/**
* Tests the second constructor, which creates an instance of the control using a processed DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testConstructor2() throws Exception {
// Try a DN of "null", which is not valid and will fail on the attempt to
// create the control
ProxiedAuthV1Control proxyControl;
try {
proxyControl = new ProxiedAuthV1Control((DN) null);
throw new AssertionError(
"Expected a failure when creating a proxied "
+ "auth V1 control with a null octet string.");
} catch (Throwable t) {
}
// Try an empty DN, which is acceptable.
proxyControl = new ProxiedAuthV1Control(DN.nullDN());
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
assertTrue(proxyControl.getAuthorizationDN().isNullDN());
// Try a valid DN, which is acceptable.
proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
}
/**
* Tests the {@code getAuthorizationDN} and {@code setRawAuthorizationDN} methods.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testGetAndSetAuthorizationDN() throws Exception {
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.nullDN());
assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf(""));
assertEquals(proxyControl.getAuthorizationDN(), DN.nullDN());
proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf("uid=test,o=test"));
assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
}
// We initialize these for each new AciHandler so that we can clear
// out the stale references that can occur during an in-core restart.
private static void initStatics() {
if ((aciType = DirectoryServer.getAttributeType("aci")) == null) {
aciType = DirectoryServer.getDefaultAttributeType("aci");
}
if ((globalAciType = DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null) {
globalAciType = DirectoryServer.getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
}
if ((debugSearchIndex =
DirectoryServer.getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX))
== null) {
debugSearchIndex =
DirectoryServer.getDefaultAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
}
if ((refAttrType = DirectoryServer.getAttributeType(ATTR_REFERRAL_URL)) == null) {
refAttrType = DirectoryServer.getDefaultAttributeType(ATTR_REFERRAL_URL);
}
try {
debugSearchIndexDN = DN.decode("cn=debugsearch");
} catch (DirectoryException ex) {
// Should never happen.
}
}
/**
* Attempt to read a single entry.
*
* @throws Exception If the test failed unexpectedly.
*/
@Test(dependsOnMethods = {"testReadEntryEmptyStream"})
public void testReadEntrySingle() throws Exception {
final String ldifString =
"dn: cn=john, dc=foo, dc=com\n"
+ "objectClass: top\n"
+ "objectClass: person\n"
+ "cn: john\n"
+ "sn: smith\n";
LDIFReader reader = createLDIFReader(ldifString);
try {
Entry entry = reader.readEntry();
Assert.assertNotNull(entry);
Assert.assertEquals(entry.getDN(), DN.decode("cn=john, dc=foo, dc=com"));
Assert.assertTrue(entry.hasObjectClass(OC_TOP));
Assert.assertTrue(entry.hasObjectClass(OC_PERSON));
Assert.assertTrue(entry.hasValue(AT_CN, null, AttributeValues.create(AT_CN, "john")));
Assert.assertTrue(entry.hasValue(AT_SN, null, AttributeValues.create(AT_SN, "smith")));
Assert.assertNull(reader.readEntry());
Assert.assertEquals(reader.getEntriesIgnored(), 0);
Assert.assertEquals(reader.getEntriesRead(), 1);
Assert.assertEquals(reader.getEntriesRejected(), 0);
Assert.assertEquals(reader.getLastEntryLineNumber(), 1);
} finally {
reader.close();
}
}
/**
* Tests the {@code getValidatedAuthorizationDN} method for a user that doesn't exist in the
* directory data.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = {DirectoryException.class})
public void testGetValidatedAuthorizationNonExistingNormalUser() throws Exception {
TestCaseUtils.initializeTestBackend(true);
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
proxyControl.getAuthorizationEntry();
}
/**
* Tests the {@code getValidatedAuthorizationDN} method for a normal user that exists in the
* directory data and doesn't have any restrictions on its use.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testGetValidatedAuthorizationExistingNormalUser() throws Exception {
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.addEntry(
"dn: uid=test,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test",
"givenName: Test",
"sn: User",
"cn: Test User");
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
assertEquals(proxyControl.getAuthorizationEntry().getDN(), DN.decode("uid=test,o=test"));
}
/**
* Tests the {@code appliesToEntry} method.
