/**
* Tests whether the Who Am I? extended operation with an internal authenticated connection
* succeeds with default setting of "ds-cfg-reject-unauthenticated-requests".
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testAuthWAIDefCfg() throws Exception {
DirectoryServer.setRejectUnauthenticatedRequests(false);
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
LDAPReader reader = new LDAPReader(s);
LDAPWriter writer = new LDAPWriter(s);
AtomicInteger nextMessageID = new AtomicInteger(1);
LDAPAuthenticationHandler authHandler =
new LDAPAuthenticationHandler(reader, writer, "localhost", nextMessageID);
authHandler.doSimpleBind(
3,
ByteString.valueOf("cn=Directory Manager"),
ByteString.valueOf("password"),
new ArrayList<Control>(),
new ArrayList<Control>());
ByteString authzID = authHandler.requestAuthorizationIdentity();
assertNotNull(authzID);
LDAPMessage unbindMessage =
new LDAPMessage(nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
writer.writeMessage(unbindMessage);
s.close();
}
/**
* Tests the {@code getRawAuthorizationDN} and {@code setRawAuthorizationDN} methods.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testGetAndSetRawAuthorizationDN() throws Exception {
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(ByteString.valueOf(""));
assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf(""));
proxyControl = new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test"));
assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf("uid=test,o=test"));
}
/**
* Tests whether an authenticated BIND request will be allowed with the default configuration
* settings for "ds-cfg-reject-unauthenticated-requests" .
*/
@Test()
public void testAuthBindDefCfg() {
DirectoryServer.setRejectUnauthenticatedRequests(false);
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
ByteString user = ByteString.valueOf("cn=Directory Manager");
ByteString password = ByteString.valueOf("password");
BindOperation bindOperation = conn.processSimpleBind(user, password);
assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
}
/**
* Verifies that the server will reject a CRAM-MD5 bind in which the first message contains SASL
* credentials (which isn't allowed).
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testOutOfSequenceBind() throws Exception {
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
BindOperation bindOperation =
conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, ByteString.valueOf("invalid"));
assertFalse(bindOperation.getResultCode() == ResultCode.SUCCESS);
}
/**
* Tests the {@code decodeControl} method when the control value is not a sequence.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = {DirectoryException.class})
public void testDecodeControlValueNotSequence() throws Exception {
LDAPControl c =
new LDAPControl(OID_PROXIED_AUTH_V1, true, ByteString.valueOf("uid=test,o=test"));
ProxiedAuthV1Control.DECODER.decode(c.isCritical(), c.getValue());
}
/**
* Tests whether authenticated and unauthenticated BIND requests will be allowed with the new
* configuration settings for "ds-cfg-reject-unauthenticated-requests" .
*/
@Test
public void testBindNewCfg() {
try {
DirectoryServer.setRejectUnauthenticatedRequests(true);
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
ByteString user = ByteString.valueOf("cn=Directory Manager");
ByteString password = ByteString.valueOf("password");
// Unauthenticated BIND request.
BindOperation bindOperation = conn.processSimpleBind(DN.nullDN(), null);
assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
// Authenticated BIND request.
bindOperation = conn.processSimpleBind(user, password);
assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
} finally {
DirectoryServer.setRejectUnauthenticatedRequests(false);
}
}
/**
* Verifies that the server will reject a CRAM-MD5 bind with credentials containing a malformed
* digest.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testMalformedDigest() throws Exception {
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
BindOperation bindOperation = conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, null);
assertEquals(bindOperation.getResultCode(), ResultCode.SASL_BIND_IN_PROGRESS);
ByteString creds = ByteString.valueOf("dn:cn=Directory Manager malformeddigest");
bindOperation = conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, creds);
assertFalse(bindOperation.getResultCode() == ResultCode.SUCCESS);
}
/**
* Tests the {@code toString} methods.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testToString() throws Exception {
// The default toString() calls the version that takes a string builder
// argument, so we only need to use the default version to cover both cases.
ProxiedAuthV1Control proxyControl =
new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test"));
proxyControl.toString();
proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
proxyControl.toString();
}
/**
* Tests the first constructor, which creates an instance of the control using a raw, unprocessed
* DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testConstructor1() throws Exception {
// Try a DN of "null", which is not valid and will fail on the attempt to
// create the control
ProxiedAuthV1Control proxyControl;
try {
proxyControl = new ProxiedAuthV1Control((ByteString) null);
throw new AssertionError(
"Expected a failure when creating a proxied "
+ "auth V1 control with a null octet string.");
} catch (Throwable t) {
}
// Try an empty DN, which is acceptable.
proxyControl = new ProxiedAuthV1Control(ByteString.valueOf(""));
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
assertTrue(proxyControl.getAuthorizationDN().isNullDN());
// Try a valid DN, which is acceptable.
proxyControl = new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test"));
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
// Try an invalid DN, which will be initally accepted but will fail when
// attempting to get the authorization DN.
proxyControl = new ProxiedAuthV1Control(ByteString.valueOf("invalid"));
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
try {
proxyControl.getAuthorizationDN();
throw new AssertionError(
"Expected a failure when creating a proxied "
+ "auth V1 control with an invalid DN string.");
} catch (Exception e) {
}
}
/**
* Tests the {@code decodeControl} method when the control value is a sequence with multiple
* elements.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testDecodeControlValueMultiElementSequence() throws Exception {
ByteStringBuilder bsb = new ByteStringBuilder();
ASN1Writer writer = ASN1.getWriter(bsb);
writer.writeStartSequence();
writer.writeOctetString("uid=element1,o=test");
writer.writeOctetString("uid=element2,o=test");
writer.writeEndSequence();
LDAPControl c = new LDAPControl(OID_PROXIED_AUTH_V1, true, bsb.toByteString());
assertEquals(
ByteString.valueOf("uid=element1,o=test"),
ProxiedAuthV1Control.DECODER.decode(c.isCritical(), c.getValue()).getRawAuthorizationDN());
}
/**
* Generates an entry for a backup based on the provided DN. The DN must have an RDN component
* that specifies the backup ID, and the parent DN must have an RDN component that specifies the
* backup directory.
