/** * Tests the second constructor, which creates an instance of the control using a processed DN. * * @throws Exception If an unexpected problem occurs. */ @Test() public void testConstructor2() throws Exception { // Try a DN of "null", which is not valid and will fail on the attempt to // create the control ProxiedAuthV1Control proxyControl; try { proxyControl = new ProxiedAuthV1Control((DN) null); throw new AssertionError( "Expected a failure when creating a proxied " + "auth V1 control with a null octet string."); } catch (Throwable t) { } // Try an empty DN, which is acceptable. proxyControl = new ProxiedAuthV1Control(DN.nullDN()); assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1)); assertTrue(proxyControl.isCritical()); assertTrue(proxyControl.getAuthorizationDN().isNullDN()); // Try a valid DN, which is acceptable. proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test")); assertTrue(proxyControl.getOID().equals(OID_PROXIED_AUTH_V1)); assertTrue(proxyControl.isCritical()); assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test")); }
/** * Tests the {@code getAuthorizationDN} and {@code setRawAuthorizationDN} methods. * * @throws Exception If an unexpected problem occurs. */ @Test() public void testGetAndSetAuthorizationDN() throws Exception { ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.nullDN()); assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf("")); assertEquals(proxyControl.getAuthorizationDN(), DN.nullDN()); proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test")); assertEquals(proxyControl.getRawAuthorizationDN(), ByteString.valueOf("uid=test,o=test")); assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test")); }
// We initialize these for each new AciHandler so that we can clear // out the stale references that can occur during an in-core restart. private static void initStatics() { if ((aciType = DirectoryServer.getAttributeType("aci")) == null) { aciType = DirectoryServer.getDefaultAttributeType("aci"); } if ((globalAciType = DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null) { globalAciType = DirectoryServer.getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI); } if ((debugSearchIndex = DirectoryServer.getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX)) == null) { debugSearchIndex = DirectoryServer.getDefaultAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX); } if ((refAttrType = DirectoryServer.getAttributeType(ATTR_REFERRAL_URL)) == null) { refAttrType = DirectoryServer.getDefaultAttributeType(ATTR_REFERRAL_URL); } try { debugSearchIndexDN = DN.decode("cn=debugsearch"); } catch (DirectoryException ex) { // Should never happen. } }
/** * Attempt to read a single entry. * * @throws Exception If the test failed unexpectedly. */ @Test(dependsOnMethods = {"testReadEntryEmptyStream"}) public void testReadEntrySingle() throws Exception { final String ldifString = "dn: cn=john, dc=foo, dc=com\n" + "objectClass: top\n" + "objectClass: person\n" + "cn: john\n" + "sn: smith\n"; LDIFReader reader = createLDIFReader(ldifString); try { Entry entry = reader.readEntry(); Assert.assertNotNull(entry); Assert.assertEquals(entry.getDN(), DN.decode("cn=john, dc=foo, dc=com")); Assert.assertTrue(entry.hasObjectClass(OC_TOP)); Assert.assertTrue(entry.hasObjectClass(OC_PERSON)); Assert.assertTrue(entry.hasValue(AT_CN, null, AttributeValues.create(AT_CN, "john"))); Assert.assertTrue(entry.hasValue(AT_SN, null, AttributeValues.create(AT_SN, "smith"))); Assert.assertNull(reader.readEntry()); Assert.assertEquals(reader.getEntriesIgnored(), 0); Assert.assertEquals(reader.getEntriesRead(), 1); Assert.assertEquals(reader.getEntriesRejected(), 0); Assert.assertEquals(reader.getLastEntryLineNumber(), 1); } finally { reader.close(); } }
/** * Tests the {@code getValidatedAuthorizationDN} method for a user that doesn't exist in the * directory data. * * @throws Exception If an unexpected problem occurs. */ @Test(expectedExceptions = {DirectoryException.class}) public void testGetValidatedAuthorizationNonExistingNormalUser() throws Exception { TestCaseUtils.initializeTestBackend(true); ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test")); proxyControl.getAuthorizationEntry(); }
