/* * The contents of this file are subject to the terms of the Common Development and * Distribution License (the License). You may not use this file except in compliance with the * License. * * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the * specific language governing permission and limitations under the License. * * When distributing Covered Software, include this CDDL Header Notice in each file and include * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL * Header, with the fields enclosed by brackets [] replaced by your own identifying * information: "Portions Copyright [year] [name of copyright owner]". * * Copyright 2008 Sun Microsystems, Inc. * Portions Copyright 2014-2016 ForgeRock AS. */ package org.opends.server.plugins; import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; import org.opends.server.TestCaseUtils; import org.forgerock.opendj.ldap.ResultCode; import com.forgerock.opendj.ldap.tools.LDAPModify; import static org.testng.Assert.*; /** * This class defines a set of tests for the * org.opends.server.plugins.SevenBitCleanPlugin class. */ public class SevenBitCleanPluginTestCase extends PluginTestCase { /** * The base64-encoded value that will be used as the password for entries that * are not 7-bit clean. */ public static final String BASE64_DIRTY_PASSWORD = "cORzc3f2cmQ="; /** * Ensures that the Directory Server is running. * * @throws Exception If an unexpected problem occurs. */ @BeforeClass public void startServer() throws Exception { TestCaseUtils.startServer(); } /** * Tests to ensure that it is possible to add a clean entry when the plugin * is disabled. * * @throws Exception If an unexpected problem occurs. */ @Test public void testAddCleanAllowedDisabled() throws Exception { TestCaseUtils.initializeTestBackend(true); String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: add", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword: password"); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), 0); } /** * Tests to ensure that it is possible to add a dirty entry when the plugin * is disabled. * * @throws Exception If an unexpected problem occurs. */ @Test public void testAddDirtyAllowedDisabled() throws Exception { TestCaseUtils.initializeTestBackend(true); String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: add", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword:: " + BASE64_DIRTY_PASSWORD); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), 0); } /** * Tests to ensure that it is possible to add a clean entry when the plugin * is enabled. * * @throws Exception If an unexpected problem occurs. */ @Test public void testAddCleanAllowedEnabled() throws Exception { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:true"); try { TestCaseUtils.initializeTestBackend(true); String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: add", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword: password"); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), 0); } finally { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:false"); } } /** * Tests to ensure that it is not possible to add a dirty entry when the * plugin is enabled. * * @throws Exception If an unexpected problem occurs. */ @Test public void testAddDirtyRejectedEnabled() throws Exception { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:true"); try { TestCaseUtils.initializeTestBackend(true); String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: add", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword:: " + BASE64_DIRTY_PASSWORD); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), ResultCode.CONSTRAINT_VIOLATION.intValue()); } finally { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:false"); } } /** * Tests to ensure that it is not possible to add a dirty entry when the * plugin is enabled but the entry being added is outside of the scope of the * plugin. * * @throws Exception If an unexpected problem occurs. */ @Test public void testAddDirtyAcceptedEnabledOutsideScope() throws Exception { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:true", "--set", "base-dn:dc=example,dc=com"); try { TestCaseUtils.initializeTestBackend(true); String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: add", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword:: " + BASE64_DIRTY_PASSWORD); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), 0); } finally { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:false", "--remove", "base-dn:dc=example,dc=com"); } } /** * Tests to ensure that it is possible to modify an entry to have a dirty * password value with the plugin disabled. * * @throws Exception If an unexpected problem occurs. */ @Test public void testModifyDirtyAllowedDisabled() throws Exception { TestCaseUtils.initializeTestBackend(true); TestCaseUtils.addEntry( "dn: uid=test.user,o=test", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword: password"); String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: modify", "replace: userPassword", "userPassword:: " + BASE64_DIRTY_PASSWORD); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), 