/**
* Tests performing an internal search using the CRITICAL server-side sort control with an
* undefined attribute type.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testCriticalSortWithUndefinedAttribute() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl(true, "undefined"));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertEquals(internalSearch.getResultCode(), ResultCode.UNAVAILABLE_CRITICAL_EXTENSION);
}
/**
* Tests performing an internal search using the server-side sort control with an undefined
* ordering rule.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchUndefinedOrderingRule() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl(true, "givenName:undefinedOrderingMatch"));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertFalse(internalSearch.getResultCode() == ResultCode.SUCCESS);
}
/**
* Process all ACIs under the "cn=config" naming context and adds them to the ACI list cache. It
* also logs messages about the number of ACIs added to the cache. This method is called once at
* startup. It will put the server in lockdown mode if needed.
*
* @throws InitializationException If there is an error searching for the ACIs in the naming
* context.
*/
private void processConfigAcis() throws InitializationException {
LinkedHashSet<String> requestAttrs = new LinkedHashSet<String>(1);
requestAttrs.add("aci");
LinkedList<Message> failedACIMsgs = new LinkedList<Message>();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ConfigHandler configBackend = DirectoryServer.getConfigHandler();
for (DN baseDN : configBackend.getBaseDNs()) {
try {
if (!configBackend.entryExists(baseDN)) {
continue;
}
} catch (Exception e) {
if (debugEnabled()) {
TRACER.debugCaught(DebugLogLevel.ERROR, e);
}
// FIXME -- Is there anything that we need to do here?
continue;
}
try {
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
null,
baseDN,
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("aci=*"),
requestAttrs,
null);
LocalBackendSearchOperation localSearch = new LocalBackendSearchOperation(internalSearch);
configBackend.search(localSearch);
if (!internalSearch.getSearchEntries().isEmpty()) {
int validAcis = aciList.addAci(internalSearch.getSearchEntries(), failedACIMsgs);
if (!failedACIMsgs.isEmpty()) {
aciListenerMgr.logMsgsSetLockDownMode(failedACIMsgs);
}
Message message =
INFO_ACI_ADD_LIST_ACIS.get(Integer.toString(validAcis), String.valueOf(baseDN));
logError(message);
}
} catch (Exception e) {
Message message = INFO_ACI_HANDLER_FAIL_PROCESS_ACI.get();
throw new InitializationException(message, e);
}
}
}
/**
* Tests performing an internal search using the VLV control to retrieve a subset of the entries
* using an assertion value that is after all values in the list.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchByValueAfterAll() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl("sn"));
requestControls.add(new VLVRequestControl(0, 3, ByteString.valueOf("zz")));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
// It will be successful because the control isn't critical.
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
VLVResponseControl vlvResponse = null;
for (Control c : responseControls) {
if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) {
if (c instanceof LDAPControl) {
vlvResponse =
VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue());
} else {
vlvResponse = (VLVResponseControl) c;
}
}
}
assertNotNull(vlvResponse);
assertEquals(vlvResponse.getVLVResultCode(), LDAPResultCode.SUCCESS);
assertEquals(vlvResponse.getTargetPosition(), 10);
assertEquals(vlvResponse.getContentCount(), 9);
}
/**
* Tests performing an internal search using the non-critical server-side sort control to sort the
* entries
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testNonCriticalSortWithUndefinedAttribute() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl(false, "bad_sort:caseExactOrderingMatch"));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
assertEquals(responseControls.size(), 1);
ServerSideSortResponseControl responseControl;
