From d2f8eac230a525a06a4659a66c38eb26139fa735 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Tue, 27 Mar 2007 20:13:00 +0000
Subject: [PATCH] Update the LDAP connection handler so that it only attempts to verify the key manager provider and trust manager provider values if either SSL or StartTLS is enabled. Previously, if a key/trust manager provider value was provided, then the server would require it to refer to a valid enabled key/trust manager provider, even if it wouldn't be used. Also, add a new check to ensure that if SSL or StartTLS is enabled, then a valid key manager provider and trust manager provider must have been configured for that connection handler.
---
opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPConnectionHandler.java | 522 ++++++++++++++++++++++---------------------
opends/src/server/org/opends/server/messages/ProtocolMessages.java | 32 ++
opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java | 108 +++++---
3 files changed, 362 insertions(+), 300 deletions(-)
diff --git a/opends/src/server/org/opends/server/messages/ProtocolMessages.java b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
index cb18329..bd0ad25 100644
--- a/opends/src/server/org/opends/server/messages/ProtocolMessages.java
+++ b/opends/src/server/org/opends/server/messages/ProtocolMessages.java
@@ -4359,6 +4359,28 @@
/**
+ * The message ID for the message that will be used if either SSL or StartTLS
+ * support is enabled but no key manager provider is configured for the
+ * connection handler. This takes a single argument, which is the DN of the
+ * connection handler configuration entry.
+ */
+ public static final int MSGID_LDAP_CONNHANDLER_NO_KEYMANAGER_DN =
+ CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_SEVERE_ERROR | 402;
+
+
+
+ /**
+ * The message ID for the message that will be used if either SSL or StartTLS
+ * support is enabled but no trust manager provider is configured for the
+ * connection handler. This takes a single argument, which is the DN of the
+ * connection handler configuration entry.
+ */
+ public static final int MSGID_LDAP_CONNHANDLER_NO_TRUSTMANAGER_DN =
+ CATEGORY_MASK_PROTOCOL | SEVERITY_MASK_SEVERE_ERROR | 403;
+
+
+
+ /**
* Associates a set of generic messages with the message IDs defined in this
* class.
*/
@@ -5523,6 +5545,16 @@
"operation. These options may not be used at the same " +
"time, so clients will not be allowed to use the " +
"StartTLS operation.");
+ registerMessage(MSGID_LDAP_CONNHANDLER_NO_KEYMANAGER_DN,
+ "The LDAP connection handler defined in configuration " +
+ "entry %s is configured to use either SSL or StartTLS, " +
+ "but does not specify which key manager provider should " +
+ "be used.");
+ registerMessage(MSGID_LDAP_CONNHANDLER_NO_TRUSTMANAGER_DN,
+ "The LDAP connection handler defined in configuration " +
+ "entry %s is configured to use either SSL or StartTLS, " +
+ "but does not specify which trust manager provider " +
+ "should be used.");
registerMessage(MSGID_LDAP_CONNHANDLER_CANNOT_DETERMINE_ALLOW_STARTTLS,
"An unexpected error occurred while processing the " +
ATTR_ALLOW_STARTTLS + " attribute in configuration entry " +
diff --git a/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java b/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
index 2f7545e..435375a 100644
--- a/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
+++ b/opends/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
@@ -577,31 +577,42 @@
ErrorLogSeverity.SEVERE_WARNING, message, msgID);
}
- // Validate the key manager provider DN.
- DN keyManagerProviderDN = config.getKeyManagerProviderDN();
- if (keyManagerProviderDN != null) {
- KeyManagerProvider provider = DirectoryServer
- .getKeyManagerProvider(keyManagerProviderDN);
- if (provider == null) {
- int msgID = MSGID_LDAP_CONNHANDLER_INVALID_KEYMANAGER_DN;
- String message = getMessage(msgID, String
- .valueOf(config.dn()), String
- .valueOf(keyManagerProviderDN));
+ if (config.isAllowStartTLS() || config.isUseSSL())
+ {
+ // Validate the key manager provider DN.
+ DN keyManagerProviderDN = config.getKeyManagerProviderDN();
+ if (keyManagerProviderDN == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_NO_KEYMANAGER_DN;
+ String message = getMessage(msgID, String.valueOf(config.dn()));
throw new ConfigException(msgID, message);
+ } else {
+ KeyManagerProvider provider = DirectoryServer
+ .getKeyManagerProvider(keyManagerProviderDN);
+ if (provider == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_INVALID_KEYMANAGER_DN;
+ String message = getMessage(msgID, String
+ .valueOf(config.dn()), String
+ .valueOf(keyManagerProviderDN));
+ throw new ConfigException(msgID, message);
+ }
}
- }
- // Validate the trust manager provider DN.
- DN trustManagerProviderDN = config.getTrustManagerProviderDN();
- if (trustManagerProviderDN != null) {
- TrustManagerProvider provider = DirectoryServer
- .getTrustManagerProvider(trustManagerProviderDN);
- if (provider == null) {
- int msgID = MSGID_LDAP_CONNHANDLER_INVALID_TRUSTMANAGER_DN;
- String message = getMessage(msgID, String
- .valueOf(config.dn()), String
- .valueOf(trustManagerProviderDN));
+ // Validate the trust manager provider DN.
