/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2008 Sun Microsystems, Inc.
* Portions Copyright 2013-2015 ForgeRock AS
*/
/**
* A simple test for : - JMX connection establishment without using SSL -
* JMX get and set - configuration change
*/
@SuppressWarnings("javadoc")
/**
* Set up the environment for performing the tests in this suite.
*
* @throws Exception
* If the environment could not be set up.
*/
{
super.setUp();
"dn: cn=Privileged User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Privileged User",
"givenName: Privileged",
"sn: User",
"uid: privileged.user",
"userPassword: password",
"ds-privilege-name: config-read",
"ds-privilege-name: config-write",
"ds-privilege-name: password-reset",
"ds-privilege-name: update-schema",
"ds-privilege-name: ldif-import",
"ds-privilege-name: ldif-export",
"ds-privilege-name: backend-backup",
"ds-privilege-name: backend-restore",
"ds-privilege-name: proxied-auth",
"ds-privilege-name: bypass-acl",
"ds-privilege-name: unindexed-search",
"ds-privilege-name: jmx-read",
"ds-privilege-name: jmx-write",
"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
"cn=Password Policies,cn=config",
"",
"dn: cn=Unprivileged JMX User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Privileged User",
"givenName: Privileged",
"sn: User",
"uid: privileged.user",
"userPassword: password",
"ds-privilege-name: config-read",
"ds-privilege-name: config-write",
"ds-privilege-name: password-reset",
"ds-privilege-name: update-schema",
"ds-privilege-name: ldif-import",
"ds-privilege-name: ldif-export",
"ds-privilege-name: backend-backup",
"ds-privilege-name: backend-restore",
"ds-privilege-name: proxied-auth",
"ds-privilege-name: bypass-acl",
"ds-privilege-name: unindexed-search",
"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
"cn=Password Policies,cn=config");
}
/**
* Clean up the environment after performing the tests in this suite.
*
* @throws Exception
* If the environment could not be set up.
*/
{
.valueOf("cn=Privileged User,o=test"));
.valueOf("cn=Unprivileged JMX User,o=test"));
}
/**
* Build data for the simpleConnect test.
*
* @return the data.
*/
return new Object[][] {
{ "cn=directory manager", "password", false }, // no JMX_READ privilege
{ "cn=Privileged User,o=test", "password", true },
{ "cn=Privileged User,o=test", "wrongPassword", false },
{ "cn=wrong user", "password", false },
{ "invalid DN", "password", false },
{ "cn=Privileged User,o=test", null, false },
}
/**
* Check that simple (no SSL) connections to the JMX service are
* accepted when the given credentials are OK and refused when the
* credentials are invalid.
*/
boolean expectedResult) throws Exception {
}
}
/**
* Build some data for the simpleGet test.
*/
return new Object[][] {
{
"cn=JMX Connection Handler,cn=Connection Handlers,cn=config",
{
"cn=JMX Connection Handler,cn=Connection Handlers,cn=config",
"objectclass", null },
{
"cn=JMX Connection Handler,cn=Connection Handlers,cn=config",
"ds-cfg-ssl-cert-nickname", "server-cert" },
// not working at the moment see issue 655
// {"cn=JE
// Database,ds-cfg-backend-id=userRoot,cn=Backends,cn=config",
// "ds-cfg-db-cache-percent", 10},
};
}
/**
* Test simple JMX get.
*/
throws Exception {
} else {
}
}
/**
* Test setting some config attribute through jmx.
*/
// NOTE: This test is disabled because JMX interaction is not allowed with
// the admin framework, and the cn=config entry is now governed by it.
}
/**
* Test that disabling JMX connection handler does its job by -
* opening a JMX connection - changing the JMX connection handler
* state to disable - trying to open a new JMX connection and check
* that it fails.
*
* @throws Exception
*/
// Create a new JMX connector for this test.
// This will allow to use the old one if this test fails.
serverJmxSocket.setReuseAddress(true);
"dn: cn= New JMX Connection Handler,cn=Connection Handlers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-connection-handler",
"objectClass: ds-cfg-jmx-connection-handler",
"ds-cfg-ssl-cert-nickname: server-cert",
"ds-cfg-java-class: org.opends.server.protocols.jmx.JmxConnectionHandler",
"ds-cfg-enabled: true",
"ds-cfg-use-ssl: false", "ds-cfg-listen-port: "
+ serverJmxPort, "cn: JMX Connection Handler");
// Get the "old" connector
// Disable the "new" connector
"password", serverJmxPort);
// cleanup client connection
}
/**
* Test changing JMX port through LDAP.
