/**
* Utility method which is called by the testcase sending a DELETE request.
*
* @param authentication The flag to set the authentication on and off.
* @return The error code of operation performed.
* @throws Exception If an unexpected problem occurs.
*/
private int performDeleteOperation(boolean authentication) throws Exception {
String[] args = null;
if (authentication)
args =
new String[] {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-V",
"3",
"-D",
"cn=Directory Manager",
"-w",
"password",
"o=mod_rejectTestCase,o=test"
};
else
args =
new String[] {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"o=mod_rejectTestCase,o=test"
};
return LDAPDelete.mainDelete(args, false, null, null);
}
/**
* Tests the use of the StartTLS extended operation to communicate with the server in conjunction
* with no authentication and using a client trust store to validate the server certificate.
*/
@Test()
public void testStartTLSNoAuthTrustStore() {
String trustStorePath =
DirectoryServer.getInstanceRoot()
+ File.separator
+ "config"
+ File.separator
+ "client.truststore";
String[] args = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-q",
"-P",
trustStorePath,
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
}
/**
* Tests whether the who am I? extended operation with an unauthenticated connection fails with
* new setting of "ds-cfg-reject-unauthenticated-requests".
*
* @throws UnsupportedEncodingException If an unexpected problem occurs.
* @throws IOException If an unexpected problem occurs.
* @throws ClientException If an unexpected problem occurs.
*/
@Test
public void testUnauthWAINewCfg()
throws UnsupportedEncodingException, IOException, ClientException {
try {
DirectoryServer.setRejectUnauthenticatedRequests(true);
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
LDAPReader reader = new LDAPReader(s);
LDAPWriter writer = new LDAPWriter(s);
AtomicInteger nextMessageID = new AtomicInteger(1);
LDAPAuthenticationHandler authHandler =
new LDAPAuthenticationHandler(reader, writer, "localhost", nextMessageID);
ByteString authzID = null;
try {
authzID = authHandler.requestAuthorizationIdentity();
} catch (LDAPException e) {
assertNull(authzID);
} finally {
LDAPMessage unbindMessage =
new LDAPMessage(nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
writer.writeMessage(unbindMessage);
s.close();
}
} finally {
DirectoryServer.setRejectUnauthenticatedRequests(false);
}
}
/**
* Tests the use of the StartTLS extended operation to communicate with the server in conjunction
* with no authentication and using blind trust.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testStartTLSNoAuthTrustAll() throws Exception {
try {
DirectoryServer.setRejectUnauthenticatedRequests(true);
String[] argSearch = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-D",
"cn=directory manager",
"-w",
"password",
"-q",
"-X",
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertEquals(LDAPSearch.mainSearch(argSearch, false, null, System.err), 0);
} finally {
DirectoryServer.setRejectUnauthenticatedRequests(false);
}
}
/**
* Tests whether the Who Am I? extended operation with an internal authenticated connection
* succeeds with default setting of "ds-cfg-reject-unauthenticated-requests".
