From 5d7b963f8ff7a25251f9ee0fb960bed0596256ab Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Thu, 25 Jul 2013 15:09:22 +0000
Subject: [PATCH] PrivilegeTestCase.java: Refactored code to remove duplication.
---
opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java | 444 ++++++++++++++----------------------------------------
1 files changed, 119 insertions(+), 325 deletions(-)
diff --git a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java
index a03a7b1..fbd5346 100644
--- a/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java
+++ b/opendj-sdk/opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java
@@ -27,24 +27,17 @@
*/
package org.opends.server.types;
-
-
-import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertFalse;
-import static org.testng.Assert.assertNotNull;
-import static org.testng.Assert.assertTrue;
+import static org.testng.Assert.*;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.net.Socket;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.UUID;
+import java.util.*;
import java.util.concurrent.CopyOnWriteArraySet;
import org.opends.server.TestCaseUtils;
-import org.opends.server.admin.std.meta.GlobalCfgDefn;
+import org.opends.server.admin.std.meta.GlobalCfgDefn.DisabledPrivilege;
import org.opends.server.admin.std.meta.RootDNCfgDefn;
import org.opends.server.api.ClientConnection;
import org.opends.server.backends.task.Task;
@@ -52,18 +45,7 @@
import org.opends.server.backends.task.TaskState;
import org.opends.server.controls.ProxiedAuthV1Control;
import org.opends.server.controls.ProxiedAuthV2Control;
-import org.opends.server.core.AddOperation;
-import org.opends.server.core.AddOperationBasis;
-import org.opends.server.core.CompareOperation;
-import org.opends.server.core.CompareOperationBasis;
-import org.opends.server.core.DeleteOperation;
-import org.opends.server.core.DeleteOperationBasis;
-import org.opends.server.core.DirectoryServer;
-import org.opends.server.core.ModifyDNOperation;
-import org.opends.server.core.ModifyDNOperationBasis;
-import org.opends.server.core.ModifyOperation;
-import org.opends.server.core.ModifyOperationBasis;
-import org.opends.server.core.SchemaConfigManager;
+import org.opends.server.core.*;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.protocols.ldap.BindRequestProtocolOp;
@@ -75,8 +57,6 @@
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
-
-
/**
* This class provides a set of test cases for the Directory Server privilege
* subsystem.
@@ -85,9 +65,9 @@
* place to allow operations as necessary once that functionality has
* integrated into the server.
*/
-public class PrivilegeTestCase
- extends TypesTestCase
+public class PrivilegeTestCase extends TypesTestCase
{
+
/**
* The DN of the user that is associated with the internal root connection.
*/
@@ -96,16 +76,12 @@
- // An array of boolean values that indicates whether config read operations
- // should be successful for users in the corresponding slots of the
- // connections array.
- private boolean[] successful;
-
- // The set of client connections that should be used when performing
- // operations.
- private InternalClientConnection[] connections;
-
-
+ /**
+ * A Map of client connections that should be used when performing operations
+ * and whether config read operations should be successful.
+ */
+ private Map<InternalClientConnection, Boolean> connections =
+ new HashMap<InternalClientConnection, Boolean>();
/**
* Make sure that the server is running and that an appropriate set of
@@ -236,54 +212,19 @@
// Build the array of connections we will use to perform the tests.