*
* @param rule The rule for which to perform the test.
* @param appliesToEntry Indicates whether the provided rule applies to a minimal "o=test" entry.
* @throws Exception If an unexpected problem occurs.
*/
@Test(dataProvider = "testRules")
public void testAppliesToEntry(VirtualAttributeRule rule, boolean appliesToEntry)
throws Exception {
TestCaseUtils.initializeTestBackend(true);
addGroups();
assertEquals(
rule.appliesToEntry(DirectoryConfig.getEntry(DN.decode("o=test"))), appliesToEntry);
removeGroups();
}
/**
* Tests the {@code toString} methods.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testToString() throws Exception {
// The default toString() calls the version that takes a string builder
// argument, so we only need to use the default version to cover both cases.
ProxiedAuthV1Control proxyControl =
new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test"));
proxyControl.toString();
proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
proxyControl.toString();
}
/**
* Tests the {@code decodeControl} method when the control value is a valid octet string that
* contains an valid non-empty DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testDecodeControlValueNonEmptyDN() throws Exception {
ByteStringBuilder bsb = new ByteStringBuilder();
ASN1Writer writer = ASN1.getWriter(bsb);
writer.writeStartSequence();
writer.writeOctetString("uid=test,o=test");
writer.writeEndSequence();
LDAPControl c = new LDAPControl(OID_PROXIED_AUTH_V1, true, bsb.toByteString());
ProxiedAuthV1Control proxyControl =
ProxiedAuthV1Control.DECODER.decode(c.isCritical(), c.getValue());
assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
}
/**
* Tests performing an internal search using the VLV control to retrieve a subset of the entries
* using an assertion value that is after all values in the list.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchByValueAfterAll() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl("sn"));
requestControls.add(new VLVRequestControl(0, 3, ByteString.valueOf("zz")));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
// It will be successful because the control isn't critical.
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
VLVResponseControl vlvResponse = null;
for (Control c : responseControls) {
if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) {
if (c instanceof LDAPControl) {
vlvResponse =
VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue());
} else {
vlvResponse = (VLVResponseControl) c;
}
}
}
assertNotNull(vlvResponse);
assertEquals(vlvResponse.getVLVResultCode(), LDAPResultCode.SUCCESS);
assertEquals(vlvResponse.getTargetPosition(), 10);
assertEquals(vlvResponse.getContentCount(), 9);
}
/**
* Make sure that the server is running.
*
* @throws Exception If an unexpected problem occurs.
*/
@BeforeClass()
public void startServer() throws Exception {
TestCaseUtils.startServer();
givenNameType = DirectoryServer.getAttributeType("givenname", false);
assertNotNull(givenNameType);
snType = DirectoryServer.getAttributeType("sn", false);
assertNotNull(snType);
aaccfJohnsonDN = DN.decode("uid=aaccf.johnson,dc=example,dc=com");
aaronZimmermanDN = DN.decode("uid=aaron.zimmerman,dc=example,dc=com");
albertSmithDN = DN.decode("uid=albert.smith,dc=example,dc=com");
albertZimmermanDN = DN.decode("uid=albert.zimmerman,dc=example,dc=com");
lowercaseMcGeeDN = DN.decode("uid=lowercase.mcgee,dc=example,dc=com");
margaretJonesDN = DN.decode("uid=margaret.jones,dc=example,dc=com");
maryJonesDN = DN.decode("uid=mary.jones,dc=example,dc=com");
samZweckDN = DN.decode("uid=sam.zweck,dc=example,dc=com");
zorroDN = DN.decode("uid=zorro,dc=example,dc=com");
}
/**
* Tests the {@code getValidatedAuthorizationDN} method for a disabled user.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = {DirectoryException.class})
public void testGetValidatedAuthorizationDisabledUser() throws Exception {
TestCaseUtils.initializeTestBackend(true);
TestCaseUtils.addEntry(
"dn: uid=test,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-pwp-account-disabled: true");
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
proxyControl.getAuthorizationEntry();
}
/**
* Attempt to read a change containing a file-based attribute.
