/**
   * Retrieves a set of virtual attribute rules that may be used for testing purposes. The return
   * data will also include a Boolean value indicating whether the rule would apply to a minimal
   * "o=test" entry.
   *
   * @return A set of virtual attribute rules that may be used for testing purposes.
   * @throws Exception If an unexpected problem occurs.
   */
  @DataProvider(name = "testRules")
  public Object[][] getVirtualAttributeRules() throws Exception {
    EntryDNVirtualAttributeProvider provider = new EntryDNVirtualAttributeProvider();

    LinkedHashSet<DN> dnSet1 = new LinkedHashSet<DN>(1);
    dnSet1.add(DN.decode("o=test"));

    LinkedHashSet<DN> dnSet2 = new LinkedHashSet<DN>(1);
    dnSet2.add(DN.decode("dc=example,dc=com"));

    LinkedHashSet<DN> dnSet3 = new LinkedHashSet<DN>(2);
    dnSet3.add(DN.decode("o=test"));
    dnSet3.add(DN.decode("dc=example,dc=com"));

    LinkedHashSet<DN> groupSet1 = new LinkedHashSet<DN>(1);
    groupSet1.add(DN.decode("cn=Test Group,o=test"));

    LinkedHashSet<DN> groupSet2 = new LinkedHashSet<DN>(1);
    groupSet2.add(DN.decode("cn=Example Group,o=test"));

    LinkedHashSet<DN> groupSet3 = new LinkedHashSet<DN>(2);
    groupSet3.add(DN.decode("cn=Test Group,o=test"));
    groupSet3.add(DN.decode("cn=Example Group,o=test"));

    LinkedHashSet<SearchFilter> filterSet1 = new LinkedHashSet<SearchFilter>(1);
    filterSet1.add(SearchFilter.createFilterFromString("(objectClass=*)"));

    LinkedHashSet<SearchFilter> filterSet2 = new LinkedHashSet<SearchFilter>(1);
    filterSet2.add(SearchFilter.createFilterFromString("(o=test)"));

    LinkedHashSet<SearchFilter> filterSet3 = new LinkedHashSet<SearchFilter>(1);
    filterSet3.add(SearchFilter.createFilterFromString("(foo=bar)"));

    LinkedHashSet<SearchFilter> filterSet4 = new LinkedHashSet<SearchFilter>(2);
    filterSet4.add(SearchFilter.createFilterFromString("(o=test)"));
    filterSet4.add(SearchFilter.createFilterFromString("(foo=bar)"));

    return new Object[][] {
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            Collections.<DN>emptySet(),
            SearchScope.WHOLE_SUBTREE,
            Collections.<DN>emptySet(),
            Collections.<SearchFilter>emptySet(),
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        true
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            dnSet1,
            SearchScope.WHOLE_SUBTREE,
            Collections.<DN>emptySet(),
            Collections.<SearchFilter>emptySet(),
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        true
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            dnSet2,
            SearchScope.WHOLE_SUBTREE,
            Collections.<DN>emptySet(),
            Collections.<SearchFilter>emptySet(),
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        false
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            dnSet3,
            SearchScope.WHOLE_SUBTREE,
            Collections.<DN>emptySet(),
            Collections.<SearchFilter>emptySet(),
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        true
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            Collections.<DN>emptySet(),
            SearchScope.WHOLE_SUBTREE,
            groupSet1,
            Collections.<SearchFilter>emptySet(),
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        true
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            Collections.<DN>emptySet(),
            SearchScope.WHOLE_SUBTREE,
            groupSet2,
            Collections.<SearchFilter>emptySet(),
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        false
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            Collections.<DN>emptySet(),
            SearchScope.WHOLE_SUBTREE,
            groupSet3,
            Collections.<SearchFilter>emptySet(),
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        true
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            Collections.<DN>emptySet(),
            SearchScope.WHOLE_SUBTREE,
            Collections.<DN>emptySet(),
            filterSet1,
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        true
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            Collections.<DN>emptySet(),
            SearchScope.WHOLE_SUBTREE,
            Collections.<DN>emptySet(),
            filterSet2,
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        true
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            Collections.<DN>emptySet(),
            SearchScope.WHOLE_SUBTREE,
            Collections.<DN>emptySet(),
            filterSet3,
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        false
      },
      new Object[] {
        new VirtualAttributeRule(
            entryDNType,
            provider,
            Collections.<DN>emptySet(),
            SearchScope.WHOLE_SUBTREE,
            Collections.<DN>emptySet(),
            filterSet4,
            ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
        true
      },
    };
  }
  @Test(enabled = true)
  public void testValidRequest() throws Exception {
    final CryptoManagerImpl cm = DirectoryServer.getCryptoManager();
    final String secretMessage = "zyxwvutsrqponmlkjihgfedcba";
    final String cipherTransformationName = "AES/CBC/PKCS5Padding";
    final int cipherKeyLength = 128;