+ DN trustManagerProviderDN = config.getTrustManagerProviderDN();
+ if (trustManagerProviderDN == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_NO_TRUSTMANAGER_DN;
+ String message = getMessage(msgID, String.valueOf(config.dn()));
throw new ConfigException(msgID, message);
+ } else {
+ TrustManagerProvider provider = DirectoryServer
+ .getTrustManagerProvider(trustManagerProviderDN);
+ if (provider == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_INVALID_TRUSTMANAGER_DN;
+ String message = getMessage(msgID, String
+ .valueOf(config.dn()), String
+ .valueOf(trustManagerProviderDN));
+ throw new ConfigException(msgID, message);
+ }
}
}
@@ -739,31 +750,44 @@
isAcceptable = false;
}
- // Validate the key manager provider DN.
- DN keyManagerProviderDN = config.getKeyManagerProviderDN();
- if (keyManagerProviderDN != null) {
- KeyManagerProvider provider = DirectoryServer
- .getKeyManagerProvider(keyManagerProviderDN);
- if (provider == null) {
- int msgID = MSGID_LDAP_CONNHANDLER_INVALID_KEYMANAGER_DN;
- unacceptableReasons.add(getMessage(msgID, String
- .valueOf(config.dn()), String
- .valueOf(keyManagerProviderDN)));
+ if (config.isAllowStartTLS() || config.isUseSSL())
+ {
+ // Validate the key manager provider DN.
+ DN keyManagerProviderDN = config.getKeyManagerProviderDN();
+ if (keyManagerProviderDN == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_NO_KEYMANAGER_DN;
+ String message = getMessage(msgID, String.valueOf(config.dn()));
+ unacceptableReasons.add(message);
isAcceptable = false;
+ } else {
+ KeyManagerProvider provider = DirectoryServer
+ .getKeyManagerProvider(keyManagerProviderDN);
+ if (provider == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_INVALID_KEYMANAGER_DN;
+ unacceptableReasons.add(getMessage(msgID, String
+ .valueOf(config.dn()), String
+ .valueOf(keyManagerProviderDN)));
+ isAcceptable = false;
+ }
}
- }
- // Validate the trust manager provider DN.
- DN trustManagerProviderDN = config.getTrustManagerProviderDN();
- if (trustManagerProviderDN != null) {
- TrustManagerProvider provider = DirectoryServer
- .getTrustManagerProvider(trustManagerProviderDN);
- if (provider == null) {
- int msgID = MSGID_LDAP_CONNHANDLER_INVALID_TRUSTMANAGER_DN;
- unacceptableReasons.add(getMessage(msgID, String
- .valueOf(config.dn()), String
- .valueOf(trustManagerProviderDN)));
+ // Validate the trust manager provider DN.
+ DN trustManagerProviderDN = config.getTrustManagerProviderDN();
+ if (trustManagerProviderDN == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_NO_TRUSTMANAGER_DN;
+ String message = getMessage(msgID, String.valueOf(config.dn()));
+ unacceptableReasons.add(message);
isAcceptable = false;
+ } else {
+ TrustManagerProvider provider = DirectoryServer
+ .getTrustManagerProvider(trustManagerProviderDN);
+ if (provider == null) {
+ int msgID = MSGID_LDAP_CONNHANDLER_INVALID_TRUSTMANAGER_DN;
+ unacceptableReasons.add(getMessage(msgID, String
+ .valueOf(config.dn()), String
+ .valueOf(trustManagerProviderDN)));
+ isAcceptable = false;
+ }
}
}
diff --git a/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPConnectionHandler.java b/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPConnectionHandler.java
index fd44633..470dc07 100644
--- a/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPConnectionHandler.java
+++ b/opends/tests/unit-tests-testng/src/server/org/opends/server/protocols/ldap/TestLDAPConnectionHandler.java
@@ -51,270 +51,276 @@
public class TestLDAPConnectionHandler extends LdapTestCase {
- private static String reasonMsg="Don't need a reason.";
+ private static String reasonMsg="Don't need a reason.";
- /**
- * Once-only initialization.
- *
- * @throws Exception
- * If an unexpected error occurred.
- */
- @BeforeClass
- public void setUp() throws Exception {
- // This test suite depends on having the schema available, so we'll
- // start the server.
- TestCaseUtils.startServer();
- }
+ /**
+ * Once-only initialization.
+ *
+ * @throws Exception
+ * If an unexpected error occurred.
+ */
+ @BeforeClass
+ public void setUp() throws Exception {
+ // This test suite depends on having the schema available, so we'll
+ // start the server.
+ TestCaseUtils.startServer();
+ }
- @Test()
- /**
- * Creates two handlers, one which is SSL type. Then change some values via the setter
- * methods.
- *
- * @throws Exception if the handler cannot be instantiated.
- */
- public void testLDAPConnectionHandler() throws Exception {
- Entry LDAPHandlerEntry=null;
+ @Test()
+ /**
+ * Creates two handlers, one which is SSL type. Then change some values via the setter
+ * methods.
+ *
+ * @throws Exception if the handler cannot be instantiated.