*
* @throws Exception If the test failed unexpectedly.
*/
@Test(dependsOnMethods = {"testReadChangeMultiple"})
public void testReadChangeWithFileBaseAttribute() throws Exception {
StringBuilder buffer = new StringBuilder(TEMP_FILE_LDIF);
buffer.append(TEMP_FILE.getCanonicalPath());
buffer.append("\n");
LDIFReader reader = createLDIFReader(buffer.toString());
try {
ChangeRecordEntry change = reader.readChangeRecord(false);
Assert.assertTrue(change instanceof AddChangeRecordEntry);
AddChangeRecordEntry add = (AddChangeRecordEntry) change;
DN dn = DN.decode("cn=john smith, dc=com");
Assert.assertEquals(add.getDN(), dn);
Attribute attr = Attributes.create("description", TEMP_FILE_STRING);
Assert.assertTrue(add.getAttributes().contains(attr));
// Check final state.
Assert.assertNull(reader.readChangeRecord(false));
} finally {
reader.close();
}
}
@Test(enabled = true)
public void testValidRequest() throws Exception {
final CryptoManagerImpl cm = DirectoryServer.getCryptoManager();
final String secretMessage = "zyxwvutsrqponmlkjihgfedcba";
final String cipherTransformationName = "AES/CBC/PKCS5Padding";
final int cipherKeyLength = 128;
CryptoManagerImpl.publishInstanceKeyEntryInADS();
// Initial encryption ensures a cipher key entry is in ADS.
cm.encrypt(cipherTransformationName, cipherKeyLength, secretMessage.getBytes());
// Retrieve all uncompromised cipher key entries corresponding to the
// specified transformation and key length.
final String baseDNStr // TODO: is this DN defined elsewhere as a constant?
= "cn=secret keys," + ADSContext.getAdministrationSuffixDN();
final DN baseDN = DN.decode(baseDNStr);
final String FILTER_OC_INSTANCE_KEY =
new StringBuilder("(objectclass=")
.append(ConfigConstants.OC_CRYPTO_CIPHER_KEY)
.append(")")
.toString();
final String FILTER_NOT_COMPROMISED =
new StringBuilder("(!(")
.append(ConfigConstants.ATTR_CRYPTO_KEY_COMPROMISED_TIME)
.append("=*))")
.toString();
final String FILTER_CIPHER_TRANSFORMATION_NAME =
new StringBuilder("(")
.append(ConfigConstants.ATTR_CRYPTO_CIPHER_TRANSFORMATION_NAME)
.append("=")
.append(cipherTransformationName)
.append(")")
.toString();
final String FILTER_CIPHER_KEY_LENGTH =
new StringBuilder("(")
.append(ConfigConstants.ATTR_CRYPTO_KEY_LENGTH_BITS)
.append("=")
.append(String.valueOf(cipherKeyLength))
.append(")")
.toString();
final String searchFilter =
new StringBuilder("(&")
.append(FILTER_OC_INSTANCE_KEY)
.append(FILTER_NOT_COMPROMISED)
.append(FILTER_CIPHER_TRANSFORMATION_NAME)
.append(FILTER_CIPHER_KEY_LENGTH)
.append(")")
.toString();
final LinkedHashSet<String> requestedAttributes = new LinkedHashSet<String>();
requestedAttributes.add(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY);
final InternalClientConnection icc = InternalClientConnection.getRootConnection();
InternalSearchOperation searchOp =
icc.processSearch(
baseDN,
SearchScope.SINGLE_LEVEL,
DereferencePolicy.NEVER_DEREF_ALIASES,
/* size limit */ 0, /* time limit */
0,
/* types only */ false,
SearchFilter.createFilterFromString(searchFilter),
requestedAttributes);
assertTrue(0 < searchOp.getSearchEntries().size());
final InternalClientConnection internalConnection =
InternalClientConnection.getRootConnection();
final String instanceKeyID = cm.getInstanceKeyID();
final AttributeType attrSymmetricKey =
DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY);
for (Entry e : searchOp.getSearchEntries()) {
final String symmetricKeyAttributeValue =
e.getAttributeValue(attrSymmetricKey, DirectoryStringSyntax.DECODER);
final ByteString requestValue =
GetSymmetricKeyExtendedOperation.encodeRequestValue(
symmetricKeyAttributeValue, instanceKeyID);
final ExtendedOperation extendedOperation =
internalConnection.processExtendedOperation(
ServerConstants.OID_GET_SYMMETRIC_KEY_EXTENDED_OP, requestValue);
assertEquals(extendedOperation.getResultCode(), ResultCode.SUCCESS);
// The key should be re-wrapped, and hence have a different binary
// representation....