- ArrayList<InternalClientConnection> connList =
- new ArrayList<InternalClientConnection>();
- ArrayList<Boolean> successList = new ArrayList<Boolean>();
+ connections.put(new InternalClientConnection(new AuthenticationInfo()),
+ false);
- connList.add(new InternalClientConnection(new AuthenticationInfo()));
- successList.add(false);
+ connections.put(InternalClientConnection.getRootConnection(), true);
- connList.add(InternalClientConnection.getRootConnection());
- successList.add(true);
+ connections.put(
+ newConn("cn=Directory Manager,cn=Root DNs,cn=config", true), true);
+ connections.put(
+ newConn("cn=Unprivileged Root,cn=Root DNs,cn=config", true), false);
+ connections.put(newConn("cn=Proxy Root,cn=Root DNs,cn=config", true), true);
+ connections.put(newConn("cn=Unprivileged User,o=test", false), false);
+ connections.put(newConn("cn=Privileged User,o=test", false), true);
- String userDN = "cn=Directory Manager,cn=Root DNs,cn=config";
- Entry userEntry = DirectoryServer.getEntry(DN.decode(userDN));
- AuthenticationInfo authInfo = new AuthenticationInfo(userEntry, true);
- connList.add(new InternalClientConnection(authInfo));
- successList.add(true);
-
- userDN = "cn=Unprivileged Root,cn=Root DNs,cn=config";
- userEntry = DirectoryServer.getEntry(DN.decode(userDN));
- authInfo = new AuthenticationInfo(userEntry, true);
- connList.add(new InternalClientConnection(authInfo));
- successList.add(false);
-
- userDN = "cn=Proxy Root,cn=Root DNs,cn=config";
- userEntry = DirectoryServer.getEntry(DN.decode(userDN));
- authInfo = new AuthenticationInfo(userEntry, true);
- connList.add(new InternalClientConnection(authInfo));
- successList.add(true);
-
- userDN = "cn=Unprivileged User,o=test";
- userEntry = DirectoryServer.getEntry(DN.decode(userDN));
- authInfo = new AuthenticationInfo(userEntry, false);
- connList.add(new InternalClientConnection(authInfo));
- successList.add(false);
-
- userDN = "cn=Privileged User,o=test";
- userEntry = DirectoryServer.getEntry(DN.decode(userDN));
- authInfo = new AuthenticationInfo(userEntry, false);
- connList.add(new InternalClientConnection(authInfo));
- successList.add(true);
-
-
- connections = new InternalClientConnection[connList.size()];
- successful = new boolean[connections.length];
- for (int i=0; i < connections.length; i++)
- {
- connections[i] = connList.get(i);
- successful[i] = successList.get(i);
- }
TestCaseUtils.addEntries(
"dn: dc=unindexed,dc=jeb",
@@ -312,6 +253,15 @@
);
}
+ private InternalClientConnection newConn(String userDN,
+ boolean isRoot)
+ throws DirectoryException
+ {
+ Entry userEntry = DirectoryServer.getEntry(DN.decode(userDN));
+ AuthenticationInfo authInfo = new AuthenticationInfo(userEntry, isRoot);
+ return new InternalClientConnection(authInfo);
+ }
+
/**
@@ -370,7 +320,6 @@
assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
TestCaseUtils.disableBackend("unindexedRoot");
-
}
@@ -388,11 +337,14 @@
@DataProvider(name = "testdata")
public Object[][] getTestData()
{
- Object[][] returnArray = new Object[connections.length][2];
- for (int i=0; i < connections.length; i++)
+ Object[][] returnArray = new Object[connections.size()][2];
+ int i = 0;
+ for (Map.Entry<InternalClientConnection, Boolean> entry : connections
+ .entrySet())
{
- returnArray[i][0] = connections[i];
- returnArray[i][1] = successful[i];
+ returnArray[i][0] = entry.getKey();
+ returnArray[i][1] = entry.getValue();
+ i++;
}
return returnArray;
@@ -422,15 +374,7 @@
InternalSearchOperation searchOperation =
conn.processSearch(DN.decode("cn=config"), SearchScope.BASE_OBJECT,
SearchFilter.createFilterFromString("(objectClass=*)"));
- if (hasPrivilege)
- {
- assertEquals(searchOperation.getResultCode(), ResultCode.SUCCESS);
- }
- else
- {
- assertEquals(searchOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
+ assertPrivilege(searchOperation.getResultCode(), hasPrivilege);
}
/**
@@ -451,26 +395,35 @@
{
assertEquals(conn.hasPrivilege(Privilege.UNINDEXED_SEARCH, null), hasPrivilege);
- for(DN dn : DirectoryServer.getBaseDNs().keySet())
- {
- System.out.println(dn.toString());
- }
-
