/* * The contents of this file are subject to the terms of the Common Development and * Distribution License (the License). You may not use this file except in compliance with the * License. * * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the * specific language governing permission and limitations under the License. * * When distributing Covered Software, include this CDDL Header Notice in each file and include * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL * Header, with the fields enclosed by brackets [] replaced by your own identifying * information: "Portions Copyright [year] [name of copyright owner]". * * Copyright 2006-2008 Sun Microsystems, Inc. * Portions Copyright 2014-2016 ForgeRock AS. */ package org.opends.server.controls; import static org.opends.server.util.ServerConstants.*; import static org.testng.Assert.*; import java.util.HashMap; import java.util.Map; import java.util.Set; import org.forgerock.opendj.io.ASN1; import org.forgerock.opendj.io.ASN1Writer; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ByteStringBuilder; import org.opends.server.protocols.ldap.LDAPControl; import org.opends.server.protocols.ldap.LDAPReader; import org.opends.server.types.DirectoryException; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; /** Test password control. */ @SuppressWarnings("javadoc") public class PasswordControlTest extends ControlsTestCase { /** Create values for PasswordPolicyErrorType. */ @DataProvider(name = "passwordPolicyErrorTypeData") public Object[][] createPasswordPolicyErrorTypeData() { HashMap values = new HashMap<>(); values.put(0, "passwordExpired"); values.put(1, "accountLocked"); values.put(2, "changeAfterReset"); values.put(3, "passwordModNotAllowed"); values.put(4, "mustSupplyOldPassword"); values.put(5, "insufficientPasswordQuality"); values.put(6, "passwordTooShort"); values.put(7, "passwordTooYoung"); values.put(8, "passwordInHistory"); return new Object[][] { { values } }; } /** Test if int value are ok. */ @Test(dataProvider = "passwordPolicyErrorTypeData") public void checkIntValuePasswordPolicyErrorTypeTest( Map expectedValues) throws Exception { for (Map.Entry entry : expectedValues.entrySet()) { PasswordPolicyErrorType val = PasswordPolicyErrorType.valueOf(entry.getKey()); String expected = entry.getValue(); assertEquals(val.toString(), expected); } } /** Test If we have only the required values. */ @Test(dataProvider = "passwordPolicyErrorTypeData") public void checkRequiredValuesPasswordPolicyErrorTypeTest( HashMap exceptedValues) throws Exception { // Retrieve the values PasswordPolicyErrorType[] vals = PasswordPolicyErrorType.values(); // Check if we have the correct munber assertEquals(vals.length, exceptedValues.size()); // Check if we have the correct int value for (PasswordPolicyErrorType val : vals) { assertTrue(exceptedValues.containsKey(val.intValue())); } } /** Test invalid int values. */ @Test(dataProvider = "passwordPolicyErrorTypeData") public void checkInvalidIntPasswordPolicyErrorTypeTest( HashMap exceptedValues) throws Exception { Set keys = exceptedValues.keySet() ; for (int i=-10 ; i< 10 ; i++) { if (!keys.contains(i)) { assertNull(PasswordPolicyErrorType.valueOf(i)); } } } /** Create correct values. */ @DataProvider(name = "passwordPolicyWarningTypeData") public Object[][] createPasswordPolicyWarningTypeData() { HashMap values = new HashMap<>(); values.put((byte)0x80, "timeBeforeExpiration"); values.put((byte)0x81, "graceAuthNsRemaining"); return new Object[][] { { values } }; } /** Test if byte values are ok. */ @Test(dataProvider = "passwordPolicyWarningTypeData") public void checkIntValuePasswordPolicyWarningTypeTest( HashMap expectedValues) throws Exception { for (Map.Entry entry : expectedValues.entrySet()) { byte i = entry.getKey(); PasswordPolicyWarningType val = PasswordPolicyWarningType.valueOf(i); String expected = entry.getValue(); assertEquals(val.toString(), expected); assertEquals(i, val.getType()); } } /** Test If we have only the required values. */ @Test(dataProvider = "passwordPolicyWarningTypeData") public void checkRequiredValuesPasswordPolicyWarningTypeTest( HashMap exceptedValues) throws Exception { // Retrieve the values PasswordPolicyWarningType[] vals = PasswordPolicyWarningType.values(); // Check if we have the correct number assertEquals(vals.length, exceptedValues.size()); // Check if we have the correct byte value for (PasswordPolicyWarningType val : vals) { assertTrue(exceptedValues.containsValue(val.toString())); } } /** Test invalid int values. */ @Test(dataProvider = "passwordPolicyWarningTypeData") public void checkInvalidIntPasswordPolicyWarningTypeTest( HashMap exceptedValues) throws Exception { Set keys = exceptedValues.keySet(); for (int i = 0x70; i < 0x90; i++) { byte b = Integer.valueOf(i).byteValue(); if (!keys.contains(b)) { assertNull(PasswordPolicyWarningType.valueOf(b)); PasswordPolicyWarningType val = PasswordPolicyWarningType.valueOf(b); assertNull(val); } } } /** Create values for PasswordExpiredControl. */ @DataProvider(name = "passwordExpiredControlData") public Object[][] createPasswordExpiredControlData() { return new Object[][] { { true }, { false }, }; } /** Test OID. */ @Test public void checkPasswordOID() throws Exception { assertEquals(OID_NS_PASSWORD_EXPIRED, "2.16.840.1.113730.3.4.4"); assertEquals(OID_NS_PASSWORD_EXPIRING, "2.16.840.1.113730.3.4.5"); //assertEquals(OID_PASSWORD_POLICY_CONTROL, ""); } /** Test "Netscape password expired control" implementation. */ @Test(dataProvider = "passwordExpiredControlData") public void passwordExpiredControlTest( boolean isCritical) throws Exception { // Check default constructor PasswordExpiredControl pec = new PasswordExpiredControl(); assertNotNull(pec); assertEquals("PasswordExpiredControl()", pec.toString()); assertEquals(pec.getOID(),OID_NS_PASSWORD_EXPIRED); // Check constructor with oid and boolean pec = new PasswordExpiredControl(isCritical); assertNotNull(pec); assertEquals(pec.isCritical(),isCritical); assertEquals(pec.getOID(),OID_NS_PASSWORD_EXPIRED); // Check the decode LDAPControl control = new LDAPControl(OID_NS_PASSWORD_EXPIRED,isCritical); pec = PasswordExpiredControl.DECODER.decode(control.isCritical(), control.getValue()); assertNotNull(pec); assertEquals(pec.isCritical(),isCritical); assertEquals(pec.getOID(),OID_NS_PASSWORD_EXPIRED); control = new LDAPControl(OID_NS_PASSWORD_EXPIRED, isCritical, ByteString.valueOfUtf8("value")); try { pec = PasswordExpiredControl.DECODER.decode(control.isCritical(), control.getValue()); fail("should be allow to create a passwordExpiredControl with value"); } catch (DirectoryException expected) { } // Check toString assertEquals("PasswordExpiredControl()", pec.toString()); // Check encode ByteStringBuilder bsb = new ByteStringBuilder(); ASN1Writer writer = ASN1.getWriter(bsb); pec = new PasswordExpiredControl(isCritical); pec.write(writer); control = LDAPReader.readControl(ASN1.getReader(bsb)); PasswordExpiredControl newPec = PasswordExpiredControl.DECODER.decode(control.isCritical(), control.getValue()); assertNotNull(newPec); assertEquals(newPec.isCritical(), isCritical); assertEquals(pec.getOID(),OID_NS_PASSWORD_EXPIRED); } /** Create values for PasswordControl. */ @DataProvider(name = "passwordExpiringControlData") public Object[][] createPasswordExpiringControlData() { return new Object[][] { { true, 1}, { false, 2}, }; } /** Test "Netscape password expired control" implementation. */ @Test(dataProvider = "passwordExpiringControlData") public void passwordExpiringControlTest( boolean isCritical, int sec) throws Exception { // Check constructor with int PasswordExpiringControl pec = new PasswordExpiringControl(sec); assertNotNull(pec); String toString = "PasswordExpiringControl(secondsUntilExpiration=" + sec +")" ; assertEquals(toString, pec.toString()); assertEquals(pec.getOID(),OID_NS_PASSWORD_EXPIRING); assertEquals(pec.getSecondsUntilExpiration(), sec); // Check constructor with oid, boolean and int pec = new PasswordExpiringControl(isCritical, sec); assertNotNull(pec); assertEquals(pec.isCritical(),isCritical); assertEquals(pec.getOID(),OID_NS_PASSWORD_EXPIRING); assertEquals(pec.getSecondsUntilExpiration(), sec); // Check the decode LDAPControl control = new LDAPControl(OID_NS_PASSWORD_EXPIRING,isCritical); try { pec = PasswordExpiringControl.DECODER.decode(control.isCritical(), control.getValue()); fail("shouldn't be allowed to create PasswordExpiringControl without value"); } catch (DirectoryException expected) { } control = new LDAPControl(OID_NS_PASSWORD_EXPIRING, isCritical, ByteString.valueOfUtf8("Wrong value")); try { pec = PasswordExpiringControl.DECODER.decode(control.isCritical(), control.getValue()); fail("shouldn't be allowed to create PasswordExpiringControl with a wrong value"); } catch (DirectoryException expected) { } // Check encode/decode ByteStringBuilder bsb = new ByteStringBuilder(); ASN1Writer writer = ASN1.getWriter(bsb); pec = new PasswordExpiringControl(isCritical, sec); pec.write(writer); control = LDAPReader.readControl(ASN1.getReader(bsb)); pec = PasswordExpiringControl.DECODER.decode(control.isCritical(), control.getValue()); assertNotNull(pec); assertEquals(pec.isCritical(), isCritical); assertEquals(pec.getOID(),OID_NS_PASSWORD_EXPIRING); assertEquals(pec.getSecondsUntilExpiration(), sec); } /** Create values for PasswordControl. */ @DataProvider(name = "passwordPolicyRequestControlData") public Object[][] createPasswordPolicyRequestControlData() { return new Object[][] { { true}, { false}, }; } /** Test PasswordPolicyRequestControl. */ @Test(dataProvider = "passwordPolicyRequestControlData") public void passwordPolicyRequestControlTest( boolean isCritical) throws Exception { // Check default constructor PasswordPolicyRequestControl pec = new PasswordPolicyRequestControl(); assertNotNull(pec); assertEquals("PasswordPolicyRequestControl()", pec.toString()); assertEquals(pec.getOID(),OID_PASSWORD_POLICY_CONTROL); // Check constructor with oid and boolean pec = new PasswordPolicyRequestControl(isCritical); assertNotNull(pec); assertEquals(pec.isCritical(),isCritical); assertEquals(pec.getOID(),OID_PASSWORD_POLICY_CONTROL); // Check the encode/decode ByteStringBuilder bsb = new ByteStringBuilder(); ASN1Writer writer = ASN1.getWriter(bsb); pec = new PasswordPolicyRequestControl(isCritical); pec.write(writer); LDAPControl control = LDAPReader .readControl(ASN1.getReader(bsb)); pec = PasswordPolicyRequestControl.DECODER.decode(control.isCritical(), control.getValue()); assertNotNull(pec); assertEquals(pec.isCritical(),isCritical); assertEquals(pec.getOID(),OID_PASSWORD_POLICY_CONTROL); control = new LDAPControl(OID_PASSWORD_POLICY_CONTROL, isCritical, ByteString.valueOfUtf8("value")); try { pec = PasswordPolicyRequestControl.DECODER.decode(control.isCritical(), control.getValue()); fail("should be allow to create a PasswordPolicyRequestControl with value"); } catch (DirectoryException expected) { } // Check toString assertEquals("PasswordPolicyRequestControl()", pec.toString()); } /** Create values for PasswordControl. */ @DataProvider(name = "passwordPolicyResponseControl") public Object[][] createPasswordPolicyResponseControlData() { return new Object[][] { { true , -1}, { false , -1}, { true , 0}, { false , 0} }; } /** Test PasswordPolicyResponseControl. */ @Test(dataProvider = "passwordPolicyResponseControl") public void passwordPolicyResponseControlTest(boolean isCritical, int warningValue) throws Exception { // Check default constructor PasswordPolicyResponseControl pprc = new PasswordPolicyResponseControl(); assertNotNull(pprc); assertEquals("PasswordPolicyResponseControl()", pprc.toString()); assertEquals(pprc.getOID(), OID_PASSWORD_POLICY_CONTROL); assertNull(pprc.getWarningType()); assertNull(pprc.getErrorType()); // check constructor PasswordPolicyResponseControl // (PasswordPolicyWarningType warningType, // int warningValue, // PasswordPolicyErrorType errorType) for (PasswordPolicyErrorType errorType : PasswordPolicyErrorType.values()) { for (PasswordPolicyWarningType warningType : PasswordPolicyWarningType.values()) { pprc = new PasswordPolicyResponseControl(warningType,warningValue,errorType); assertNotNull(pprc) ; assertEquals(warningType, pprc.getWarningType()); assertEquals(errorType, pprc.getErrorType()); assertEquals(pprc.getWarningValue(),warningValue); assertEquals(pprc.getOID(), OID_PASSWORD_POLICY_CONTROL); } } // check constructor PasswordPolicyResponseControl // (PString oid, boolean isCritical, // PasswordPolicyWarningType warningType, // warningValue, // PasswordPolicyErrorType errorType) for (PasswordPolicyErrorType errorType : PasswordPolicyErrorType.values()) { for (PasswordPolicyWarningType warningType : PasswordPolicyWarningType.values()) { pprc = new PasswordPolicyResponseControl(isCritical, warningType, warningValue, errorType); assertNotNull(pprc); assertEquals(warningType, pprc.getWarningType()); assertEquals(errorType, pprc.getErrorType()); assertEquals(pprc.getWarningValue(), warningValue); assertEquals(pprc.getOID(), OID_PASSWORD_POLICY_CONTROL); } } // check encode/decode ByteStringBuilder bsb = new ByteStringBuilder(); ASN1Writer writer = ASN1.getWriter(bsb); for (PasswordPolicyErrorType errorType : PasswordPolicyErrorType.values()) { for (PasswordPolicyWarningType warningType : PasswordPolicyWarningType.values()) { bsb.clear(); PasswordPolicyResponseControl control = new PasswordPolicyResponseControl( isCritical, warningType, warningValue, errorType); control.write(writer); LDAPControl c = LDAPReader.readControl(ASN1.getReader(bsb)); pprc = PasswordPolicyResponseControl.DECODER.decode(c.isCritical(), c.getValue()); assertNotNull(pprc); assertEquals(warningType, pprc.getWarningType()); assertEquals(errorType, pprc.getErrorType()); assertEquals(pprc.getWarningValue(), warningValue); assertEquals(pprc.getOID(), OID_PASSWORD_POLICY_CONTROL); // check to String String toString = "PasswordPolicyResponseControl(" + warningType + "=" + warningValue + ", " + errorType + ")" ; assertEquals(pprc.toString(), toString); // check null value for the control try { c = new LDAPControl(OID_PASSWORD_POLICY_CONTROL, isCritical); pprc = PasswordPolicyResponseControl.DECODER.decode(c.isCritical(), c.getValue()); fail("the control should have a value"); } catch (DirectoryException expected) { } // check null warning type bsb.clear(); control = new PasswordPolicyResponseControl(isCritical, null, warningValue, errorType); control.write(writer); c = LDAPReader.readControl(ASN1.getReader(bsb)); pprc = PasswordPolicyResponseControl.DECODER.decode(c.isCritical(), c.getValue()); assertNull(pprc.getWarningType()); // check null error type bsb.clear(); control = new PasswordPolicyResponseControl(isCritical, warningType, warningValue, null); control.write(writer); c = LDAPReader.readControl(ASN1.getReader(bsb)); pprc = PasswordPolicyResponseControl.DECODER.decode(c.isCritical(), c.getValue()); assertNull(pprc.getErrorType()); } } } }