/**
* Tests the second constructor, which creates an instance of the control using a processed DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testConstructor2() throws Exception {
// Try a DN of "null", which is not valid and will fail on the attempt to
// create the control
ProxiedAuthV1Control proxyControl;
try {
proxyControl = new ProxiedAuthV1Control((DN) null);
throw new AssertionError(
"Expected a failure when creating a proxied "
+ "auth V1 control with a null octet string.");
} catch (Throwable t) {
}
// Try an empty DN, which is acceptable.
proxyControl = new ProxiedAuthV1Control(DN.nullDN());
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
assertTrue(proxyControl.getAuthorizationDN().isNullDN());
// Try a valid DN, which is acceptable.
proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
}
@BeforeClass()
public void setUp() throws Exception {
TestCaseUtils.startServer();
TestCaseUtils.clearJEBackend(false, "userRoot", SUFFIX);
InternalClientConnection connection = InternalClientConnection.getRootConnection();
// Add suffix entry.
DN suffixDN = DN.decode(SUFFIX);
if (DirectoryServer.getEntry(suffixDN) == null) {
Entry suffixEntry = StaticUtils.createEntry(suffixDN);
AddOperation addOperation =
connection.processAdd(
suffixEntry.getDN(),
suffixEntry.getObjectClasses(),
suffixEntry.getUserAttributes(),
suffixEntry.getOperationalAttributes());
assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
assertNotNull(DirectoryServer.getEntry(suffixEntry.getDN()));
}
// Add base entry.
DN baseDN = DN.decode(BASE);
if (DirectoryServer.getEntry(baseDN) == null) {
Entry baseEntry = StaticUtils.createEntry(baseDN);
AddOperation addOperation =
connection.processAdd(
baseEntry.getDN(),
baseEntry.getObjectClasses(),
baseEntry.getUserAttributes(),
baseEntry.getOperationalAttributes());
assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
assertNotNull(DirectoryServer.getEntry(baseEntry.getDN()));
}
// Add test entry.
Entry testEntry =
TestCaseUtils.makeEntry(
"dn: uid=rogasawara," + BASE,
"objectclass: top",
"objectclass: person",
"objectclass: organizationalPerson",
"objectclass: inetOrgPerson",
"uid: rogasawara",
"userpassword: password",
"mail: [email protected]",
"givenname: Rodney",
"sn: Ogasawara",
"cn: Rodney Ogasawara",
"title: Sales, Director");
AddOperation addOperation =
connection.processAdd(
testEntry.getDN(),
testEntry.getObjectClasses(),
testEntry.getUserAttributes(),
testEntry.getOperationalAttributes());
assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
assertNotNull(DirectoryServer.getEntry(testEntry.getDN()));
}
/**
* Tests the constructor with non-null DN.
*
* @throws Exception If the test failed unexpectedly.
*/
@Test
public void testConstructorNonNullDN() throws Exception {
DN testDN1 = DN.decode("dc=hello, dc=world");
DN testDN2 = DN.decode("dc=hello, dc=world");
DeleteChangeRecordEntry entry = new DeleteChangeRecordEntry(testDN1);
Assert.assertEquals(entry.getDN(), testDN2);
}
/**
* Tests the {@code getAuthorizationDN} and {@code setRawAuthorizationDN} methods.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testGetAndSetAuthorizationDN() throws Exception {
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.nullDN());
assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf(""));
assertEquals(proxyControl.getAuthorizationDN(), DN.nullDN());
proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf("uid=test,o=test"));
assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
}
/**
* Verifies that the server will reject a CRAM-MD5 bind with credentials containing a malformed
* digest.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testMalformedDigest() throws Exception {
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
BindOperation bindOperation = conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, null);
assertEquals(bindOperation.getResultCode(), ResultCode.SASL_BIND_IN_PROGRESS);
ByteString creds = ByteString.valueOf("dn:cn=Directory Manager malformeddigest");
bindOperation = conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, creds);
assertFalse(bindOperation.getResultCode() == ResultCode.SUCCESS);
}
/**
* Creates a new DN representing the specified managed object path and relation.
*
* @param path The managed object path.
* @param relation The child relation.
* @return Returns a new DN representing the specified managed object path and relation.
*/
public static DN create(ManagedObjectPath<?, ?> path, RelationDefinition<?, ?> relation) {
DN dn = path.toDN();
try {
LDAPProfile profile = LDAPProfile.getInstance();
DN localName = DN.decode(profile.getRelationRDNSequence(relation));
return dn.concat(localName);
} catch (DirectoryException e) {
throw new RuntimeException(e);
}
}
/**
* Tests the willMatchAfterBind method.
