// We initialize these for each new AciHandler so that we can clear // out the stale references that can occur during an in-core restart. private static void initStatics() { if ((aciType = DirectoryServer.getAttributeType("aci")) == null) { aciType = DirectoryServer.getDefaultAttributeType("aci"); } if ((globalAciType = DirectoryServer.getAttributeType(ATTR_AUTHZ_GLOBAL_ACI)) == null) { globalAciType = DirectoryServer.getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI); } if ((debugSearchIndex = DirectoryServer.getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX)) == null) { debugSearchIndex = DirectoryServer.getDefaultAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX); } if ((refAttrType = DirectoryServer.getAttributeType(ATTR_REFERRAL_URL)) == null) { refAttrType = DirectoryServer.getDefaultAttributeType(ATTR_REFERRAL_URL); } try { debugSearchIndexDN = DN.decode("cn=debugsearch"); } catch (DirectoryException ex) { // Should never happen. } }
/** * Once-only initialization. * * @throws Exception If an unexpected error occurred. */ @BeforeClass public void setUp() throws Exception { // This test suite depends on having the schema available, so we'll // start the server. TestCaseUtils.startServer(); // Initialize schema bits. OC_TOP = DirectoryServer.getObjectClass("top"); OC_PERSON = DirectoryServer.getObjectClass("person"); AT_OC = DirectoryServer.getObjectClassAttributeType(); AT_CN = DirectoryServer.getAttributeType("cn"); AT_SN = DirectoryServer.getAttributeType("sn"); AT_DESCR = DirectoryServer.getAttributeType("description"); AT_TELN = DirectoryServer.getAttributeType("telephonenumber"); // Create a temporary file containing an attribute value. TEMP_FILE = File.createTempFile("tmp", "txt"); OutputStream out = null; try { out = new FileOutputStream(TEMP_FILE); out.write(TEMP_FILE_STRING.getBytes("UTF-8")); } finally { if (out != null) { out.close(); } } }
/** * Generates an entry for a backup directory based on the provided DN. The DN must contain an RDN * component that specifies the path to the backup directory, and that directory must exist and be * a valid backup directory. * * @param entryDN The DN of the backup directory entry to retrieve. * @return The requested backup directory entry. * @throws DirectoryException If the specified directory does not exist or is not a valid backup * directory, or if the DN does not specify any backup directory. */ private Entry getBackupDirectoryEntry(DN entryDN) throws DirectoryException { // Make sure that the DN specifies a backup directory. AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true); AttributeValue v = entryDN.getRDN().getAttributeValue(t); if (v == null) { Message message = ERR_BACKUP_DN_DOES_NOT_SPECIFY_DIRECTORY.get(String.valueOf(entryDN)); throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message, backupBaseDN, null); } // Get a handle to the backup directory and the information that it // contains. BackupDirectory backupDirectory; try { backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString()); } catch (ConfigException ce) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, ce); } Message message = ERR_BACKUP_INVALID_BACKUP_DIRECTORY.get(String.valueOf(entryDN), ce.getMessage()); throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message); } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } Message message = ERR_BACKUP_ERROR_GETTING_BACKUP_DIRECTORY.get(getExceptionMessage(e)); throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message); } // Construct the backup directory entry to return. LinkedHashMap<ObjectClass, String> ocMap = new LinkedHashMap<ObjectClass, String>(2); ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP); ObjectClass backupDirOC = DirectoryServer.getObjectClass(OC_BACKUP_DIRECTORY, true); ocMap.put(backupDirOC, OC_BACKUP_DIRECTORY); LinkedHashMap<AttributeType, List<Attribute>> opAttrs = new LinkedHashMap<AttributeType, List<Attribute>>(0); LinkedHashMap<AttributeType, List<Attribute>> userAttrs = new LinkedHashMap<AttributeType, List<Attribute>>(3); ArrayList<Attribute> attrList = new ArrayList<Attribute>(1); attrList.add(Attributes.create(t, v)); userAttrs.put(t, attrList); t = DirectoryServer.getAttributeType(ATTR_BACKUP_BACKEND_DN, true); attrList = new ArrayList<Attribute>(1); attrList.add( Attributes.create( t, AttributeValues.create(t, backupDirectory.getConfigEntryDN().toString()))); userAttrs.put(t, attrList); Entry e = new Entry(entryDN, ocMap, userAttrs, opAttrs); e.processVirtualAttributes(); return e; }