*/
// Connect to the JMX service and get the current port
// use JMX to get the current value of the JMX port number
// change the configuration of the connection handler to use a free port
"dn: cn=JMX Connection Handler,cn=Connection Handlers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-connection-handler",
"objectClass: ds-cfg-jmx-connection-handler",
"ds-cfg-ssl-cert-nickname: server-cert",
"ds-cfg-java-class: org.opends.server.protocols.jmx.JmxConnectionHandler",
"ds-cfg-enabled: true",
"ds-cfg-use-ssl: false", "ds-cfg-listen-port: "
+ serverJmxPort, "cn: JMX Connection Handler");
// connect the the JMX service using the new port
// re-establish the initial configuration of the JMX service
"dn: cn=JMX Connection Handler,cn=Connection Handlers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-connection-handler",
"objectClass: ds-cfg-jmx-connection-handler",
"ds-cfg-ssl-cert-nickname: server-cert",
"ds-cfg-java-class: org.opends.server.protocols.jmx.JmxConnectionHandler",
"ds-cfg-enabled: true",
"ds-cfg-use-ssl: false", "ds-cfg-listen-port: "
+ initJmxPort, "cn: JMX Connection Handler");
// Check that the old port is ok
}
/**
* Check that simple (no SSL) connections to the JMX service are
* accepted when the given credentials are OK and refused when the
* credentials are invalid.
*/
// Enable SSL by setting ds-cfg-use-ssl boolean and the
// certificate alias using ds-cfg-ssl-cert-nickname attribute.
"dn: cn=JMX Connection Handler,cn=Connection Handlers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-connection-handler",
"objectClass: ds-cfg-jmx-connection-handler",
"ds-cfg-ssl-cert-nickname: server-cert",
"ds-cfg-java-class: org.opends.server.protocols.jmx.JmxConnectionHandler",
"ds-cfg-enabled: true",
"ds-cfg-use-ssl: true",
"ds-cfg-listen-port: " + initJmxPort,
"ds-cfg-key-manager-provider: cn=JKS,cn=Key Manager Providers,cn=config",
"cn: JMX Connection Handler");
"password", initJmxPort);
// Before returning the result,
// disable SSL by setting ds-cfg-use-ssl boolean
"dn: cn=JMX Connection Handler,cn=Connection Handlers,cn=config",
"objectClass: top",
"objectClass: ds-cfg-connection-handler",
"objectClass: ds-cfg-jmx-connection-handler",
"ds-cfg-ssl-cert-nickname: server-cert",
"ds-cfg-java-class: org.opends.server.protocols.jmx.JmxConnectionHandler",
"ds-cfg-enabled: true",
"ds-cfg-use-ssl: false", "ds-cfg-listen-port: "
+ initJmxPort, "cn: JMX Connection Handler");
try {
} catch (RuntimeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
// Get the Jmx connection handler from the core server
.getInstance(), entry);
reasons)) {
}
}
/**
* Connect to the JMX service.
*/
throws MalformedURLException, IOException {
// Provide the credentials required by the server to successfully
// perform user authentication
credentials = null;
}
else
{
}
// Create an RMI connector client and
// connect it to the RMI connector server
try {
return opendsConnector;
} catch (SecurityException e) {
return null;
} catch (IOException e) {
return null;
}
}
/**
* Connect to the JMX service using SSL.
*/
// Provide the credentials required by the server to successfully
// perform user authentication
credentials = null;
}
else
{
}
// Provide the Trust manager.
// Create an RMI connector client and
// connect it to the RMI connector server
try {
return opendsConnector;
} catch (Exception e) {
return null;
}
}
}
/**
* Set the enabled config attribute for a JMX connector thorugh JMX
* operation.
*
* @param jmxc
* connector to use for the interaction
* @param testedConnector
* The DN of the connector the test
* @param enabled
* the value of the enabled config attribute
*/
// Get status of the JMX connection handler
"ds-cfg-enabled");
{
}
"ds-cfg-enabled", enabled);
"ds-cfg-enabled");
}
/**
* Get an attribute value through JMX.
*/
try
{
{
}
return null;
}
catch (AttributeNotFoundException anfe)
{
return null;
}
}
/**
* Set an attribute value through JMX.
*/
}
}