*
* @param isSecure Indicates if the client is using a secured connection.
* @param criteria The security criteria.
* @param expectedResult The expected result.
* @throws Exception If an unexpected exception occurred.
*/
@Test(dataProvider = "testData")
public void testWillMatchAfterBind(
boolean isSecure, SecurityConnectionCriteria criteria, boolean expectedResult)
throws Exception {
ClientConnection client =
new MockClientConnection(12345, false, DN.nullDN(), AllowedAuthMethod.ANONYMOUS);
Assert.assertEquals(
criteria.willMatchAfterBind(client, DN.nullDN(), AuthenticationType.SIMPLE, isSecure),
expectedResult);
}
/**
* Creates a new instance of this change notification listener.
*
* @throws DirectoryException If a problem occurs while creating an instance of this class
*/
public TestChangeNotificationListener() throws DirectoryException {
super(
DN.decode("cn=TestChangeNotificationListener"),
EnumSet.of(
POST_RESPONSE_ADD, POST_RESPONSE_MODIFY, POST_RESPONSE_MODIFY_DN, POST_RESPONSE_DELETE),
true);
}
/**
* Tests performing an internal search using the server-side sort control with an undefined
* ordering rule.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchUndefinedOrderingRule() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl(true, "givenName:undefinedOrderingMatch"));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertFalse(internalSearch.getResultCode() == ResultCode.SUCCESS);
}
/**
* Tests performing an internal search using the CRITICAL server-side sort control with an
* undefined attribute type.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testCriticalSortWithUndefinedAttribute() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl(true, "undefined"));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertEquals(internalSearch.getResultCode(), ResultCode.UNAVAILABLE_CRITICAL_EXTENSION);
}
// We initialize these for each new AciHandler so that we can clear
// out the stale references that can occur during an in-core restart.
private static void initStatics() {
if ((aciType = DirectoryServer.getAttributeType("aci")) == null) {
aciType = DirectoryServer.getDefaultAttributeType("aci");
}
if ((globalAciType = DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null) {
globalAciType = DirectoryServer.getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
}
if ((debugSearchIndex =
DirectoryServer.getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX))
== null) {
debugSearchIndex =
DirectoryServer.getDefaultAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
}
if ((refAttrType = DirectoryServer.getAttributeType(ATTR_REFERRAL_URL)) == null) {
refAttrType = DirectoryServer.getDefaultAttributeType(ATTR_REFERRAL_URL);
}
try {
debugSearchIndexDN = DN.decode("cn=debugsearch");
} catch (DirectoryException ex) {
// Should never happen.
}
}
/**
* Attempt to read a single entry.
*
* @throws Exception If the test failed unexpectedly.
*/
@Test(dependsOnMethods = {"testReadEntryEmptyStream"})
public void testReadEntrySingle() throws Exception {
final String ldifString =
"dn: cn=john, dc=foo, dc=com\n"
+ "objectClass: top\n"
+ "objectClass: person\n"
+ "cn: john\n"
+ "sn: smith\n";
LDIFReader reader = createLDIFReader(ldifString);
try {
Entry entry = reader.readEntry();
Assert.assertNotNull(entry);
Assert.assertEquals(entry.getDN(), DN.decode("cn=john, dc=foo, dc=com"));
Assert.assertTrue(entry.hasObjectClass(OC_TOP));
Assert.assertTrue(entry.hasObjectClass(OC_PERSON));
Assert.assertTrue(entry.hasValue(AT_CN, null, AttributeValues.create(AT_CN, "john")));
Assert.assertTrue(entry.hasValue(AT_SN, null, AttributeValues.create(AT_SN, "smith")));
Assert.assertNull(reader.readEntry());
Assert.assertEquals(reader.getEntriesIgnored(), 0);
Assert.assertEquals(reader.getEntriesRead(), 1);
Assert.assertEquals(reader.getEntriesRejected(), 0);
Assert.assertEquals(reader.getLastEntryLineNumber(), 1);
} finally {
reader.close();
}
}
/**
* Verifies that the server will reject a CRAM-MD5 bind in which the first message contains SASL
* credentials (which isn't allowed).
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testOutOfSequenceBind() throws Exception {
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
BindOperation bindOperation =
conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, ByteString.valueOf("invalid"));
assertFalse(bindOperation.getResultCode() == ResultCode.SUCCESS);
}
/**
* Tests whether an Unauthenticated BIND request will be allowed with the default configuration
* settings for "ds-cfg-reject-unauthenticated-requests".