/** {@inheritDoc} */ @Override public void initializeSASLMechanismHandler(ExternalSASLMechanismHandlerCfg configuration) throws ConfigException, InitializationException { configuration.addExternalChangeListener(this); currentConfig = configuration; // See if we should attempt to validate client certificates against those in // the corresponding user's entry. switch (configuration.getCertificateValidationPolicy()) { case NEVER: validationPolicy = CertificateValidationPolicy.NEVER; break; case IFPRESENT: validationPolicy = CertificateValidationPolicy.IFPRESENT; break; case ALWAYS: validationPolicy = CertificateValidationPolicy.ALWAYS; break; } // Get the attribute type to use for validating the certificates. If none // is provided, then default to the userCertificate type. certificateAttributeType = configuration.getCertificateAttribute(); if (certificateAttributeType == null) { certificateAttributeType = DirectoryServer.getAttributeType(DEFAULT_VALIDATION_CERT_ATTRIBUTE, true); } DirectoryServer.registerSASLMechanismHandler(SASL_MECHANISM_EXTERNAL, this); }
/** {@inheritDoc} */ public ConfigChangeResult applyConfigurationChange( ExternalSASLMechanismHandlerCfg configuration) { final ConfigChangeResult ccr = new ConfigChangeResult(); // See if we should attempt to validate client certificates against those in // the corresponding user's entry. CertificateValidationPolicy newValidationPolicy = CertificateValidationPolicy.ALWAYS; switch (configuration.getCertificateValidationPolicy()) { case NEVER: newValidationPolicy = CertificateValidationPolicy.NEVER; break; case IFPRESENT: newValidationPolicy = CertificateValidationPolicy.IFPRESENT; break; case ALWAYS: newValidationPolicy = CertificateValidationPolicy.ALWAYS; break; } // Get the attribute type to use for validating the certificates. If none // is provided, then default to the userCertificate type. AttributeType newCertificateType = configuration.getCertificateAttribute(); if (newCertificateType == null) { newCertificateType = DirectoryServer.getAttributeType(DEFAULT_VALIDATION_CERT_ATTRIBUTE, true); } if (ccr.getResultCode() == ResultCode.SUCCESS) { validationPolicy = newValidationPolicy; certificateAttributeType = newCertificateType; currentConfig = configuration; } return ccr; }
/** * Performs any initialization for this tag that may be needed while parsing a branch definition. * * @param templateFile The template file in which this tag is used. * @param branch The branch in which this tag is used. * @param arguments The set of arguments provided for this tag. * @param lineNumber The line number on which this tag appears in the template file. * @param warnings A list into which any appropriate warning messages may be placed. * @throws InitializationException If a problem occurs while initializing this tag. */ public void initializeForBranch( TemplateFile templateFile, Branch branch, String[] arguments, int lineNumber, List<Message> warnings) throws InitializationException { if ((arguments.length < 1) || (arguments.length > 2)) { Message message = ERR_MAKELDIF_TAG_INVALID_ARGUMENT_RANGE_COUNT.get( getName(), lineNumber, 1, 2, arguments.length); throw new InitializationException(message); } String lowerName = toLowerCase(arguments[0]); AttributeType t = DirectoryServer.getAttributeType(lowerName, true); if (!branch.hasAttribute(t)) { Message message = ERR_MAKELDIF_TAG_UNDEFINED_ATTRIBUTE.get(arguments[0], lineNumber); throw new InitializationException(message); } if (arguments.length == 2) { assertionValue = arguments[1]; } else { assertionValue = null; } }
/** {@inheritDoc} */ @Override public long getEntryCount() { int numEntries = 1; AttributeType backupPathType = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true); for (File f : backupDirectories) { try { // Check to see if the descriptor file exists. If not, then skip this // backup directory. File descriptorFile = new File(f, BACKUP_DIRECTORY_DESCRIPTOR_FILE); if (!descriptorFile.exists()) { continue; } DN backupDirDN = makeChildDN(backupBaseDN, backupPathType, f.getAbsolutePath()); getBackupDirectoryEntry(backupDirDN); numEntries++; } catch (Exception e) { } } return numEntries; }