/** * Tests the {@code getValidatedAuthorizationDN} method for a normal user that exists in the * directory data and doesn't have any restrictions on its use. * * @throws Exception If an unexpected problem occurs. */ @Test() public void testGetValidatedAuthorizationExistingNormalUser() throws Exception { TestCaseUtils.initializeTestBackend(true); TestCaseUtils.addEntry( "dn: uid=test,o=test", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test", "givenName: Test", "sn: User", "cn: Test User"); ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test")); assertEquals(proxyControl.getAuthorizationEntry().getDN(), DN.decode("uid=test,o=test")); }
/** * Tests the {@code appliesToEntry} method. * * @param rule The rule for which to perform the test. * @param appliesToEntry Indicates whether the provided rule applies to a minimal "o=test" entry. * @throws Exception If an unexpected problem occurs. */ @Test(dataProvider = "testRules") public void testAppliesToEntry(VirtualAttributeRule rule, boolean appliesToEntry) throws Exception { TestCaseUtils.initializeTestBackend(true); addGroups(); assertEquals( rule.appliesToEntry(DirectoryConfig.getEntry(DN.decode("o=test"))), appliesToEntry); removeGroups(); }
/** * Tests the {@code toString} methods. * * @throws Exception If an unexpected problem occurs. */ @Test() public void testToString() throws Exception { // The default toString() calls the version that takes a string builder // argument, so we only need to use the default version to cover both cases. ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(ByteString.valueOf("uid=test,o=test")); proxyControl.toString(); proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test")); proxyControl.toString(); }
/** * Tests the {@code decodeControl} method when the control value is a valid octet string that * contains an valid non-empty DN. * * @throws Exception If an unexpected problem occurs. */ @Test() public void testDecodeControlValueNonEmptyDN() throws Exception { ByteStringBuilder bsb = new ByteStringBuilder(); ASN1Writer writer = ASN1.getWriter(bsb); writer.writeStartSequence(); writer.writeOctetString("uid=test,o=test"); writer.writeEndSequence(); LDAPControl c = new LDAPControl(OID_PROXIED_AUTH_V1, true, bsb.toByteString()); ProxiedAuthV1Control proxyControl = ProxiedAuthV1Control.DECODER.decode(c.isCritical(), c.getValue()); assertEquals(proxyControl.getAuthorizationDN(), DN.decode("uid=test,o=test")); }
/** * Tests performing an internal search using the VLV control to retrieve a subset of the entries * using an assertion value that is after all values in the list. * * @throws Exception If an unexpected problem occurred. */ @Test() public void testInternalSearchByValueAfterAll() throws Exception { populateDB(); InternalClientConnection conn = InternalClientConnection.getRootConnection(); ArrayList<Control> requestControls = new ArrayList<Control>(); requestControls.add(new ServerSideSortRequestControl("sn")); requestControls.add(new VLVRequestControl(0, 3, ByteString.valueOf("zz"))); InternalSearchOperation internalSearch = new InternalSearchOperation( conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), requestControls, DN.decode("dc=example,dc=com"), SearchScope.WHOLE_SUBTREE, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, SearchFilter.createFilterFromString("(objectClass=person)"), null, null); internalSearch.run(); // It will be successful because the control isn't critical. assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS); List<Control> responseControls = internalSearch.getResponseControls(); assertNotNull(responseControls); VLVResponseControl vlvResponse = null; for (Control c : responseControls) { if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) { if (c instanceof LDAPControl) { vlvResponse = VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue()); } else { vlvResponse = (VLVResponseControl) c; } } } assertNotNull(vlvResponse); assertEquals(vlvResponse.getVLVResultCode(), LDAPResultCode.SUCCESS); assertEquals(vlvResponse.getTargetPosition(), 10); assertEquals(vlvResponse.getContentCount(), 9); }
