You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ka...@apache.org on 2010/09/13 12:31:09 UTC
svn commit: r996485 -
/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
Author: kayyagari
Date: Mon Sep 13 10:31:08 2010
New Revision: 996485
URL: http://svn.apache.org/viewvc?rev=996485&view=rev
Log:
o migrated the some SASL tests to use the client-api
Modified:
directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
Modified: directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java?rev=996485&r1=996484&r2=996485&view=diff
==============================================================================
--- directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java (original)
+++ directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java Mon Sep 13 10:31:08 2010
@@ -26,12 +26,8 @@ import static org.junit.Assert.fail;
import java.lang.reflect.Field;
import java.nio.ByteBuffer;
-import java.util.Hashtable;
-import javax.naming.AuthenticationNotSupportedException;
-import javax.naming.Context;
import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
@@ -39,6 +35,8 @@ import javax.naming.directory.InitialDir
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.net.SocketClient;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.directory.server.annotations.CreateLdapServer;
import org.apache.directory.server.annotations.CreateTransport;
import org.apache.directory.server.annotations.SaslMechanism;
@@ -49,6 +47,7 @@ import org.apache.directory.server.core.
import org.apache.directory.server.core.annotations.CreatePartition;
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
import org.apache.directory.server.core.integ.FrameworkRunner;
+import org.apache.directory.server.core.kerberos.KeyDerivationInterceptor;
import org.apache.directory.server.ldap.handlers.bind.cramMD5.CramMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.digestMD5.DigestMd5MechanismHandler;
import org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler;
@@ -56,6 +55,8 @@ import org.apache.directory.server.ldap.
import org.apache.directory.server.ldap.handlers.bind.plain.PlainMechanismHandler;
import org.apache.directory.server.ldap.handlers.extended.StoredProcedureExtendedOperationHandler;
import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
+import org.apache.directory.shared.ldap.entry.Entry;
+import org.apache.directory.shared.ldap.message.BindRequest;
import org.apache.directory.shared.ldap.message.BindRequestImpl;
import org.apache.directory.shared.ldap.message.BindResponse;
import org.apache.directory.shared.ldap.message.LdapProtocolEncoder;
@@ -78,16 +79,30 @@ import org.slf4j.LoggerFactory;
@ApplyLdifs(
{
// Entry # 1
- "dn: ou=users,dc=example,dc=com", "objectClass: organizationalUnit", "objectClass: top",
+ "dn: ou=users,dc=example,dc=com",
+ "objectClass: organizationalUnit",
+ "objectClass: top",
"ou: users\n",
// Entry # 2
- "dn: uid=hnelson,ou=users,dc=example,dc=com", "objectClass: inetOrgPerson",
- "objectClass: organizationalPerson", "objectClass: person", "objectClass: top", "uid: hnelson",
- "userPassword: secret", "cn: Horatio Nelson", "sn: Nelson" })
-@CreateDS(allowAnonAccess = true, name = "SaslBindIT-class", partitions =
+ "dn: uid=hnelson,ou=users,dc=example,dc=com",
+ "objectClass: inetOrgPerson",
+ "objectClass: organizationalPerson",
+ "objectClass: person",
+ "objectClass: krb5principal",
+ "objectClass: krb5kdcentry",
+ "objectClass: top",
+ "uid: hnelson",
+ "userPassword: secret",
+ "krb5PrincipalName: hnelson@EXAMPLE.COM",
+ "krb5KeyVersionNumber: 0",
+ "cn: Horatio Nelson",
+ "sn: Nelson" })
+@CreateDS(allowAnonAccess = false, name = "SaslBindIT-class", partitions =
{ @CreatePartition(name = "example", suffix = "dc=example,dc=com", contextEntry = @ContextEntry(entryLdif = "dn: dc=example,dc=com\n"
+ "dc: example\n" + "objectClass: top\n" + "objectClass: domain\n\n"), indexes =
- { @CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou") }) })
+ { @CreateIndex(attribute = "objectClass"), @CreateIndex(attribute = "dc"), @CreateIndex(attribute = "ou") }) },
+additionalInterceptors = { KeyDerivationInterceptor.class }
+)
@CreateLdapServer(transports =
{ @CreateTransport(protocol = "LDAP") }, saslHost = "localhost", saslMechanisms =
{ @SaslMechanism(name = SupportedSaslMechanisms.PLAIN, implClass = PlainMechanismHandler.class),
@@ -144,30 +159,22 @@ public class SaslBindIT extends Abstract
{
try
{
- Hashtable<String, String> env = new Hashtable<String, String>();
- env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
