SASLOverTLSTestCase.java revision b8c6b80da1cb6118167a934daa480eb381c59e0e
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2009 Sun Microsystems, Inc.
* Portions copyright 2011-2015 ForgeRock AS.
*/
/**
* This class tests SASL confidentiality/integrity over TLS (SSL). It
* generates binary data larger than the TLS buffer size to make sure
* that the data is processed correctly.
*
*/
public class SASLOverTLSTestCase extends ExtensionsTestCase {
/**
* Client SSL socket factory which blindly trusts server certificates.
*/
public static final class TestSSLSocketFactory extends SSLSocketFactory
{
public static synchronized SocketFactory getDefault()
{
return INSTANCE;
}
private final SSLSocketFactory factory;
private TestSSLSocketFactory()
{
try
{
}
catch (Exception e)
{
throw new RuntimeException(e);
}
}
{
return factory.createSocket();
}
{
}
public String[] getDefaultCipherSuites()
{
return factory.getDefaultCipherSuites();
}
public String[] getSupportedCipherSuites()
{
return factory.getSupportedCipherSuites();
}
boolean autoClose) throws IOException
{
}
{
}
{
}
{
}
}
private static int KB = 1024;
//Password policy
private static final String pwdPolicyDN =
//DNS
//Auth methods
//Test QOS
//Go from 8KB to 64KB.
return new Object[][] {
{8},
{16},
{24},
{32},
{64}
};
}
"create-password-policy",
"--type", "password-policy",
"--policy-name", pwdPolicy,
"--set", "password-attribute:userPassword",
"--set", "default-password-storage-scheme: Clear"
);
"set-sasl-mechanism-handler-prop",
"--handler-name", "DIGEST-MD5",
"--set", "quality-of-protection:" + "confidentiality",
"--set", "server-fqdn:localhost");
addTestEntry();
}
@AfterClass(alwaysRun = true)
"delete-password-policy",
"--policy-name", pwdPolicy
);
"set-sasl-mechanism-handler-prop",
"--handler-name", "DIGEST-MD5",
"--reset", "server-fqdn",
"--reset", "quality-of-protection");
}
/**
* Test DIGEST-MD5 integrity over TLS.
*
* @throws NamingException If there was an JNDi naming error.
* @throws IOException If there was an IO error occurs.
*/
"set-sasl-mechanism-handler-prop",
"--handler-name", "DIGEST-MD5",
"--set", "quality-of-protection:" + "integrity");
}
/**
* Test DIGEST-MD5 confidentiality over TLS.
*
* @throws NamingException If there was an JNDi naming error.
* @throws IOException If there was an IO error occurs.
*/
"set-sasl-mechanism-handler-prop",
"--handler-name", "DIGEST-MD5",
"--set", "quality-of-protection:" + "confidentiality");
}
/**
* Generate the test attributes, replace it in the entry, then read it
* back to make sure it is the same as the original.
*
* @param size The number of KBs to generate in the random bytes.
* @param qop The quality of protection.
*
* @throws NamingException If a JNDI naming error occurs.
* @throws IOException If there was an IO error.
*/
private void
try {
} finally {
{
}
}
}
/**
* This test was originally testing DIGEST-MD5 confidentiality over StartTLS,
* but JNDI had problems doing DIGEST-MD5 over StartTLS so the auth method was
* changed to simple.
*
* @throws NamingException If there was an JNDi naming error.
* @throws IOException If there was an IO error.
*/
try {
} finally {
{
}
}
}
/**
* Add the entry we will use. It has it's own password
* policy that uses clear a storage scheme.
*
* @throws NamingException If the entry cannot be added.
*/
private void addTestEntry() throws NamingException {
try {
} finally {
{
}
}
}
/**
* Get a byte buffer with a random set of bytes.
*
* @param kbs The number of KB (kilo-bytes) to generate.
* @return Byte array of random bytes.
*/
private static byte[] getRandomBytes(int kbs) {
randomBytes[i] = (byte) r.nextInt();
}
return randomBytes;
}
/**
* Delete the test entry.
*
* @throws NamingException If the entry cannot be deleted.
*/
private void deleteTestEntry() throws NamingException {
try {
} finally {
{
}
}
}
/**
* Verifier class so JNDI startTLS will work with "localhost" host name.
* Returns trues, accepting any host name.
*/
class SampleVerifier implements HostnameVerifier {
return true;
}
}
}