1017N/A/*
1017N/A * CDDL HEADER START
1017N/A *
1017N/A * The contents of this file are subject to the terms of the
1017N/A * Common Development and Distribution License, Version 1.0 only
1017N/A * (the "License"). You may not use this file except in compliance
1017N/A * with the License.
1017N/A *
6982N/A * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
6982N/A * or http://forgerock.org/license/CDDLv1.0.html.
1017N/A * See the License for the specific language governing permissions
1017N/A * and limitations under the License.
1017N/A *
1017N/A * When distributing Covered Code, include this CDDL HEADER in each
6982N/A * file and include the License file at legal-notices/CDDLv1_0.txt.
6982N/A * If applicable, add the following below this CDDL HEADER, with the
6982N/A * fields enclosed by brackets "[]" replaced with your own identifying
6982N/A * information:
1017N/A * Portions Copyright [yyyy] [name of copyright owner]
1017N/A *
1017N/A * CDDL HEADER END
1017N/A *
1017N/A *
3232N/A * Copyright 2006-2008 Sun Microsystems, Inc.
1017N/A */
1017N/Apackage org.opends.server.extensions;
1017N/A
1017N/A
1017N/A
1017N/Aimport java.util.ArrayList;
1017N/Aimport java.util.HashSet;
1017N/Aimport java.util.List;
1017N/Aimport org.testng.annotations.BeforeClass;
1017N/Aimport org.testng.annotations.DataProvider;
1017N/Aimport org.testng.annotations.Test;
1017N/Aimport org.opends.server.TestCaseUtils;
2086N/Aimport org.opends.messages.MessageBuilder;
1017N/Aimport org.opends.server.config.ConfigException;
1689N/Aimport org.opends.server.core.ModifyOperationBasis;
1017N/Aimport org.opends.server.protocols.internal.InternalClientConnection;
3853N/Aimport org.opends.server.types.Attributes;
1017N/Aimport org.opends.server.types.ByteString;
1017N/Aimport org.opends.server.types.Control;
1017N/Aimport org.opends.server.types.DN;
1017N/Aimport org.opends.server.types.Entry;
1017N/Aimport org.opends.server.types.InitializationException;
1017N/Aimport org.opends.server.types.Modification;
1017N/Aimport org.opends.server.types.ModificationType;
1017N/Aimport static org.testng.Assert.*;
1017N/Aimport org.opends.server.admin.std.meta.SimilarityBasedPasswordValidatorCfgDefn;
1017N/Aimport org.opends.server.admin.std.server.SimilarityBasedPasswordValidatorCfg;
1017N/Aimport org.opends.server.admin.server.AdminTestCaseUtils;
1017N/A
1017N/A
1017N/A
1017N/A/**
1017N/A * A set of test cases for the Similarity-Based Password Validator.
1017N/A */
1017N/Apublic class SimilarityBasedPasswordValidatorTestCase
1017N/A extends ExtensionsTestCase
1017N/A{
1017N/A /**
1017N/A * Ensures that the Directory Server is running.
1017N/A *
1017N/A * @throws Exception If an unexpected problem occurs.
1017N/A */
1017N/A @BeforeClass()
1017N/A public void startServer()
1017N/A throws Exception
1017N/A {
1017N/A TestCaseUtils.startServer();
1017N/A }
1017N/A
1017N/A
1017N/A
1017N/A /**
1017N/A * Retrieves a set of valid configuration entries that may be used to
1017N/A * initialize the validator.
1017N/A *
1017N/A * @throws Exception If an unexpected problem occurs.