- env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getPort() );
+ DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
+ LdapConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
+ BindRequest bindReq = new BindRequestImpl();
+ bindReq.setCredentials( "secret".getBytes() );
+ bindReq.setName( userDn );
+ bindReq.setSaslMechanism( SupportedSaslMechanisms.PLAIN );
- env.put( Context.SECURITY_AUTHENTICATION, "PLAIN" );
- env.put( Context.SECURITY_PRINCIPAL, "uid=hnelson,ou=users,dc=example,dc=com" );
- env.put( Context.SECURITY_CREDENTIALS, "secret" );
+ BindResponse resp = connection.bind( bindReq );
+ assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
- DirContext context = new InitialDirContext( env );
+ Entry entry = connection.lookup( userDn );
+ assertEquals( "hnelson", entry.get( "uid" ).getString() );
- String[] attrIDs =
- { "uid" };
-
- Attributes attrs = context.getAttributes( "uid=hnelson,ou=users,dc=example,dc=com", attrIDs );
- String uid = null;
-
- if ( attrs.get( "uid" ) != null )
- {
- uid = ( String ) attrs.get( "uid" ).get();
- }
-
- assertEquals( uid, "hnelson" );
+ connection.close();
}
- catch ( NamingException e )
+ catch ( Exception e )
{
fail( "Should not have caught exception." );
}
@@ -182,22 +189,19 @@ public class SaslBindIT extends Abstract
{
try
{
- Hashtable<String, String> env = new Hashtable<String, String>();
- env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
- env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getPort() );
-
- env.put( Context.SECURITY_AUTHENTICATION, "" );
- env.put( Context.SECURITY_PRINCIPAL, "uid=hnelson,ou=users,dc=example,dc=com" );
- env.put( Context.SECURITY_CREDENTIALS, "secret" );
-
- new InitialDirContext( env );
- fail( "Should not be there" );
- }
- catch ( AuthenticationNotSupportedException anse )
- {
- assertTrue( true );
+ DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
+ LdapConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
+ BindRequest bindReq = new BindRequestImpl();
+ bindReq.setCredentials( "secret".getBytes() );
+ bindReq.setName( userDn );
+ bindReq.setSaslMechanism( "" ); // invalid mechanism
+ bindReq.setSimple( false );
+
+ BindResponse resp = connection.bind( bindReq );
+ assertEquals( ResultCodeEnum.AUTH_METHOD_NOT_SUPPORTED, resp.getLdapResult().getResultCode() );
+ connection.close();
}
- catch ( NamingException ne )
+ catch ( Exception e )
{
fail( "Should not have caught exception." );
}
@@ -212,31 +216,18 @@ public class SaslBindIT extends Abstract
{
try
{
- Hashtable<String, String> env = new Hashtable<String, String>();
- env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
- env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getPort() );
-
- env.put( Context.SECURITY_AUTHENTICATION, "CRAM-MD5" );
- env.put( Context.SECURITY_PRINCIPAL, "hnelson" );
- env.put( Context.SECURITY_CREDENTIALS, "secret" );
-
- DirContext context = new InitialDirContext( env );
+ DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
+ LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
- String[] attrIDs =
- { "uid" };
+ BindResponse resp = connection.bindCramMd5( userDn.getName(), "secret", null );
+ assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
- Attributes attrs = context.getAttributes( "uid=hnelson,ou=users,dc=example,dc=com", attrIDs );
+ Entry entry = connection.lookup( userDn );
+ assertEquals( "hnelson", entry.get( "uid" ).getString() );
- String uid = null;
-
- if ( attrs.get( "uid" ) != null )
- {
- uid = ( String ) attrs.get( "uid" ).get();
- }
-
- assertEquals( uid, "hnelson" );
+ connection.close();
}
- catch ( NamingException e )
+ catch ( Exception e )
{
fail( "Should not have caught exception." );
}
@@ -251,26 +242,17 @@ public class SaslBindIT extends Abstract
{
try
{
- Hashtable<String, String> env = new Hashtable<String, String>();
- env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
- env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getPort() );
-
- env.put( Context.SECURITY_AUTHENTICATION, "CRAM-MD5" );
- env.put( Context.SECURITY_PRINCIPAL, "hnelson" );
- env.put( Context.SECURITY_CREDENTIALS, "badsecret" );
-
- DirContext context = new InitialDirContext( env );
-
- String[] attrIDs =
- { "uid" };
-
- context.getAttributes( "uid=hnelson,ou=users,dc=example,dc=com", attrIDs );
-
- fail( "Should have thrown exception." );
+ DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
+ LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
+
+ BindResponse resp = connection.bindCramMd5( userDn.getName(), "badsecret", null );
+ assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resp.getLdapResult().getResultCode() );
+ connection.close();
}
- catch ( NamingException e )
+ catch ( Exception e )
{
- assertTrue( e.getMessage().contains( "Invalid response" ) );
+ e.printStackTrace();
+ fail( "Should not have caught exception." );
}
}
@@ -281,35 +263,25 @@ public class SaslBindIT extends Abstract
@Test
public void testSaslDigestMd5Bind() throws Exception
{
- Hashtable<String, String> env = new Hashtable<String, String>();
- env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
- env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getPort() );
-
- env.put( Context.SECURITY_AUTHENTICATION, "DIGEST-MD5" );
- env.put( Context.SECURITY_PRINCIPAL, "hnelson" );
- env.put( Context.SECURITY_CREDENTIALS, "secret" );
-
- // Specify realm
- env.put( "java.naming.security.sasl.realm", "example.com" );
-
- // Request privacy protection
- env.put( "javax.security.sasl.qop", "auth-conf" );
-
- DirContext context = new InitialDirContext( env );
-
- String[] attrIDs =
- { "uid" };
-
- Attributes attrs = context.getAttributes( "uid=hnelson,ou=users,dc=example,dc=com", attrIDs );
+ try
+ {
+ DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
+ LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
+ connection.setTimeOut( Integer.MAX_VALUE );
+
+ BindResponse resp = connection.bindDigestMd5( userDn.getName(), "secret", null, ldapServer.getSaslRealms()
+ .get( 0 ) );
+ assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
- String uid = null;
+ Entry entry = connection.lookup( userDn );
+ assertEquals( "hnelson", entry.get( "uid" ).getString() );
- if ( attrs.get( "uid" ) != null )
+ connection.close();
+ }
+ catch ( Exception e )
{
- uid = ( String ) attrs.get( "uid" ).get();
+ fail( "Should not have caught exception." );
}
-
- assertEquals( uid, "hnelson" );
}
@@ -321,33 +293,20 @@ public class SaslBindIT extends Abstract
{
try
{
- Hashtable<String, String> env = new Hashtable<String, String>();
- env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
- env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getPort() );
-
- env.put( Context.SECURITY_AUTHENTICATION, "DIGEST-MD5" );
- env.put( Context.SECURITY_PRINCIPAL, "hnelson" );
- env.put( Context.SECURITY_CREDENTIALS, "secret" );
+ DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
+ LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
+ connection.setTimeOut( Integer.MAX_VALUE );
- // Bad realm
- env.put( "java.naming.security.sasl.realm", "badrealm.com" );
+ BindResponse resp = connection.bindDigestMd5( userDn.getName(), "secret", null, "badrealm.com" );
+ assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resp.getLdapResult().getResultCode() );
- // Request privacy protection
- env.put( "javax.security.sasl.qop", "auth-conf" );
-
- DirContext context = new InitialDirContext( env );
-
- String[] attrIDs =
- { "uid" };
-
- context.getAttributes( "uid=hnelson,ou=users,dc=example,dc=com", attrIDs );
-
- fail( "Should have thrown exception." );
+ connection.close();
}
- catch ( NamingException e )
+ catch ( Exception e )
{
- assertTrue( e.getMessage().contains( "Nonexistent realm" ) );
+ fail( "Should not have caught exception." );
}
+
}
@@ -359,24 +318,20 @@ public class SaslBindIT extends Abstract
{
try
{
- Hashtable<String, String> env = new Hashtable<String, String>();
- env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
- env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getPort() );
-
- env.put( Context.SECURITY_AUTHENTICATION, "DIGEST-MD5" );
- env.put( Context.SECURITY_PRINCIPAL, "hnelson" );
- env.put( Context.SECURITY_CREDENTIALS, "badsecret" );
-
- DirContext context = new InitialDirContext( env );
- String[] attrIDs =
- { "uid" };
+ DN userDn = new DN( "uid=hnelson,ou=users,dc=example,dc=com" );
+ LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() );
+ connection.setTimeOut( Integer.MAX_VALUE );
+
+ BindResponse resp = connection.bindDigestMd5( userDn.getName(), "badsecret", null, ldapServer
+ .getSaslRealms().get( 0 ) );
+ assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resp.getLdapResult().getResultCode() );
- context.getAttributes( "uid=hnelson,ou=users,dc=example,dc=com", attrIDs );
- fail( "Should have thrown exception." );
+ connection.close();
}
- catch ( NamingException e )
+ catch ( Exception e )
{
- assertTrue( e.getMessage().contains( "digest response format violation" ) );
+ e.printStackTrace();
+ fail( "Should not have caught exception." );
}
}