InternalSearchOperation searchOperation =
conn.processSearch(DN.decode("dc=unindexed,dc=jeb"), SearchScope.WHOLE_SUBTREE,
SearchFilter.createFilterFromString("(carLicense=test*)"));
+ assertPrivilege(searchOperation.getResultCode(), hasPrivilege);
+ }
+
+ private void assertPrivilege(ResultCode actual, boolean hasPrivilege)
+ {
if (hasPrivilege)
{
- assertEquals(searchOperation.getResultCode(), ResultCode.SUCCESS);
+ assertEquals(actual, ResultCode.SUCCESS);
}
else
{
- assertEquals(searchOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
+ assertEquals(actual, ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
}
}
-
+ private void assertProxyPrivilege(ResultCode actual, boolean hasProxyPrivilege)
+ {
+ if (hasProxyPrivilege)
+ {
+ assertEquals(actual, ResultCode.SUCCESS);
+ }
+ else
+ {
+ assertEquals(actual, ResultCode.AUTHORIZATION_DENIED);
+ }
+ }
/**
* Tests to ensure that compare operations in the server configuration
@@ -543,24 +496,15 @@
conn.processAdd(entry.getDN(), entry.getObjectClasses(),
entry.getUserAttributes(),
entry.getOperationalAttributes());
- if (hasPrivilege)
- {
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
+ assertPrivilege(addOperation.getResultCode(), hasPrivilege);
- DeleteOperation deleteOperation = conn.processDelete(entry.getDN());
- assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
- }
- else
+ DN dnToRemove = entry.getDN();
+ if (!hasPrivilege)
{
- assertEquals(addOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
-
- DeleteOperation deleteOperation =
- conn.processDelete(
- DN.decode("cn=Telex Number,cn=Syntaxes,cn=config"));
- assertEquals(deleteOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
+ dnToRemove = DN.decode("cn=Telex Number,cn=Syntaxes,cn=config");
}
+ DeleteOperation deleteOperation = conn.processDelete(dnToRemove);
+ assertPrivilege(deleteOperation.getResultCode(), hasPrivilege);
}
@@ -584,17 +528,16 @@
{
assertEquals(conn.hasPrivilege(Privilege.CONFIG_WRITE, null), hasPrivilege);
- ArrayList<Modification> mods = new ArrayList<Modification>();
-
+ List<Modification> mods = new ArrayList<Modification>();
mods.add(new Modification(ModificationType.REPLACE,
Attributes.create("ds-cfg-size-limit", "2000")));
ModifyOperation modifyOperation =
conn.processModify(DN.decode("cn=config"), mods);
+ assertPrivilege(modifyOperation.getResultCode(), hasPrivilege);
+
if (hasPrivilege)
{
- assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
-
mods.clear();
mods.add(new Modification(ModificationType.REPLACE,
Attributes.create("ds-cfg-size-limit", "1000")));
@@ -602,11 +545,6 @@
modifyOperation = conn.processModify(DN.decode("cn=config"), mods);
assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
}
- else
- {
- assertEquals(modifyOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
}
@@ -686,24 +624,15 @@
conn.processAdd(entry.getDN(), entry.getObjectClasses(),
entry.getUserAttributes(),
entry.getOperationalAttributes());
- if (hasPrivilege)
- {
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
+ assertPrivilege(addOperation.getResultCode(), hasPrivilege);
- DeleteOperation deleteOperation = conn.processDelete(entry.getDN());
- assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
- }
- else
+ DN dnToRemove = entry.getDN();
+ if (!hasPrivilege)
{
- assertEquals(addOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
-
- DeleteOperation deleteOperation =
- conn.processDelete(
- DN.decode("cn=Subentry Target,o=test"));
- assertEquals(deleteOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
+ dnToRemove = DN.decode("cn=Subentry Target,o=test");
}
+ DeleteOperation deleteOperation = conn.processDelete(dnToRemove);
+ assertPrivilege(deleteOperation.getResultCode(), hasPrivilege);
}
@@ -728,18 +657,17 @@
assertEquals(conn.hasPrivilege(Privilege.SUBENTRY_WRITE, null),
hasPrivilege);
- ArrayList<Modification> mods = new ArrayList<Modification>();
-
+ List<Modification> mods = new ArrayList<Modification>();
mods.add(new Modification(ModificationType.REPLACE,
Attributes.create("subtreeSpecification",
"{base \"ou=doesnotexist\"}")));
ModifyOperation modifyOperation =