/** * Make sure that the server is running. * * @throws Exception If an unexpected problem occurs. */ @BeforeClass() public void startServer() throws Exception { TestCaseUtils.startServer(); givenNameType = DirectoryServer.getAttributeType("givenname", false); assertNotNull(givenNameType); snType = DirectoryServer.getAttributeType("sn", false); assertNotNull(snType); aaccfJohnsonDN = DN.decode("uid=aaccf.johnson,dc=example,dc=com"); aaronZimmermanDN = DN.decode("uid=aaron.zimmerman,dc=example,dc=com"); albertSmithDN = DN.decode("uid=albert.smith,dc=example,dc=com"); albertZimmermanDN = DN.decode("uid=albert.zimmerman,dc=example,dc=com"); lowercaseMcGeeDN = DN.decode("uid=lowercase.mcgee,dc=example,dc=com"); margaretJonesDN = DN.decode("uid=margaret.jones,dc=example,dc=com"); maryJonesDN = DN.decode("uid=mary.jones,dc=example,dc=com"); samZweckDN = DN.decode("uid=sam.zweck,dc=example,dc=com"); zorroDN = DN.decode("uid=zorro,dc=example,dc=com"); }
/** * Returns {@code true} if this authentication policy state is associated with a user whose * account has been administratively disabled. * * <p>The default implementation is use the value of the "ds-pwp-account-disable" attribute in the * user's entry. * * @return {@code true} if this authentication policy state is associated with a user whose * account has been administratively disabled. */ public boolean isDisabled() { final AttributeType type = DirectoryServer.getAttributeType(OP_ATTR_ACCOUNT_DISABLED, true); try { isDisabled = getBoolean(userEntry, type); } catch (final Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } isDisabled = ConditionResult.TRUE; if (debugEnabled()) { TRACER.debugWarning( "User %s is considered administratively " + "disabled because an error occurred while " + "attempting to make the determination: %s.", userEntry.getDN().toString(), stackTraceToSingleLineString(e)); } return true; } if (isDisabled == ConditionResult.UNDEFINED) { isDisabled = ConditionResult.FALSE; if (debugEnabled()) { TRACER.debugInfo( "User %s is not administratively disabled since " + "the attribute \"%s\" is not present in the entry.", userEntry.getDN().toString(), OP_ATTR_ACCOUNT_DISABLED); } return false; } if (debugEnabled()) { TRACER.debugInfo( "User %s %s administratively disabled.", userEntry.getDN().toString(), ((isDisabled == ConditionResult.TRUE) ? " is" : " is not")); } return isDisabled == ConditionResult.TRUE; }
/** * Check access on compare operations. Note that the attribute type is unavailable at this time, * so this method partially parses the raw attribute string to get the base attribute type. * Options are ignored. * * @param operation The compare operation to check access on. * @return True if access is allowed. */ @Override public boolean isAllowed(LocalBackendCompareOperation operation) { AciLDAPOperationContainer operationContainer = new AciLDAPOperationContainer(operation, ACI_COMPARE); String baseName; String rawAttributeType = operation.getRawAttributeType(); int semicolonPosition = rawAttributeType.indexOf(';'); if (semicolonPosition > 0) { baseName = toLowerCase(rawAttributeType.substring(0, semicolonPosition)); } else { baseName = toLowerCase(rawAttributeType); } AttributeType attributeType; if ((attributeType = DirectoryServer.getAttributeType(baseName)) == null) { attributeType = DirectoryServer.getDefaultAttributeType(baseName); } AttributeValue attributeValue = AttributeValues.create(attributeType, operation.getAssertionValue()); operationContainer.setCurrentAttributeType(attributeType); operationContainer.setCurrentAttributeValue(attributeValue); return isAllowed(operationContainer, operation); }