+ */
+ public void testLDAPConnectionHandler() throws Exception {
+ Entry LDAPHandlerEntry=null;
- LDAPHandlerEntry=TestCaseUtils.makeEntry(
- "dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config",
- "objectClass: top",
- "objectClass: ds-cfg-connection-handler",
- "objectClass: ds-cfg-ldap-connection-handler",
- "cn: LDAP Connection Handler",
- "ds-cfg-connection-handler-class: org.opends.server.protocols.ldap.LDAPConnectionHandler",
- "ds-cfg-connection-handler-enabled: true",
- "ds-cfg-listen-address: 0.0.0.0",
- "ds-cfg-accept-backlog: 128",
- "ds-cfg-allow-ldapv2: false",
- "ds-cfg-keep-stats: false",
- "ds-cfg-use-tcp-keepalive: true",
- "ds-cfg-use-tcp-nodelay: true",
- "ds-cfg-allow-tcp-reuse-address: true",
- "ds-cfg-send-rejection-notice: true",
- "ds-cfg-max-request-size: 5 megabytes",
- "ds-cfg-num-request-handlers: 2",
- "ds-cfg-allow-start-tls: false",
- "ds-cfg-use-ssl: false",
- "ds-cfg-ssl-client-auth-policy: optional",
- "ds-cfg-ssl-cert-nickname: server-cert");
- LDAPConnectionHandler LDAPConnHandler=getLDAPHandlerInstance(LDAPHandlerEntry);
- LDAPConnHandler.allowLDAPv2();
- LDAPConnHandler.allowStartTLS();
- LDAPConnHandler.keepStats();
- LDAPConnHandler.toString(new StringBuilder());
- LDAPConnHandler.toString();
- LDAPStatistics tracker=LDAPConnHandler.getStatTracker();
- LinkedHashMap<String,String> alerts = LDAPConnHandler.getAlerts();
- String c=LDAPConnHandler.getClassName();
- DN dn = LDAPConnHandler.getComponentEntryDN();
- String[] cips = LDAPConnHandler.getEnabledSSLCipherSuites();
- String[] protos = LDAPConnHandler.getEnabledSSLProtocols();
- int maxReqSize = LDAPConnHandler.getMaxRequestSize();
- String shutListName=LDAPConnHandler.getShutdownListenerName();
- SSLClientAuthPolicy policy = LDAPConnHandler.getSSLClientAuthPolicy();
- Collection<ClientConnection> cons=LDAPConnHandler.getClientConnections();
- LDAPConnHandler.processServerShutdown(reasonMsg);
- //Reset some things for the SSL handler
- Attribute useSSL=new Attribute(ATTR_USE_SSL, String.valueOf(false));
- Attribute startTls=new Attribute(ATTR_ALLOW_STARTTLS, String.valueOf(false));
- AttributeType attrType=DirectoryServer.getAttributeType(ATTR_LISTEN_PORT, true);
- Attribute a=new Attribute(attrType);
- LDAPHandlerEntry.removeAttribute(a, null);
- LDAPHandlerEntry.removeAttribute(useSSL, null);
- LDAPHandlerEntry.removeAttribute(startTls, null);
- Attribute useSSL1=new Attribute(ATTR_USE_SSL, String.valueOf(true));
- Attribute startTls1=new Attribute(ATTR_ALLOW_STARTTLS, String.valueOf(true));
- LDAPHandlerEntry.addAttribute(useSSL1,null);
- LDAPHandlerEntry.addAttribute(startTls1,null);
- LDAPConnectionHandler LDAPSConnHandler = getLDAPHandlerInstance(LDAPHandlerEntry);
- LDAPSConnHandler.finalizeConnectionHandler(reasonMsg, true);
- LDAPConnHandler.processServerShutdown(reasonMsg);
- }
+ LDAPHandlerEntry=TestCaseUtils.makeEntry(
+ "dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-connection-handler",
+ "objectClass: ds-cfg-ldap-connection-handler",
+ "cn: LDAP Connection Handler",
+ "ds-cfg-connection-handler-class: org.opends.server.protocols.ldap.LDAPConnectionHandler",
+ "ds-cfg-connection-handler-enabled: true",
+ "ds-cfg-listen-address: 0.0.0.0",
+ "ds-cfg-accept-backlog: 128",
+ "ds-cfg-allow-ldapv2: false",
+ "ds-cfg-keep-stats: false",
+ "ds-cfg-use-tcp-keepalive: true",
+ "ds-cfg-use-tcp-nodelay: true",
+ "ds-cfg-allow-tcp-reuse-address: true",
+ "ds-cfg-send-rejection-notice: true",
+ "ds-cfg-max-request-size: 5 megabytes",
+ "ds-cfg-num-request-handlers: 2",
+ "ds-cfg-allow-start-tls: false",
+ "ds-cfg-use-ssl: false",
+ "ds-cfg-ssl-client-auth-policy: optional",
+ "ds-cfg-ssl-cert-nickname: server-cert",
+ "ds-cfg-key-manager-provider-dn: cn=JKS,cn=Key Manager Providers,cn=config",
+ "ds-cfg-trust-manager-provider-dn: cn=JKS,cn=Trust Manager Providers,cn=config");
+ LDAPConnectionHandler LDAPConnHandler=getLDAPHandlerInstance(LDAPHandlerEntry);
+ LDAPConnHandler.allowLDAPv2();
+ LDAPConnHandler.allowStartTLS();
+ LDAPConnHandler.keepStats();
+ LDAPConnHandler.toString(new StringBuilder());
+ LDAPConnHandler.toString();
+ LDAPStatistics tracker=LDAPConnHandler.getStatTracker();
+ LinkedHashMap<String,String> alerts = LDAPConnHandler.getAlerts();
+ String c=LDAPConnHandler.getClassName();
+ DN dn = LDAPConnHandler.getComponentEntryDN();
+ String[] cips = LDAPConnHandler.getEnabledSSLCipherSuites();
+ String[] protos = LDAPConnHandler.getEnabledSSLProtocols();
+ int maxReqSize = LDAPConnHandler.getMaxRequestSize();