*
* @param entryDN The DN of the backup entry to retrieve.
* @return The requested backup entry.
* @throws DirectoryException If the specified backup does not exist or is invalid.
*/
private Entry getBackupEntry(DN entryDN) throws DirectoryException {
// First, get the backup ID from the entry DN.
AttributeType idType = DirectoryServer.getAttributeType(ATTR_BACKUP_ID, true);
AttributeValue idValue = entryDN.getRDN().getAttributeValue(idType);
if (idValue == null) {
Message message = ERR_BACKUP_NO_BACKUP_ID_IN_DN.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
String backupID = idValue.getValue().toString();
// Next, get the backup directory from the parent DN.
DN parentDN = entryDN.getParentDNInSuffix();
if (parentDN == null) {
Message message = ERR_BACKUP_NO_BACKUP_PARENT_DN.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true);
AttributeValue v = parentDN.getRDN().getAttributeValue(t);
if (v == null) {
Message message = ERR_BACKUP_NO_BACKUP_DIR_IN_DN.get(String.valueOf(entryDN));
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
BackupDirectory backupDirectory;
try {
backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString());
} catch (ConfigException ce) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, ce);
}
Message message =
ERR_BACKUP_INVALID_BACKUP_DIRECTORY.get(String.valueOf(entryDN), ce.getMessageObject());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message = ERR_BACKUP_ERROR_GETTING_BACKUP_DIRECTORY.get(getExceptionMessage(e));
throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message);
}
BackupInfo backupInfo = backupDirectory.getBackupInfo(backupID);
if (backupInfo == null) {
Message message = ERR_BACKUP_NO_SUCH_BACKUP.get(backupID, backupDirectory.getPath());
throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message, parentDN, null);
}
// Construct the backup entry to return.
LinkedHashMap<ObjectClass, String> ocMap = new LinkedHashMap<ObjectClass, String>(3);
ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP);
ObjectClass oc = DirectoryServer.getObjectClass(OC_BACKUP_INFO, true);
ocMap.put(oc, OC_BACKUP_INFO);
oc = DirectoryServer.getObjectClass(OC_EXTENSIBLE_OBJECT_LC, true);
ocMap.put(oc, OC_EXTENSIBLE_OBJECT);
LinkedHashMap<AttributeType, List<Attribute>> opAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(0);
LinkedHashMap<AttributeType, List<Attribute>> userAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>();
ArrayList<Attribute> attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(idType, idValue));
userAttrs.put(idType, attrList);
backupInfo.getBackupDirectory();
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, v));
userAttrs.put(t, attrList);
Date backupDate = backupInfo.getBackupDate();
if (backupDate != null) {
t = DirectoryServer.getAttributeType(ATTR_BACKUP_DATE, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(
Attributes.create(
t, AttributeValues.create(t, GeneralizedTimeSyntax.format(backupDate))));
userAttrs.put(t, attrList);
}
t = DirectoryServer.getAttributeType(ATTR_BACKUP_COMPRESSED, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, BooleanSyntax.createBooleanValue(backupInfo.isCompressed())));
userAttrs.put(t, attrList);
t = DirectoryServer.getAttributeType(ATTR_BACKUP_ENCRYPTED, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, BooleanSyntax.createBooleanValue(backupInfo.isEncrypted())));
userAttrs.put(t, attrList);
t = DirectoryServer.getAttributeType(ATTR_BACKUP_INCREMENTAL, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(
Attributes.create(t, BooleanSyntax.createBooleanValue(backupInfo.isIncremental())));
userAttrs.put(t, attrList);
HashSet<String> dependencies = backupInfo.getDependencies();
if (dependencies != null && !dependencies.isEmpty()) {
t = DirectoryServer.getAttributeType(ATTR_BACKUP_DEPENDENCY, true);
AttributeBuilder builder = new AttributeBuilder(t);
for (String s : dependencies) {
builder.add(AttributeValues.create(t, s));
}
attrList = new ArrayList<Attribute>(1);
attrList.add(builder.toAttribute());
userAttrs.put(t, attrList);
}
byte[] signedHash = backupInfo.getSignedHash();
if (signedHash != null) {
t = DirectoryServer.getAttributeType(ATTR_BACKUP_SIGNED_HASH, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, AttributeValues.create(t, ByteString.wrap(signedHash))));
userAttrs.put(t, attrList);
}
byte[] unsignedHash = backupInfo.getUnsignedHash();
if (unsignedHash != null) {
t = DirectoryServer.getAttributeType(ATTR_BACKUP_UNSIGNED_HASH, true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, AttributeValues.create(t, ByteString.wrap(unsignedHash))));
userAttrs.put(t, attrList);
}
HashMap<String, String> properties = backupInfo.getBackupProperties();
if (properties != null && !properties.isEmpty()) {
for (Map.Entry<String, String> e : properties.entrySet()) {
t = DirectoryServer.getAttributeType(toLowerCase(e.getKey()), true);
attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(t, AttributeValues.create(t, e.getValue())));
userAttrs.put(t, attrList);
}
}
Entry e = new Entry(entryDN, ocMap, userAttrs, opAttrs);
e.processVirtualAttributes();
return e;
}