/*
|
* The contents of this file are subject to the terms of the Common Development and
|
* Distribution License (the License). You may not use this file except in compliance with the
|
* License.
|
*
|
* You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
|
* specific language governing permission and limitations under the License.
|
*
|
* When distributing Covered Software, include this CDDL Header Notice in each file and include
|
* the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
|
* Header, with the fields enclosed by brackets [] replaced by your own identifying
|
* information: "Portions Copyright [year] [name of copyright owner]".
|
*
|
* Copyright 2008 Sun Microsystems, Inc.
|
* Portions Copyright 2014-2016 ForgeRock AS.
|
*/
|
package org.opends.server.plugins;
|
|
|
|
import org.testng.annotations.BeforeClass;
|
import org.testng.annotations.Test;
|
|
import org.opends.server.TestCaseUtils;
|
import org.forgerock.opendj.ldap.ResultCode;
|
import com.forgerock.opendj.ldap.tools.LDAPModify;
|
|
import static org.testng.Assert.*;
|
|
|
|
/**
|
* This class defines a set of tests for the
|
* org.opends.server.plugins.SevenBitCleanPlugin class.
|
*/
|
public class SevenBitCleanPluginTestCase
|
extends PluginTestCase
|
{
|
/**
|
* The base64-encoded value that will be used as the password for entries that
|
* are not 7-bit clean.
|
*/
|
public static final String BASE64_DIRTY_PASSWORD = "cORzc3f2cmQ=";
|
|
|
|
/**
|
* Ensures that the Directory Server is running.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@BeforeClass
|
public void startServer()
|
throws Exception
|
{
|
TestCaseUtils.startServer();
|
}
|
|
|
|
/**
|
* Tests to ensure that it is possible to add a clean entry when the plugin
|
* is disabled.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testAddCleanAllowedDisabled()
|
throws Exception
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: add",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword: password");
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), 0);
|
}
|
|
|
|
/**
|
* Tests to ensure that it is possible to add a dirty entry when the plugin
|
* is disabled.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testAddDirtyAllowedDisabled()
|
throws Exception
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: add",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword:: " + BASE64_DIRTY_PASSWORD);
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), 0);
|
}
|
|
|
|
/**
|
* Tests to ensure that it is possible to add a clean entry when the plugin
|
* is enabled.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testAddCleanAllowedEnabled()
|
throws Exception
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:true");
|
|
try
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: add",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword: password");
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), 0);
|
}
|
finally
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:false");
|
}
|
}
|
|
|
|
/**
|
* Tests to ensure that it is not possible to add a dirty entry when the
|
* plugin is enabled.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testAddDirtyRejectedEnabled()
|
throws Exception
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:true");
|
|
try
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: add",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword:: " + BASE64_DIRTY_PASSWORD);
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), ResultCode.CONSTRAINT_VIOLATION.intValue());
|
}
|
finally
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:false");
|
}
|
}
|
|
|
|
/**
|
* Tests to ensure that it is not possible to add a dirty entry when the
|
* plugin is enabled but the entry being added is outside of the scope of the
|
* plugin.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testAddDirtyAcceptedEnabledOutsideScope()
|
throws Exception
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:true",
|
"--set", "base-dn:dc=example,dc=com");
|
|
try
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: add",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword:: " + BASE64_DIRTY_PASSWORD);
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), 0);
|
}
|
finally
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:false",
|
"--remove", "base-dn:dc=example,dc=com");
|
}
|
}
|
|
|
|
/**
|
* Tests to ensure that it is possible to modify an entry to have a dirty
|
* password value with the plugin disabled.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testModifyDirtyAllowedDisabled()
|
throws Exception
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
TestCaseUtils.addEntry(
|
"dn: uid=test.user,o=test",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword: password");
|
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: modify",
|
"replace: userPassword",
|
"userPassword:: " + BASE64_DIRTY_PASSWORD);
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), 0);
|
}
|
|
|
|
/**
|
* Tests to ensure that it is not possible to modify an entry to have a dirty
|