/** * Make sure that the server is running. * * @throws Exception If an unexpected problem occurs. */ @BeforeClass() public void startServer() throws Exception { TestCaseUtils.startServer(); givenNameType = DirectoryServer.getAttributeType("givenname", false); assertNotNull(givenNameType); snType = DirectoryServer.getAttributeType("sn", false); assertNotNull(snType); aaccfJohnsonDN = DN.decode("uid=aaccf.johnson,dc=example,dc=com"); aaronZimmermanDN = DN.decode("uid=aaron.zimmerman,dc=example,dc=com"); albertSmithDN = DN.decode("uid=albert.smith,dc=example,dc=com"); albertZimmermanDN = DN.decode("uid=albert.zimmerman,dc=example,dc=com"); lowercaseMcGeeDN = DN.decode("uid=lowercase.mcgee,dc=example,dc=com"); margaretJonesDN = DN.decode("uid=margaret.jones,dc=example,dc=com"); maryJonesDN = DN.decode("uid=mary.jones,dc=example,dc=com"); samZweckDN = DN.decode("uid=sam.zweck,dc=example,dc=com"); zorroDN = DN.decode("uid=zorro,dc=example,dc=com"); }
/** * Tests the {@code getValidatedAuthorizationDN} method for a disabled user. * * @throws Exception If an unexpected problem occurs. */ @Test(expectedExceptions = {DirectoryException.class}) public void testGetValidatedAuthorizationDisabledUser() throws Exception { TestCaseUtils.initializeTestBackend(true); TestCaseUtils.addEntry( "dn: uid=test,o=test", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test", "givenName: Test", "sn: User", "cn: Test User", "ds-pwp-account-disabled: true"); ProxiedAuthV1Control proxyControl = new ProxiedAuthV1Control(DN.decode("uid=test,o=test")); proxyControl.getAuthorizationEntry(); }
/** * Attempt to read a change containing a file-based attribute. * * @throws Exception If the test failed unexpectedly. */ @Test(dependsOnMethods = {"testReadChangeMultiple"}) public void testReadChangeWithFileBaseAttribute() throws Exception { StringBuilder buffer = new StringBuilder(TEMP_FILE_LDIF); buffer.append(TEMP_FILE.getCanonicalPath()); buffer.append("\n"); LDIFReader reader = createLDIFReader(buffer.toString()); try { ChangeRecordEntry change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof AddChangeRecordEntry); AddChangeRecordEntry add = (AddChangeRecordEntry) change; DN dn = DN.decode("cn=john smith, dc=com"); Assert.assertEquals(add.getDN(), dn); Attribute attr = Attributes.create("description", TEMP_FILE_STRING); Assert.assertTrue(add.getAttributes().contains(attr)); // Check final state. Assert.assertNull(reader.readChangeRecord(false)); } finally { reader.close(); } }
@Test(enabled = true) public void testValidRequest() throws Exception { final CryptoManagerImpl cm = DirectoryServer.getCryptoManager(); final String secretMessage = "zyxwvutsrqponmlkjihgfedcba"; final String cipherTransformationName = "AES/CBC/PKCS5Padding"; final int cipherKeyLength = 128; CryptoManagerImpl.publishInstanceKeyEntryInADS(); // Initial encryption ensures a cipher key entry is in ADS. cm.encrypt(cipherTransformationName, cipherKeyLength, secretMessage.getBytes()); // Retrieve all uncompromised cipher key entries corresponding to the // specified transformation and key length. final String baseDNStr // TODO: is this DN defined elsewhere as a constant? = "cn=secret keys," + ADSContext.getAdministrationSuffixDN(); final DN baseDN = DN.decode(baseDNStr); final String FILTER_OC_INSTANCE_KEY = new StringBuilder("(objectclass=") .append(ConfigConstants.OC_CRYPTO_CIPHER_KEY) .append(")") .toString(); final String FILTER_NOT_COMPROMISED = new StringBuilder("(!(") .append(ConfigConstants.ATTR_CRYPTO_KEY_COMPROMISED_TIME) .append("=*))") .toString(); final String FILTER_CIPHER_TRANSFORMATION_NAME = new StringBuilder("(") .append(ConfigConstants.ATTR_CRYPTO_CIPHER_TRANSFORMATION_NAME) .append("=") .append(cipherTransformationName) .append(")") .toString(); final String FILTER_CIPHER_KEY_LENGTH = new StringBuilder("(") .append(ConfigConstants.ATTR_CRYPTO_KEY_LENGTH_BITS) .append("=") .append(String.valueOf(cipherKeyLength)) .append(")") .toString(); final String searchFilter = new StringBuilder("(&") .append(FILTER_OC_INSTANCE_KEY) .append(FILTER_NOT_COMPROMISED) .append(FILTER_CIPHER_TRANSFORMATION_NAME) .append(FILTER_CIPHER_KEY_LENGTH) .append(")") .toString(); final LinkedHashSet<String> requestedAttributes = new LinkedHashSet<String>(); requestedAttributes.add(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY); final InternalClientConnection icc = InternalClientConnection.getRootConnection(); InternalSearchOperation searchOp = icc.processSearch( baseDN, SearchScope.SINGLE_LEVEL, DereferencePolicy.NEVER_DEREF_ALIASES, /* size limit */ 0, /* time limit */ 0, /* types only */ false, SearchFilter.createFilterFromString(searchFilter), requestedAttributes); assertTrue(0 < searchOp.getSearchEntries().size()); final InternalClientConnection internalConnection = InternalClientConnection.getRootConnection(); final String instanceKeyID = cm.getInstanceKeyID(); final AttributeType attrSymmetricKey = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY); for (Entry e : searchOp.getSearchEntries()) { final String symmetricKeyAttributeValue = e.getAttributeValue(attrSymmetricKey, DirectoryStringSyntax.DECODER); final ByteString requestValue = GetSymmetricKeyExtendedOperation.encodeRequestValue( symmetricKeyAttributeValue, instanceKeyID); final ExtendedOperation extendedOperation = internalConnection.processExtendedOperation( ServerConstants.OID_GET_SYMMETRIC_KEY_EXTENDED_OP, requestValue); assertEquals(extendedOperation.getResultCode(), ResultCode.SUCCESS); // The key should be re-wrapped, and hence have a different binary // representation.... final String responseValue = extendedOperation.getResponseValue().toString(); assertFalse(symmetricKeyAttributeValue.equals(responseValue)); // ... but the keyIDs should be equal (ideally, the validity of // the returned value would be checked by decoding the // returned ds-cfg-symmetric-key attribute value; however, there // is no non-private method to call. assertEquals(responseValue.split(":")[0], symmetricKeyAttributeValue.split(":")[0]); } }
/** * Tests performing an internal search using the VLV control to retrieve a subset of the entries * using an assertion value before any actual value in the list. * * @throws Exception If an unexpected problem occurred. */ @Test() public void testInternalSearchByValueBeforeAll() throws Exception { populateDB(); InternalClientConnection conn = InternalClientConnection.getRootConnection(); ArrayList<Control> requestControls = new ArrayList<Control>(); requestControls.add(new ServerSideSortRequestControl("givenName")); requestControls.add(new VLVRequestControl(0, 3, ByteString.valueOf("a"))); InternalSearchOperation internalSearch = new InternalSearchOperation( conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), requestControls, DN.decode("dc=example,dc=com"), SearchScope.WHOLE_SUBTREE, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, SearchFilter.createFilterFromString("(objectClass=person)"), null, null); internalSearch.run(); assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS); ArrayList<DN> expectedDNOrder = new ArrayList<DN>(); expectedDNOrder.add(aaccfJohnsonDN); // Aaccf expectedDNOrder.add(aaronZimmermanDN); // Aaron expectedDNOrder.add(albertZimmermanDN); // Albert, lower entry ID expectedDNOrder.add(albertSmithDN); // Albert, higher entry ID ArrayList<DN> returnedDNOrder = new ArrayList<DN>(); for (Entry e : internalSearch.getSearchEntries()) { returnedDNOrder.add(e.getDN()); } assertEquals(returnedDNOrder, expectedDNOrder); List<Control> responseControls = internalSearch.getResponseControls(); assertNotNull(responseControls); assertEquals(responseControls.size(), 2); ServerSideSortResponseControl sortResponse = null; VLVResponseControl vlvResponse = null; for (Control c : responseControls) { if (c.getOID().equals(OID_SERVER_SIDE_SORT_RESPONSE_CONTROL)) { if (c instanceof LDAPControl) { sortResponse = ServerSideSortResponseControl.DECODER.decode( c.isCritical(), ((LDAPControl) c).getValue()); } else { sortResponse = (ServerSideSortResponseControl) c; } } else if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) { if (c instanceof LDAPControl) { vlvResponse = VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue()); } else { vlvResponse = (VLVResponseControl) c; } } else { fail("Response control with unexpected OID " + c.getOID()); } } assertNotNull(sortResponse); assertEquals(sortResponse.getResultCode(), 0); assertNotNull(vlvResponse); assertEquals(vlvResponse.getVLVResultCode(), 0); assertEquals(vlvResponse.getTargetPosition(), 1); assertEquals(vlvResponse.getContentCount(), 9); }