/** {@inheritDoc} */ @Override public VirtualStaticGroup newInstance(ServerContext serverContext, Entry groupEntry) throws DirectoryException { ifNull(groupEntry); // Get the target group DN attribute from the entry, if there is one. DN targetDN = null; AttributeType targetType = DirectoryServer.getAttributeType(ATTR_TARGET_GROUP_DN, true); List<Attribute> attrList = groupEntry.getAttribute(targetType); if (attrList != null) { for (Attribute a : attrList) { for (ByteString v : a) { if (targetDN != null) { LocalizableMessage message = ERR_VIRTUAL_STATIC_GROUP_MULTIPLE_TARGETS.get(groupEntry.getName()); throw new DirectoryException(ResultCode.OBJECTCLASS_VIOLATION, message); } try { targetDN = DN.decode(v); } catch (DirectoryException de) { logger.traceException(de); LocalizableMessage message = ERR_VIRTUAL_STATIC_GROUP_CANNOT_DECODE_TARGET.get( v, groupEntry.getName(), de.getMessageObject()); throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX, message, de); } } } } if (targetDN == null) { LocalizableMessage message = ERR_VIRTUAL_STATIC_GROUP_NO_TARGET.get(groupEntry.getName()); throw new DirectoryException(ResultCode.OBJECTCLASS_VIOLATION, message); } return new VirtualStaticGroup(groupEntry.getName(), targetDN); }
/** {@inheritDoc} */ @Override public void search(SearchOperation searchOperation) throws DirectoryException { // Get the base entry for the search, if possible. If it doesn't exist, // then this will throw an exception. DN baseDN = searchOperation.getBaseDN(); Entry baseEntry = getEntry(baseDN); // Look at the base DN and see if it's the backup base DN, a backup // directory entry DN, or a backup entry DN. DN parentDN; SearchScope scope = searchOperation.getScope(); SearchFilter filter = searchOperation.getFilter(); if (backupBaseDN.equals(baseDN)) { if ((scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) && filter.matchesEntry(baseEntry)) { searchOperation.returnEntry(baseEntry, null); } if (scope != SearchScope.BASE_OBJECT && !backupDirectories.isEmpty()) { AttributeType backupPathType = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true); for (File f : backupDirectories) { // Check to see if the descriptor file exists. If not, then skip this // backup directory. File descriptorFile = new File(f, BACKUP_DIRECTORY_DESCRIPTOR_FILE); if (!descriptorFile.exists()) { continue; } DN backupDirDN = makeChildDN(backupBaseDN, backupPathType, f.getAbsolutePath()); Entry backupDirEntry; try { backupDirEntry = getBackupDirectoryEntry(backupDirDN); } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } continue; } if (filter.matchesEntry(backupDirEntry)) { searchOperation.returnEntry(backupDirEntry, null); } if (scope != SearchScope.SINGLE_LEVEL) { List<Attribute> attrList = backupDirEntry.getAttribute(backupPathType); if (attrList != null && !attrList.isEmpty()) { for (AttributeValue v : attrList.get(0)) { try { BackupDirectory backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString()); AttributeType idType = DirectoryServer.getAttributeType(ATTR_BACKUP_ID, true); for (String backupID : backupDirectory.getBackups().keySet()) { DN backupEntryDN = makeChildDN(backupDirDN, idType, backupID); Entry backupEntry = getBackupEntry(backupEntryDN); if (filter.matchesEntry(backupEntry)) { searchOperation.returnEntry(backupEntry, null); } } } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } continue; } } } } } } } else if (backupBaseDN.equals(parentDN = baseDN.getParentDNInSuffix())) { Entry backupDirEntry = getBackupDirectoryEntry(baseDN); if ((scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) && filter.matchesEntry(backupDirEntry)) { searchOperation.returnEntry(backupDirEntry, null); } if (scope != SearchScope.BASE_OBJECT) { AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true); List<Attribute> attrList = backupDirEntry.getAttribute(t); if (attrList != null && !attrList.isEmpty()) { for (AttributeValue v : attrList.get(0)) { try { BackupDirectory backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString()); AttributeType idType = DirectoryServer.getAttributeType(ATTR_BACKUP_ID, true); for (String backupID : backupDirectory.getBackups().keySet()) { DN backupEntryDN = makeChildDN(baseDN, idType, backupID); Entry backupEntry = getBackupEntry(backupEntryDN); if (filter.matchesEntry(backupEntry)) { searchOperation.returnEntry(backupEntry, null); } } } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } continue; } } } } } else { if (parentDN == null || !backupBaseDN.equals(parentDN.getParentDNInSuffix())) { Message message = ERR_BACKUP_NO_SUCH_ENTRY.get(String.valueOf(backupBaseDN)); throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message); } if (scope == SearchScope.BASE_OBJECT || scope == SearchScope.WHOLE_SUBTREE) { Entry backupEntry = getBackupEntry(baseDN); if (backupEntry == null) { Message message = ERR_BACKUP_NO_SUCH_ENTRY.get(String.valueOf(backupBaseDN)); throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message); } if (filter.matchesEntry(backupEntry)) { searchOperation.returnEntry(backupEntry, null); } } } }