Control c = responseControls.get(0);
if (c instanceof ServerSideSortResponseControl) {
responseControl = (ServerSideSortResponseControl) c;
} else {
responseControl =
ServerSideSortResponseControl.DECODER.decode(
c.isCritical(), ((LDAPControl) c).getValue());
}
assertEquals(responseControl.getResultCode(), 16);
}
/**
* Tests performing an internal search using the server-side sort control to sort the entries in
* order of ascending givenName and descending sn values.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchGivenNameAscendingSnDescending() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl("givenName,-sn"));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
ArrayList<DN> expectedDNOrder = new ArrayList<DN>();
expectedDNOrder.add(aaccfJohnsonDN); // Aaccf
expectedDNOrder.add(aaronZimmermanDN); // Aaron
expectedDNOrder.add(albertZimmermanDN); // Albert, higher sn
expectedDNOrder.add(albertSmithDN); // Albert, lower sn
expectedDNOrder.add(lowercaseMcGeeDN); // lowercase
expectedDNOrder.add(margaretJonesDN); // Maggie
expectedDNOrder.add(maryJonesDN); // Mary
expectedDNOrder.add(samZweckDN); // Sam
expectedDNOrder.add(zorroDN); // No first name
ArrayList<DN> returnedDNOrder = new ArrayList<DN>();
for (Entry e : internalSearch.getSearchEntries()) {
returnedDNOrder.add(e.getDN());
}
assertEquals(returnedDNOrder, expectedDNOrder);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
assertEquals(responseControls.size(), 1);
ServerSideSortResponseControl responseControl;
Control c = responseControls.get(0);
if (c instanceof ServerSideSortResponseControl) {
responseControl = (ServerSideSortResponseControl) c;
} else {
responseControl =
ServerSideSortResponseControl.DECODER.decode(
c.isCritical(), ((LDAPControl) c).getValue());
}
assertEquals(responseControl.getResultCode(), 0);
assertNull(responseControl.getAttributeType());
responseControl.toString();
}
/**
* Tests performing an internal search using the VLV control to retrieve a subset of the entries
* using an assertion value before any actual value in the list.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchByValueBeforeAll() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl("givenName"));
requestControls.add(new VLVRequestControl(0, 3, ByteString.valueOf("a")));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
ArrayList<DN> expectedDNOrder = new ArrayList<DN>();
expectedDNOrder.add(aaccfJohnsonDN); // Aaccf
expectedDNOrder.add(aaronZimmermanDN); // Aaron
expectedDNOrder.add(albertZimmermanDN); // Albert, lower entry ID
expectedDNOrder.add(albertSmithDN); // Albert, higher entry ID
ArrayList<DN> returnedDNOrder = new ArrayList<DN>();
for (Entry e : internalSearch.getSearchEntries()) {
returnedDNOrder.add(e.getDN());
}
assertEquals(returnedDNOrder, expectedDNOrder);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
assertEquals(responseControls.size(), 2);
ServerSideSortResponseControl sortResponse = null;
VLVResponseControl vlvResponse = null;
for (Control c : responseControls) {
if (c.getOID().equals(OID_SERVER_SIDE_SORT_RESPONSE_CONTROL)) {
if (c instanceof LDAPControl) {
sortResponse =
ServerSideSortResponseControl.DECODER.decode(
c.isCritical(), ((LDAPControl) c).getValue());
} else {
sortResponse = (ServerSideSortResponseControl) c;
}
} else if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) {
if (c instanceof LDAPControl) {
vlvResponse =
VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue());
} else {
vlvResponse = (VLVResponseControl) c;
}
} else {
fail("Response control with unexpected OID " + c.getOID());
}
}
assertNotNull(sortResponse);
assertEquals(sortResponse.getResultCode(), 0);
assertNotNull(vlvResponse);
assertEquals(vlvResponse.getVLVResultCode(), 0);
assertEquals(vlvResponse.getTargetPosition(), 1);
assertEquals(vlvResponse.getContentCount(), 9);
}
/**
* Tests performing an internal search using the VLV control with a start start position beyond
* the end of the result set.
*
* @throws Exception If an unexpected problem occurred.