+ String shutListName=LDAPConnHandler.getShutdownListenerName();
+ SSLClientAuthPolicy policy = LDAPConnHandler.getSSLClientAuthPolicy();
+ Collection<ClientConnection> cons=LDAPConnHandler.getClientConnections();
+ LDAPConnHandler.processServerShutdown(reasonMsg);
+ //Reset some things for the SSL handler
+ Attribute useSSL=new Attribute(ATTR_USE_SSL, String.valueOf(false));
+ Attribute startTls=new Attribute(ATTR_ALLOW_STARTTLS, String.valueOf(false));
+ AttributeType attrType=DirectoryServer.getAttributeType(ATTR_LISTEN_PORT, true);
+ Attribute a=new Attribute(attrType);
+ LDAPHandlerEntry.removeAttribute(a, null);
+ LDAPHandlerEntry.removeAttribute(useSSL, null);
+ LDAPHandlerEntry.removeAttribute(startTls, null);
+ Attribute useSSL1=new Attribute(ATTR_USE_SSL, String.valueOf(true));
+ Attribute startTls1=new Attribute(ATTR_ALLOW_STARTTLS, String.valueOf(true));
+ LDAPHandlerEntry.addAttribute(useSSL1,null);
+ LDAPHandlerEntry.addAttribute(startTls1,null);
+ LDAPConnectionHandler LDAPSConnHandler = getLDAPHandlerInstance(LDAPHandlerEntry);
+ LDAPSConnHandler.finalizeConnectionHandler(reasonMsg, true);
+ LDAPConnHandler.processServerShutdown(reasonMsg);
+ }
- @Test(expectedExceptions=ConfigException.class)
- /**
- * Start a handler an then give its hasAcceptableConfiguration a ConfigEntry with
- * numerous invalid cases and single-valued attrs with duplicate values.
- *
- * @throws Exception if handler cannot be instantiated or the configuration is
- * accepted.
- */
- public void testBadLDAPConnectionHandlerConfiguration() throws Exception
- {
- Entry BadHandlerEntry=TestCaseUtils.makeEntry(
- "dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config",
- "objectClass: top",
- "objectClass: ds-cfg-connection-handler",
- "objectClass: ds-cfg-ldap-connection-handler",
- "cn: LDAP Connection Handler",
- "ds-cfg-connection-handler-class: org.opends.server.protocols.ldap.LDAPConnectionHandler",
- "ds-cfg-connection-handler-enabled: true",
- "ds-cfg-listen-address: 0.0.0.0",
- "ds-cfg-accept-backlog: 128",
- "ds-cfg-allow-ldapv2: false",
- "ds-cfg-keep-stats: false",
- "ds-cfg-use-tcp-keepalive: true",
- "ds-cfg-use-tcp-nodelay: true",
- "ds-cfg-allow-tcp-reuse-address: true",
- "ds-cfg-send-rejection-notice: true",
- "ds-cfg-max-request-size: 5 megabytes",
- "ds-cfg-num-request-handlers: 2",
- "ds-cfg-allow-start-tls: false",
- "ds-cfg-use-ssl: false",
- "ds-cfg-ssl-client-auth-policy: optional",
- "ds-cfg-ssl-cert-nickname: server-cert");
-
- // Add some invalid attrs and some duplicate attrs
- Attribute a2=new Attribute(ATTR_LISTEN_PORT, String.valueOf(389));
- Attribute a2a=new Attribute(ATTR_LISTEN_PORT, String.valueOf(70000));
- Attribute a3=new Attribute(ATTR_LISTEN_ADDRESS, "localhost");
- Attribute a3a=new Attribute(ATTR_LISTEN_ADDRESS, "FAFASFSDFSADFASDFSDFSDAFAS");
- Attribute a4=new Attribute(ATTR_ACCEPT_BACKLOG, String.valueOf(Long.MAX_VALUE));
- Attribute a5=new Attribute(ATTR_ALLOWED_CLIENT, "129.800.990.45");
- Attribute a6=new Attribute(ATTR_DENIED_CLIENT, "129.");
- Attribute a7=new Attribute(ATTR_ALLOW_LDAPV2, "45");
- Attribute a8=new Attribute(ATTR_KEEP_LDAP_STATS, "45");
- Attribute a9=new Attribute(ATTR_SEND_REJECTION_NOTICE, "45");
- Attribute a10=new Attribute(ATTR_USE_TCP_KEEPALIVE, "45");
- Attribute a11=new Attribute(ATTR_USE_TCP_NODELAY, "45");
- Attribute a12=new Attribute(ATTR_ALLOW_REUSE_ADDRESS, "45");
- Attribute a13=new Attribute(ATTR_MAX_REQUEST_SIZE, "45 FLUBBERBYTES");
- Attribute a14=new Attribute(ATTR_USE_SSL, "45");
- Attribute a15=new Attribute(ATTR_ALLOW_STARTTLS, "45");
- BadHandlerEntry.addAttribute(a2, null);
- BadHandlerEntry.addAttribute(a3, null);
- BadHandlerEntry.addAttribute(a2a, null);
- BadHandlerEntry.addAttribute(a3a, null);
- BadHandlerEntry.addAttribute(a4, null);
- BadHandlerEntry.addAttribute(a5, null);
- BadHandlerEntry.addAttribute(a6, null);
- BadHandlerEntry.addAttribute(a7, null);
- BadHandlerEntry.addAttribute(a8, null);
- BadHandlerEntry.addAttribute(a9, null);
- BadHandlerEntry.addAttribute(a10, null);
- BadHandlerEntry.addAttribute(a11, null);
- BadHandlerEntry.addAttribute(a12, null);
- BadHandlerEntry.addAttribute(a13, null);
- BadHandlerEntry.addAttribute(a14, null);
- BadHandlerEntry.addAttribute(a15, null);
-
- LdapTestCase.getConfiguration(BadHandlerEntry);
- }
+ @Test(expectedExceptions=ConfigException.class)
+ /**
+ * Start a handler an then give its hasAcceptableConfiguration a ConfigEntry with
+ * numerous invalid cases and single-valued attrs with duplicate values.