    CryptoManagerImpl.publishInstanceKeyEntryInADS();

    // Initial encryption ensures a cipher key entry is in ADS.
    cm.encrypt(cipherTransformationName, cipherKeyLength, secretMessage.getBytes());

    // Retrieve all uncompromised cipher key entries corresponding to the
    // specified transformation and key length.
    final String baseDNStr // TODO: is this DN defined elsewhere as a constant?
        = "cn=secret keys," + ADSContext.getAdministrationSuffixDN();
    final DN baseDN = DN.decode(baseDNStr);
    final String FILTER_OC_INSTANCE_KEY =
        new StringBuilder("(objectclass=")
            .append(ConfigConstants.OC_CRYPTO_CIPHER_KEY)
            .append(")")
            .toString();
    final String FILTER_NOT_COMPROMISED =
        new StringBuilder("(!(")
            .append(ConfigConstants.ATTR_CRYPTO_KEY_COMPROMISED_TIME)
            .append("=*))")
            .toString();
    final String FILTER_CIPHER_TRANSFORMATION_NAME =
        new StringBuilder("(")
            .append(ConfigConstants.ATTR_CRYPTO_CIPHER_TRANSFORMATION_NAME)
            .append("=")
            .append(cipherTransformationName)
            .append(")")
            .toString();
    final String FILTER_CIPHER_KEY_LENGTH =
        new StringBuilder("(")
            .append(ConfigConstants.ATTR_CRYPTO_KEY_LENGTH_BITS)
            .append("=")
            .append(String.valueOf(cipherKeyLength))
            .append(")")
            .toString();
    final String searchFilter =
        new StringBuilder("(&")
            .append(FILTER_OC_INSTANCE_KEY)
            .append(FILTER_NOT_COMPROMISED)
            .append(FILTER_CIPHER_TRANSFORMATION_NAME)
            .append(FILTER_CIPHER_KEY_LENGTH)
            .append(")")
            .toString();
    final LinkedHashSet<String> requestedAttributes = new LinkedHashSet<String>();
    requestedAttributes.add(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY);
    final InternalClientConnection icc = InternalClientConnection.getRootConnection();
    InternalSearchOperation searchOp =
        icc.processSearch(
            baseDN,
            SearchScope.SINGLE_LEVEL,
            DereferencePolicy.NEVER_DEREF_ALIASES,
            /* size limit */ 0, /* time limit */
            0,
            /* types only */ false,
            SearchFilter.createFilterFromString(searchFilter),
            requestedAttributes);
    assertTrue(0 < searchOp.getSearchEntries().size());

    final InternalClientConnection internalConnection =
        InternalClientConnection.getRootConnection();
    final String instanceKeyID = cm.getInstanceKeyID();
    final AttributeType attrSymmetricKey =
        DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY);
    for (Entry e : searchOp.getSearchEntries()) {
      final String symmetricKeyAttributeValue =
          e.getAttributeValue(attrSymmetricKey, DirectoryStringSyntax.DECODER);
      final ByteString requestValue =
          GetSymmetricKeyExtendedOperation.encodeRequestValue(
              symmetricKeyAttributeValue, instanceKeyID);
      final ExtendedOperation extendedOperation =
          internalConnection.processExtendedOperation(
              ServerConstants.OID_GET_SYMMETRIC_KEY_EXTENDED_OP, requestValue);
      assertEquals(extendedOperation.getResultCode(), ResultCode.SUCCESS);
      // The key should be re-wrapped, and hence have a different binary
      // representation....
      final String responseValue = extendedOperation.getResponseValue().toString();
      assertFalse(symmetricKeyAttributeValue.equals(responseValue));
      // ... but the keyIDs should be equal (ideally, the validity of
      // the returned value would be checked by decoding the
      // returned ds-cfg-symmetric-key attribute value; however, there
      // is no non-private method to call.
      assertEquals(responseValue.split(":")[0], symmetricKeyAttributeValue.split(":")[0]);
    }
  }