PlainSASLMechanismHandlerTestCase.java revision ea1068c292e9b341af6d6b563cd8988a96be20a9
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2008 Sun Microsystems, Inc.
* Portions Copyright 2013-2015 ForgeRock AS
*/
/**
* A set of test cases for the PLAIN SASL mechanism handler.
*/
public class PlainSASLMechanismHandlerTestCase
extends ExtensionsTestCase
{
/**
* Ensures that the Directory Server is running.
*
* @throws Exception If an unexpected problem occurs.
*/
public void startServer()
throws Exception
{
}
/**
* Tests to ensure that the SASL PLAIN mechanism is loaded and available in
* the server, and that it reports that it is password based and not secure.
*/
@Test
public void testSASLPlainLoaded()
{
}
/**
* Tests to ensure that PLAIN is advertised as a supported SASL mechanism.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testSASLPlainAdvertised() throws Exception
{
}
/**
* Retrieves a set of passwords that may be used to test the password storage
* scheme.
*
* @return A set of passwords that may be used to test the password storage
* scheme.
*/
public Object[][] getTestPasswords()
{
return new Object[][]
{
"The Lazy Dog") },
};
}
/**
* Creates a test user and authenticates to the server as that user with the
* SASL PLAIN mechanism using a raw authentication ID (i.e., not prefixed by
* either "u:" or "dn:").
*
* @param password The password for the user.
*
* @throws Exception If an unexpected problem occurs.
*/
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: " + password);
new InternalClientConnection(new AuthenticationInfo());
}
/**
* Creates a test user and authenticates to the server as that user with the
* SASL PLAIN mechanism using the "u:" style authentication ID.
*
* @param password The password for the user.
*
* @throws Exception If an unexpected problem occurs.
*/
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: " + password);
new InternalClientConnection(new AuthenticationInfo());
}
/**
* Creates a test user and authenticates to the server as that user with the
* SASL PLAIN mechanism using the "u:" style authentication ID and
* authorization ID.
*
* @param password The password for the user.
*
* @throws Exception If an unexpected problem occurs.
*/
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: " + password);
new InternalClientConnection(new AuthenticationInfo());
}
/**
* Creates a test user and authenticates to the server as that user with the
* SASL PLAIN mechanism using the "dn:" style authentication ID.
*
* @param password The password for the user.
*
* @throws Exception If an unexpected problem occurs.
*/
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: " + password);
new InternalClientConnection(new AuthenticationInfo());
}
/**
* Creates a test user and authenticates to the server as that user with the
* SASL PLAIN mechanism using the "dn:" style authentication ID and an
* authorization ID.
*
* @param password The password for the user.
*
* @throws Exception If an unexpected problem occurs.
*/
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: " + password);
new InternalClientConnection(new AuthenticationInfo());
}
/**
* Ensures that SASL PLAIN authentication will work for root users.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testSASLPlainAsRoot()
throws Exception
{
new InternalClientConnection(new AuthenticationInfo());
}
/**
* Ensures that SASL PLAIN authentication works over LDAP as well as via the
* internal protocol. The authentication will be performed as the root user.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testSASLPlainOverLDAP()
throws Exception
{
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-o", "mech=PLAIN",
"-o", "authid=dn:cn=Directory Manager",
"-w", "password",
"-b", "",
"-s", "base",
"(objectClass=*)",
};
}
/**
* Retrieves sets of invalid credentials that will not succeed when using
* SASL PLAIN.
*
* @return Sets of invalid credentials that will not work when using SASL
* PLAIN.
*/
public Object[][] getInvalidCredentials()
{
return new Object[][]
{
"\u0000password") },
"wrongpassword") },
};
}
/**
* Creates a test user and authenticates to the server as that user with the
* SASL PLAIN mechanism using the "dn:" style authentication ID.
*
* @param saslCredentials The (invalid) SASL credentials to use.
*
* @throws Exception If an unexpected problem occurs.
*/
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password");
new InternalClientConnection(new AuthenticationInfo());
}
/**
* Performs a failed LDAP bind using PLAIN with an authorization ID that
* contains the DN of an entry that doesn't exist.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testLDAPBindFailNonexistentAuthzDN()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password",
"ds-privilege-name: proxied-auth");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-o", "mech=PLAIN",
"-o", "authid=dn:uid=test.user,o=test",
"-o", "authzid=dn:uid=nonexistent,o=test",
"-w", "password",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
/**
* Performs a failed LDAP bind using PLAIN with an authorization ID that
* contains a username for an entry that doesn't exist.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testLDAPBindFailNonexistentAuthzUsername()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password",
"ds-privilege-name: proxied-auth");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-o", "mech=PLAIN",
"-o", "authid=dn:uid=test.user,o=test",
"-o", "authzid=u:nonexistent",
"-w", "password",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
/**
* Performs a failed LDAP bind using PLAIN with an authorization ID that
* contains a malformed DN.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test
public void testLDAPBindFailMalformedAuthzDN()
throws Exception
{
"dn: uid=test.user,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"uid: test.user",
"givenName: Test",
"sn: User",
"cn: Test User",
"userPassword: password",
"ds-privilege-name: proxied-auth");
{
"--noPropertiesFile",
"-h", "127.0.0.1",
"-o", "mech=PLAIN",
"-o", "authid=dn:uid=test.user,o=test",
"-o", "authzid=dn:malformed",
"-w", "password",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
}