/** * Tests performing an internal search using the VLV control with a start start position beyond * the end of the result set. * * @throws Exception If an unexpected problem occurred. */ @Test() public void testInternalSearchByOffsetStartPositionTooHigh() throws Exception { populateDB(); InternalClientConnection conn = InternalClientConnection.getRootConnection(); ArrayList<Control> requestControls = new ArrayList<Control>(); requestControls.add(new ServerSideSortRequestControl("givenName")); requestControls.add(new VLVRequestControl(3, 3, 30, 0)); InternalSearchOperation internalSearch = new InternalSearchOperation( conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(), requestControls, DN.decode("dc=example,dc=com"), SearchScope.WHOLE_SUBTREE, DereferencePolicy.NEVER_DEREF_ALIASES, 0, 0, false, SearchFilter.createFilterFromString("(objectClass=person)"), null, null); internalSearch.run(); assertEquals(internalSearch.getResultCode(), ResultCode.SUCCESS); ArrayList<DN> expectedDNOrder = new ArrayList<DN>(); expectedDNOrder.add(maryJonesDN); // Mary expectedDNOrder.add(samZweckDN); // Sam expectedDNOrder.add(zorroDN); // No first name ArrayList<DN> returnedDNOrder = new ArrayList<DN>(); for (Entry e : internalSearch.getSearchEntries()) { returnedDNOrder.add(e.getDN()); } assertEquals(returnedDNOrder, expectedDNOrder); List<Control> responseControls = internalSearch.getResponseControls(); assertNotNull(responseControls); VLVResponseControl vlvResponse = null; for (Control c : responseControls) { if (c.getOID().equals(OID_VLV_RESPONSE_CONTROL)) { if (c instanceof LDAPControl) { vlvResponse = VLVResponseControl.DECODER.decode(c.isCritical(), ((LDAPControl) c).getValue()); } else { vlvResponse = (VLVResponseControl) c; } } } assertNotNull(vlvResponse); assertEquals(vlvResponse.getVLVResultCode(), LDAPResultCode.SUCCESS); assertEquals(vlvResponse.getTargetPosition(), 10); assertEquals(vlvResponse.getContentCount(), 9); }
/** * Check access using the specified container. This container will have all of the information to * gather applicable ACIs and perform evaluation on them. * * @param container An ACI operation container which has all of the information needed to check * access. * @return True if access is allowed. */ boolean accessAllowed(AciContainer container) { DN dn = container.getResourceEntry().getDN(); // For ACI_WRITE_ADD and ACI_WRITE_DELETE set the ACI_WRITE // right. if (container.hasRights(ACI_WRITE_ADD) || container.hasRights(ACI_WRITE_DELETE)) { container.setRights(container.getRights() | ACI_WRITE); } // Check if the ACI_SELF right needs to be set (selfwrite right). // Only done if the right is ACI_WRITE, an attribute value is set // and that attribute value is a DN. if ((container.getCurrentAttributeValue() != null) && (container.hasRights(ACI_WRITE)) && (isAttributeDN(container.getCurrentAttributeType()))) { String DNString = null; try { DNString = container.getCurrentAttributeValue().getValue().toString(); DN tmpDN = DN.decode(DNString); // Have a valid DN, compare to clientDN to see if the ACI_SELF // right should be set. if (tmpDN.equals(container.getClientDN())) { container.setRights(container.getRights() | ACI_SELF); } } catch (DirectoryException ex) { // Log a message and keep going. Message message = WARN_ACI_NOT_VALID_DN.get(DNString); logError(message); } } // Check proxy authorization only if the entry has not already been // processed (working on a new entry). If working on a new entry, // then only do a proxy check if the right is not set to ACI_PROXY // and the proxied authorization control has been decoded. if (!container.hasSeenEntry()) { if (container.isProxiedAuthorization() && !container.hasRights(ACI_PROXY) && !container.hasRights(ACI_SKIP_PROXY_CHECK)) { int currentRights = container.getRights(); // Save the current rights so they can be put back if on // success. container.setRights(ACI_PROXY); // Switch to the original authorization entry, not the proxied // one. container.useOrigAuthorizationEntry(true); if (!accessAllowed(container)) { return false; } // Access is ok, put the original rights back. container.setRights(currentRights); // Put the proxied authorization entry back to the current // authorization entry. container.useOrigAuthorizationEntry(false); } // Set