*/
@Test()
public void testUnauthBindDefCfg() {
DirectoryServer.setRejectUnauthenticatedRequests(false);
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
BindOperation bindOperation = conn.processSimpleBind(DN.nullDN(), null);
assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
}
/**
* Tests the {@code getValidatedAuthorizationDN} method for a user that doesn't exist in the
* directory data.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = {DirectoryException.class})
public void testGetValidatedAuthorizationNonExistingNormalUser() throws Exception {
TestCaseUtils.initializeTestBackend(true);
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
proxyControl.getAuthorizationEntry();
}
/**
* Generates an entry for a backup directory based on the provided DN. The DN must contain an RDN
* component that specifies the path to the backup directory, and that directory must exist and be
* a valid backup directory.
*
* @param entryDN The DN of the backup directory entry to retrieve.
* @return The requested backup directory entry.
* @throws DirectoryException If the specified directory does not exist or is not a valid backup
* directory, or if the DN does not specify any backup directory.
*/
private Entry getBackupDirectoryEntry(DN entryDN) throws DirectoryException {
// Make sure that the DN specifies a backup directory.
AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true);
AttributeValue v = entryDN.getRDN().getAttributeValue(t);
if (v == null) {
Message message = ERR_BACKUP_DN_DOES_NOT_SPECIFY_DIRECTORY.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message, backupBaseDN, null);
}
// Get a handle to the backup directory and the information that it
// contains.
BackupDirectory backupDirectory;
try {
backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString());
} catch (ConfigException ce) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ce);
}
Message message =
ERR_BACKUP_INVALID_BACKUP_DIRECTORY.get(String.valueOf(entryDN), ce.getMessage());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message = ERR_BACKUP_ERROR_GETTING_BACKUP_DIRECTORY.get(getExceptionMessage(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
// Construct the backup directory entry to return.
LinkedHashMap<ObjectClass, String> ocMap = new LinkedHashMap<ObjectClass, String>(2);
ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP);
ObjectClass backupDirOC = DirectoryServer.getObjectClass(OC_BACKUP_DIRECTORY, true);
ocMap.put(backupDirOC, OC_BACKUP_DIRECTORY);
LinkedHashMap<AttributeType, List<Attribute>> opAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(0);
LinkedHashMap<AttributeType, List<Attribute>> userAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(3);
ArrayList<Attribute> attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, v));
userAttrs.put(t, attrList);
t = DirectoryServer.getAttributeType(ATTR_BACKUP_BACKEND_DN, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(
Attributes.create(
t, AttributeValues.create(t, backupDirectory.getConfigEntryDN().toString())));
userAttrs.put(t, attrList);
Entry e = new Entry(entryDN, ocMap, userAttrs, opAttrs);
e.processVirtualAttributes();
return e;
}
/**
* Tests the {@code getValidatedAuthorizationDN} method for a normal user that exists in the
* directory data and doesn't have any restrictions on its use.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testGetValidatedAuthorizationExistingNormalUser() throws Exception {
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.addEntry(
"dn: uid=test,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test",
"givenName: Test",
"sn: User",
"cn: Test User");
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
assertEquals(proxyControl.getAuthorizationEntry().getDN(), DN.decode("uid=test,o=test"));
}
/**
* Tests the matches method.
*
* @param isSecure Indicates if the client is using a secured connection.
* @param criteria The security criteria.
* @param expectedResult The expected result.
* @throws Exception If an unexpected exception occurred.
*/
@Test(dataProvider = "testData")
public void testMatches(
boolean isSecure, SecurityConnectionCriteria criteria, boolean expectedResult)
throws Exception {
ClientConnection client =
new MockClientConnection(12345, isSecure, DN.nullDN(), AllowedAuthMethod.ANONYMOUS);
Assert.assertEquals(criteria.matches(client), expectedResult);
}
/**
* Tests the {@code toString} methods.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testToString() throws Exception {
// The default toString() calls the version that takes a string builder
// argument, so we only need to use the default version to cover both cases.
ProxiedAuthV1Control proxyControl =
new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test"));
proxyControl.toString();
proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
proxyControl.toString();
}
/** {@inheritDoc} */
@Override
public Entry getEntry(DN entryDN) throws DirectoryException {
// If the requested entry was null, then throw an exception.
if (entryDN == null) {
throw new DirectoryException(
DirectoryServer.getServerErrorResultCode(),
ERR_BACKEND_GET_ENTRY_NULL.get(getBackendID()));
}
// If the requested entry was the backend base entry, then retrieve it.
if (entryDN.equals(backupBaseDN)) {
return backupBaseEntry.duplicate(true);
}
// See if the requested entry was one level below the backend base entry.
