/*
|
* CDDL HEADER START
|
*
|
* The contents of this file are subject to the terms of the
|
* Common Development and Distribution License, Version 1.0 only
|
* (the "License"). You may not use this file except in compliance
|
* with the License.
|
*
|
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
* or http://forgerock.org/license/CDDLv1.0.html.
|
* See the License for the specific language governing permissions
|
* and limitations under the License.
|
*
|
* When distributing Covered Code, include this CDDL HEADER in each
|
* file and include the License file at legal-notices/CDDLv1_0.txt.
|
* If applicable, add the following below this CDDL HEADER, with the
|
* fields enclosed by brackets "[]" replaced with your own identifying
|
* information:
|
* Portions Copyright [yyyy] [name of copyright owner]
|
*
|
* CDDL HEADER END
|
*
|
*
|
* Copyright 2006-2009 Sun Microsystems, Inc.
|
* Portions Copyright 2012-2016 ForgeRock AS.
|
*/
|
package org.opends.server.protocols.ldap;
|
|
import static org.opends.server.config.ConfigConstants.*;
|
import static org.testng.Assert.*;
|
|
import java.util.Collection;
|
import java.util.LinkedList;
|
import java.util.List;
|
import java.util.Map;
|
|
import org.forgerock.i18n.LocalizableMessage;
|
import org.opends.server.TestCaseUtils;
|
import org.opends.server.admin.std.server.LDAPConnectionHandlerCfg;
|
import org.opends.server.api.ClientConnection;
|
import org.forgerock.opendj.config.server.ConfigException;
|
import org.opends.server.core.DirectoryServer;
|
import org.opends.server.types.Attribute;
|
import org.forgerock.opendj.ldap.schema.AttributeType;
|
import org.opends.server.types.Attributes;
|
import org.opends.server.types.DN;
|
import org.opends.server.types.Entry;
|
import org.opends.server.types.SSLClientAuthPolicy;
|
import org.testng.annotations.BeforeClass;
|
import org.testng.annotations.Test;
|
|
@SuppressWarnings("javadoc")
|
public class TestLDAPConnectionHandler extends LdapTestCase {
|
|
private static LocalizableMessage reasonMsg= LocalizableMessage.raw("Don't need a reason.");
|
|
/**
|
* Once-only initialization.
|
*
|
* @throws Exception
|
* If an unexpected error occurred.
|
*/
|
@BeforeClass
|
public void setUp() throws Exception {
|
// This test suite depends on having the schema available, so we'll
|
// start the server.
|
TestCaseUtils.startServer();
|
}
|
|
/**
|
* Creates two handlers, one which is SSL type. Then change some values via the setter
|
* methods.
|
*
|
* @throws Exception if the handler cannot be instantiated.
|
*/
|
@Test
|
public void testLDAPConnectionHandler() throws Exception {
|
Entry LDAPHandlerEntry=null;
|
|
LDAPHandlerEntry=TestCaseUtils.makeEntry(
|
"dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config",
|
"objectClass: top",
|
"objectClass: ds-cfg-connection-handler",
|
"objectClass: ds-cfg-ldap-connection-handler",