1017N/A */
1017N/A @DataProvider(name = "validConfigs")
1017N/A public Object[][] getValidConfigs()
1017N/A throws Exception
1017N/A {
1017N/A List<Entry> entries = TestCaseUtils.makeEntries(
1017N/A "dn: cn=Similarity-Based Password Validator,cn=Password Validators," +
1017N/A "cn=config",
1017N/A "objectClass: top",
1017N/A "objectClass: ds-cfg-password-validator",
1017N/A "objectClass: ds-cfg-similarity-based-password-validator",
1017N/A "cn: Similarity-Based Password Validator",
2624N/A "ds-cfg-java-class: org.opends.server.extensions." +
1017N/A "SimilarityBasedPasswordValidator",
2624N/A "ds-cfg-enabled: true",
2624N/A "ds-cfg-min-password-difference: 6",
1017N/A "",
1017N/A "dn: cn=Similarity-Based Password Validator,cn=Password Validators," +
1017N/A "cn=config",
1017N/A "objectClass: top",
1017N/A "objectClass: ds-cfg-password-validator",
1017N/A "objectClass: ds-cfg-similarity-based-password-validator",
1017N/A "cn: Similarity-Based Password Validator",
2624N/A "ds-cfg-java-class: org.opends.server.extensions." +
1017N/A "SimilarityBasedPasswordValidator",
2624N/A "ds-cfg-enabled: true",
2624N/A "ds-cfg-min-password-difference: 3",
1017N/A "",
1017N/A "dn: cn=Similarity-Based Password Validator,cn=Password Validators," +
1017N/A "cn=config",
1017N/A "objectClass: top",
1017N/A "objectClass: ds-cfg-password-validator",
1017N/A "objectClass: ds-cfg-similarity-based-password-validator",
1017N/A "cn: Similarity-Based Password Validator",
2624N/A "ds-cfg-java-class: org.opends.server.extensions." +
1017N/A "SimilarityBasedPasswordValidator",
2624N/A "ds-cfg-enabled: true",
2624N/A "ds-cfg-min-password-difference: 0"
1017N/A );
1017N/A
1017N/A Object[][] array = new Object[entries.size()][1];
1017N/A for (int i=0; i < array.length; i++)
1017N/A {
1017N/A array[i] = new Object[] { entries.get(i) };
1017N/A }
1017N/A
1017N/A return array;
1017N/A }
1017N/A
1017N/A
1017N/A
1017N/A /**
1017N/A * Tests the process of initializing the server with valid configurations.
1017N/A *
1017N/A * @param entry The configuration entry to use for the initialization.
1017N/A *
1017N/A * @throws Exception If an unexpected problem occurs.
1017N/A */
1017N/A @Test(dataProvider = "validConfigs")
1017N/A public void testInitializeWithValidConfigs(Entry e)
1017N/A throws Exception
1017N/A {
1017N/A SimilarityBasedPasswordValidatorCfg configuration =
1017N/A AdminTestCaseUtils.getConfiguration(
1017N/A SimilarityBasedPasswordValidatorCfgDefn.getInstance(),
1017N/A e);
1017N/A
1017N/A SimilarityBasedPasswordValidator validator = new SimilarityBasedPasswordValidator();
1017N/A validator.initializePasswordValidator(configuration);
1017N/A }
1017N/A
1017N/A
1017N/A
1017N/A /**
1017N/A * Retrieves a set of invvalid configuration entries.
1017N/A *
1017N/A * @throws Exception If an unexpected problem occurs.
1017N/A */
1017N/A @DataProvider(name = "invalidConfigs")
1017N/A public Object[][] getInvalidConfigs()
1017N/A throws Exception
1017N/A {
1017N/A List<Entry> entries = TestCaseUtils.makeEntries(
1017N/A "dn: cn=Similarity-Based Password Validator,cn=Password Validators," +
1017N/A "cn=config",
1017N/A "objectClass: top",
1017N/A "objectClass: ds-cfg-password-validator",
1017N/A "objectClass: ds-cfg-similarity-based-password-validator",
1017N/A "cn: Similarity-Based Password Validator",
2624N/A "ds-cfg-java-class: org.opends.server.extensions." +
1017N/A "SimilarityBasedPasswordValidator",
2624N/A "ds-cfg-enabled: true",
2624N/A "ds-cfg-min-password-difference: -1",
1017N/A "",
1017N/A
1017N/A "dn: cn=Similarity-Based Password Validator,cn=Password Validators," +
1017N/A "cn=config",
1017N/A "objectClass: top",
1017N/A "objectClass: ds-cfg-password-validator",
1017N/A "objectClass: ds-cfg-similarity-based-password-validator",
1017N/A "cn: Similarity-Based Password Validator",
2624N/A "ds-cfg-java-class: org.opends.server.extensions." +
1017N/A "SimilarityBasedPasswordValidator",
2624N/A "ds-cfg-enabled: true",
2624N/A // "ds-cfg-min-password-difference: -1", // error here
1017N/A "",
1017N/A
1017N/A "dn: cn=Similarity-Based Password Validator,cn=Password Validators," +
1017N/A "cn=config",
1017N/A "objectClass: top",
1017N/A "objectClass: ds-cfg-password-validator",
1017N/A "objectClass: ds-cfg-similarity-based-password-validator",
1017N/A "cn: Similarity-Based Password Validator",
2624N/A "ds-cfg-java-class: org.opends.server.extensions." +
1017N/A "SimilarityBasedPasswordValidator",
2624N/A "ds-cfg-enabled: true",
2624N/A "ds-cfg-min-password-difference: notNumeric");
1017N/A
1017N/A Object[][] array = new Object[entries.size()][1];
1017N/A for (int i=0; i < array.length; i++)
1017N/A {
1017N/A array[i] = new Object[] { entries.get(i) };
1017N/A }
1017N/A
1017N/A return array;
1017N/A }
1017N/A
1017N/A
1017N/A
1017N/A /**
1017N/A * Tests the process of initializing the server with invalid configurations.