the seen flag so proxy processing is not performed for this // entry again. container.setSeenEntry(true); } /* * First get all allowed candidate ACIs. */ LinkedList<Aci> candidates = aciList.getCandidateAcis(dn); /* * Create an applicable list of ACIs by target matching each * candidate ACI against the container's target match view. */ createApplicableList(candidates, container); /* * Evaluate the applicable list. */ boolean ret = testApplicableLists(container); // Build summary string if doing geteffectiverights eval. if (container.isGetEffectiveRightsEval()) { AciEffectiveRights.createSummary(container, ret, "main"); } return ret; }
/** * Retrieves a set of virtual attribute rules that may be used for testing purposes. The return * data will also include a Boolean value indicating whether the rule would apply to a minimal * "o=test" entry. * * @return A set of virtual attribute rules that may be used for testing purposes. * @throws Exception If an unexpected problem occurs. */ @DataProvider(name = "testRules") public Object[][] getVirtualAttributeRules() throws Exception { EntryDNVirtualAttributeProvider provider = new EntryDNVirtualAttributeProvider(); LinkedHashSet<DN> dnSet1 = new LinkedHashSet<DN>(1); dnSet1.add(DN.decode("o=test")); LinkedHashSet<DN> dnSet2 = new LinkedHashSet<DN>(1); dnSet2.add(DN.decode("dc=example,dc=com")); LinkedHashSet<DN> dnSet3 = new LinkedHashSet<DN>(2); dnSet3.add(DN.decode("o=test")); dnSet3.add(DN.decode("dc=example,dc=com")); LinkedHashSet<DN> groupSet1 = new LinkedHashSet<DN>(1); groupSet1.add(DN.decode("cn=Test Group,o=test")); LinkedHashSet<DN> groupSet2 = new LinkedHashSet<DN>(1); groupSet2.add(DN.decode("cn=Example Group,o=test")); LinkedHashSet<DN> groupSet3 = new LinkedHashSet<DN>(2); groupSet3.add(DN.decode("cn=Test Group,o=test")); groupSet3.add(DN.decode("cn=Example Group,o=test")); LinkedHashSet<SearchFilter> filterSet1 = new LinkedHashSet<SearchFilter>(1); filterSet1.add(SearchFilter.createFilterFromString("(objectClass=*)")); LinkedHashSet<SearchFilter> filterSet2 = new LinkedHashSet<SearchFilter>(1); filterSet2.add(SearchFilter.createFilterFromString("(o=test)")); LinkedHashSet<SearchFilter> filterSet3 = new LinkedHashSet<SearchFilter>(1); filterSet3.add(SearchFilter.createFilterFromString("(foo=bar)")); LinkedHashSet<SearchFilter> filterSet4 = new LinkedHashSet<SearchFilter>(2); filterSet4.add(SearchFilter.createFilterFromString("(o=test)")); filterSet4.add(SearchFilter.createFilterFromString("(foo=bar)")); return new Object[][] { new Object[] { new VirtualAttributeRule( entryDNType, provider, Collections.<DN>emptySet(), SearchScope.WHOLE_SUBTREE, Collections.<DN>emptySet(), Collections.<SearchFilter>emptySet(), ConflictBehavior.VIRTUAL_OVERRIDES_REAL), true }, new Object[] { new VirtualAttributeRule( entryDNType, provider, dnSet1, SearchScope.WHOLE_SUBTREE, Collections.<DN>emptySet(), Collections.<SearchFilter>emptySet(), ConflictBehavior.VIRTUAL_OVERRIDES_REAL), true }, new Object[] { new VirtualAttributeRule( entryDNType, provider, dnSet2, SearchScope.WHOLE_SUBTREE, Collections.<DN>emptySet(), Collections.<SearchFilter>emptySet(), ConflictBehavior.VIRTUAL_OVERRIDES_REAL), false }, new Object[] { new VirtualAttributeRule( entryDNType, provider, dnSet3, SearchScope.WHOLE_SUBTREE, Collections.<DN>emptySet(), Collections.<SearchFilter>emptySet(), ConflictBehavior.VIRTUAL_OVERRIDES_REAL), true }, new Object[] { new VirtualAttributeRule( entryDNType, provider, Collections.<DN>emptySet(), SearchScope.WHOLE_SUBTREE, groupSet1, Collections.<SearchFilter>emptySet(), ConflictBehavior.VIRTUAL_OVERRIDES_REAL), true }, new Object[] { new VirtualAttributeRule( entryDNType, provider, Collections.<DN>emptySet(), SearchScope.WHOLE_SUBTREE, groupSet2, Collections.<SearchFilter>emptySet(), ConflictBehavior.VIRTUAL_OVERRIDES_REAL), false }, new Object[] { new VirtualAttributeRule( entryDNType, provider, Collections.<DN>emptySet(), SearchScope.WHOLE_SUBTREE, groupSet3, Collections.<SearchFilter>emptySet(), ConflictBehavior.VIRTUAL_OVERRIDES_REAL), true }, new Object[] { new VirtualAttributeRule( entryDNType, provider, Collections.<DN>emptySet(), SearchScope.WHOLE_SUBTREE, Collections.