final String responseValue = extendedOperation.getResponseValue().toString();
assertFalse(symmetricKeyAttributeValue.equals(responseValue));
// ... but the keyIDs should be equal (ideally, the validity of
// the returned value would be checked by decoding the
// returned ds-cfg-symmetric-key attribute value; however, there
// is no non-private method to call.
assertEquals(responseValue.split(":")[0], symmetricKeyAttributeValue.split(":")[0]);
}
}
/**
* Tests performing an internal search using the VLV control to retrieve a subset of the entries
* using an assertion value before any actual value in the list.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchByValueBeforeAll() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl("givenName"));
requestControls.add(new VLVRequestControl(0, 3, ByteString.valueOf("a")));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
ArrayList<DN> expectedDNOrder = new ArrayList<DN>();
expectedDNOrder.add(aaccfJohnsonDN); // Aaccf
expectedDNOrder.add(aaronZimmermanDN); // Aaron
expectedDNOrder.add(albertZimmermanDN); // Albert, lower entry ID
expectedDNOrder.add(albertSmithDN); // Albert, higher entry ID
ArrayList<DN> returnedDNOrder = new ArrayList<DN>();
for (Entry e : internalSearch.getSearchEntries()) {
returnedDNOrder.add(e.getDN());
}
assertEquals(returnedDNOrder, expectedDNOrder);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
assertEquals(responseControls.size(), 2);
ServerSideSortResponseControl sortResponse = null;
VLVResponseControl vlvResponse = null;
for (Control c : responseControls) {
if (c.getOID().equals(OID_SERVER_SIDE_SORT_RESPONSE_CONTROL)) {
if (c instanceof LDAPControl) {
sortResponse =
ServerSideSortResponseControl.DECODER.decode(
c.isCritical(), ((LDAPControl) c).getValue());
} else {
sortResponse = (ServerSideSortResponseControl) c;
}
} else if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) {
if (c instanceof LDAPControl) {
vlvResponse =
VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue());
} else {
vlvResponse = (VLVResponseControl) c;
}
} else {
fail("Response control with unexpected OID " + c.getOID());
}
}
assertNotNull(sortResponse);
assertEquals(sortResponse.getResultCode(), 0);
assertNotNull(vlvResponse);
assertEquals(vlvResponse.getVLVResultCode(), 0);
assertEquals(vlvResponse.getTargetPosition(), 1);
assertEquals(vlvResponse.getContentCount(), 9);
}
/**
* Tests performing an internal search using the VLV control with a start start position beyond
* the end of the result set.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchByOffsetStartPositionTooHigh() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl("givenName"));
requestControls.add(new VLVRequestControl(3, 3, 30, 0));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
ArrayList<DN> expectedDNOrder = new ArrayList<DN>();
expectedDNOrder.add(maryJonesDN); // Mary
expectedDNOrder.add(samZweckDN); // Sam
expectedDNOrder.add(zorroDN); // No first name
ArrayList<DN> returnedDNOrder = new ArrayList<DN>();
for (Entry e : internalSearch.getSearchEntries()) {
returnedDNOrder.add(e.getDN());
}
assertEquals(returnedDNOrder, expectedDNOrder);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
VLVResponseControl vlvResponse = null;
for (Control c : responseControls) {
if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) {
if (c instanceof LDAPControl) {
vlvResponse =
VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue());
} else {
vlvResponse = (VLVResponseControl) c;
}
}
}
assertNotNull(vlvResponse);
assertEquals(vlvResponse.getVLVResultCode(), LDAPResultCode.SUCCESS);
assertEquals(vlvResponse.getTargetPosition(), 10);
assertEquals(vlvResponse.getContentCount(), 9);
}
/**
* Check access using the specified container. This container will have all of the information to
* gather applicable ACIs and perform evaluation on them.