/** * Generates an entry for a backup based on the provided DN. The DN must have an RDN component * that specifies the backup ID, and the parent DN must have an RDN component that specifies the * backup directory. * * @param entryDN The DN of the backup entry to retrieve. * @return The requested backup entry. * @throws DirectoryException If the specified backup does not exist or is invalid. */ private Entry getBackupEntry(DN entryDN) throws DirectoryException { // First, get the backup ID from the entry DN. AttributeType idType = DirectoryServer.getAttributeType(ATTR_BACKUP_ID, true); AttributeValue idValue = entryDN.getRDN().getAttributeValue(idType); if (idValue == null) { Message message = ERR_BACKUP_NO_BACKUP_ID_IN_DN.get(String.valueOf(entryDN)); throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message); } String backupID = idValue.getValue().toString(); // Next, get the backup directory from the parent DN. DN parentDN = entryDN.getParentDNInSuffix(); if (parentDN == null) { Message message = ERR_BACKUP_NO_BACKUP_PARENT_DN.get(String.valueOf(entryDN)); throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message); } AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true); AttributeValue v = parentDN.getRDN().getAttributeValue(t); if (v == null) { Message message = ERR_BACKUP_NO_BACKUP_DIR_IN_DN.get(String.valueOf(entryDN)); throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message); } BackupDirectory backupDirectory; try { backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString()); } catch (ConfigException ce) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, ce); } Message message = ERR_BACKUP_INVALID_BACKUP_DIRECTORY.get(String.valueOf(entryDN), ce.getMessageObject()); throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message); } catch (Exception e) { if (debugEnabled()) { TRACER.debugCaught(DebugLogLevel.ERROR, e); } Message message = ERR_BACKUP_ERROR_GETTING_BACKUP_DIRECTORY.get(getExceptionMessage(e)); throw new DirectoryException(DirectoryServer.getServerErrorResultCode(), message); } BackupInfo backupInfo = backupDirectory.getBackupInfo(backupID); if (backupInfo == null) { Message message = ERR_BACKUP_NO_SUCH_BACKUP.get(backupID, backupDirectory.getPath()); throw new DirectoryException(ResultCode.NO_SUCH_OBJECT, message, parentDN, null); } // Construct the backup entry to return. LinkedHashMap<ObjectClass, String> ocMap = new LinkedHashMap<ObjectClass, String>(3); ocMap.put(DirectoryServer.getTopObjectClass(), OC_TOP); ObjectClass oc = DirectoryServer.getObjectClass(OC_BACKUP_INFO, true); ocMap.put(oc, OC_BACKUP_INFO); oc = DirectoryServer.getObjectClass(OC_EXTENSIBLE_OBJECT_LC, true); ocMap.put(oc, OC_EXTENSIBLE_OBJECT); LinkedHashMap<AttributeType, List<Attribute>> opAttrs = new LinkedHashMap<AttributeType, List<Attribute>>(0); LinkedHashMap<AttributeType, List<Attribute>> userAttrs = new LinkedHashMap<AttributeType, List<Attribute>>(); ArrayList<Attribute> attrList = new ArrayList<Attribute>(1); attrList.add(Attributes.create(idType, idValue)); userAttrs.put(idType, attrList); backupInfo.getBackupDirectory(); attrList = new ArrayList<Attribute>(1); attrList.add(Attributes.create(t, v)); userAttrs.put(t, attrList); Date backupDate = backupInfo.getBackupDate(); if (backupDate != null) { t = DirectoryServer.getAttributeType(ATTR_BACKUP_DATE, true); attrList = new ArrayList<Attribute>(1); attrList.add( Attributes.create( t, AttributeValues.create(t, GeneralizedTimeSyntax.format(backupDate)))); userAttrs.put(t, attrList); } t = DirectoryServer.getAttributeType(ATTR_BACKUP_COMPRESSED, true); attrList = new ArrayList<Attribute>(1); attrList.add(Attributes.create(t, BooleanSyntax.createBooleanValue(backupInfo.isCompressed()))); userAttrs.put(t, attrList); t = DirectoryServer.getAttributeType(ATTR_BACKUP_ENCRYPTED, true); attrList = new