conn.processModify(DN.decode("cn=Subentry Target,o=test"), mods);
+ assertPrivilege(modifyOperation.getResultCode(), hasPrivilege);
+
if (hasPrivilege)
{
- assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
-
mods.clear();
mods.add(new Modification(ModificationType.REPLACE,
Attributes.create("subtreeSpecification", "{}")));
@@ -748,11 +676,6 @@
DN.decode("cn=Subentry Target,o=test"), mods);
assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
}
- else
- {
- assertEquals(modifyOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
}
@@ -781,19 +704,14 @@
conn.processModifyDN(DN.decode("cn=Subentry Target,o=test"),
RDN.decode("cn=New Subentry Target"),
true, null);
+ assertPrivilege(modifyDNOperation.getResultCode(), hasPrivilege);
if (hasPrivilege)
{
- assertEquals(modifyDNOperation.getResultCode(),
- ResultCode.SUCCESS);
modifyDNOperation =
conn.processModifyDN(DN.decode("cn=New Subentry Target,o=test"),
RDN.decode("cn=Subentry Target"),
true, null);
- }
- else
- {
- assertEquals(modifyDNOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
+ assertEquals(modifyDNOperation.getResultCode(), ResultCode.SUCCESS);
}
}
@@ -978,17 +896,16 @@
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE " +
"X-ORIGIN 'PrivilegeTestCase' )";
- ArrayList<Modification> mods = new ArrayList<Modification>();
-
+ List<Modification> mods = new ArrayList<Modification>();
mods.add(new Modification(ModificationType.ADD,
Attributes.create("attributetypes", attrDefinition)));
ModifyOperation modifyOperation =
conn.processModify(DN.decode("cn=schema"), mods);
+ assertPrivilege(modifyOperation.getResultCode(), hasPrivilege);
+
if (hasPrivilege)
{
- assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
-
mods.clear();
mods.add(new Modification(ModificationType.DELETE,
Attributes.create("attributetypes", attrDefinition)));
@@ -996,11 +913,6 @@
modifyOperation = conn.processModify(DN.decode("cn=schema"), mods);
assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
}
- else
- {
- assertEquals(modifyOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
}
@@ -1073,20 +985,14 @@
conn.processAdd(taskEntry.getDN(), taskEntry.getObjectClasses(),
taskEntry.getUserAttributes(),
taskEntry.getOperationalAttributes());
+ assertPrivilege(addOperation.getResultCode(), hasPrivilege);
if (hasPrivilege)
{
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
-
Task task = getCompletedTask(taskEntry.getDN());
assertNotNull(task);
assertTrue(TaskState.isSuccessful(task.getTaskState()));
}
- else
- {
- assertEquals(addOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
}
@@ -1127,20 +1033,14 @@
conn.processAdd(taskEntry.getDN(), taskEntry.getObjectClasses(),
taskEntry.getUserAttributes(),
taskEntry.getOperationalAttributes());
+ assertPrivilege(addOperation.getResultCode(), hasPrivilege);
if (hasPrivilege)
{
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
-
Task task = getCompletedTask(taskEntry.getDN());
assertNotNull(task);
assertTrue(TaskState.isSuccessful(task.getTaskState()));
}
- else
- {
- assertEquals(addOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
}
@@ -1177,20 +1077,14 @@
conn.processAdd(taskEntry.getDN(), taskEntry.getObjectClasses(),
taskEntry.getUserAttributes(),
taskEntry.getOperationalAttributes());
+ assertPrivilege(addOperation.getResultCode(), hasPrivilege);
if (hasPrivilege)
{
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
-
Task task = getCompletedTask(taskEntry.getDN());
assertNotNull(task);
assertTrue(TaskState.isSuccessful(task.getTaskState()));
}
- else
- {
- assertEquals(addOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
}
@@ -1230,22 +1124,16 @@
conn.processAdd(taskEntry.getDN(), taskEntry.getObjectClasses(),
taskEntry.getUserAttributes(),
taskEntry.getOperationalAttributes());
+ assertPrivilege(addOperation.getResultCode(), hasPrivilege);
if (hasPrivilege)
{
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
-
Task task = getCompletedTask(taskEntry.getDN());
assertNotNull(task);
assertTrue(TaskState.isSuccessful(task.getTaskState()));
tempFile.delete();
}
- else
- {
- assertEquals(addOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