*
* @param container An ACI operation container which has all of the information needed to check
* access.
* @return True if access is allowed.
*/
boolean accessAllowed(AciContainer container) {
DN dn = container.getResourceEntry().getDN();
// For ACI_WRITE_ADD and ACI_WRITE_DELETE set the ACI_WRITE
// right.
if (container.hasRights(ACI_WRITE_ADD) || container.hasRights(ACI_WRITE_DELETE)) {
container.setRights(container.getRights() | ACI_WRITE);
}
// Check if the ACI_SELF right needs to be set (selfwrite right).
// Only done if the right is ACI_WRITE, an attribute value is set
// and that attribute value is a DN.
if ((container.getCurrentAttributeValue() != null)
&& (container.hasRights(ACI_WRITE))
&& (isAttributeDN(container.getCurrentAttributeType()))) {
String DNString = null;
try {
DNString = container.getCurrentAttributeValue().getValue().toString();
DN tmpDN = DN.decode(DNString);
// Have a valid DN, compare to clientDN to see if the ACI_SELF
// right should be set.
if (tmpDN.equals(container.getClientDN())) {
container.setRights(container.getRights() | ACI_SELF);
}
} catch (DirectoryException ex) {
// Log a message and keep going.
Message message = WARN_ACI_NOT_VALID_DN.get(DNString);
logError(message);
}
}
// Check proxy authorization only if the entry has not already been
// processed (working on a new entry). If working on a new entry,
// then only do a proxy check if the right is not set to ACI_PROXY
// and the proxied authorization control has been decoded.
if (!container.hasSeenEntry()) {
if (container.isProxiedAuthorization()
&& !container.hasRights(ACI_PROXY)
&& !container.hasRights(ACI_SKIP_PROXY_CHECK)) {
int currentRights = container.getRights();
// Save the current rights so they can be put back if on
// success.
container.setRights(ACI_PROXY);
// Switch to the original authorization entry, not the proxied
// one.
container.useOrigAuthorizationEntry(true);
if (!accessAllowed(container)) {
return false;
}
// Access is ok, put the original rights back.
container.setRights(currentRights);
// Put the proxied authorization entry back to the current
// authorization entry.
container.useOrigAuthorizationEntry(false);
}
// Set the seen flag so proxy processing is not performed for this
// entry again.
container.setSeenEntry(true);
}
/*
* First get all allowed candidate ACIs.
*/
LinkedList<Aci> candidates = aciList.getCandidateAcis(dn);
/*
* Create an applicable list of ACIs by target matching each
* candidate ACI against the container's target match view.
*/
createApplicableList(candidates, container);
/*
* Evaluate the applicable list.
*/
boolean ret = testApplicableLists(container);
// Build summary string if doing geteffectiverights eval.
if (container.isGetEffectiveRightsEval()) {
AciEffectiveRights.createSummary(container, ret, "main");
}
return ret;
}
/**
* Retrieves a set of virtual attribute rules that may be used for testing purposes. The return
* data will also include a Boolean value indicating whether the rule would apply to a minimal
* "o=test" entry.
*
* @return A set of virtual attribute rules that may be used for testing purposes.
* @throws Exception If an unexpected problem occurs.
