external-software/github_OpenIdentityPlatform_OpenDJ.git

New file
			@@ -0,0 +1,359 @@
			/*
			* CDDL HEADER START
			*
			* The contents of this file are subject to the terms of the
			* Common Development and Distribution License, Version 1.0 only
			* (the "License"). You may not use this file except in compliance
			* with the License.
			*
			* You can obtain a copy of the license at
			* trunk/opends/resource/legal-notices/OpenDS.LICENSE
			* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
			* See the License for the specific language governing permissions
			* and limitations under the License.
			*
			* When distributing Covered Code, include this CDDL HEADER in each
			* file and include the License file at
			* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
			* add the following below this CDDL HEADER, with the fields enclosed
			* by brackets "[]" replaced with your own identifying information:
			* Portions Copyright [yyyy] [name of copyright owner]
			*
			* CDDL HEADER END
			*
			*
			* Copyright 2011 ForgeRock AS.
			*/
			package org.opends.server.api;



			import static org.testng.Assert.assertEquals;
			import static org.testng.Assert.assertFalse;
			import static org.testng.Assert.assertTrue;

			import org.opends.server.TestCaseUtils;
			import org.opends.server.core.BindOperation;
			import org.opends.server.core.DirectoryServer;
			import org.opends.server.protocols.internal.InternalClientConnection;
			import org.opends.server.types.*;
			import org.testng.annotations.BeforeClass;
			import org.testng.annotations.Test;



			/**
			* Test authentication policy interaction.
			*/
			public class AuthenticationPolicyTestCase extends APITestCase
			{

			/**
			* A mock policy which records which methods have been called and their
			* parameters.
			*/
			private final class MockPolicy extends AuthenticationPolicy
			{
			private boolean isPolicyFinalized = false;

			private boolean isStateFinalized = false;

			private final boolean matches;

			private ByteString matchedPassword = null;



			/**
			* Returns {@code true} if {@code finalizeAuthenticationPolicy} was called.
			*
			* @return {@code true} if {@code finalizeAuthenticationPolicy} was called.
			*/
			public boolean isPolicyFinalized()
			{
			return isPolicyFinalized;
			}



			/**
			* Returns {@code true} if {@code finalizeStateAfterBind} was called.
			*
			* @return {@code true} if {@code finalizeStateAfterBind} was called.
			*/
			public boolean isStateFinalized()
			{
			return isStateFinalized;
			}



			/**
			* Returns the password which was tested.
			*
			* @return The password which was tested.
			*/
			public String getMatchedPassword()
			{
			return matchedPassword.toString();
			}



			/**
			* Creates a new mock policy.
			*
			* @param matches
			* The result to always return from {@code passwordMatches}.
			*/
			public MockPolicy(boolean matches)
			{
			this.matches = matches;
			}



			/**
			* {@inheritDoc}
			*/
			public DN getDN()
			{
			return policyDN;
			}



			/**
			* {@inheritDoc}
			*/
			public AuthenticationPolicyState createAuthenticationPolicyState(
			Entry userEntry, long time) throws DirectoryException
			{
			return new AuthenticationPolicyState()
			{

			/**
			* {@inheritDoc}
			*/
			public boolean passwordMatches(ByteString password)
			throws DirectoryException
			{
			matchedPassword = password;
			return matches;
			}



			/**
			* {@inheritDoc}
			*/
			public void finalizeStateAfterBind() throws DirectoryException
			{
			isStateFinalized = true;
			}



			/**
			* {@inheritDoc}
			*/
			public AuthenticationPolicy getAuthenticationPolicy()
			{
			return MockPolicy.this;
			}
			};
			}



			/**
			* {@inheritDoc}
			*/
			public void finalizeAuthenticationPolicy()
			{
			isPolicyFinalized = true;
			}

			}



			private final String policyDNString = "cn=test policy,o=test";
			private final String userDNString = "cn=test user,o=test";
			private DN policyDN;