ArrayList<Attribute>(1); attrList.add(Attributes.create(t, BooleanSyntax.createBooleanValue(backupInfo.isEncrypted()))); userAttrs.put(t, attrList); t = DirectoryServer.getAttributeType(ATTR_BACKUP_INCREMENTAL, true); attrList = new ArrayList<Attribute>(1); attrList.add( Attributes.create(t, BooleanSyntax.createBooleanValue(backupInfo.isIncremental()))); userAttrs.put(t, attrList); HashSet<String> dependencies = backupInfo.getDependencies(); if (dependencies != null && !dependencies.isEmpty()) { t = DirectoryServer.getAttributeType(ATTR_BACKUP_DEPENDENCY, true); AttributeBuilder builder = new AttributeBuilder(t); for (String s : dependencies) { builder.add(AttributeValues.create(t, s)); } attrList = new ArrayList<Attribute>(1); attrList.add(builder.toAttribute()); userAttrs.put(t, attrList); } byte[] signedHash = backupInfo.getSignedHash(); if (signedHash != null) { t = DirectoryServer.getAttributeType(ATTR_BACKUP_SIGNED_HASH, true); attrList = new ArrayList<Attribute>(1); attrList.add(Attributes.create(t, AttributeValues.create(t, ByteString.wrap(signedHash)))); userAttrs.put(t, attrList); } byte[] unsignedHash = backupInfo.getUnsignedHash(); if (unsignedHash != null) { t = DirectoryServer.getAttributeType(ATTR_BACKUP_UNSIGNED_HASH, true); attrList = new ArrayList<Attribute>(1); attrList.add(Attributes.create(t, AttributeValues.create(t, ByteString.wrap(unsignedHash)))); userAttrs.put(t, attrList); } HashMap<String, String> properties = backupInfo.getBackupProperties(); if (properties != null && !properties.isEmpty()) { for (Map.Entry<String, String> e : properties.entrySet()) { t = DirectoryServer.getAttributeType(toLowerCase(e.getKey()), true); attrList = new ArrayList<Attribute>(1); attrList.add(Attributes.create(t, AttributeValues.create(t, e.getValue()))); userAttrs.put(t, attrList); } } Entry e = new Entry(entryDN, ocMap, userAttrs, opAttrs); e.processVirtualAttributes(); return e; }
/** {@inheritDoc} */ @Override public long numSubordinates(DN entryDN, boolean subtree) throws DirectoryException { // If the requested entry was null, then return undefined. if (entryDN == null) { return -1; } // If the requested entry was the backend base entry, then return // the number of backup directories. if (backupBaseDN.equals(entryDN)) { long count = 0; for (File f : backupDirectories) { // Check to see if the descriptor file exists. If not, then skip this // backup directory. File descriptorFile = new File(f, BACKUP_DIRECTORY_DESCRIPTOR_FILE); if (!descriptorFile.exists()) { continue; } // If subtree is included, count the number of entries for each // backup directory. if (subtree) { try { BackupDirectory backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(f.getPath()); count += backupDirectory.getBackups().keySet().size(); } catch (Exception e) { return -1; } } count++; } return count; } // See if the requested entry was one level below the backend base entry. // If so, then it must point to a backup directory. Otherwise, it must be // two levels below the backup base entry and must point to a specific // backup. DN parentDN = entryDN.getParentDNInSuffix(); if (parentDN == null) { return -1; } else if (backupBaseDN.equals(parentDN)) { long count = 0; Entry backupDirEntry = getBackupDirectoryEntry(entryDN); AttributeType t = DirectoryServer.getAttributeType(ATTR_BACKUP_DIRECTORY_PATH, true); List<Attribute> attrList = backupDirEntry.getAttribute(t); if (attrList != null && !attrList.isEmpty()) { for (AttributeValue v : attrList.get(0)) { try { BackupDirectory backupDirectory = BackupDirectory.readBackupDirectoryDescriptor(v.getValue().toString()); count += backupDirectory.getBackups().keySet().size(); } catch (Exception e) { return -1; } } } return count; } else if (backupBaseDN.equals(parentDN.getParentDNInSuffix())) { return 0; } else { return -1; } }