*/
@DataProvider(name = "testRules")
public Object[][] getVirtualAttributeRules() throws Exception {
EntryDNVirtualAttributeProvider provider = new EntryDNVirtualAttributeProvider();
LinkedHashSet<DN> dnSet1 = new LinkedHashSet<DN>(1);
dnSet1.add(DN.decode("o=test"));
LinkedHashSet<DN> dnSet2 = new LinkedHashSet<DN>(1);
dnSet2.add(DN.decode("dc=example,dc=com"));
LinkedHashSet<DN> dnSet3 = new LinkedHashSet<DN>(2);
dnSet3.add(DN.decode("o=test"));
dnSet3.add(DN.decode("dc=example,dc=com"));
LinkedHashSet<DN> groupSet1 = new LinkedHashSet<DN>(1);
groupSet1.add(DN.decode("cn=Test Group,o=test"));
LinkedHashSet<DN> groupSet2 = new LinkedHashSet<DN>(1);
groupSet2.add(DN.decode("cn=Example Group,o=test"));
LinkedHashSet<DN> groupSet3 = new LinkedHashSet<DN>(2);
groupSet3.add(DN.decode("cn=Test Group,o=test"));
groupSet3.add(DN.decode("cn=Example Group,o=test"));
LinkedHashSet<SearchFilter> filterSet1 = new LinkedHashSet<SearchFilter>(1);
filterSet1.add(SearchFilter.createFilterFromString("(objectClass=*)"));
LinkedHashSet<SearchFilter> filterSet2 = new LinkedHashSet<SearchFilter>(1);
filterSet2.add(SearchFilter.createFilterFromString("(o=test)"));
LinkedHashSet<SearchFilter> filterSet3 = new LinkedHashSet<SearchFilter>(1);
filterSet3.add(SearchFilter.createFilterFromString("(foo=bar)"));
LinkedHashSet<SearchFilter> filterSet4 = new LinkedHashSet<SearchFilter>(2);
filterSet4.add(SearchFilter.createFilterFromString("(o=test)"));
filterSet4.add(SearchFilter.createFilterFromString("(foo=bar)"));
return new Object[][] {
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
dnSet1,
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
dnSet2,
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
false
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
dnSet3,
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
groupSet1,
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
groupSet2,
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
false
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
groupSet3,
Collections.<SearchFilter>emptySet(),
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
filterSet1,
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
filterSet2,
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
filterSet3,
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
false
},
new Object[] {
new VirtualAttributeRule(
entryDNType,
provider,
Collections.<DN>emptySet(),
SearchScope.WHOLE_SUBTREE,
Collections.<DN>emptySet(),
filterSet4,
ConflictBehavior.VIRTUAL_OVERRIDES_REAL),
true
},
};
}
/**
* Removes the test group from the server.
*
* @throws Exception If an unexpected problem occurs.
*/
private void removeGroups() throws Exception {
InternalClientConnection conn = InternalClientConnection.getRootConnection();
conn.processDelete(DN.decode("cn=Test Group,o=Test"));
conn.processDelete(DN.decode("cn=Example Group,o=Test"));
}
/**
* Attempt to read multiple changes.
*
* @throws Exception If the test failed unexpectedly.
*/
@Test(dependsOnMethods = {"testChangeRecordEmptyStream"})
public void testReadChangeMultiple() throws Exception {
LDIFReader reader = createLDIFReader(VALID_LDIF);
try {
ChangeRecordEntry change;
AddChangeRecordEntry add;
DeleteChangeRecordEntry delete;
ModifyChangeRecordEntry modify;
ModifyDNChangeRecordEntry modifyDN;
DN dn;
RDN rdn;
Iterator<RawModification> i;
Modification mod;
Attribute attr;
// Change record #1.
change = reader.readChangeRecord(false);
Assert.assertTrue(change instanceof AddChangeRecordEntry);
add = (AddChangeRecordEntry) change;
dn = DN.decode("cn=Fiona Jensen, ou=Marketing, dc=airius, dc=com");
Assert.assertEquals(add.getDN(), dn);
List<Attribute> attrs = new ArrayList<Attribute>();
AttributeBuilder builder = new AttributeBuilder(AT_OC, "objectclass");
builder.add(AttributeValues.create(AT_OC, "top"));
builder.add(AttributeValues.create(AT_OC, "person"));
builder.add(AttributeValues.create(AT_OC, "organizationalPerson"));
attrs.add(builder.toAttribute());
attrs.add(Attributes.create("cn", "Fiona Jensen"));
attrs.add(Attributes.create("sn", "Jensen"));
attrs.add(Attributes.create("uid", "fiona"));
attrs.add(Attributes.create("telephonenumber", "+1 408 555 1212"));
Assert.assertTrue(add.getAttributes().containsAll(attrs));
// Change record #2.