// If so, then it must point to a backup directory. Otherwise, it must be
// two levels below the backup base entry and must point to a specific
// backup.
DN parentDN = entryDN.getParentDNInSuffix();
if (parentDN == null) {
Message message = ERR_BACKUP_INVALID_BASE.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message);
} else if (parentDN.equals(backupBaseDN)) {
return getBackupDirectoryEntry(entryDN);
} else if (backupBaseDN.equals(parentDN.getParentDNInSuffix())) {
return getBackupEntry(entryDN);
} else {
Message message = ERR_BACKUP_INVALID_BASE.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message, backupBaseDN, null);
}
}
/**
* Tests the {@code decodeControl} method when the control value is a valid octet string that
* contains an valid non-empty DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testDecodeControlValueNonEmptyDN() throws Exception {
ByteStringBuilder bsb = new ByteStringBuilder();
ASN1Writer writer = ASN1.getWriter(bsb);
writer.writeStartSequence();
writer.writeOctetString("uid=test,o=test");
writer.writeEndSequence();
LDAPControl c = new LDAPControl(OID_PROXIED_AUTH_V1, true, bsb.toByteString());
ProxiedAuthV1Control proxyControl =
ProxiedAuthV1Control.DECODER.decode(c.isCritical(), c.getValue());
assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
}
/** {@inheritDoc} */
public boolean isConfigurationChangeAcceptable(
RootDNUserCfg configuration, List<Message> unacceptableReasons) {
boolean configAcceptable = true;
// There must not be any new alternate bind DNs that are already in use by
// other root users.
for (DN altBindDN : configuration.getAlternateBindDN()) {
DN existingRootDN = DirectoryServer.getActualRootBindDN(altBindDN);
if ((existingRootDN != null) && (!existingRootDN.equals(configuration.dn()))) {
Message message =
ERR_CONFIG_ROOTDN_CONFLICTING_MAPPING.get(
String.valueOf(altBindDN),
String.valueOf(configuration.dn()),
String.valueOf(existingRootDN));
unacceptableReasons.add(message);
configAcceptable = false;
}
}
return configAcceptable;
}
/**
* Tests performing an internal search using the VLV control to retrieve a subset of the entries
* using an assertion value that is after all values in the list.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchByValueAfterAll() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl("sn"));
requestControls.add(new VLVRequestControl(0, 3, ByteString.valueOf("zz")));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
// It will be successful because the control isn't critical.
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
VLVResponseControl vlvResponse = null;
for (Control c : responseControls) {
if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) {
if (c instanceof LDAPControl) {
vlvResponse =
VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue());
} else {
vlvResponse = (VLVResponseControl) c;
}
}
}
assertNotNull(vlvResponse);
assertEquals(vlvResponse.getVLVResultCode(), LDAPResultCode.SUCCESS);
assertEquals(vlvResponse.getTargetPosition(), 10);
assertEquals(vlvResponse.getContentCount(), 9);
}
/**
* Make sure that the server is running.
*
* @throws Exception If an unexpected problem occurs.
*/
@BeforeClass()
public void startServer() throws Exception {
TestCaseUtils.startServer();
givenNameType = DirectoryServer.getAttributeType("givenname", false);
assertNotNull(givenNameType);
snType = DirectoryServer.getAttributeType("sn", false);
assertNotNull(snType);
aaccfJohnsonDN = DN.decode("uid=aaccf.johnson,dc=example,dc=com");
aaronZimmermanDN = DN.decode("uid=aaron.zimmerman,dc=example,dc=com");
albertSmithDN = DN.decode("uid=albert.smith,dc=example,dc=com");
albertZimmermanDN = DN.decode("uid=albert.zimmerman,dc=example,dc=com");
lowercaseMcGeeDN = DN.decode("uid=lowercase.mcgee,dc=example,dc=com");
margaretJonesDN = DN.decode("uid=margaret.jones,dc=example,dc=com");
maryJonesDN = DN.decode("uid=mary.jones,dc=example,dc=com");
samZweckDN = DN.decode("uid=sam.zweck,dc=example,dc=com");
zorroDN = DN.decode("uid=zorro,dc=example,dc=com");
}
private Object[] generateValues(String password) throws Exception {
ByteString bytePassword = ByteString.valueOf(password);
SaltedMD5PasswordStorageScheme scheme = new SaltedMD5PasswordStorageScheme();
ConfigEntry configEntry =
DirectoryServer.getConfigEntry(
DN.decode("cn=Salted MD5,cn=Password Storage Schemes,cn=config"));
SaltedMD5PasswordStorageSchemeCfg configuration =
AdminTestCaseUtils.getConfiguration(
SaltedMD5PasswordStorageSchemeCfgDefn.getInstance(), configEntry.getEntry());
scheme.initializePasswordStorageScheme(configuration);
ByteString encodedAuthPassword = scheme.encodePasswordWithScheme(bytePassword);
return new Object[] {encodedAuthPassword.toString(), password, true};
}
/**
* Tests whether authenticated and unauthenticated BIND requests will be allowed with the new
* configuration settings for "ds-cfg-reject-unauthenticated-requests" .