+ *
+ * @throws Exception if handler cannot be instantiated or the configuration is
+ * accepted.
+ */
+ public void testBadLDAPConnectionHandlerConfiguration() throws Exception
+ {
+ Entry BadHandlerEntry=TestCaseUtils.makeEntry(
+ "dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-connection-handler",
+ "objectClass: ds-cfg-ldap-connection-handler",
+ "cn: LDAP Connection Handler",
+ "ds-cfg-connection-handler-class: org.opends.server.protocols.ldap.LDAPConnectionHandler",
+ "ds-cfg-connection-handler-enabled: true",
+ "ds-cfg-listen-address: 0.0.0.0",
+ "ds-cfg-accept-backlog: 128",
+ "ds-cfg-allow-ldapv2: false",
+ "ds-cfg-keep-stats: false",
+ "ds-cfg-use-tcp-keepalive: true",
+ "ds-cfg-use-tcp-nodelay: true",
+ "ds-cfg-allow-tcp-reuse-address: true",
+ "ds-cfg-send-rejection-notice: true",
+ "ds-cfg-max-request-size: 5 megabytes",
+ "ds-cfg-num-request-handlers: 2",
+ "ds-cfg-allow-start-tls: false",
+ "ds-cfg-use-ssl: false",
+ "ds-cfg-ssl-client-auth-policy: optional",
+ "ds-cfg-ssl-cert-nickname: server-cert",
+ "ds-cfg-key-manager-provider-dn: cn=JKS,cn=Key Manager Providers,cn=config",
+ "ds-cfg-trust-manager-provider-dn: cn=JKS,cn=Trust Manager Providers,cn=config");
- /**
- * Create handler and then change most of its values and see if
- * it is acceptable and applied.
- * @throws Exception if handler cannot be instantiated.
- */
- @Test()
- public void testGoodLDAPConnectionHandlerConfiguration() throws Exception
- {
- Entry GoodHandlerEntry=TestCaseUtils.makeEntry(
- "dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config",
- "objectClass: top",
- "objectClass: ds-cfg-connection-handler",
- "objectClass: ds-cfg-ldap-connection-handler",
- "cn: LDAP Connection Handler",
- "ds-cfg-connection-handler-class: org.opends.server.protocols.ldap.LDAPConnectionHandler",
- "ds-cfg-connection-handler-enabled: true",
- "ds-cfg-listen-address: 0.0.0.0",
- "ds-cfg-accept-backlog: 128",
- "ds-cfg-allow-ldapv2: false",
- "ds-cfg-keep-stats: false",
- "ds-cfg-use-tcp-keepalive: true",
- "ds-cfg-use-tcp-nodelay: true",
- "ds-cfg-allow-tcp-reuse-address: true",
- "ds-cfg-send-rejection-notice: true",
- "ds-cfg-max-request-size: 5 megabytes",
- "ds-cfg-num-request-handlers: 2",
- "ds-cfg-allow-start-tls: false",
- "ds-cfg-use-ssl: true",
- "ds-cfg-ssl-client-auth-policy: optional",
- "ds-cfg-ssl-cert-nickname: server-cert");
- LDAPConnectionHandler LDAPConnHandler=getLDAPHandlerInstance(GoodHandlerEntry);
- //Make attrTypes to remove
- AttributeType at0=DirectoryServer.getAttributeType(ATTR_LISTEN_PORT, true);
-// AttributeType at1=DirectoryServer.getAttributeType(ATTR_LISTEN_ADDRESS, true);
-// Attribute rAttr1=new Attribute(at1);
-// GoodHandlerEntry.removeAttribute(rAttr1, null);
- AttributeType at2=DirectoryServer.getAttributeType(ATTR_ALLOW_LDAPV2, true);
- AttributeType at3=DirectoryServer.getAttributeType(ATTR_ALLOW_LDAPV2, true);
- AttributeType at4=DirectoryServer.getAttributeType(ATTR_KEEP_LDAP_STATS, true);
- AttributeType at5=DirectoryServer.getAttributeType(ATTR_SEND_REJECTION_NOTICE,true);
- AttributeType at6=DirectoryServer.getAttributeType(ATTR_USE_TCP_KEEPALIVE,true);
- AttributeType at7=DirectoryServer.getAttributeType(ATTR_USE_TCP_NODELAY,true);
- AttributeType at8=DirectoryServer.getAttributeType(ATTR_ALLOW_REUSE_ADDRESS,true);
- AttributeType at9=DirectoryServer.getAttributeType(ATTR_USE_SSL,true);
- AttributeType at10=DirectoryServer.getAttributeType(ATTR_ALLOW_STARTTLS,true);
- AttributeType at11=DirectoryServer.getAttributeType(ATTR_MAX_REQUEST_SIZE,true);