}
@@ -1287,20 +1175,14 @@
conn.processAdd(taskEntry.getDN(), taskEntry.getObjectClasses(),
taskEntry.getUserAttributes(),
taskEntry.getOperationalAttributes());
+ assertPrivilege(addOperation.getResultCode(), hasPrivilege);
if (hasPrivilege)
{
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
-
Task task = getCompletedTask(taskEntry.getDN());
assertNotNull(task);
assertTrue(TaskState.isSuccessful(task.getTaskState()));
}
- else
- {
- assertEquals(addOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
}
/**
@@ -1333,20 +1215,14 @@
conn.processAdd(taskEntry.getDN(), taskEntry.getObjectClasses(),
taskEntry.getUserAttributes(),
taskEntry.getOperationalAttributes());
+ assertPrivilege(addOperation.getResultCode(), hasPrivilege);
if (hasPrivilege)
{
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
-
Task task = getCompletedTask(taskEntry.getDN());
assertNotNull(task);
assertTrue(TaskState.isSuccessful(task.getTaskState()));
}
- else
- {
- assertEquals(addOperation.getResultCode(),
- ResultCode.INSUFFICIENT_ACCESS_RIGHTS);
- }
}
@@ -1384,7 +1260,7 @@
"givenName: ProxyV1",
"sn: Test");
- ArrayList<Control> controls = new ArrayList<Control>(1);
+ List<Control> controls = new ArrayList<Control>(1);
controls.add(new ProxiedAuthV1Control(
DN.decode("cn=PWReset Target,o=test")));
@@ -1396,21 +1272,16 @@
controls, e.getDN(), e.getObjectClasses(),
e.getUserAttributes(), e.getOperationalAttributes());
addOperation.run();
+ assertProxyPrivilege(addOperation.getResultCode(), hasProxyPrivilege);
- if (hasProxyPrivilege)
+ if (!hasProxyPrivilege)
{
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
- }
- else
- {
- assertEquals(addOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED);
TestCaseUtils.addEntry(e);
}
// Try to modify the entry to add a description.
- ArrayList<Modification> mods = new ArrayList<Modification>(1);
+ List<Modification> mods = new ArrayList<Modification>(1);
mods.add(new Modification(ModificationType.REPLACE,
Attributes.create("description", "foo")));
@@ -1418,16 +1289,7 @@
new ModifyOperationBasis(conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(),
controls, e.getDN(), mods);
modifyOperation.run();
-
- if (hasProxyPrivilege)
- {
- assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
- }
- else
- {
- assertEquals(modifyOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED);
- }
+ assertProxyPrivilege(modifyOperation.getResultCode(), hasProxyPrivilege);
// Try to rename the entry.
@@ -1436,19 +1298,13 @@
InternalClientConnection.nextMessageID(), controls, e.getDN(),
RDN.decode("cn=Proxy V1 Test"), true, null);
modifyDNOperation.run();
+ assertProxyPrivilege(modifyOperation.getResultCode(), hasProxyPrivilege);
- DN newEntryDN;
+ DN newEntryDN = e.getDN();
if (hasProxyPrivilege)
{
- assertEquals(modifyDNOperation.getResultCode(), ResultCode.SUCCESS);
newEntryDN = modifyDNOperation.getNewDN();
}
- else
- {
- assertEquals(modifyDNOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED);
- newEntryDN = e.getDN();
- }
// Try to delete the operation. If this fails, then delete it with a root
@@ -1457,16 +1313,10 @@
new DeleteOperationBasis(conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(),
controls, newEntryDN);
deleteOperation.run();
+ assertProxyPrivilege(deleteOperation.getResultCode(), hasProxyPrivilege);
- if (hasProxyPrivilege)
+ if (!hasProxyPrivilege)
{
- assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
- }
- else
- {
- assertEquals(deleteOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED);
-
InternalClientConnection rootConnection =
InternalClientConnection.getRootConnection();
DeleteOperation delOp = rootConnection.processDelete(newEntryDN);
@@ -1500,7 +1350,7 @@
boolean hasProxyPrivilege = conn.hasPrivilege(Privilege.PROXIED_AUTH, null);
DN targetDN = DN.decode("cn=PWReset Target,o=test");
- ArrayList<Control> controls = new ArrayList<Control>(1);
+ List<Control> controls = new ArrayList<Control>(1);
controls.add(new ProxiedAuthV1Control(targetDN));
@@ -1532,16 +1382,7 @@
SearchFilter.createFilterFromString("(objectClass=*)"), null,
null);
