FingerprintCertificateMapperTestCase.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2008 Sun Microsystems, Inc.
* Portions Copyright 2012-2015 ForgeRock AS
*/
/**
* A set of test cases for the fingerprint certificate mapper.
*/
public class FingerprintCertificateMapperTestCase
extends ExtensionsTestCase
{
/**
* Ensures that the Directory Server is running.
*
* @throws Exception If an unexpected problem occurs.
*/
public void startServer()
throws Exception
{
}
/**
* Retrieves a set of invalid configurations that cannot be used to
* initialize the certificate mapper.
*
* @throws Exception If an unexpected problem occurs.
*/
public Object[][] getInvalidConfigurations()
throws Exception
{
"dn: cn=No Fingerprint Attr,cn=Certificate Mappers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-certificate-mapper",
"objectClass: ds-cfg-fingerprint-certificate-mapper",
"cn: No Fingerprint Attr",
"ds-cfg-java-class: org.opends.server.extensions." +
"FingerprintCertificateMapper",
"ds-cfg-enabled: true",
"ds-cfg-fingerprint-algorithm: MD5",
"",
"dn: cn=Undefined Fingerprint Attr,cn=Certificate Mappers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-certificate-mapper",
"objectClass: ds-cfg-fingerprint-certificate-mapper",
"cn: Undefined Fingerprint Attr",
"ds-cfg-java-class: org.opends.server.extensions." +
"FingerprintCertificateMapper",
"ds-cfg-enabled: true",
"ds-cfg-fingerprint-attribute: undefined",
"ds-cfg-fingerprint-algorithm: MD5",
"",
"dn: cn=No Fingerprint Algorithm,cn=Certificate Mappers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-certificate-mapper",
"objectClass: ds-cfg-fingerprint-certificate-mapper",
"cn: No Fingerprint Algorithm",
"ds-cfg-java-class: org.opends.server.extensions." +
"FingerprintCertificateMapper",
"ds-cfg-enabled: true",
"ds-cfg-fingerprint-attribute: " +
"ds-certificate-fingerprint",
"",
"dn: cn=Invalid Fingerprint Algorithm,cn=Certificate Mappers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-certificate-mapper",
"objectClass: ds-cfg-fingerprint-certificate-mapper",
"cn: Invalid Fingerprint Algorithm",
"ds-cfg-java-class: org.opends.server.extensions." +
"FingerprintCertificateMapper",
"ds-cfg-enabled: true",
"ds-cfg-fingerprint-attribute: " +
"ds-certificate-fingerprint",
"ds-cfg-fingerprint-algorithm: invalid",
"",
"dn: cn=Invalid Base DN,cn=Certificate Mappers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-certificate-mapper",
"objectClass: ds-cfg-fingerprint-certificate-mapper",
"cn: Invalid Base DN",
"ds-cfg-java-class: org.opends.server.extensions." +
"FingerprintCertificateMapper",
"ds-cfg-enabled: true",
"ds-cfg-fingerprint-attribute: " +
"ds-certificate-fingerprint",
"ds-cfg-fingerprint-algorithm: MD5",
"ds-cfg-user-base-dn: invalid");
{
}
return configEntries;
}
/**
* Tests initialization with an invalid configuration.
*
* @param e The configuration entry to use to initialize the certificate
* mapper.
*
* @throws Exception If an unexpected problem occurs.