<DN>emptySet(), filterSet1, ConflictBehavior.VIRTUAL_OVERRIDES_REAL), true }, new Object[] { new VirtualAttributeRule( entryDNType, provider, Collections.<DN>emptySet(), SearchScope.WHOLE_SUBTREE, Collections.<DN>emptySet(), filterSet2, ConflictBehavior.VIRTUAL_OVERRIDES_REAL), true }, new Object[] { new VirtualAttributeRule( entryDNType, provider, Collections.<DN>emptySet(), SearchScope.WHOLE_SUBTREE, Collections.<DN>emptySet(), filterSet3, ConflictBehavior.VIRTUAL_OVERRIDES_REAL), false }, new Object[] { new VirtualAttributeRule( entryDNType, provider, Collections.<DN>emptySet(), SearchScope.WHOLE_SUBTREE, Collections.<DN>emptySet(), filterSet4, ConflictBehavior.VIRTUAL_OVERRIDES_REAL), true }, }; }
/** * Removes the test group from the server. * * @throws Exception If an unexpected problem occurs. */ private void removeGroups() throws Exception { InternalClientConnection conn = InternalClientConnection.getRootConnection(); conn.processDelete(DN.decode("cn=Test Group,o=Test")); conn.processDelete(DN.decode("cn=Example Group,o=Test")); }
/** * Attempt to read multiple changes. * * @throws Exception If the test failed unexpectedly. */ @Test(dependsOnMethods = {"testChangeRecordEmptyStream"}) public void testReadChangeMultiple() throws Exception { LDIFReader reader = createLDIFReader(VALID_LDIF); try { ChangeRecordEntry change; AddChangeRecordEntry add; DeleteChangeRecordEntry delete; ModifyChangeRecordEntry modify; ModifyDNChangeRecordEntry modifyDN; DN dn; RDN rdn; Iterator<RawModification> i; Modification mod; Attribute attr; // Change record #1. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof AddChangeRecordEntry); add = (AddChangeRecordEntry) change; dn = DN.decode("cn=Fiona Jensen, ou=Marketing, dc=airius, dc=com"); Assert.assertEquals(add.getDN(), dn); List<Attribute> attrs = new ArrayList<Attribute>(); AttributeBuilder builder = new AttributeBuilder(AT_OC, "objectclass"); builder.add(AttributeValues.create(AT_OC, "top")); builder.add(AttributeValues.create(AT_OC, "person")); builder.add(AttributeValues.create(AT_OC, "organizationalPerson")); attrs.add(builder.toAttribute()); attrs.add(Attributes.create("cn", "Fiona Jensen")); attrs.add(Attributes.create("sn", "Jensen")); attrs.add(Attributes.create("uid", "fiona")); attrs.add(Attributes.create("telephonenumber", "+1 408 555 1212")); Assert.assertTrue(add.getAttributes().containsAll(attrs)); // Change record #2. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof DeleteChangeRecordEntry); delete = (DeleteChangeRecordEntry) change; dn = DN.decode("cn=Robert Jensen, ou=Marketing, dc=airius, dc=com"); Assert.assertEquals(delete.getDN(), dn); // Change record #3. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyDNChangeRecordEntry); modifyDN = (ModifyDNChangeRecordEntry) change; dn = DN.decode("cn=Paul Jensen, ou=Product Development, dc=airius, dc=com"); Assert.assertEquals(modifyDN.getDN(), dn); rdn = RDN.decode("cn=paula jensen"); Assert.assertEquals(modifyDN.getNewRDN(), rdn); Assert.assertNull(modifyDN.getNewSuperiorDN()); Assert.assertTrue(modifyDN.deleteOldRDN()); // Change record #4. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyDNChangeRecordEntry); modifyDN = (ModifyDNChangeRecordEntry) change; dn = DN.decode("ou=PD Accountants, ou=Product Development, dc=airius, dc=com"); Assert.assertEquals(modifyDN.getDN(), dn); rdn = RDN.decode("ou=Product Development Accountants"); Assert.assertEquals(modifyDN.getNewRDN(), rdn); dn = DN.decode("ou=Accounting, dc=airius, dc=com"); Assert.assertEquals(modifyDN.getNewSuperiorDN(), dn); Assert.assertFalse(modifyDN.deleteOldRDN()); // Change record #5. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyChangeRecordEntry); modify = (ModifyChangeRecordEntry) change; dn = DN.decode("cn=Paula Jensen, ou=Product Development, dc=airius, dc=com"); Assert.assertEquals(modify.getDN(), dn); i = modify.getModifications().iterator(); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.ADD); attr = Attributes.create("postaladdress", "123 Anystreet $ Sunnyvale, CA $ 94086"); Assert.assertEquals(mod.getAttribute(), attr); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE); attr = Attributes.empty(AT_DESCR); Assert.assertEquals(mod.getAttribute(), attr); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.REPLACE); builder = new AttributeBuilder(AT_TELN, "telephonenumber"); builder.add(AttributeValues.create(AT_TELN, "+1 408 555 1234")); builder.add(AttributeValues.create(AT_TELN, "+1 408 555 5678")); Assert.assertEquals(mod.getAttribute(), builder.toAttribute()); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE); attr = Attributes.create("facsimiletelephonenumber", "+1 408 555 9876"); Assert.assertEquals(mod.getAttribute(), attr); Assert.assertFalse(i.hasNext()); // Change record #6. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyChangeRecordEntry); modify = (ModifyChangeRecordEntry) change; dn = DN.decode("cn=Ingrid Jensen, ou=Product Support, dc=airius, dc=com"); Assert.assertEquals(modify.getDN(), dn); i = modify.getModifications().iterator(); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.REPLACE); attr = Attributes.empty(DirectoryServer.getAttributeType("postaladdress")); Assert.assertEquals(mod.getAttribute(), attr); // Change record #7. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyChangeRecordEntry); modify = (ModifyChangeRecordEntry) change; Assert.assertTrue(modify.getDN().isNullDN()); i = modify.getModifications().iterator(); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE); attr = Attributes.empty(AT_DESCR); Assert.assertEquals(mod.getAttribute(), attr); // Change record #8. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyChangeRecordEntry); modify = (ModifyChangeRecordEntry) change; dn = DN.decode("uid=rogasawara, ou=\u55b6\u696d\u90e8, o=airius"); Assert.assertEquals(modify.getDN(), dn); i = modify.getModifications().iterator(); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE); attr = Attributes.empty(AT_DESCR); Assert.assertEquals(mod.getAttribute(), attr); Assert.assertFalse(i.hasNext()); // Check final state. Assert.assertNull(reader.readChangeRecord(false)); Assert.assertEquals(reader.getEntriesIgnored(), 0); Assert.assertEquals(reader.getEntriesRead(), 0); Assert.assertEquals(reader.getEntriesRejected(), 0); Assert.assertEquals(reader.getLastEntryLineNumber(), 72); } finally { reader.close(); } }
/** {@inheritDoc} */ @Override public void initializeBackend() throws ConfigException, InitializationException { // Create the set of base DNs that we will handle. In this case, it's just // the DN of the base backup entry. try { backupBaseDN = DN.decode(DN_BACKUP_ROOT); } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } Message message = ERR_BACKEND_CANNOT_DECODE_BACKEND_ROOT_DN.get(getExceptionMessage(e), getBackendID()); throw new InitializationException(message, e); } // FIXME -- Deal with this more correctly. this.baseDNs = new DN[] {backupBaseDN}; // Determine the set of backup directories that we will use by default. Set<String> values = currentConfig.getBackupDirectory(); backupDirectories = new LinkedHashSet<File>(values.size()); for (String s : values) { backupDirectories.add(getFileForPath(s)); } // Construct the backup base entry. LinkedHashMap<ObjectClass, String> objectClasses = new LinkedHashMap<ObjectClass, String>(2); objectClasses.put(DirectoryServer.getTopObjectClass(), OC_TOP); ObjectClass untypedOC = DirectoryServer.getObjectClass(OC_UNTYPED_OBJECT_LC, true); objectClasses.put(untypedOC, OC_UNTYPED_OBJECT); LinkedHashMap<AttributeType, List<Attribute>> opAttrs = new LinkedHashMap<AttributeType, List<Attribute>>(0); LinkedHashMap<AttributeType, List<Attribute>> userAttrs = new LinkedHashMap<AttributeType, List<Attribute>>(1); RDN rdn = backupBaseDN.getRDN(); int numAVAs = rdn.getNumValues(); for (int i = 0; i < numAVAs; i++) { AttributeType attrType = rdn.getAttributeType(i); ArrayList<Attribute> attrList = new ArrayList<Attribute>(1); attrList.add(Attributes.create(attrType, rdn.getAttributeValue(i))); userAttrs.put(attrType, attrList); } backupBaseEntry = new Entry(backupBaseDN, objectClasses, userAttrs, opAttrs); currentConfig.addBackupChangeListener(this); // Register the backup base as a private suffix. try { DirectoryServer.registerBaseDN(backupBaseDN, this, true); } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } Message message = ERR_BACKEND_CANNOT_REGISTER_BASEDN.get(backupBaseDN.toString(), getExceptionMessage(e)); throw new InitializationException(message, e); } }