|
"cn: LDAP Connection Handler",
|
"ds-cfg-java-class: org.opends.server.protocols.ldap.LDAPConnectionHandler",
|
"ds-cfg-enabled: true",
|
"ds-cfg-listen-address: 0.0.0.0",
|
"ds-cfg-accept-backlog: 128",
|
"ds-cfg-allow-ldap-v2: false",
|
"ds-cfg-keep-stats: false",
|
"ds-cfg-use-tcp-keep-alive: true",
|
"ds-cfg-use-tcp-no-delay: true",
|
"ds-cfg-allow-tcp-reuse-address: true",
|
"ds-cfg-send-rejection-notice: true",
|
"ds-cfg-max-request-size: 5 megabytes",
|
"ds-cfg-num-request-handlers: 2",
|
"ds-cfg-allow-start-tls: false",
|
"ds-cfg-use-ssl: false",
|
"ds-cfg-ssl-client-auth-policy: optional",
|
"ds-cfg-ssl-cert-nickname: server-cert",
|
"ds-cfg-key-manager-provider: cn=JKS,cn=Key Manager Providers,cn=config",
|
"ds-cfg-trust-manager-provider: cn=JKS,cn=Trust Manager Providers,cn=config");
|
LDAPConnectionHandler LDAPConnHandler=getLDAPHandlerInstance(LDAPHandlerEntry);
|
LDAPConnHandler.allowLDAPv2();
|
LDAPConnHandler.allowStartTLS();
|
LDAPConnHandler.keepStats();
|
LDAPConnHandler.toString(new StringBuilder());
|
LDAPConnHandler.toString();
|
LDAPStatistics tracker=LDAPConnHandler.getStatTracker();
|
Map<String,String> alerts = LDAPConnHandler.getAlerts();
|
String c=LDAPConnHandler.getClassName();
|
DN dn = LDAPConnHandler.getComponentEntryDN();
|
Collection<String> cips = LDAPConnHandler.getEnabledSSLCipherSuites();
|
Collection<String> protos = LDAPConnHandler.getEnabledSSLProtocols();
|
int maxReqSize = LDAPConnHandler.getMaxRequestSize();
|
String shutListName=LDAPConnHandler.getShutdownListenerName();
|
SSLClientAuthPolicy policy = LDAPConnHandler.getSSLClientAuthPolicy();
|
Collection<ClientConnection> cons=LDAPConnHandler.getClientConnections();
|
LDAPConnHandler.processServerShutdown(reasonMsg);
|
//Reset some things for the SSL handler
|
Attribute useSSL=Attributes.create(ATTR_USE_SSL, String.valueOf(false));
|
Attribute startTls=Attributes.create(ATTR_ALLOW_STARTTLS, String.valueOf(false));
|
LDAPHandlerEntry.removeAttribute(Attributes.empty(ATTR_LISTEN_PORT), null);
|
LDAPHandlerEntry.removeAttribute(useSSL, null);
|
LDAPHandlerEntry.removeAttribute(startTls, null);
|
Attribute useSSL1=Attributes.create(ATTR_USE_SSL, String.valueOf(true));
|
Attribute startTls1=Attributes.create(ATTR_ALLOW_STARTTLS, String.valueOf(false));
|
LDAPHandlerEntry.addAttribute(useSSL1,null);
|
LDAPHandlerEntry.addAttribute(startTls1,null);
|
LDAPConnectionHandler LDAPSConnHandler = getLDAPHandlerInstance(LDAPHandlerEntry);
|
LDAPSConnHandler.finalizeConnectionHandler(reasonMsg);
|
LDAPConnHandler.processServerShutdown(reasonMsg);
|
}
|
|
/**
|
* Start a handler an then give its hasAcceptableConfiguration a ConfigEntry with
|
* numerous invalid cases and single-valued attrs with duplicate values.
|
*
|
* @throws Exception if handler cannot be instantiated or the configuration is
|
* accepted.