*/
expectedExceptions = { ConfigException.class,
InitializationException.class })
public void testInvalidConfigs(Entry e)
throws Exception
{
e);
}
/**
* Tests a successful mapping using the default configuration.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testSuccessfulMappingDefaultConfig()
throws Exception
{
enableMapper();
try
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: ds-certificate-user",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-certificate-fingerprint: " +
"07:5A:AB:4B:E1:DD:E3:05:83:C0:FE:5F:A3:E8:1E:EB");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-P", trustStorePath,
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
finally
{
}
}
/**
* Tests a successful mapping using the SHA-1 digest algorithm.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testSuccessfulMappingSHA1()
throws Exception
{
enableMapper();
try
{
setFingerprintAlgorithm("SHA1");
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: ds-certificate-user",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-certificate-fingerprint: " +
"CB:A4:C7:A0:46:1F:44:88:12:23:56:49:F9:54:F4:37:E1:9F:9F:A4");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-P", trustStorePath,
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
finally
{
setFingerprintAlgorithm("MD5");
}
}
/**
* Tests a failed mapping due to no matching entries.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testFailedMappingNoMatchingEntries()
throws Exception
{
enableMapper();
try
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: ds-certificate-user",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-P", trustStorePath,
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
finally
{
}
}
/**
* Tests a failed mapping due to multiple matching entries.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testFailedMappingMultipleMatchingEntries()
throws Exception
{
enableMapper();
try
{
"dn: uid=test.user1,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: ds-certificate-user",
"uid: test.user1",
"givenName: Test",
"sn: User",
"cn: Test User 1",
"ds-certificate-fingerprint: " +
"07:5A:AB:4B:E1:DD:E3:05:83:C0:FE:5F:A3:E8:1E:EB",
"",
"dn: uid=test.user2,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: ds-certificate-user",
"uid: test.user2",
"givenName: Test",
"sn: User",
"cn: Test User 2",
"ds-certificate-fingerprint: " +
"07:5A:AB:4B:E1:DD:E3:05:83:C0:FE:5F:A3:E8:1E:EB");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-P", trustStorePath,
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
finally
{
}
}
/**
* Tests to ensure that an attmept to remove the fingerprint attribute will
* fail.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testRemoveFingerprintAttribute()
throws Exception
{
Attribute a =
"ds-cfg-fingerprint-attribute"));
}
/**
* Tests to ensure that an attmept to remove the fingerprint algorithm will
* fail.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testRemoveFingerprintAlgorithm()
throws Exception
{
Attribute a =
"ds-cfg-fingerprint-algorithm"));
}
/**
* Tests to ensure that an attmept to set an undefined fingerprint attribute
* will fail.
*
* @throws Exception If an unexpected problem occurs.
*/
public void testSetUndefinedFingerprintAttribute()
throws Exception
{
setFingerprintAttribute("undefined");
}
/**
* Tests to ensure that an attmept to set an undefined fingerprint algorithm
* will fail.
*
* @throws Exception If an unexpected problem occurs.
*/
public void testSetUndefinedFingerprintAlgorithm()
throws Exception
{
setFingerprintAlgorithm("undefined");
}
/**
* Tests to ensure that an attmept to set an invalid base DN will fail.
*
* @throws Exception If an unexpected problem occurs.
*/
public void testSetInvalidBaseDN()
throws Exception
{
}
/**
* Alters the configuration of the SASL EXTERNAL mechanism handler so that it
* uses the Subject DN to User Attribute certificate mapper.
*
* @throws Exception If an unexpected problem occurs.
*/
private void enableMapper()
throws Exception
{
mapperDN)));
}
/**
* Alters the configuration of the SASL EXTERNAL mechanism handler so that it
* uses the Subject Equals DN certificate mapper.
*
* @throws Exception If an unexpected problem occurs.
*/
private void disableMapper()
throws Exception
{
mapperDN)));
}
/**
* Alters the configuration of the fingerprint certificate mapper so that it
* will look for the fingerprint in the specified attribute.
*
* @param attrName The name of the attribute in which to look for the
* certificate subject.
*
* @throws Exception If an unexpected problem occurs.
*/
throws Exception
{
attrName)));
}
/**
* Alters the configuration of the fingerprint certificate mapper so that it
* will use the specified fingerprint algorithm.
*
* @param algorithm The name of the fingerprint algorithm to use.
*
* @throws Exception If an unexpected problem occurs.
*/
throws Exception
{
algorithm)));
}
/**
* Alters the configuration of the Subject DN to User Attribute certificate
* mapper so that it will look for the subject DN below the specified set of
* base DNs.
*
* @param baseDNs The set of base DNs to use when mapping certificates to
* users.
*
* @throws Exception If an unexpected problem occurs.
*/
throws Exception
{
{
{
}
}
builder.toAttribute()));
}
/**
* Tests a successful mapping using the default configuration, and
* verify that user can do a privileged action (read config).
* Verification for issue OPENDJ-459.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testPrivilegeWithSuccessfulMappingDefaultConfig()
throws Exception
{
enableMapper();
try
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"objectClass: ds-certificate-user",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"ds-privilege-name: config-read",
"ds-certificate-fingerprint: " +
"07:5A:AB:4B:E1:DD:E3:05:83:C0:FE:5F:A3:E8:1E:EB");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-P", trustStorePath,
"-r",
"-b", "cn=config",
"-s", "sub",
"(objectClass=*)"
};
}
finally
{
}
}
}