change = reader.readChangeRecord(false);
Assert.assertTrue(change instanceof DeleteChangeRecordEntry);
delete = (DeleteChangeRecordEntry) change;
dn = DN.decode("cn=Robert Jensen, ou=Marketing, dc=airius, dc=com");
Assert.assertEquals(delete.getDN(), dn);
// Change record #3.
change = reader.readChangeRecord(false);
Assert.assertTrue(change instanceof ModifyDNChangeRecordEntry);
modifyDN = (ModifyDNChangeRecordEntry) change;
dn = DN.decode("cn=Paul Jensen, ou=Product Development, dc=airius, dc=com");
Assert.assertEquals(modifyDN.getDN(), dn);
rdn = RDN.decode("cn=paula jensen");
Assert.assertEquals(modifyDN.getNewRDN(), rdn);
Assert.assertNull(modifyDN.getNewSuperiorDN());
Assert.assertTrue(modifyDN.deleteOldRDN());
// Change record #4.
change = reader.readChangeRecord(false);
Assert.assertTrue(change instanceof ModifyDNChangeRecordEntry);
modifyDN = (ModifyDNChangeRecordEntry) change;
dn = DN.decode("ou=PD Accountants, ou=Product Development, dc=airius, dc=com");
Assert.assertEquals(modifyDN.getDN(), dn);
rdn = RDN.decode("ou=Product Development Accountants");
Assert.assertEquals(modifyDN.getNewRDN(), rdn);
dn = DN.decode("ou=Accounting, dc=airius, dc=com");
Assert.assertEquals(modifyDN.getNewSuperiorDN(), dn);
Assert.assertFalse(modifyDN.deleteOldRDN());
// Change record #5.
change = reader.readChangeRecord(false);
Assert.assertTrue(change instanceof ModifyChangeRecordEntry);
modify = (ModifyChangeRecordEntry) change;
dn = DN.decode("cn=Paula Jensen, ou=Product Development, dc=airius, dc=com");
Assert.assertEquals(modify.getDN(), dn);
i = modify.getModifications().iterator();
Assert.assertTrue(i.hasNext());
mod = i.next().toModification();
Assert.assertEquals(mod.getModificationType(), ModificationType.ADD);
attr = Attributes.create("postaladdress", "123 Anystreet $ Sunnyvale, CA $ 94086");
Assert.assertEquals(mod.getAttribute(), attr);
Assert.assertTrue(i.hasNext());
mod = i.next().toModification();
Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE);
attr = Attributes.empty(AT_DESCR);
Assert.assertEquals(mod.getAttribute(), attr);
Assert.assertTrue(i.hasNext());
mod = i.next().toModification();
Assert.assertEquals(mod.getModificationType(), ModificationType.REPLACE);
builder = new AttributeBuilder(AT_TELN, "telephonenumber");
builder.add(AttributeValues.create(AT_TELN, "+1 408 555 1234"));
builder.add(AttributeValues.create(AT_TELN, "+1 408 555 5678"));
Assert.assertEquals(mod.getAttribute(), builder.toAttribute());
Assert.assertTrue(i.hasNext());
mod = i.next().toModification();
Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE);
attr = Attributes.create("facsimiletelephonenumber", "+1 408 555 9876");
Assert.assertEquals(mod.getAttribute(), attr);
Assert.assertFalse(i.hasNext());
// Change record #6.
change = reader.readChangeRecord(false);
Assert.assertTrue(change instanceof ModifyChangeRecordEntry);
modify = (ModifyChangeRecordEntry) change;
dn = DN.decode("cn=Ingrid Jensen, ou=Product Support, dc=airius, dc=com");
Assert.assertEquals(modify.getDN(), dn);
i = modify.getModifications().iterator();
Assert.assertTrue(i.hasNext());
mod = i.next().toModification();
Assert.assertEquals(mod.getModificationType(), ModificationType.REPLACE);
attr = Attributes.empty(DirectoryServer.getAttributeType("postaladdress"));
Assert.assertEquals(mod.getAttribute(), attr);
// Change record #7.