searchOperation.run();
-
- if (hasProxyPrivilege)
- {
- assertEquals(searchOperation.getResultCode(), ResultCode.SUCCESS);
- }
- else
- {
- assertEquals(searchOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED);
- }
+ assertProxyPrivilege(searchOperation.getResultCode(), hasProxyPrivilege);
}
@@ -1579,36 +1420,28 @@
"givenName: ProxyV2",
"sn: Test");
- ArrayList<Control> controls = new ArrayList<Control>(1);
+ List<Control> controls = new ArrayList<Control>(1);
controls.add(new ProxiedAuthV2Control(
ByteString.valueOf("dn:cn=PWReset Target,o=test")));
// Try to add the entry. If this fails with the proxy control, then add it
// with a root connection so we can do other things with it.
- DN authDN = conn.getAuthenticationInfo().getAuthenticationDN();
AddOperationBasis addOperation =
new AddOperationBasis(conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(),
controls, e.getDN(), e.getObjectClasses(),
e.getUserAttributes(), e.getOperationalAttributes());
addOperation.run();
+ assertProxyPrivilege(addOperation.getResultCode(), hasProxyPrivilege);
- if (hasProxyPrivilege)
+ if (!hasProxyPrivilege)
{
- assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS,
- "Unexpected add failure for user " + authDN);
- }
- else
- {
- assertEquals(addOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED,
- "Unexpected add success for user " + authDN);
TestCaseUtils.addEntry(e);
}
// Try to modify the entry to add a description.
- ArrayList<Modification> mods = new ArrayList<Modification>(1);
+ List<Modification> mods = new ArrayList<Modification>(1);
mods.add(new Modification(ModificationType.REPLACE,
Attributes.create("description", "foo")));
@@ -1616,18 +1449,7 @@
new ModifyOperationBasis(conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(),
controls, e.getDN(), mods);
modifyOperation.run();
-
- if (hasProxyPrivilege)
- {
- assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS,
- "Unexpected mod failure for user " + authDN);
- }
- else
- {
- assertEquals(modifyOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED,
- "Unexpected mod success for user " + authDN);
- }
+ assertProxyPrivilege(modifyOperation.getResultCode(), hasProxyPrivilege);
// Try to rename the entry.
@@ -1636,21 +1458,13 @@
InternalClientConnection.nextMessageID(), controls, e.getDN(),
RDN.decode("cn=Proxy V2 Test"), true, null);
modifyDNOperation.run();
+ assertProxyPrivilege(modifyDNOperation.getResultCode(), hasProxyPrivilege);
- DN newEntryDN;
+ DN newEntryDN = e.getDN();
if (hasProxyPrivilege)
{
- assertEquals(modifyDNOperation.getResultCode(), ResultCode.SUCCESS,
- "Unexpected moddn failure for user " + authDN);
newEntryDN = modifyDNOperation.getNewDN();
}
- else
- {
- assertEquals(modifyDNOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED,
- "Unexpected moddn success for user " + authDN);
- newEntryDN = e.getDN();
- }
// Try to delete the operation. If this fails, then delete it with a root
@@ -1659,18 +1473,10 @@
new DeleteOperationBasis(conn, InternalClientConnection.nextOperationID(), InternalClientConnection.nextMessageID(),
controls, newEntryDN);
deleteOperation.run();
+ assertProxyPrivilege(deleteOperation.getResultCode(), hasProxyPrivilege);
- if (hasProxyPrivilege)
+ if (!hasProxyPrivilege)
{
- assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS,
- "Unexpected delete failure for user " + authDN);
- }
- else
- {
- assertEquals(deleteOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED,
- "Unexpected delete success for user " + authDN);
-
InternalClientConnection rootConnection =
InternalClientConnection.getRootConnection();
DeleteOperation delOp = rootConnection.processDelete(newEntryDN);
@@ -1704,9 +1510,9 @@
boolean hasProxyPrivilege = conn.hasPrivilege(Privilege.PROXIED_AUTH, null);
DN targetDN = DN.decode("cn=PWReset Target,o=test");
- ArrayList<Control> controls = new ArrayList<Control>(1);
+ List<Control> controls = new ArrayList<Control>(1);
controls.add(new ProxiedAuthV2Control(
- ByteString.valueOf("dn:" + targetDN.toString())));
+ ByteString.valueOf("dn:" + targetDN)));
// Test a compare operation against the PWReset Target user.