- AttributeType at12=DirectoryServer.getAttributeType(ATTR_ACCEPT_BACKLOG,true);
- //Remove them
- Attribute rAttr0=new Attribute(at0);
- GoodHandlerEntry.removeAttribute(rAttr0, null);
+ // Add some invalid attrs and some duplicate attrs
+ Attribute a2=new Attribute(ATTR_LISTEN_PORT, String.valueOf(389));
+ Attribute a2a=new Attribute(ATTR_LISTEN_PORT, String.valueOf(70000));
+ Attribute a3=new Attribute(ATTR_LISTEN_ADDRESS, "localhost");
+ Attribute a3a=new Attribute(ATTR_LISTEN_ADDRESS, "FAFASFSDFSADFASDFSDFSDAFAS");
+ Attribute a4=new Attribute(ATTR_ACCEPT_BACKLOG, String.valueOf(Long.MAX_VALUE));
+ Attribute a5=new Attribute(ATTR_ALLOWED_CLIENT, "129.800.990.45");
+ Attribute a6=new Attribute(ATTR_DENIED_CLIENT, "129.");
+ Attribute a7=new Attribute(ATTR_ALLOW_LDAPV2, "45");
+ Attribute a8=new Attribute(ATTR_KEEP_LDAP_STATS, "45");
+ Attribute a9=new Attribute(ATTR_SEND_REJECTION_NOTICE, "45");
+ Attribute a10=new Attribute(ATTR_USE_TCP_KEEPALIVE, "45");
+ Attribute a11=new Attribute(ATTR_USE_TCP_NODELAY, "45");
+ Attribute a12=new Attribute(ATTR_ALLOW_REUSE_ADDRESS, "45");
+ Attribute a13=new Attribute(ATTR_MAX_REQUEST_SIZE, "45 FLUBBERBYTES");
+ Attribute a14=new Attribute(ATTR_USE_SSL, "45");
+ Attribute a15=new Attribute(ATTR_ALLOW_STARTTLS, "45");
+ BadHandlerEntry.addAttribute(a2, null);
+ BadHandlerEntry.addAttribute(a3, null);
+ BadHandlerEntry.addAttribute(a2a, null);
+ BadHandlerEntry.addAttribute(a3a, null);
+ BadHandlerEntry.addAttribute(a4, null);
+ BadHandlerEntry.addAttribute(a5, null);
+ BadHandlerEntry.addAttribute(a6, null);
+ BadHandlerEntry.addAttribute(a7, null);
+ BadHandlerEntry.addAttribute(a8, null);
+ BadHandlerEntry.addAttribute(a9, null);
+ BadHandlerEntry.addAttribute(a10, null);
+ BadHandlerEntry.addAttribute(a11, null);
+ BadHandlerEntry.addAttribute(a12, null);
+ BadHandlerEntry.addAttribute(a13, null);
+ BadHandlerEntry.addAttribute(a14, null);
+ BadHandlerEntry.addAttribute(a15, null);
- Attribute rAttr2=new Attribute(at2);
- GoodHandlerEntry.removeAttribute(rAttr2, null);
- Attribute rAttr3=new Attribute(at3);
- GoodHandlerEntry.removeAttribute(rAttr3, null);
- Attribute rAttr4=new Attribute(at4);
- GoodHandlerEntry.removeAttribute(rAttr4, null);
- Attribute rAttr5=new Attribute(at5);
- GoodHandlerEntry.removeAttribute(rAttr5, null);
- Attribute rAttr6=new Attribute(at6);
- GoodHandlerEntry.removeAttribute(rAttr6, null);
- Attribute rAttr7=new Attribute(at7);
- GoodHandlerEntry.removeAttribute(rAttr7, null);
- Attribute rAttr8=new Attribute(at8);
- Attribute rAttr9=new Attribute(at9);
- Attribute rAttr10=new Attribute(at10);
- Attribute rAttr11=new Attribute(at11);
- Attribute rAttr12=new Attribute(at12);
- GoodHandlerEntry.removeAttribute(rAttr8, null);
- GoodHandlerEntry.removeAttribute(rAttr9, null);
- GoodHandlerEntry.removeAttribute(rAttr10, null);
- GoodHandlerEntry.removeAttribute(rAttr11, null);
- GoodHandlerEntry.removeAttribute(rAttr12, null);
- //Make new AttrTypes with different values
- long newPort=getFreePort();
- Attribute a2=new Attribute(ATTR_LISTEN_PORT, String.valueOf(newPort));
- //uncomment if want to test listen address
-// Attribute a3=new Attribute(ATTR_LISTEN_ADDRESS, "localhost");
- Attribute a4=new Attribute(ATTR_ACCEPT_BACKLOG, String.valueOf(25));
- Attribute a5=new Attribute(ATTR_ALLOWED_CLIENT, "129.56.56.45");
- Attribute a6=new Attribute(ATTR_DENIED_CLIENT, "129.*.*.90");
- Attribute a7=new Attribute(ATTR_ALLOW_LDAPV2, "true");
- Attribute a8=new Attribute(ATTR_KEEP_LDAP_STATS, "true");
- Attribute a9=new Attribute(ATTR_SEND_REJECTION_NOTICE, "false");