|
*/
|
@Test(expectedExceptions = ConfigException.class)
|
public void testBadLDAPConnectionHandlerConfiguration() throws Exception
|
{
|
Entry BadHandlerEntry=TestCaseUtils.makeEntry(
|
"dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config",
|
"objectClass: top",
|
"objectClass: ds-cfg-connection-handler",
|
"objectClass: ds-cfg-ldap-connection-handler",
|
"cn: LDAP Connection Handler",
|
"ds-cfg-java-class: org.opends.server.protocols.ldap.LDAPConnectionHandler",
|
"ds-cfg-enabled: true",
|
"ds-cfg-listen-address: 0.0.0.0",
|
"ds-cfg-accept-backlog: 128",
|
"ds-cfg-allow-ldap-v2: false",
|
"ds-cfg-keep-stats: false",
|
"ds-cfg-use-tcp-keep-alive: true",
|
"ds-cfg-use-tcp-no-delay: true",
|
"ds-cfg-allow-tcp-reuse-address: true",
|
"ds-cfg-send-rejection-notice: true",
|
"ds-cfg-max-request-size: 5 megabytes",
|
"ds-cfg-num-request-handlers: 2",
|
"ds-cfg-allow-start-tls: false",
|
"ds-cfg-use-ssl: false",
|
"ds-cfg-ssl-client-auth-policy: optional",
|
"ds-cfg-ssl-cert-nickname: server-cert",
|
"ds-cfg-key-manager-provider: cn=JKS,cn=Key Manager Providers,cn=config",
|
"ds-cfg-trust-manager-provider: cn=JKS,cn=Trust Manager Providers,cn=config");
|
|
// Add some invalid attrs and some duplicate attrs
|
Attribute a2=Attributes.create(ATTR_LISTEN_PORT, String.valueOf(389));
|
Attribute a2a=Attributes.create(ATTR_LISTEN_PORT, String.valueOf(70000));
|
Attribute a3=Attributes.create(ATTR_LISTEN_ADDRESS, "localhost");
|
Attribute a3a=Attributes.create(ATTR_LISTEN_ADDRESS, "FAFASFSDFSADFASDFSDFSDAFAS");
|
Attribute a4=Attributes.create(ATTR_ACCEPT_BACKLOG, String.valueOf(Long.MAX_VALUE));
|
Attribute a5=Attributes.create(ATTR_ALLOWED_CLIENT, "129.800.990.45");
|
Attribute a6=Attributes.create(ATTR_DENIED_CLIENT, "129.");
|
Attribute a7=Attributes.create(ATTR_ALLOW_LDAPV2, "45");
|
Attribute a8=Attributes.create(ATTR_KEEP_LDAP_STATS, "45");
|
Attribute a9=Attributes.create(ATTR_SEND_REJECTION_NOTICE, "45");
|
Attribute a10=Attributes.create(ATTR_USE_TCP_KEEPALIVE, "45");
|
Attribute a11=Attributes.create(ATTR_USE_TCP_NODELAY, "45");
|
Attribute a12=Attributes.create(ATTR_ALLOW_REUSE_ADDRESS, "45");
|
Attribute a13=Attributes.create(ATTR_MAX_REQUEST_SIZE, "45 FLUBBERBYTES");
|
Attribute a14=Attributes.create(ATTR_USE_SSL, "45");
|
Attribute a15=Attributes.create(ATTR_ALLOW_STARTTLS, "45");
|
BadHandlerEntry.addAttribute(a2, null);
|
BadHandlerEntry.addAttribute(a3, null);
|
BadHandlerEntry.addAttribute(a2a, null);
|
BadHandlerEntry.addAttribute(a3a, null);
|
BadHandlerEntry.addAttribute(a4, null);
|
BadHandlerEntry.addAttribute(a5, null);
|
BadHandlerEntry.addAttribute(a6, null);
|
BadHandlerEntry.addAttribute(a7, null);
|
BadHandlerEntry.addAttribute(a8, null);
|
BadHandlerEntry.addAttribute(a9, null);
|
BadHandlerEntry.addAttribute(a10, null);
|
BadHandlerEntry.addAttribute(a11, null);
|
BadHandlerEntry.addAttribute(a12, null);
|
BadHandlerEntry.addAttribute(a13, null);
|
BadHandlerEntry.addAttribute(a14, null);
|
BadHandlerEntry.addAttribute(a15, null);
|
|
LdapTestCase.getConfiguration(BadHandlerEntry);
|
}
|
|
/**
|
* Create handler and then change most of its values and see if
|
* it is acceptable and applied.
|
* @throws Exception if handler cannot be instantiated.
