropertiesFile",
      "-h",
      "127.0.0.1",
      "-p",
      String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-o",
      "mech=CRAM-MD5",
      "-o",
      "authid=dn:uid=test.user,o=test",
      "-w",
      password,
      "-b",
      "",
      "-s",
      "base",
      "(objectClass=*)"
    };
    assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
  }
  /**
   * Performs a failed LDAP bind using CRAM-MD5 using the dn: form of the authentication ID with the
   * DN of a user that doesn't exist.
   *
   * @throws Exception If an unexpected problem occurs.
   */
  @Test()
  public void testLDAPBindFailNoSuchUser() throws Exception {
    TestCaseUtils.initializeTestBackend(true);

    Entry e =
        TestCaseUtils.makeEntry(
            "dn: uid=test.user,o=test",
            "objectClass: top",
            "objectClass: person",
            "objectClass: organizationalPerson",
            "objectClass: inetOrgPerson",
            "uid: test.user",
            "givenName: Test",
            "sn: User",
            "cn: Test User",
            "userPassword: password");

    InternalClientConnection conn = InternalClientConnection.getRootConnection();
    AddOperation addOperation =
        conn.processAdd(
            e.getDN(), e.getObjectClasses(),
            e.getUserAttributes(), e.getOperationalAttributes());
    assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);

    String[] args = {
      "--noPropertiesFile",
      "-h",
      "127.0.0.1",
      "-p",
      String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-o",
      "mech=CRAM-MD5",
      "-o",
      "authid=dn:uid=doesntexist,o=test",
      "-w",
      "password",
      "-b",
      "",
      "-s",
      "base",
      "(objectClass=*)"
    };
    assertFalse(LDAPSearch.mainSearch(args, false, null, null) == 0);
  }
  /**
   * Tests the use of the StartTLS extended operation to communicate with the server in conjunction
   * with no authentication and using blind trust.
   */
  @Test()
  public void testStartTLSNoAuthTrustAll() {
    String[] args = {
      "--noPropertiesFile",
      "-h",
      "127.0.0.1",
      "-p",
      String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-q",
      "-X",
      "-b",
      "",
      "-s",
      "base",
      "(objectClass=*)"
    };

    assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
  }
  /**
   * Tests whether an unauthenticated SEARCH request will be allowed with the default configuration
   * settings for "ds-cfg-reject-unauthenticated-requests".
   */
  @Test()
  public void testUnauthSearchDefCfg() {
    DirectoryServer.setRejectUnauthenticatedRequests(false);

    String[] args = {
      "--noPropertiesFile",
      "-h",
      "127.0.0.1",
      "-p",
      String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-b",
      "",
      "-s",
      "base",
      "(objectClass=*)"
    };

    assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
  }
 /**
  * Performs a failed LDAP bind using CRAM-MD5 using the dn: form of the authentication ID with the
  * root DN (which has a stored password that's not reversible).
  *
  * @throws Exception If an unexpected problem occurs.
  */
 @Test()
 public void testLDAPBindFailIrreversiblePasswordWithRootDN() throws Exception {
   String[] args = {
     "--noPropertiesFile",
     "-h",
     "127.0.0.1",
     "-p",
     String.valueOf(TestCaseUtils.getServerLdapPort()),
     "-o",
     "mech=CRAM-MD5",
     "-o",
     "authid=dn:cn=Directory Manager",
     "-w",
     "password",
     "-b",
     "",
     "-s",
     "base",
     "(objectClass=*)"
   };
   assertFalse(LDAPSearch.mainSearch(args, false, null, null) == 0);
 }
  /** Tests the maximum persistent search limit imposed by the server. */
  @Test
  public void testMaxPSearch() throws Exception {
    TestCaseUtils.initializeTestBackend(true);
    // Modify the configuration to allow only 1 concurrent persistent search.
    InternalClientConnection conn = getRootConnection();

    LDAPAttribute attr = new LDAPAttribute("ds-cfg-max-psearches", "1");

    ArrayList<RawModification> mods = new ArrayList<>();
    mods.add(new LDAPModification(ModificationType.REPLACE, attr));

    ModifyOperation modifyOperation = conn.processModify(ByteString.valueOf("cn=config"), mods);
    assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);

    // Create a persistent search request.
    Set<PersistentSearchChangeType> changeTypes = EnumSet.of(ADD, DELETE, MODIFY, MODIFY_DN);
    SearchRequest request =
        newSearchRequest(DN.valueOf("o=test"), SearchScope.BASE_OBJECT)
            .setTypesOnly(true)
            .addAttribute("cn")
            .addControl(new PersistentSearchControl(changeTypes, true, true));
    final InternalSearchOperation search = conn.processSearch(request);

    Thread t =
        new Thread(
            new Runnable() {
              @Override
              public void run() {
                try {
                  search.run();
                } catch (Exception ex) {
                }
              }
            },
            "Persistent Search Test");
    t.start();
    t.join(2000);
    // Create a persistent search request.
    final String[] args = {
      "-D",
      "cn=Directory Manager",
      "-w",
      "password",
      "-h",
      "127.0.0.1",
      "-p",
      String.valueOf(TestCaseUtils.getServerLdapPort()),
      "-b",
      "o=test",
      "-s",
      "sub",
      "-C",
      "ps:add:true:true",
      "--noPropertiesFile",
      "(objectClass=*)"
    };

    assertEquals(LDAPSearch.mainSearch(args, false, true, null, System.err), 11);
    // cancel the persisting persistent search.
    search.cancel(new CancelRequest(true, LocalizableMessage.EMPTY));
  }