0); } /** * Tests to ensure that it is not possible to modify an entry to have a dirty * password value with the plugin enabled. * * @throws Exception If an unexpected problem occurs. */ @Test public void testModifyDirtyRejectedEnabled() throws Exception { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:true"); try { TestCaseUtils.initializeTestBackend(true); TestCaseUtils.addEntry( "dn: uid=test.user,o=test", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword: password"); String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: modify", "replace: userPassword", "userPassword:: " + BASE64_DIRTY_PASSWORD); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), ResultCode.CONSTRAINT_VIOLATION.intValue()); } finally { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:false"); } } /** * Tests to ensure that it is possible to modify an entry containing a dirty * password value when changing that value to be clean. * * @throws Exception If an unexpected problem occurs. */ @Test public void testModifyDirtyToCleanAllowedEnabled() throws Exception { TestCaseUtils.initializeTestBackend(true); TestCaseUtils.addEntry( "dn: uid=test.user,o=test", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword:: " + BASE64_DIRTY_PASSWORD); TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:true"); try { String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: modify", "replace: userPassword", "userPassword: clean"); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), 0); } finally { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:false"); } } /** * Tests to ensure that it is possible to modify an entry containing a dirty * password in order to remove that value. * * @throws Exception If an unexpected problem occurs. */ @Test public void testModifyRemoveDirtyValueAllowedEnabled() throws Exception { TestCaseUtils.initializeTestBackend(true); TestCaseUtils.addEntry( "dn: uid=test.user,o=test", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword:: " + BASE64_DIRTY_PASSWORD); TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:true"); try { String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: modify", "delete: userPassword", "userPassword:: " + BASE64_DIRTY_PASSWORD); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), 0); } finally { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:false"); } } /** * Tests to ensure that it is possible to perform a modify DN operation to * provide a dirty new RDN with the plugin disabled. * * @throws Exception If an unexpected problem occurs. */ @Test public void testModifyDNDirtyAllowedDisabled() throws Exception { TestCaseUtils.initializeTestBackend(true); TestCaseUtils.addEntry( "dn: uid=test.user,o=test", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword: password"); String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: modrdn", "newrdn: uid=Lu\\C4\\8Di\\C4\\87", "deleteoldrdn: 1"); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), 0); } /** * Tests to ensure that it is not possible to perform a modify DN operation to * provide a dirty new RDN with the plugin enabled. * * @throws Exception If an unexpected problem occurs. */ @Test public void testModifyDNDirtyRejectedEnabled() throws Exception { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:true"); try { TestCaseUtils.initializeTestBackend(true); TestCaseUtils.addEntry( "dn: uid=test.user,o=test", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", "uid: test.user", "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword: password"); String path = TestCaseUtils.createTempFile( "dn: uid=test.user,o=test", "changetype: modrdn", "newrdn: uid=Lu\\C4\\8Di\\C4\\87", "deleteoldrdn: 1"); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), ResultCode.CONSTRAINT_VIOLATION.intValue()); } finally { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:false"); } } /** * Tests to ensure that it is possible to perform a modify DN operation to * provide a clean new RDN for a dirty entry with the plugin enabled. * * @throws Exception If an unexpected problem occurs. */ @Test public void testModifyDNDirtyToCleanAllowedEnabled() throws Exception { TestCaseUtils.initializeTestBackend(true); TestCaseUtils.addEntry( "dn: uid=Lu\\C4\\8Di\\C4\\87,o=test", "objectClass: top", "objectClass: person", "objectClass: organizationalPerson", "objectClass: inetOrgPerson", //"uid:: " + BASE64_DIRTY_PASSWORD, "givenName: Test", "sn: User", "cn: Test User", "mail: test.user@example.com", "userPassword: password"); TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:true"); try { String path = TestCaseUtils.createTempFile( "dn: uid=Lu\\C4\\8Di\\C4\\87,o=test", "changetype: modrdn", "newrdn: uid=test.user", "deleteoldrdn: 1"); String[] args = { "-h", "127.0.0.1", "-p", String.valueOf(TestCaseUtils.getServerLdapPort()), "-D", "cn=Directory Manager", "-w", "password", "-f", path }; assertEquals(LDAPModify.run(System.out, System.err, args), 0); } finally { TestCaseUtils.dsconfig( "set-plugin-prop", "--plugin-name", "7-Bit Clean", "--set", "enabled:false"); } } }