/**
* Retrieves a set of virtual attribute rules that may be used for testing purposes. The return
* data will also include a Boolean value indicating whether the rule would apply to a minimal
* "o=test" entry.
*
* @return A set of virtual attribute rules that may be used for testing purposes.
* @throws Exception If an unexpected problem occurs.
*/
@DataProvider(name = "testRules")
public Object[][] getVirtualAttributeRules() throws Exception {
EntryDNVirtualAttributeProvider provider = new EntryDNVirtualAttributeProvider();
LinkedHashSet<DN> dnSet1 = new LinkedHashSet<DN>(1);
dnSet1.add(DN.decode("o=test"));
LinkedHashSet<DN> dnSet2 = new LinkedHashSet<DN>(1);
dnSet2.add(DN.decode("dc=example,dc=com"));
LinkedHashSet<DN> dnSet3 = new LinkedHashSet<DN>(2);
dnSet3.add(DN.decode("o=test"));
dnSet3.add(DN.decode("dc=example,dc=com"));
LinkedHashSet<DN> groupSet1 = new LinkedHashSet<DN>(1);
groupSet1.add(DN.decode("cn=Test Group,o=test"));
LinkedHashSet<DN> groupSet2 = new LinkedHashSet<DN>(1);
groupSet2.add(DN.decode("cn=Example Group,o=test"));
LinkedHashSet<DN> groupSet3 = new LinkedHashSet<DN>(2);
groupSet3.add(DN.decode("cn=Test Group,o=test"));
groupSet3.add(DN.decode("cn=Example Group,o=test"));
LinkedHashSet<SearchFilter> filterSet1 = new LinkedHashSet<SearchFilter>(1);
filterSet1.add(SearchFilter.createFilterFromString("(objectClass=*)"));
LinkedHashSet<SearchFilter> filterSet2 = new LinkedHashSet<SearchFilter>(1);
filterSet2.add(SearchFilter.createFilterFromString("(o=test)"));
LinkedHashSet<SearchFilter> filterSet3 = new LinkedHashSet<SearchFilter>(1);
filterSet3.add(SearchFilter.createFilterFromString("(foo=bar)"));
LinkedHashSet<SearchFilter> filterSet4 = new LinkedHashSet<SearchFilter>(2);
filterSet4.add(SearchFilter.createFilterFromString("(o=test)"));
filterSet4.add(SearchFilter.createFilterFromString("(foo=bar)"));
return new Object[][] {
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
dnSet1,
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
dnSet2,
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
false
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
dnSet3,
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
groupSet1,
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
groupSet2,
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
false
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
groupSet3,
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
filterSet1,
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
filterSet2,
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
filterSet3,
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
false
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
filterSet4,
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
};
}
@Test(enabled = true)
public void testValidRequest() throws Exception {
final CryptoManagerImpl cm = DirectoryServer.getCryptoManager();
final String secretMessage = "zyxwvutsrqponmlkjihgfedcba";
final String cipherTransformationName = "AES/CBC/PKCS5Padding";
final int cipherKeyLength = 128;
CryptoManagerImpl.publishInstanceKeyEntryInADS();
// Initial encryption ensures a cipher key entry is in ADS.
cm.encrypt(cipherTransformationName, cipherKeyLength, secretMessage.getBytes());
// Retrieve all uncompromised cipher key entries corresponding to the
// specified transformation and key length.
final String baseDNStr // TODO: is this DN defined elsewhere as a constant?
= "cn=secret keys," + ADSContext.getAdministrationSuffixDN();
final DN baseDN = DN.decode(baseDNStr);
final String FILTER_OC_INSTANCE_KEY =
new StringBuilder("(objectclass=")
.append(ConfigConstants.OC_CRYPTO_CIPHER_KEY)
.append(")")
.toString();
final String FILTER_NOT_COMPROMISED =
new StringBuilder("(!(")
.append(ConfigConstants.ATTR_CRYPTO_KEY_COMPROMISED_TIME)
.append("=*))")
.toString();
final String FILTER_CIPHER_TRANSFORMATION_NAME =
new StringBuilder("(")
.append(ConfigConstants.ATTR_CRYPTO_CIPHER_TRANSFORMATION_NAME)
.append("=")
.append(cipherTransformationName)
.append(")")
.toString();
final String FILTER_CIPHER_KEY_LENGTH =
new StringBuilder("(")
.append(ConfigConstants.ATTR_CRYPTO_KEY_LENGTH_BITS)
.append("=")
.append(String.valueOf(cipherKeyLength))
.append(")")
.toString();
final String searchFilter =
new StringBuilder("(&")
.append(FILTER_OC_INSTANCE_KEY)
.append(FILTER_NOT_COMPROMISED)
.append(FILTER_CIPHER_TRANSFORMATION_NAME)
.append(FILTER_CIPHER_KEY_LENGTH)
.append(")")
.toString();
final LinkedHashSet<String> requestedAttributes = new LinkedHashSet<String>();
requestedAttributes.add(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY);
final InternalClientConnection icc = InternalClientConnection.getRootConnection();
InternalSearchOperation searchOp =
icc.processSearch(
baseDN,
SearchScope.SINGLE_LEVEL,
DereferencePolicy.NEVER_DEREF_ALIASES,
/* size limit */ 0, /* time limit */
0,
/* types only */ false,
SearchFilter.createFilterFromString(searchFilter),
requestedAttributes);
assertTrue(0 < searchOp.getSearchEntries().size());
final InternalClientConnection internalConnection =
InternalClientConnection.getRootConnection();
final String instanceKeyID = cm.getInstanceKeyID();
final AttributeType attrSymmetricKey =
DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY);
for (Entry e : searchOp.getSearchEntries()) {
final String symmetricKeyAttributeValue =
e.getAttributeValue(attrSymmetricKey, DirectoryStringSyntax.DECODER);
final ByteString requestValue =
GetSymmetricKeyExtendedOperation.encodeRequestValue(
symmetricKeyAttributeValue, instanceKeyID);
final ExtendedOperation extendedOperation =
internalConnection.processExtendedOperation(
ServerConstants.OID_GET_SYMMETRIC_KEY_EXTENDED_OP, requestValue);
assertEquals(extendedOperation.getResultCode(), ResultCode.SUCCESS);
// The key should be re-wrapped, and hence have a different binary
// representation....
final String responseValue = extendedOperation.getResponseValue().toString();
assertFalse(symmetricKeyAttributeValue.equals(responseValue));
// ... but the keyIDs should be equal (ideally, the validity of
// the returned value would be checked by decoding the
// returned ds-cfg-symmetric-key attribute value; however, there
// is no non-private method to call.
assertEquals(responseValue.split(":")[0], symmetricKeyAttributeValue.split(":")[0]);
}
}