			/**
			* Ensures that the Directory Server is running and creates a test backend
			* containing a single test user.
			*
			* @throws Exception
			* If an unexpected problem occurs.
			*/
			@BeforeClass()
			public void beforeClass() throws Exception
			{
			TestCaseUtils.startServer();

			policyDN = DN.decode(policyDNString);
			}



			/**
			* Test simple authentication where password validation succeeds.
			*
			* @throws Exception
			* If an unexpected exception occurred.
			*/
			@Test
			public void testSimpleBindAllowed() throws Exception
			{
			testSimpleBind(true);
			}



			/**
			* Test simple authentication where password validation fails.
			*
			* @throws Exception
			* If an unexpected exception occurred.
			*/
			@Test
			public void testSimpleBindRefused() throws Exception
			{
			testSimpleBind(false);
			}



			/**
			* Test simple authentication where password validation succeeds.
			*
			* @throws Exception
			* If an unexpected exception occurred.
			*/
			@Test
			public void testSASLPLAINBindAllowed() throws Exception
			{
			testSASLPLAINBind(true);
			}



			/**
			* Test simple authentication where password validation fails.
			*
			* @throws Exception
			* If an unexpected exception occurred.
			*/
			@Test
			public void testSASLPLAINBindRefused() throws Exception
			{
			testSASLPLAINBind(false);
			}



			private void testSimpleBind(boolean allow) throws Exception
			{
			MockPolicy policy = new MockPolicy(allow);
			DirectoryServer.registerAuthenticationPolicy(policyDN, policy);
			try
			{
			// Create an empty test backend 'o=test'
			TestCaseUtils.initializeTestBackend(true);

			/*
			* The test user which who will be authenticated.
			*/
			TestCaseUtils.addEntries(
			/* @formatter:off */
			"dn: " + userDNString,
			"objectClass: top",
			"objectClass: person",
			"ds-pwp-password-policy-dn: " + policyDNString,
			"userPassword: password",
			"sn: user",
			"cn: test user"
			/* @formatter:on */
			);

			// Perform the simple bind.
			InternalClientConnection conn = InternalClientConnection
			.getRootConnection();
			BindOperation bind = conn.processSimpleBind(userDNString, "password");

			// Check authentication result.
			assertEquals(bind.getResultCode(), allow ? ResultCode.SUCCESS
			: ResultCode.INVALID_CREDENTIALS);

			// Verify interaction with the policy/state.
			assertTrue(policy.isStateFinalized());
			assertFalse(policy.isPolicyFinalized());
			assertEquals(policy.getMatchedPassword(), "password");
			}
			finally
			{
			DirectoryServer.deregisterAuthenticationPolicy(policyDN);
			assertTrue(policy.isPolicyFinalized());
			}
			}



			private void testSASLPLAINBind(boolean allow) throws Exception
			{
			MockPolicy policy = new MockPolicy(allow);
			DirectoryServer.registerAuthenticationPolicy(policyDN, policy);
			try
			{
			// Create an empty test backend 'o=test'
			TestCaseUtils.initializeTestBackend(true);

			/*
			* The test user which who will be authenticated.
			*/
			TestCaseUtils.addEntries(
			/* @formatter:off */
			"dn: " + userDNString,
			"objectClass: top",
			"objectClass: person",
			"ds-pwp-password-policy-dn: " + policyDNString,
			"userPassword: password",
			"sn: user",
			"cn: test user"
			/* @formatter:on */
			);

			// Perform the simple bind.
			InternalClientConnection conn = InternalClientConnection
			.getRootConnection();

			ByteStringBuilder credentials = new ByteStringBuilder();
			credentials.append((byte) 0);
			credentials.append("dn:" + userDNString);
			credentials.append((byte) 0);
			credentials.append("password");

			BindOperation bind = conn.processSASLBind(DN.nullDN(), "PLAIN",
			credentials.toByteString());

			// Check authentication result.
			assertEquals(bind.getResultCode(), allow ? ResultCode.SUCCESS
			: ResultCode.INVALID_CREDENTIALS);

			// Verify interaction with the policy/state.
			assertTrue(policy.isStateFinalized());
			assertFalse(policy.isPolicyFinalized());
			assertEquals(policy.getMatchedPassword(), "password");
			}
			finally
			{
			DirectoryServer.deregisterAuthenticationPolicy(policyDN);
			assertTrue(policy.isPolicyFinalized());
			}
			}
			}