1017N/A *
1017N/A * @param entry The configuration entry to use for the initialization.
1017N/A *
1017N/A * @throws Exception If an unexpected problem occurs.
1017N/A */
1017N/A @Test(dataProvider = "invalidConfigs",
1017N/A expectedExceptions = { ConfigException.class,
1017N/A InitializationException.class })
1017N/A public void testInitializeWithInvalidConfigs(Entry e)
1017N/A throws Exception
1017N/A {
1017N/A SimilarityBasedPasswordValidatorCfg configuration =
1017N/A AdminTestCaseUtils.getConfiguration(
1017N/A SimilarityBasedPasswordValidatorCfgDefn.getInstance(),
1017N/A e);
1017N/A
1017N/A SimilarityBasedPasswordValidator validator = new SimilarityBasedPasswordValidator();
1017N/A validator.initializePasswordValidator(configuration);
1017N/A }
1017N/A
1017N/A
1017N/A
1017N/A /**
1017N/A * Tests the <CODE>passwordIsAcceptable</CODE> method with no constraints on
1017N/A * password difference.
1017N/A *
1017N/A * @throws Exception If an unexpected problem occurs.
1017N/A */
1017N/A @Test()
1017N/A public void testPasswordIsAcceptableNoConstraints()
1017N/A throws Exception
1017N/A {
1017N/A TestCaseUtils.initializeTestBackend(true);
1017N/A Entry userEntry = TestCaseUtils.makeEntry(
1017N/A "dn: uid=test.user,o=test",
1017N/A "objectClass: top",
1017N/A "objectClass: person",
1017N/A "objectClass: organizationalPerson",
1017N/A "objectClass: inetOrgPerson",
1017N/A "uid: test.user",
1017N/A "givenName: Test",
1017N/A "sn: User",
1017N/A "cn: Test User",
1017N/A "userPassword: password");
1017N/A
1017N/A Entry validatorEntry = TestCaseUtils.makeEntry(
1017N/A "dn: cn=Similarity-Based Password Validator,cn=Password Validators," +
1017N/A "cn=config",
1017N/A "objectClass: top",
1017N/A "objectClass: ds-cfg-password-validator",
1017N/A "objectClass: ds-cfg-similarity-based-password-validator",
1017N/A "cn: Similarity-Based Password Validator",
2624N/A "ds-cfg-java-class: org.opends.server.extensions." +
1017N/A "SimilarityBasedPasswordValidator",
2624N/A "ds-cfg-enabled: true",
2624N/A "ds-cfg-min-password-difference: 0"
1017N/A );
1017N/A
1017N/A SimilarityBasedPasswordValidatorCfg configuration =
1017N/A AdminTestCaseUtils.getConfiguration(
1017N/A SimilarityBasedPasswordValidatorCfgDefn.getInstance(),
1017N/A validatorEntry);
1017N/A
1017N/A SimilarityBasedPasswordValidator validator =
1017N/A new SimilarityBasedPasswordValidator();
1017N/A validator.initializePasswordValidator(configuration);
1017N/A
1017N/A StringBuilder buffer = new StringBuilder();
1017N/A for (int i=0; i < 20; i++)
1017N/A {
1017N/A buffer.append('x');
4134N/A ByteString password = ByteString.valueOf(buffer.toString());
1017N/A
1017N/A ArrayList<Modification> mods = new ArrayList<Modification>();
1017N/A mods.add(new Modification(ModificationType.REPLACE,
3853N/A Attributes.create("userpassword",
1017N/A buffer.toString())));
1017N/A
1017N/A InternalClientConnection conn =
1017N/A InternalClientConnection.getRootConnection();
1689N/A ModifyOperationBasis op =
5902N/A new ModifyOperationBasis(conn, InternalClientConnection.nextOperationID(),
5902N/A InternalClientConnection.nextMessageID(), new ArrayList<Control>(),
1017N/A DN.decode("cn=uid=test.user,o=test"), mods);
1017N/A
2086N/A MessageBuilder invalidReason = new MessageBuilder();
1017N/A assertTrue(validator.passwordIsAcceptable(password,
1017N/A new HashSet<ByteString>(0),
1017N/A op, userEntry, invalidReason));
1017N/A }
1017N/A
1017N/A validator.finalizePasswordValidator();
1017N/A }
1017N/A
1017N/A
1017N/A
1017N/A /**
1017N/A * Tests the <CODE>passwordIsAcceptable</CODE> method with a constraint on the
1017N/A * minimum password difference.