- Attribute a10=new Attribute(ATTR_USE_TCP_KEEPALIVE, "false");
- Attribute a11=new Attribute(ATTR_USE_TCP_NODELAY, "false");
- Attribute a12=new Attribute(ATTR_ALLOW_REUSE_ADDRESS, "false");
- Attribute a13=new Attribute(ATTR_MAX_REQUEST_SIZE, "45 kb");
- Attribute a14=new Attribute(ATTR_USE_SSL, "false");
- Attribute a15=new Attribute(ATTR_ALLOW_STARTTLS, "true");
- //Add them
- GoodHandlerEntry.addAttribute(a2, null);
-// GoodHandlerEntry.addAttribute(a3, null);
- GoodHandlerEntry.addAttribute(a4, null);
- GoodHandlerEntry.addAttribute(a5, null);
- GoodHandlerEntry.addAttribute(a6, null);
- GoodHandlerEntry.addAttribute(a7, null);
- GoodHandlerEntry.addAttribute(a8, null);
- GoodHandlerEntry.addAttribute(a9, null);
- GoodHandlerEntry.addAttribute(a10, null);
- GoodHandlerEntry.addAttribute(a11, null);
- GoodHandlerEntry.addAttribute(a12, null);
- GoodHandlerEntry.addAttribute(a13, null);
- GoodHandlerEntry.addAttribute(a14, null);
- GoodHandlerEntry.addAttribute(a15, null);
- LinkedList<String> reasons = new LinkedList<String>();
+ LdapTestCase.getConfiguration(BadHandlerEntry);
+ }
+
+ /**
+ * Create handler and then change most of its values and see if
+ * it is acceptable and applied.
+ * @throws Exception if handler cannot be instantiated.
+ */
+ @Test()
+ public void testGoodLDAPConnectionHandlerConfiguration() throws Exception
+ {
+ Entry GoodHandlerEntry=TestCaseUtils.makeEntry(
+ "dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config",
+ "objectClass: top",
+ "objectClass: ds-cfg-connection-handler",
+ "objectClass: ds-cfg-ldap-connection-handler",
+ "cn: LDAP Connection Handler",
+ "ds-cfg-connection-handler-class: org.opends.server.protocols.ldap.LDAPConnectionHandler",
+ "ds-cfg-connection-handler-enabled: true",
+ "ds-cfg-listen-address: 0.0.0.0",
+ "ds-cfg-accept-backlog: 128",
+ "ds-cfg-allow-ldapv2: false",
+ "ds-cfg-keep-stats: false",
+ "ds-cfg-use-tcp-keepalive: true",
+ "ds-cfg-use-tcp-nodelay: true",
+ "ds-cfg-allow-tcp-reuse-address: true",
+ "ds-cfg-send-rejection-notice: true",
+ "ds-cfg-max-request-size: 5 megabytes",
+ "ds-cfg-num-request-handlers: 2",
+ "ds-cfg-allow-start-tls: false",
+ "ds-cfg-use-ssl: true",
+ "ds-cfg-ssl-client-auth-policy: optional",
+ "ds-cfg-ssl-cert-nickname: server-cert",
+ "ds-cfg-key-manager-provider-dn: cn=JKS,cn=Key Manager Providers,cn=config",
+ "ds-cfg-trust-manager-provider-dn: cn=JKS,cn=Trust Manager Providers,cn=config");
+ LDAPConnectionHandler LDAPConnHandler=getLDAPHandlerInstance(GoodHandlerEntry);
+ //Make attrTypes to remove
+ AttributeType at0=DirectoryServer.getAttributeType(ATTR_LISTEN_PORT, true);
+// AttributeType at1=DirectoryServer.getAttributeType(ATTR_LISTEN_ADDRESS, true);
+// Attribute rAttr1=new Attribute(at1);
+// GoodHandlerEntry.removeAttribute(rAttr1, null);
+ AttributeType at2=DirectoryServer.getAttributeType(ATTR_ALLOW_LDAPV2, true);
+ AttributeType at3=DirectoryServer.getAttributeType(ATTR_ALLOW_LDAPV2, true);
+ AttributeType at4=DirectoryServer.getAttributeType(ATTR_KEEP_LDAP_STATS, true);
+ AttributeType at5=DirectoryServer.getAttributeType(ATTR_SEND_REJECTION_NOTICE,true);
+ AttributeType at6=DirectoryServer.getAttributeType(ATTR_USE_TCP_KEEPALIVE,true);
+ AttributeType at7=DirectoryServer.getAttributeType(ATTR_USE_TCP_NODELAY,true);
+ AttributeType at8=DirectoryServer.getAttributeType(ATTR_ALLOW_REUSE_ADDRESS,true);
+ AttributeType at9=DirectoryServer.getAttributeType(ATTR_USE_SSL,true);
+ AttributeType at10=DirectoryServer.getAttributeType(ATTR_ALLOW_STARTTLS,true);