*/
@Test()
public void testInternalSearchByOffsetStartPositionTooHigh() throws Exception {
populateDB();
InternalClientConnection conn = InternalClientConnection.getRootConnection();
ArrayList<Control> requestControls = new ArrayList<Control>();
requestControls.add(new ServerSideSortRequestControl("givenName"));
requestControls.add(new VLVRequestControl(3, 3, 30, 0));
InternalSearchOperation internalSearch =
new InternalSearchOperation(
conn,
InternalClientConnection.nextOperationID(),
InternalClientConnection.nextMessageID(),
requestControls,
DN.decode("dc=example,dc=com"),
SearchScope.WHOLE_SUBTREE,
DereferencePolicy.NEVER_DEREF_ALIASES,
0,
0,
false,
SearchFilter.createFilterFromString("(objectClass=person)"),
null,
null);
internalSearch.run();
assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS);
ArrayList<DN> expectedDNOrder = new ArrayList<DN>();
expectedDNOrder.add(maryJonesDN); // Mary
expectedDNOrder.add(samZweckDN); // Sam
expectedDNOrder.add(zorroDN); // No first name
ArrayList<DN> returnedDNOrder = new ArrayList<DN>();
for (Entry e : internalSearch.getSearchEntries()) {
returnedDNOrder.add(e.getDN());
}
assertEquals(returnedDNOrder, expectedDNOrder);
List<Control> responseControls = internalSearch.getResponseControls();
assertNotNull(responseControls);
VLVResponseControl vlvResponse = null;
for (Control c : responseControls) {
if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) {
if (c instanceof LDAPControl) {
vlvResponse =
VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue());
} else {
vlvResponse = (VLVResponseControl) c;
}
}
}
assertNotNull(vlvResponse);
assertEquals(vlvResponse.getVLVResultCode(), LDAPResultCode.SUCCESS);
assertEquals(vlvResponse.getTargetPosition(), 10);
assertEquals(vlvResponse.getContentCount(), 9);
}
@Test(enabled = true)
public void testValidRequest() throws Exception {
final CryptoManagerImpl cm = DirectoryServer.getCryptoManager();
final String secretMessage = "zyxwvutsrqponmlkjihgfedcba";
final String cipherTransformationName = "AES/CBC/PKCS5Padding";
final int cipherKeyLength = 128;
CryptoManagerImpl.publishInstanceKeyEntryInADS();
// Initial encryption ensures a cipher key entry is in ADS.
cm.encrypt(cipherTransformationName, cipherKeyLength, secretMessage.getBytes());
// Retrieve all uncompromised cipher key entries corresponding to the
// specified transformation and key length.
final String baseDNStr // TODO: is this DN defined elsewhere as a constant?
= "cn=secret keys," + ADSContext.getAdministrationSuffixDN();
final DN baseDN = DN.decode(baseDNStr);
final String FILTER_OC_INSTANCE_KEY =
new StringBuilder("(objectclass=")
.append(ConfigConstants.OC_CRYPTO_CIPHER_KEY)
.append(")")
.toString();
final String FILTER_NOT_COMPROMISED =
new StringBuilder("(!(")
.append(ConfigConstants.ATTR_CRYPTO_KEY_COMPROMISED_TIME)
.append("=*))")
.toString();
final String FILTER_CIPHER_TRANSFORMATION_NAME =
new StringBuilder("(")
.append(ConfigConstants.ATTR_CRYPTO_CIPHER_TRANSFORMATION_NAME)
.append("=")
.append(cipherTransformationName)
.append(")")
.toString();
final String FILTER_CIPHER_KEY_LENGTH =
new StringBuilder("(")
.append(ConfigConstants.ATTR_CRYPTO_KEY_LENGTH_BITS)
.append("=")
.append(String.valueOf(cipherKeyLength))
.append(")")
.toString();
final String searchFilter =
new StringBuilder("(&")
.append(FILTER_OC_INSTANCE_KEY)
.append(FILTER_NOT_COMPROMISED)
.append(FILTER_CIPHER_TRANSFORMATION_NAME)
.append(FILTER_CIPHER_KEY_LENGTH)
.append(")")
.toString();