1017N/A *
1017N/A * @throws Exception If an unexpected problem occurs.
1017N/A */
1017N/A @Test()
1017N/A public void testPasswordIsAcceptableMinDifferenceConstraint()
1017N/A throws Exception
1017N/A {
1017N/A TestCaseUtils.initializeTestBackend(true);
1017N/A Entry userEntry = TestCaseUtils.makeEntry(
1017N/A "dn: uid=test.user,o=test",
1017N/A "objectClass: top",
1017N/A "objectClass: person",
1017N/A "objectClass: organizationalPerson",
1017N/A "objectClass: inetOrgPerson",
1017N/A "uid: test.user",
1017N/A "givenName: Test",
1017N/A "sn: User",
1017N/A "cn: Test User",
1017N/A "userPassword: password");
1017N/A
1017N/A Entry validatorEntry = TestCaseUtils.makeEntry(
1017N/A "dn: cn=Similarity-Based Password Validator,cn=Password Validators," +
1017N/A "cn=config",
1017N/A "objectClass: top",
1017N/A "objectClass: ds-cfg-password-validator",
1017N/A "objectClass: ds-cfg-similarity-based-password-validator",
1017N/A "cn: Similarity-Based Password Validator",
2624N/A "ds-cfg-java-class: org.opends.server.extensions." +
1017N/A "SimilarityBasedPasswordValidator",
2624N/A "ds-cfg-enabled: true",
2624N/A "ds-cfg-min-password-difference: 3"
1017N/A );
1017N/A
1017N/A SimilarityBasedPasswordValidatorCfg configuration =
1017N/A AdminTestCaseUtils.getConfiguration(
1017N/A SimilarityBasedPasswordValidatorCfgDefn.getInstance(),
1017N/A validatorEntry);
1017N/A
1017N/A SimilarityBasedPasswordValidator validator =
1017N/A new SimilarityBasedPasswordValidator();
1017N/A validator.initializePasswordValidator(configuration);
1017N/A
1017N/A StringBuilder buffer = new StringBuilder();
1017N/A HashSet<ByteString> currentPassword = new HashSet<ByteString>(3);
4134N/A currentPassword.add(ByteString.valueOf("xxx"));
1017N/A for (int i=0; i < 7; i++)
1017N/A {
1017N/A buffer.append('x');
4134N/A ByteString password = ByteString.valueOf(buffer.toString());
1017N/A
1017N/A ArrayList<Modification> mods = new ArrayList<Modification>();
1017N/A mods.add(new Modification(ModificationType.REPLACE,
3853N/A Attributes.create("userpassword",
1017N/A buffer.toString())));
1017N/A
1017N/A InternalClientConnection conn =
1017N/A InternalClientConnection.getRootConnection();
1689N/A ModifyOperationBasis op =
5902N/A new ModifyOperationBasis(conn, InternalClientConnection.nextOperationID(),
5902N/A InternalClientConnection.nextMessageID(), new ArrayList<Control>(),
1017N/A DN.decode("cn=uid=test.user,o=test"), mods);
1017N/A
2086N/A MessageBuilder invalidReason = new MessageBuilder();
1017N/A assertEquals((buffer.length() >= 6),
1017N/A validator.passwordIsAcceptable(password,
1017N/A currentPassword,
1017N/A op, userEntry,
1017N/A invalidReason));
1017N/A }
1017N/A
1017N/A validator.finalizePasswordValidator();
1017N/A }
1017N/A}
1017N/A