|
*/
|
@Test
|
public void testGoodLDAPConnectionHandlerConfiguration() throws Exception
|
{
|
Entry GoodHandlerEntry=TestCaseUtils.makeEntry(
|
"dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config",
|
"objectClass: top",
|
"objectClass: ds-cfg-connection-handler",
|
"objectClass: ds-cfg-ldap-connection-handler",
|
"cn: LDAP Connection Handler",
|
"ds-cfg-java-class: org.opends.server.protocols.ldap.LDAPConnectionHandler",
|
"ds-cfg-enabled: true",
|
"ds-cfg-listen-address: 0.0.0.0",
|
"ds-cfg-accept-backlog: 128",
|
"ds-cfg-allow-ldap-v2: false",
|
"ds-cfg-keep-stats: false",
|
"ds-cfg-use-tcp-keep-alive: true",
|
"ds-cfg-use-tcp-no-delay: true",
|
"ds-cfg-allow-tcp-reuse-address: true",
|
"ds-cfg-send-rejection-notice: true",
|
"ds-cfg-max-request-size: 5 megabytes",
|
"ds-cfg-num-request-handlers: 2",
|
"ds-cfg-allow-start-tls: false",
|
"ds-cfg-use-ssl: true",
|
"ds-cfg-ssl-client-auth-policy: optional",
|
"ds-cfg-ssl-cert-nickname: server-cert",
|
"ds-cfg-key-manager-provider: cn=JKS,cn=Key Manager Providers,cn=config",
|
"ds-cfg-trust-manager-provider: cn=JKS,cn=Trust Manager Providers,cn=config");
|
LDAPConnectionHandler LDAPConnHandler=getLDAPHandlerInstance(GoodHandlerEntry);
|
//Make attrTypes to remove
|
AttributeType at0=DirectoryServer.getAttributeTypeOrDefault(ATTR_LISTEN_PORT);
|
// AttributeType at1=DirectoryServer.getAttributeType(ATTR_LISTEN_ADDRESS, true);
|
// Attribute rAttr1=new Attribute(at1);
|
// GoodHandlerEntry.removeAttribute(rAttr1, null);
|
AttributeType at2=DirectoryServer.getAttributeTypeOrDefault(ATTR_ALLOW_LDAPV2);
|
AttributeType at3=DirectoryServer.getAttributeTypeOrDefault(ATTR_ALLOW_LDAPV2);
|
AttributeType at4=DirectoryServer.getAttributeTypeOrDefault(ATTR_KEEP_LDAP_STATS);
|
AttributeType at5=DirectoryServer.getAttributeTypeOrDefault(ATTR_SEND_REJECTION_NOTICE);
|
AttributeType at6=DirectoryServer.getAttributeTypeOrDefault(ATTR_USE_TCP_KEEPALIVE);
|
AttributeType at7=DirectoryServer.getAttributeTypeOrDefault(ATTR_USE_TCP_NODELAY);
|
AttributeType at8=DirectoryServer.getAttributeTypeOrDefault(ATTR_ALLOW_REUSE_ADDRESS);
|
AttributeType at9=DirectoryServer.getAttributeTypeOrDefault(ATTR_USE_SSL);
|
AttributeType at10=DirectoryServer.getAttributeTypeOrDefault(ATTR_ALLOW_STARTTLS);
|
AttributeType at11=DirectoryServer.getAttributeTypeOrDefault(ATTR_MAX_REQUEST_SIZE);
|
AttributeType at12=DirectoryServer.getAttributeTypeOrDefault(ATTR_ACCEPT_BACKLOG);
|
//Remove them
|
Attribute rAttr0=Attributes.empty(at0);
|
GoodHandlerEntry.removeAttribute(rAttr0, null);
|
|
Attribute rAttr2=Attributes.empty(at2);
|
GoodHandlerEntry.removeAttribute(rAttr2, null);
|
Attribute rAttr3=Attributes.empty(at3);
|
GoodHandlerEntry.removeAttribute(rAttr3, null);
|
Attribute rAttr4=Attributes.empty(at4);
|
GoodHandlerEntry.removeAttribute(rAttr4, null);
|