* password value with the plugin enabled.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testModifyDirtyRejectedEnabled()
|
throws Exception
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:true");
|
|
try
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
TestCaseUtils.addEntry(
|
"dn: uid=test.user,o=test",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword: password");
|
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: modify",
|
"replace: userPassword",
|
"userPassword:: " + BASE64_DIRTY_PASSWORD);
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), ResultCode.CONSTRAINT_VIOLATION.intValue());
|
}
|
finally
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:false");
|
}
|
}
|
|
|
|
/**
|
* Tests to ensure that it is possible to modify an entry containing a dirty
|
* password value when changing that value to be clean.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testModifyDirtyToCleanAllowedEnabled()
|
throws Exception
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
TestCaseUtils.addEntry(
|
"dn: uid=test.user,o=test",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword:: " + BASE64_DIRTY_PASSWORD);
|
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:true");
|
|
try
|
{
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: modify",
|
"replace: userPassword",
|
"userPassword: clean");
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), 0);
|
}
|
finally
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:false");
|
}
|
}
|
|
|
|
/**
|
* Tests to ensure that it is possible to modify an entry containing a dirty
|
* password in order to remove that value.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testModifyRemoveDirtyValueAllowedEnabled()
|
throws Exception
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
TestCaseUtils.addEntry(
|
"dn: uid=test.user,o=test",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword:: " + BASE64_DIRTY_PASSWORD);
|
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:true");
|
|
try
|
{
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: modify",
|
"delete: userPassword",
|
"userPassword:: " + BASE64_DIRTY_PASSWORD);
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), 0);
|
}
|
finally
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:false");
|
}
|
}
|
|
|
|
/**
|
* Tests to ensure that it is possible to perform a modify DN operation to
|
* provide a dirty new RDN with the plugin disabled.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testModifyDNDirtyAllowedDisabled()
|
throws Exception
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
TestCaseUtils.addEntry(
|
"dn: uid=test.user,o=test",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword: password");
|
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: modrdn",
|
"newrdn: uid=Lu\\C4\\8Di\\C4\\87",
|
"deleteoldrdn: 1");
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), 0);
|
}
|
|
|
|
/**
|
* Tests to ensure that it is not possible to perform a modify DN operation to
|
* provide a dirty new RDN with the plugin enabled.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testModifyDNDirtyRejectedEnabled()
|
throws Exception
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:true");
|
|
try
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
TestCaseUtils.addEntry(
|
"dn: uid=test.user,o=test",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
"uid: test.user",
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword: password");
|
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=test.user,o=test",
|
"changetype: modrdn",
|
"newrdn: uid=Lu\\C4\\8Di\\C4\\87",
|
"deleteoldrdn: 1");
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), ResultCode.CONSTRAINT_VIOLATION.intValue());
|
}
|
finally
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:false");
|
}
|
}
|
|
|
|
/**
|
* Tests to ensure that it is possible to perform a modify DN operation to
|
* provide a clean new RDN for a dirty entry with the plugin enabled.
|
*
|
* @throws Exception If an unexpected problem occurs.
|
*/
|
@Test
|
public void testModifyDNDirtyToCleanAllowedEnabled()
|
throws Exception
|
{
|
TestCaseUtils.initializeTestBackend(true);
|
|
TestCaseUtils.addEntry(
|
"dn: uid=Lu\\C4\\8Di\\C4\\87,o=test",
|
"objectClass: top",
|
"objectClass: person",
|
"objectClass: organizationalPerson",
|
"objectClass: inetOrgPerson",
|
//"uid:: " + BASE64_DIRTY_PASSWORD,
|
"givenName: Test",
|
"sn: User",
|
"cn: Test User",
|
"mail: test.user@example.com",
|
"userPassword: password");
|
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:true");
|
|
try
|
{
|
String path = TestCaseUtils.createTempFile(
|
"dn: uid=Lu\\C4\\8Di\\C4\\87,o=test",
|
"changetype: modrdn",
|
"newrdn: uid=test.user",
|
"deleteoldrdn: 1");
|
|
String[] args =
|
{
|
"-h", "127.0.0.1",
|
"-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
|
"-D", "cn=Directory Manager",
|
"-w", "password",
|
"-f", path
|
};
|
|
assertEquals(LDAPModify.run(System.out, System.err, args), 0);
|
}
|
finally
|
{
|
TestCaseUtils.dsconfig(
|
"set-plugin-prop",
|
"--plugin-name", "7-Bit Clean",
|
"--set", "enabled:false");
|
}
|
}
|
}
|