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testAuthWAIDefCfg() throws Exception {
DirectoryServer.setRejectUnauthenticatedRequests(false);
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
LDAPReader reader = new LDAPReader(s);
LDAPWriter writer = new LDAPWriter(s);
AtomicInteger nextMessageID = new AtomicInteger(1);
LDAPAuthenticationHandler authHandler =
new LDAPAuthenticationHandler(reader, writer, "localhost", nextMessageID);
authHandler.doSimpleBind(
3,
ByteString.valueOf("cn=Directory Manager"),
ByteString.valueOf("password"),
new ArrayList<Control>(),
new ArrayList<Control>());
ByteString authzID = authHandler.requestAuthorizationIdentity();
assertNotNull(authzID);
LDAPMessage unbindMessage =
new LDAPMessage(nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
writer.writeMessage(unbindMessage);
s.close();
}
/**
* Tests the use of the StartTLS extended operation to communicate with the server in conjunction
* with SASL EXTERNAL authentication and using a client trust store to validate the server
* certificate.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testStartTLSExternalAuthTrustStore() throws Exception {
TestCaseUtils.initializeTestBackend(true);
Entry e =
TestCaseUtils.makeEntry(
"dn: cn=Test User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Test User",
"givenName: Test",
"sn: User");
InternalClientConnection conn = InternalClientConnection.getRootConnection();
AddOperation addOperation =
conn.processAdd(
e.getDN(), e.getObjectClasses(), e.getUserAttributes(), e.getOperationalAttributes());
assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
String keyStorePath =
DirectoryServer.getInstanceRoot()
+ File.separator
+ "config"
+ File.separator
+ "client.keystore";
String trustStorePath =
DirectoryServer.getInstanceRoot()
+ File.separator
+ "config"
+ File.separator
+ "client.truststore";
String[] args = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-q",
"-K",
keyStorePath,
"-W",
"password",
"-P",
trustStorePath,
"-r",
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
}
/**
* Tests whether both authenticated and unauthenticated SEARCH requests will be allowed with the
* new configuration settings for "ds-cfg-reject-unauthenticated-requests" .
*/
@Test
public void testSearchNewCfg() {
try {
DirectoryServer.setRejectUnauthenticatedRequests(true);
String[] args = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertFalse(LDAPSearch.mainSearch(args, false, null, null) == 0);
String[] authArgs = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-D",
"cn=Directory Manager",
"-w",
"password",
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertEquals(LDAPSearch.mainSearch(authArgs, false, null, System.err), 0);
} finally {
DirectoryServer.setRejectUnauthenticatedRequests(false);
}
}
/**
* Utility method which is called by the testcase sending an ADD request.
*
* @param authentication The flag to set the authentication on and off.
* @return The error code of operation performed.
* @throws Exception If an unexpected problem occurs.
*/
private int performAddOperation(boolean authentication) throws Exception {
String filePath =
TestCaseUtils.createTempFile(
"dn: o=rejectTestCase,o=test",
"objectclass: top",
"objectclass: organization",
"o: rejectTestCase",
"description: Reject Test Case");
String[] args = null;
if (authentication)
args =
new String[] {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-D",
"cn=directory manager",
"-w",
"password",
"-a",
"-f",
filePath,
};
else
args =
new String[] {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-a",
"-f",
filePath,
};
return LDAPModify.mainModify(args, false, null, null);
}
/**
* Utility method which is called by the testcase sending a MODRDN request.
*
* @param authentication The flag to set the authentication on and off.
* @return The error code of operation performed.
* @throws Exception If an unexpected problem occurs.
*/
private int performModRdnOperation(boolean authentication) throws Exception {
String path =
TestCaseUtils.createTempFile(
"dn: o=rejectTestCase,o=Test",
"changetype: modrdn",
"newrdn: o=mod_rejectTestCase",
"deleteoldrdn: 0");
String[] args = null;
if (authentication)
args =
new String[] {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-D",
"cn=directory manager",
"-w",
"password",
"-f",
path
};
else
args =
new String[] {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-f",
path
};
return LDAPModify.mainModify(args, false, null, null);
}
/**
* Performs a successful LDAP bind using CRAM-MD5 using the dn: form of the authentication ID
* using a long password (longer than 64 bytes).