+ AttributeType at11=DirectoryServer.getAttributeType(ATTR_MAX_REQUEST_SIZE,true);
+ AttributeType at12=DirectoryServer.getAttributeType(ATTR_ACCEPT_BACKLOG,true);
+ //Remove them
+ Attribute rAttr0=new Attribute(at0);
+ GoodHandlerEntry.removeAttribute(rAttr0, null);
+
+ Attribute rAttr2=new Attribute(at2);
+ GoodHandlerEntry.removeAttribute(rAttr2, null);
+ Attribute rAttr3=new Attribute(at3);
+ GoodHandlerEntry.removeAttribute(rAttr3, null);
+ Attribute rAttr4=new Attribute(at4);
+ GoodHandlerEntry.removeAttribute(rAttr4, null);
+ Attribute rAttr5=new Attribute(at5);
+ GoodHandlerEntry.removeAttribute(rAttr5, null);
+ Attribute rAttr6=new Attribute(at6);
+ GoodHandlerEntry.removeAttribute(rAttr6, null);
+ Attribute rAttr7=new Attribute(at7);
+ GoodHandlerEntry.removeAttribute(rAttr7, null);
+ Attribute rAttr8=new Attribute(at8);
+ Attribute rAttr9=new Attribute(at9);
+ Attribute rAttr10=new Attribute(at10);
+ Attribute rAttr11=new Attribute(at11);
+ Attribute rAttr12=new Attribute(at12);
+ GoodHandlerEntry.removeAttribute(rAttr8, null);
+ GoodHandlerEntry.removeAttribute(rAttr9, null);
+ GoodHandlerEntry.removeAttribute(rAttr10, null);
+ GoodHandlerEntry.removeAttribute(rAttr11, null);
+ GoodHandlerEntry.removeAttribute(rAttr12, null);
+ //Make new AttrTypes with different values
+ long newPort=getFreePort();
+ Attribute a2=new Attribute(ATTR_LISTEN_PORT, String.valueOf(newPort));
+ //uncomment if want to test listen address
+// Attribute a3=new Attribute(ATTR_LISTEN_ADDRESS, "localhost");
+ Attribute a4=new Attribute(ATTR_ACCEPT_BACKLOG, String.valueOf(25));
+ Attribute a5=new Attribute(ATTR_ALLOWED_CLIENT, "129.56.56.45");
+ Attribute a6=new Attribute(ATTR_DENIED_CLIENT, "129.*.*.90");
+ Attribute a7=new Attribute(ATTR_ALLOW_LDAPV2, "true");
+ Attribute a8=new Attribute(ATTR_KEEP_LDAP_STATS, "true");
+ Attribute a9=new Attribute(ATTR_SEND_REJECTION_NOTICE, "false");
+ Attribute a10=new Attribute(ATTR_USE_TCP_KEEPALIVE, "false");
+ Attribute a11=new Attribute(ATTR_USE_TCP_NODELAY, "false");
+ Attribute a12=new Attribute(ATTR_ALLOW_REUSE_ADDRESS, "false");
+ Attribute a13=new Attribute(ATTR_MAX_REQUEST_SIZE, "45 kb");
+ Attribute a14=new Attribute(ATTR_USE_SSL, "false");
+ Attribute a15=new Attribute(ATTR_ALLOW_STARTTLS, "true");
+ //Add them
+ GoodHandlerEntry.addAttribute(a2, null);
+// GoodHandlerEntry.addAttribute(a3, null);
+ GoodHandlerEntry.addAttribute(a4, null);
+ GoodHandlerEntry.addAttribute(a5, null);
+ GoodHandlerEntry.addAttribute(a6, null);
+ GoodHandlerEntry.addAttribute(a7, null);
+ GoodHandlerEntry.addAttribute(a8, null);
+ GoodHandlerEntry.addAttribute(a9, null);
+ GoodHandlerEntry.addAttribute(a10, null);
+ GoodHandlerEntry.addAttribute(a11, null);
+ GoodHandlerEntry.addAttribute(a12, null);
+ GoodHandlerEntry.addAttribute(a13, null);
+ GoodHandlerEntry.addAttribute(a14, null);
+ GoodHandlerEntry.addAttribute(a15, null);
+ LinkedList<String> reasons = new LinkedList<String>();
LDAPConnectionHandlerCfg config = LdapTestCase.getConfiguration(GoodHandlerEntry);
- //see if we're ok
- boolean ret=LDAPConnHandler.isConfigurationChangeAcceptable(config, reasons);
- assertTrue(ret);
- //apply it
- LDAPConnHandler.applyConfigurationChange(config);
- LDAPConnHandler.finalizeConnectionHandler(reasonMsg, true);
+ //see if we're ok
+ boolean ret=LDAPConnHandler.isConfigurationChangeAcceptable(config, reasons);
+ assertTrue(ret);
+ //apply it
+ LDAPConnHandler.applyConfigurationChange(config);
+ LDAPConnHandler.finalizeConnectionHandler(reasonMsg, true);
- }
+ }
}
--
Gitblit v1.10.0