*/
@Test
public void testBindNewCfg() {
try {
DirectoryServer.setRejectUnauthenticatedRequests(true);
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
ByteString user = ByteString.valueOf("cn=Directory Manager");
ByteString password = ByteString.valueOf("password");
// Unauthenticated BIND request.
BindOperation bindOperation = conn.processSimpleBind(DN.nullDN(), null);
assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
// Authenticated BIND request.
bindOperation = conn.processSimpleBind(user, password);
assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
} finally {
DirectoryServer.setRejectUnauthenticatedRequests(false);
}
}
/**
* Process all global ACI attribute types found in the configuration entry and adds them to that
* ACI list cache. It also logs messages about the number of ACI attribute types added to the
* cache. This method is called once at startup. It also will put the server into lockdown mode if
* needed.
*
* @param configuration The config handler containing the ACI configuration information.
* @throws InitializationException If there is an error reading the global ACIs from the
* configuration entry.
*/
private void processGlobalAcis(DseeCompatAccessControlHandlerCfg configuration)
throws InitializationException {
SortedSet<Aci> globalAcis = configuration.getGlobalACI();
try {
if (globalAcis != null) {
aciList.addAci(DN.nullDN(), globalAcis);
Message message = INFO_ACI_ADD_LIST_GLOBAL_ACIS.get(Integer.toString(globalAcis.size()));
logError(message);
}
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message =
INFO_ACI_HANDLER_FAIL_PROCESS_GLOBAL_ACI.get(String.valueOf(configuration.dn()));
throw new InitializationException(message, e);
}
}
/**
* Tests the {@code getValidatedAuthorizationDN} method for a disabled user.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = {DirectoryException.class})
public void testGetValidatedAuthorizationDisabledUser() throws Exception {
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.addEntry(
"dn: uid=test,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-pwp-account-disabled: true");
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
proxyControl.getAuthorizationEntry();
}
/**
* Tests performing an internal search using the non-critical server-side sort control to sort the
* entries
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testNonCriticalSortWithUndefinedAttribute() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl(false, "bad_sort:caseExactOrderingMatch"));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
assertEquals(responseControls.size(), 1);
ServerSideSortResponseControl responseControl;
Control c = responseControls.get(0);
if (c instanceof ServerSideSortResponseControl) {
responseControl = (ServerSideSortResponseControl) c;
} else {
responseControl =
ServerSideSortResponseControl.DECODER.decode(
c.isCritical(), ((LDAPControl) c).getValue());
}
assertEquals(responseControl.getResultCode(), 16);
}
/** {@inheritDoc} */
@Override
public VirtualStaticGroup newInstance(ServerContext serverContext, Entry groupEntry)
throws DirectoryException {
ifNull(groupEntry);
// Get the target group DN attribute from the entry, if there is one.
DN targetDN = null;
AttributeType targetType = DirectoryServer.getAttributeType(ATTR_TARGET_GROUP_DN, true);
List<Attribute> attrList = groupEntry.getAttribute(targetType);
if (attrList != null) {
for (Attribute a : attrList) {
for (ByteString v : a) {
if (targetDN != null) {
LocalizableMessage message =
ERR_VIRTUAL_STATIC_GROUP_MULTIPLE_TARGETS.get(groupEntry.getName());
throw new DirectoryException(ResultCode.OBJECTCLASS_VIOLATION, message);
}
try {
targetDN = DN.decode(v);
} catch (DirectoryException de) {
logger.traceException(de);
LocalizableMessage message =
ERR_VIRTUAL_STATIC_GROUP_CANNOT_DECODE_TARGET.get(
v, groupEntry.getName(), de.getMessageObject());
throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message, de);
}
}
}
}
if (targetDN == null) {
LocalizableMessage message = ERR_VIRTUAL_STATIC_GROUP_NO_TARGET.get(groupEntry.getName());
throw new DirectoryException(ResultCode.OBJECTCLASS_VIOLATION, message);
}
return new VirtualStaticGroup(groupEntry.getName(), targetDN);
}