@@ -1737,16 +1543,7 @@
SearchFilter.createFilterFromString("(objectClass=*)"), null,
null);
searchOperation.run();
-
- if (hasProxyPrivilege)
- {
- assertEquals(searchOperation.getResultCode(), ResultCode.SUCCESS);
- }
- else
- {
- assertEquals(searchOperation.getResultCode(),
- ResultCode.AUTHORIZATION_DENIED);
- }
+ assertProxyPrivilege(searchOperation.getResultCode(), hasProxyPrivilege);
}
@@ -2601,7 +2398,7 @@
// Modify the user entry to add the CONFIG_READ privilege and verify that
// the client connection reflects that.
- ArrayList<Modification> mods = new ArrayList<Modification>();
+ List<Modification> mods = new ArrayList<Modification>();
mods.add(new Modification(ModificationType.ADD, Attributes.create(
"ds-privilege-name", "config-read")));
ModifyOperation modifyOperation = rootConnection.processModify(
@@ -2655,7 +2452,7 @@
InternalClientConnection internalRootConn =
InternalClientConnection.getRootConnection();
- ArrayList<Modification> mods = new ArrayList<Modification>();
+ List<Modification> mods = new ArrayList<Modification>();
mods.add(new Modification(ModificationType.ADD,
Attributes.create("ds-cfg-default-root-privilege-name",
"proxied-auth")));
@@ -2700,30 +2497,29 @@
@Test()
public void testConfigurablePrivilegeSets()
{
- HashSet<String> serverPrivNames = new HashSet<String>();
+ Set<String> serverPrivNames = new HashSet<String>();
for (Privilege p : Privilege.values())
{
serverPrivNames.add(p.toString());
}
- HashSet<String> defaultRootPrivNames = new HashSet<String>();
+ Set<String> defaultRootPrivNames = new HashSet<String>();
for (RootDNCfgDefn.DefaultRootPrivilegeName p :
RootDNCfgDefn.DefaultRootPrivilegeName.values())
{
defaultRootPrivNames.add(p.toString());
assertTrue(serverPrivNames.contains(p.toString()),
"The set of server privileges does not contain potential " +
- "default root privilege " + p.toString());
+ "default root privilege " + p);
}
- HashSet<String> disableablePrivNames = new HashSet<String>();
- for (GlobalCfgDefn.DisabledPrivilege p :
- GlobalCfgDefn.DisabledPrivilege.values())
+ Set<String> disableablePrivNames = new HashSet<String>();
+ for (DisabledPrivilege p : DisabledPrivilege.values())
{
disableablePrivNames.add(p.toString());
assertTrue(serverPrivNames.contains(p.toString()),
"The set of server privileges does not contain disableable " +
- "privilege " + p.toString());
+ "privilege " + p);
}
for (String s : serverPrivNames)
@@ -2768,8 +2564,7 @@
if (task == null)
{
- throw new AssertionError("There is no such task " +
- taskEntryDN.toString());
+ throw new AssertionError("There is no such task " + taskEntryDN);
}
if (! TaskState.isDone(task.getTaskState()))
@@ -2784,11 +2579,10 @@
if (! TaskState.isDone(task.getTaskState()))
{
- throw new AssertionError("Task " + taskEntryDN.toString() +
+ throw new AssertionError("Task " + taskEntryDN +
" did not complete in a timely manner.");
}
return task;
}
}
-
--
Gitblit v1.10.0