@Test(enabled = true) public void testValidRequest() throws Exception { final CryptoManagerImpl cm = DirectoryServer.getCryptoManager(); final String secretMessage = "zyxwvutsrqponmlkjihgfedcba"; final String cipherTransformationName = "AES/CBC/PKCS5Padding"; final int cipherKeyLength = 128; CryptoManagerImpl.publishInstanceKeyEntryInADS(); // Initial encryption ensures a cipher key entry is in ADS. cm.encrypt(cipherTransformationName, cipherKeyLength, secretMessage.getBytes()); // Retrieve all uncompromised cipher key entries corresponding to the // specified transformation and key length. final String baseDNStr // TODO: is this DN defined elsewhere as a constant? = "cn=secret keys," + ADSContext.getAdministrationSuffixDN(); final DN baseDN = DN.decode(baseDNStr); final String FILTER_OC_INSTANCE_KEY = new StringBuilder("(objectclass=") .append(ConfigConstants.OC_CRYPTO_CIPHER_KEY) .append(")") .toString(); final String FILTER_NOT_COMPROMISED = new StringBuilder("(!(") .append(ConfigConstants.ATTR_CRYPTO_KEY_COMPROMISED_TIME) .append("=*))") .toString(); final String FILTER_CIPHER_TRANSFORMATION_NAME = new StringBuilder("(") .append(ConfigConstants.ATTR_CRYPTO_CIPHER_TRANSFORMATION_NAME) .append("=") .append(cipherTransformationName) .append(")") .toString(); final String FILTER_CIPHER_KEY_LENGTH = new StringBuilder("(") .append(ConfigConstants.ATTR_CRYPTO_KEY_LENGTH_BITS) .append("=") .append(String.valueOf(cipherKeyLength)) .append(")") .toString(); final String searchFilter = new StringBuilder("(&") .append(FILTER_OC_INSTANCE_KEY) .append(FILTER_NOT_COMPROMISED) .append(FILTER_CIPHER_TRANSFORMATION_NAME) .append(FILTER_CIPHER_KEY_LENGTH) .append(")") .toString(); final LinkedHashSet<String> requestedAttributes = new LinkedHashSet<String>(); requestedAttributes.add(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY); final InternalClientConnection icc = InternalClientConnection.getRootConnection(); InternalSearchOperation searchOp = icc.processSearch( baseDN, SearchScope.SINGLE_LEVEL, DereferencePolicy.NEVER_DEREF_ALIASES, /* size limit */ 0, /* time limit */ 0, /* types only */ false, SearchFilter.createFilterFromString(searchFilter), requestedAttributes); assertTrue(0 < searchOp.getSearchEntries().size()); final InternalClientConnection internalConnection = InternalClientConnection.getRootConnection(); final String instanceKeyID = cm.getInstanceKeyID(); final AttributeType attrSymmetricKey = DirectoryServer.getAttributeType(ConfigConstants.ATTR_CRYPTO_SYMMETRIC_KEY); for (Entry e : searchOp.getSearchEntries()) { final String symmetricKeyAttributeValue = e.getAttributeValue(attrSymmetricKey, DirectoryStringSyntax.DECODER); final ByteString requestValue = GetSymmetricKeyExtendedOperation.encodeRequestValue( symmetricKeyAttributeValue, instanceKeyID); final ExtendedOperation extendedOperation = internalConnection.processExtendedOperation( ServerConstants.OID_GET_SYMMETRIC_KEY_EXTENDED_OP, requestValue); assertEquals(extendedOperation.getResultCode(), ResultCode.SUCCESS); // The key should be re-wrapped, and hence have a different binary // representation.... final String responseValue = extendedOperation.getResponseValue().toString(); assertFalse(symmetricKeyAttributeValue.equals(responseValue)); // ... but the keyIDs should be equal (ideally, the validity of // the returned value would be checked by decoding the // returned ds-cfg-symmetric-key attribute value; however, there // is no non-private method to call. assertEquals(responseValue.split(":")[0], symmetricKeyAttributeValue.split(":")[0]); } }
/** * Attempt to read multiple changes. * * @throws Exception If the test failed unexpectedly. */ @Test(dependsOnMethods = {"testChangeRecordEmptyStream"}) public void testReadChangeMultiple() throws Exception { LDIFReader reader = createLDIFReader(VALID_LDIF); try { ChangeRecordEntry change; AddChangeRecordEntry add; DeleteChangeRecordEntry delete; ModifyChangeRecordEntry modify; ModifyDNChangeRecordEntry modifyDN; DN dn; RDN rdn; Iterator<RawModification> i; Modification mod; Attribute attr; // Change record #1. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof AddChangeRecordEntry); add = (AddChangeRecordEntry) change; dn = DN.decode("cn=Fiona Jensen, ou=Marketing, dc=airius, dc=com"); Assert.assertEquals(add.getDN(), dn); List<Attribute> attrs = new ArrayList<Attribute>(); AttributeBuilder builder = new AttributeBuilder(AT_OC, "objectclass"); builder.add(AttributeValues.create(AT_OC, "top")); builder.add(AttributeValues.create(AT_OC, "person")); builder.add(AttributeValues.create(AT_OC, "organizationalPerson")); attrs.add(builder.toAttribute()); attrs.add(Attributes.create("cn", "Fiona Jensen")); attrs.add(Attributes.create("sn", "Jensen")); attrs.add(Attributes.create("uid", "fiona")); attrs.add(Attributes.create("telephonenumber", "+1 408 555 1212")); Assert.assertTrue(add.getAttributes().containsAll(attrs)); // Change record #2. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof DeleteChangeRecordEntry); delete = (DeleteChangeRecordEntry) change; dn = DN.decode("cn=Robert Jensen, ou=Marketing, dc=airius, dc=com"); Assert.assertEquals(delete.getDN(), dn); // Change record #3. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyDNChangeRecordEntry); modifyDN = (ModifyDNChangeRecordEntry) change; dn = DN.decode("cn=Paul Jensen, ou=Product Development, dc=airius, dc=com"); Assert.assertEquals(modifyDN.getDN(), dn); rdn = RDN.decode("cn=paula jensen"); Assert.assertEquals(modifyDN.getNewRDN(), rdn); Assert.assertNull(modifyDN.getNewSuperiorDN()); Assert.assertTrue(modifyDN.deleteOldRDN()); // Change record #4. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyDNChangeRecordEntry); modifyDN = (ModifyDNChangeRecordEntry) change; dn = DN.decode("ou=PD Accountants, ou=Product Development, dc=airius, dc=com"); Assert.assertEquals(modifyDN.getDN(), dn); rdn = RDN.decode("ou=Product Development Accountants"); Assert.assertEquals(modifyDN.getNewRDN(), rdn); dn = DN.decode("ou=Accounting, dc=airius, dc=com"); Assert.assertEquals(modifyDN.getNewSuperiorDN(), dn); Assert.assertFalse(modifyDN.deleteOldRDN()); // Change record #5. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyChangeRecordEntry); modify = (ModifyChangeRecordEntry) change; dn = DN.decode("cn=Paula Jensen, ou=Product Development, dc=airius, dc=com"); Assert.assertEquals(modify.getDN(), dn); i = modify.getModifications().iterator(); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.ADD); attr = Attributes.create("postaladdress", "123 Anystreet $ Sunnyvale, CA $ 94086"); Assert.assertEquals(mod.getAttribute(), attr); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE); attr = Attributes.empty(AT_DESCR); Assert.assertEquals(mod.getAttribute(), attr); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.REPLACE); builder = new AttributeBuilder(AT_TELN, "telephonenumber"); builder.add(AttributeValues.create(AT_TELN, "+1 408 555 1234")); builder.add(AttributeValues.create(AT_TELN, "+1 408 555 5678")); Assert.assertEquals(mod.getAttribute(), builder.toAttribute()); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE); attr = Attributes.create("facsimiletelephonenumber", "+1 408 555 9876"); Assert.assertEquals(mod.getAttribute(), attr); Assert.assertFalse(i.hasNext()); // Change record #6. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyChangeRecordEntry); modify = (ModifyChangeRecordEntry) change; dn = DN.decode("cn=Ingrid Jensen, ou=Product Support, dc=airius, dc=com"); Assert.assertEquals(modify.getDN(), dn); i = modify.getModifications().iterator(); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.REPLACE); attr = Attributes.empty(DirectoryServer.getAttributeType("postaladdress")); Assert.assertEquals(mod.getAttribute(), attr); // Change record #7. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyChangeRecordEntry); modify = (ModifyChangeRecordEntry) change; Assert.assertTrue(modify.getDN().isNullDN()); i = modify.getModifications().iterator(); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE); attr = Attributes.empty(AT_DESCR); Assert.assertEquals(mod.getAttribute(), attr); // Change record #8. change = reader.readChangeRecord(false); Assert.assertTrue(change instanceof ModifyChangeRecordEntry); modify = (ModifyChangeRecordEntry) change; dn = DN.decode("uid=rogasawara, ou=\u55b6\u696d\u90e8, o=airius"); Assert.assertEquals(modify.getDN(), dn); i = modify.getModifications().iterator(); Assert.assertTrue(i.hasNext()); mod = i.next().toModification(); Assert.assertEquals(mod.getModificationType(), ModificationType.DELETE); attr = Attributes.empty(AT_DESCR); Assert.assertEquals(mod.getAttribute(), attr); Assert.assertFalse(i.hasNext()); // Check final state. Assert.assertNull(reader.readChangeRecord(false)); Assert.assertEquals(reader.getEntriesIgnored(), 0); Assert.assertEquals(reader.getEntriesRead(), 0); Assert.assertEquals(reader.getEntriesRejected(), 0); Assert.assertEquals(reader.getLastEntryLineNumber(), 72); } finally { reader.close(); } }