final LinkedHashSet<String> requestedAttributes = new LinkedHashSet<String>();
requestedAttributes.add(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY);
final InternalClientConnection icc = InternalClientConnection.getRootConnection();
InternalSearchOperation searchOp =
icc.processSearch(
baseDN,
SearchScope.SINGLE_LEVEL,
DereferencePolicy.NEVER_DEREF_ALIASES,
/* size limit */ 0, /* time limit */
0,
/* types only */ false,
SearchFilter.createFilterFromString(searchFilter),
requestedAttributes);
assertTrue(0 < searchOp.getSearchEntries().size());
final InternalClientConnection internalConnection =
InternalClientConnection.getRootConnection();
final String instanceKeyID = cm.getInstanceKeyID();
final AttributeType attrSymmetricKey =
DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY);
for (Entry e : searchOp.getSearchEntries()) {
final String symmetricKeyAttributeValue =
e.getAttributeValue(attrSymmetricKey, DirectoryStringSyntax.DECODER);
final ByteString requestValue =
GetSymmetricKeyExtendedOperation.encodeRequestValue(
symmetricKeyAttributeValue, instanceKeyID);
final ExtendedOperation extendedOperation =
internalConnection.processExtendedOperation(
ServerConstants.OID_GET_SYMMETRIC_KEY_EXTENDED_OP, requestValue);
assertEquals(extendedOperation.getResultCode(), ResultCode.SUCCESS);
// The key should be re-wrapped, and hence have a different binary
// representation....
final String responseValue = extendedOperation.getResponseValue().toString();
assertFalse(symmetricKeyAttributeValue.equals(responseValue));
// ... but the keyIDs should be equal (ideally, the validity of
// the returned value would be checked by decoding the
// returned ds-cfg-symmetric-key attribute value; however, there
// is no non-private method to call.
assertEquals(responseValue.split(":")[0], symmetricKeyAttributeValue.split(":")[0]);
}
}
/** Tests the maximum persistent search limit imposed by the server. */
@Test
public void testMaxPSearch() throws Exception {
TestCaseUtils.initializeTestBackend(true);
// Modify the configuration to allow only 1 concurrent persistent search.
InternalClientConnection conn = getRootConnection();
LDAPAttribute attr = new LDAPAttribute("ds-cfg-max-psearches", "1");
ArrayList<RawModification> mods = new ArrayList<>();
mods.add(new LDAPModification(ModificationType.REPLACE, attr));
ModifyOperation modifyOperation = conn.processModify(ByteString.valueOf("cn=config"), mods);
assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
// Create a persistent search request.
Set<PersistentSearchChangeType> changeTypes = EnumSet.of(ADD, DELETE, MODIFY, MODIFY_DN);
SearchRequest request =
newSearchRequest(DN.valueOf("o=test"), SearchScope.BASE_OBJECT)
.setTypesOnly(true)
.addAttribute("cn")
.addControl(new PersistentSearchControl(changeTypes, true, true));
final InternalSearchOperation search = conn.processSearch(request);
Thread t =
new Thread(
new Runnable() {
@Override
public void run() {
try {
search.run();
} catch (Exception ex) {
}
}
},
"Persistent Search Test");
t.start();
t.join(2000);
// Create a persistent search request.
final String[] args = {
"-D",
"cn=Directory Manager",
"-w",
"password",
"-h",
"127.0.0.1",
"-p",
String.valueOf(TestCaseUtils.getServerLdapPort()),
"-b",
"o=test",
"-s",
"sub",
"-C",
"ps:add:true:true",
"--noPropertiesFile",
"(objectClass=*)"
};
assertEquals(LDAPSearch.mainSearch(args, false, true, null, System.err), 11);
// cancel the persisting persistent search.
search.cancel(new CancelRequest(true, LocalizableMessage.EMPTY));
}