change = reader.readChangeRecord(false);
Assert.assertTrue(change instanceof ModifyChangeRecordEntry);
modify = (ModifyChangeRecordEntry) change;
Assert.assertTrue(modify.getDN().isNullDN());
i = modify.getModifications().iterator();
Assert.assertTrue(i.hasNext());
mod = i.next().toModification();
Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE);
attr = Attributes.empty(AT_DESCR);
Assert.assertEquals(mod.getAttribute(), attr);
// Change record #8.
change = reader.readChangeRecord(false);
Assert.assertTrue(change instanceof ModifyChangeRecordEntry);
modify = (ModifyChangeRecordEntry) change;
dn = DN.decode("uid=rogasawara, ou=\u55b6\u696d\u90e8, o=airius");
Assert.assertEquals(modify.getDN(), dn);
i = modify.getModifications().iterator();
Assert.assertTrue(i.hasNext());
mod = i.next().toModification();
Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE);
attr = Attributes.empty(AT_DESCR);
Assert.assertEquals(mod.getAttribute(), attr);
Assert.assertFalse(i.hasNext());
// Check final state.
Assert.assertNull(reader.readChangeRecord(false));
Assert.assertEquals(reader.getEntriesIgnored(), 0);
Assert.assertEquals(reader.getEntriesRead(), 0);
Assert.assertEquals(reader.getEntriesRejected(), 0);
Assert.assertEquals(reader.getLastEntryLineNumber(), 72);
} finally {
reader.close();
}
}
/** {@inheritDoc} */
@Override
public void initializeBackend() throws ConfigException, InitializationException {
// Create the set of base DNs that we will handle. In this case, it's just
// the DN of the base backup entry.
try {
backupBaseDN = DN.decode(DN_BACKUP_ROOT);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message =
ERR_BACKEND_CANNOT_DECODE_BACKEND_ROOT_DN.get(getExceptionMessage(e), getBackendID());
throw new InitializationException(message, e);
}
// FIXME -- Deal with this more correctly.
this.baseDNs = new DN[] {backupBaseDN};
// Determine the set of backup directories that we will use by default.
Set<String> values = currentConfig.getBackupDirectory();
backupDirectories = new LinkedHashSet<File>(values.size());
for (String s : values) {
backupDirectories.add(getFileForPath(s));
}
// Construct the backup base entry.
LinkedHashMap<ObjectClass, String> objectClasses = new LinkedHashMap<ObjectClass, String>(2);
objectClasses.put(DirectoryServer.getTopObjectClass(), OC_TOP);
ObjectClass untypedOC = DirectoryServer.getObjectClass(OC_UNTYPED_OBJECT_LC, true);
objectClasses.put(untypedOC, OC_UNTYPED_OBJECT);
LinkedHashMap<AttributeType, List<Attribute>> opAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(0);
LinkedHashMap<AttributeType, List<Attribute>> userAttrs =
new LinkedHashMap<AttributeType, List<Attribute>>(1);
RDN rdn = backupBaseDN.getRDN();
int numAVAs = rdn.getNumValues();
for (int i = 0; i < numAVAs; i++) {
AttributeType attrType = rdn.getAttributeType(i);
ArrayList<Attribute> attrList = new ArrayList<Attribute>(1);
attrList.add(Attributes.create(attrType, rdn.getAttributeValue(i)));
userAttrs.put(attrType, attrList);
}
backupBaseEntry = new Entry(backupBaseDN, objectClasses, userAttrs, opAttrs);
currentConfig.addBackupChangeListener(this);
// Register the backup base as a private suffix.
try {
DirectoryServer.registerBaseDN(backupBaseDN, this, true);
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
Message message =
ERR_BACKEND_CANNOT_REGISTER_BASEDN.get(backupBaseDN.toString(), getExceptionMessage(e));
throw new InitializationException(message, e);
}
}