Attribute rAttr5=Attributes.empty(at5);
|
GoodHandlerEntry.removeAttribute(rAttr5, null);
|
Attribute rAttr6=Attributes.empty(at6);
|
GoodHandlerEntry.removeAttribute(rAttr6, null);
|
Attribute rAttr7=Attributes.empty(at7);
|
GoodHandlerEntry.removeAttribute(rAttr7, null);
|
Attribute rAttr8=Attributes.empty(at8);
|
Attribute rAttr9=Attributes.empty(at9);
|
Attribute rAttr10=Attributes.empty(at10);
|
Attribute rAttr11=Attributes.empty(at11);
|
Attribute rAttr12=Attributes.empty(at12);
|
GoodHandlerEntry.removeAttribute(rAttr8, null);
|
GoodHandlerEntry.removeAttribute(rAttr9, null);
|
GoodHandlerEntry.removeAttribute(rAttr10, null);
|
GoodHandlerEntry.removeAttribute(rAttr11, null);
|
GoodHandlerEntry.removeAttribute(rAttr12, null);
|
//Make new AttrTypes with different values
|
long newPort = TestCaseUtils.findFreePort();
|
Attribute a2=Attributes.create(ATTR_LISTEN_PORT, String.valueOf(newPort));
|
//uncomment if want to test listen address
|
// Attribute a3=new Attribute(ATTR_LISTEN_ADDRESS, "localhost");
|
Attribute a4=Attributes.create(ATTR_ACCEPT_BACKLOG, String.valueOf(25));
|
Attribute a5=Attributes.create(ATTR_ALLOWED_CLIENT, "129.56.56.45");
|
Attribute a6=Attributes.create(ATTR_DENIED_CLIENT, "129.*.*.90");
|
Attribute a7=Attributes.create(ATTR_ALLOW_LDAPV2, "true");
|
Attribute a8=Attributes.create(ATTR_KEEP_LDAP_STATS, "true");
|
Attribute a9=Attributes.create(ATTR_SEND_REJECTION_NOTICE, "false");
|
Attribute a10=Attributes.create(ATTR_USE_TCP_KEEPALIVE, "false");
|
Attribute a11=Attributes.create(ATTR_USE_TCP_NODELAY, "false");
|
Attribute a12=Attributes.create(ATTR_ALLOW_REUSE_ADDRESS, "false");
|
Attribute a13=Attributes.create(ATTR_MAX_REQUEST_SIZE, "45 kb");
|
Attribute a14=Attributes.create(ATTR_USE_SSL, "false");
|
Attribute a15=Attributes.create(ATTR_ALLOW_STARTTLS, "true");
|
//Add them
|
GoodHandlerEntry.addAttribute(a2, null);
|
// GoodHandlerEntry.addAttribute(a3, null);
|
GoodHandlerEntry.addAttribute(a4, null);
|
GoodHandlerEntry.addAttribute(a5, null);
|
GoodHandlerEntry.addAttribute(a6, null);
|
GoodHandlerEntry.addAttribute(a7, null);
|
GoodHandlerEntry.addAttribute(a8, null);
|
GoodHandlerEntry.addAttribute(a9, null);
|
GoodHandlerEntry.addAttribute(a10, null);
|
GoodHandlerEntry.addAttribute(a11, null);
|
GoodHandlerEntry.addAttribute(a12, null);
|
GoodHandlerEntry.addAttribute(a13, null);
|
GoodHandlerEntry.addAttribute(a14, null);
|
GoodHandlerEntry.addAttribute(a15, null);
|
List<LocalizableMessage> reasons = new LinkedList<>();
|
LDAPConnectionHandlerCfg config = LdapTestCase.getConfiguration(GoodHandlerEntry);
|
//see if we're ok
|
boolean ret=LDAPConnHandler.isConfigurationChangeAcceptable(config, reasons);
|
assertTrue(ret);
|
//apply it
|
LDAPConnHandler.applyConfigurationChange(config);
|
LDAPConnHandler.finalizeConnectionHandler(reasonMsg);
|
}
|
}
|