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testLDAPBindSuccessWithDNAndLongPassword() throws Exception {
TestCaseUtils.initializeTestBackend(true);
String password = "******";
Entry e =
TestCaseUtils.makeEntry(
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: "******"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy,"
+ "cn=Password Policies,cn=config");
InternalClientConnection conn = InternalClientConnection.getRootConnection();
AddOperation addOperation =
conn.processAdd(
e.getDN(), e.getObjectClasses(),
e.getUserAttributes(), e.getOperationalAttributes());
assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
String[] args = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-o",
"mech=CRAM-MD5",
"-o",
"authid=dn:uid=test.user,o=test",
"-w",
password,
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
}
/**
* Performs a failed LDAP bind using CRAM-MD5 using the dn: form of the authentication ID with the
* DN of a user that doesn't exist.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testLDAPBindFailNoSuchUser() throws Exception {
TestCaseUtils.initializeTestBackend(true);
Entry e =
TestCaseUtils.makeEntry(
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
InternalClientConnection conn = InternalClientConnection.getRootConnection();
AddOperation addOperation =
conn.processAdd(
e.getDN(), e.getObjectClasses(),
e.getUserAttributes(), e.getOperationalAttributes());
assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
String[] args = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-o",
"mech=CRAM-MD5",
"-o",
"authid=dn:uid=doesntexist,o=test",
"-w",
"password",
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertFalse(LDAPSearch.mainSearch(args, false, null, null) == 0);
}
/**
* Tests the use of the StartTLS extended operation to communicate with the server in conjunction
* with no authentication and using blind trust.
*/
@Test()
public void testStartTLSNoAuthTrustAll() {
String[] args = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-q",
"-X",
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
}
/**
* Tests whether an unauthenticated SEARCH request will be allowed with the default configuration
* settings for "ds-cfg-reject-unauthenticated-requests".
*/
@Test()
public void testUnauthSearchDefCfg() {
DirectoryServer.setRejectUnauthenticatedRequests(false);
String[] args = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertEquals(LDAPSearch.mainSearch(args, false, null, System.err), 0);
}
/**
* Performs a failed LDAP bind using CRAM-MD5 using the dn: form of the authentication ID with the
* root DN (which has a stored password that's not reversible).
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testLDAPBindFailIrreversiblePasswordWithRootDN() throws Exception {
String[] args = {
"--noPropertiesFile",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-o",
"mech=CRAM-MD5",
"-o",
"authid=dn:cn=Directory Manager",
"-w",
"password",
"-b",
"",
"-s",
"base",
"(objectClass=*)"
};
assertFalse(LDAPSearch.mainSearch(args, false, null, null) == 0);
}
/** Tests the maximum persistent search limit imposed by the server. */
@Test
public void testMaxPSearch() throws Exception {
TestCaseUtils.initializeTestBackend(true);
// Modify the configuration to allow only 1 concurrent persistent search.
InternalClientConnection conn = getRootConnection();
LDAPAttribute attr = new LDAPAttribute("ds-cfg-max-psearches", "1");
ArrayList<RawModification> mods = new ArrayList<>();
mods.add(new LDAPModification(ModificationType.REPLACE, attr));
ModifyOperation modifyOperation = conn.processModify(ByteString.valueOf("cn=config"), mods);
assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
// Create a persistent search request.
Set<PersistentSearchChangeType> changeTypes = EnumSet.of(ADD, DELETE, MODIFY, MODIFY_DN);
SearchRequest request =
newSearchRequest(DN.valueOf("o=test"), SearchScope.BASE_OBJECT)
.setTypesOnly(true)
.addAttribute("cn")
.addControl(new PersistentSearchControl(changeTypes, true, true));
final InternalSearchOperation search = conn.processSearch(request);
Thread t =
new Thread(
new Runnable() {
@Override
public void run() {
try {
search.run();
} catch (Exception ex) {
}
}
},
"Persistent Search Test");
t.start();
t.join(2000);
// Create a persistent search request.
final String[] args = {
"-D",
"cn=Directory Manager",
"-w",
"password",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-b",
"o=test",
"-s",
"sub",
"-C",
"ps:add:true:true",
"--noPropertiesFile",
"(objectClass=*)"
};
assertEquals(LDAPSearch.mainSearch(args, false, true, null, System.err), 11);
// cancel the persisting persistent search.
search.cancel(new CancelRequest(true, LocalizableMessage.EMPTY));
}
