/**
* Tests whether the Who Am I? extended operation with an internal authenticated connection
* succeeds with default setting of "ds-cfg-reject-unauthenticated-requests".
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testAuthWAIDefCfg() throws Exception {
DirectoryServer.setRejectUnauthenticatedRequests(false);
Socket s = new Socket("127.0.0.1", TestCaseUtils.getServerLdapPort());
LDAPReader reader = new LDAPReader(s);
LDAPWriter writer = new LDAPWriter(s);
AtomicInteger nextMessageID = new AtomicInteger(1);
LDAPAuthenticationHandler authHandler =
new LDAPAuthenticationHandler(reader, writer, "localhost", nextMessageID);
authHandler.doSimpleBind(
3,
ByteString.valueOf("cn=Directory Manager"),
ByteString.valueOf("password"),
new ArrayList<Control>(),
new ArrayList<Control>());
ByteString authzID = authHandler.requestAuthorizationIdentity();
assertNotNull(authzID);
LDAPMessage unbindMessage =
new LDAPMessage(nextMessageID.getAndIncrement(), new UnbindRequestProtocolOp());
writer.writeMessage(unbindMessage);
s.close();
}
/**
* Tests the {@code getRawAuthorizationDN} and {@code setRawAuthorizationDN} methods.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testGetAndSetRawAuthorizationDN() throws Exception {
ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(ByteString.valueOf(""));
assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf(""));
proxyControl = new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test"));
assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf("uid=test,o=test"));
}
/**
* Tests whether an authenticated BIND request will be allowed with the default configuration
* settings for "ds-cfg-reject-unauthenticated-requests" .
*/
@Test()
public void testAuthBindDefCfg() {
DirectoryServer.setRejectUnauthenticatedRequests(false);
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
ByteString user = ByteString.valueOf("cn=Directory Manager");
ByteString password = ByteString.valueOf("password");
BindOperation bindOperation = conn.processSimpleBind(user, password);
assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
}
/**
* Verifies that the server will reject a CRAM-MD5 bind in which the first message contains SASL
* credentials (which isn't allowed).
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testOutOfSequenceBind() throws Exception {
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
BindOperation bindOperation =
conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, ByteString.valueOf("invalid"));
assertFalse(bindOperation.getResultCode() == ResultCode.SUCCESS);
}
/**
* Tests the {@code decodeControl} method when the control value is not a sequence.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test(expectedExceptions = {DirectoryException.class})
public void testDecodeControlValueNotSequence() throws Exception {
LDAPControl c =
new LDAPControl(OID_PROXIED_AUTH_V1, true, ByteString.valueOf("uid=test,o=test"));
ProxiedAuthV1Control.DECODER.decode(c.isCritical(), c.getValue());
}
/**
* Tests whether authenticated and unauthenticated BIND requests will be allowed with the new
* configuration settings for "ds-cfg-reject-unauthenticated-requests" .
*/
@Test
public void testBindNewCfg() {
try {
DirectoryServer.setRejectUnauthenticatedRequests(true);
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
ByteString user = ByteString.valueOf("cn=Directory Manager");
ByteString password = ByteString.valueOf("password");
// Unauthenticated BIND request.
BindOperation bindOperation = conn.processSimpleBind(DN.nullDN(), null);
assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
// Authenticated BIND request.
bindOperation = conn.processSimpleBind(user, password);
assertEquals(bindOperation.getResultCode(), ResultCode.SUCCESS);
} finally {
DirectoryServer.setRejectUnauthenticatedRequests(false);
}
}
/**
* Verifies that the server will reject a CRAM-MD5 bind with credentials containing a malformed
* digest.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testMalformedDigest() throws Exception {
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
BindOperation bindOperation = conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, null);
assertEquals(bindOperation.getResultCode(), ResultCode.SASL_BIND_IN_PROGRESS);
ByteString creds = ByteString.valueOf("dn:cn=Directory Manager malformeddigest");
bindOperation = conn.processSASLBind(DN.nullDN(), SASL_MECHANISM_CRAM_MD5, creds);
assertFalse(bindOperation.getResultCode() == ResultCode.SUCCESS);
}
/**
* Tests the {@code toString} methods.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testToString() throws Exception {
// The default toString() calls the version that takes a string builder
// argument, so we only need to use the default version to cover both cases.
ProxiedAuthV1Control proxyControl =
new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test"));
proxyControl.toString();
proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test"));
proxyControl.toString();
}
/**
* Tests the first constructor, which creates an instance of the control using a raw, unprocessed
* DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testConstructor1() throws Exception {
// Try a DN of "null", which is not valid and will fail on the attempt to
// create the control
ProxiedAuthV1Control proxyControl;
try {
proxyControl = new ProxiedAuthV1Control((ByteString) null);
throw new AssertionError(
"Expected a failure when creating a proxied "
+ "auth V1 control with a null octet string.");
} catch (Throwable t) {
}
// Try an empty DN, which is acceptable.
proxyControl = new ProxiedAuthV1Control(ByteString.valueOf(""));
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
assertTrue(proxyControl.getAuthorizationDN().isNullDN());
// Try a valid DN, which is acceptable.
proxyControl = new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test"));
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test"));
// Try an invalid DN, which will be initally accepted but will fail when
// attempting to get the authorization DN.
proxyControl = new ProxiedAuthV1Control(ByteString.valueOf("invalid"));
assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1));
assertTrue(proxyControl.isCritical());
try {
proxyControl.getAuthorizationDN();
throw new AssertionError(
"Expected a failure when creating a proxied "
+ "auth V1 control with an invalid DN string.");
} catch (Exception e) {
}
}
/**
* Tests the {@code decodeControl} method when the control value is a sequence with multiple
* elements.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testDecodeControlValueMultiElementSequence() throws Exception {
ByteStringBuilder bsb = new ByteStringBuilder();
ASN1Writer writer = ASN1.getWriter(bsb);
writer.writeStartSequence();
writer.writeOctetString("uid=element1,o=test");
writer.writeOctetString("uid=element2,o=test");
writer.writeEndSequence();
LDAPControl c = new LDAPControl(OID_PROXIED_AUTH_V1, true, bsb.toByteString());
assertEquals(
ByteString.valueOf("uid=element1,o=test"),
ProxiedAuthV1Control.DECODER.decode(c.isCritical(), c.getValue()).getRawAuthorizationDN());
}
