ExternalSASLMechanismHandlerTestCase.java revision b4851fc75ef4634840dcbadec085d586d36b434d
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying * information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Portions Copyright 2006 Sun Microsystems, Inc.
*/
/**
* A set of test cases for the EXTERNAL SASL mechanism handler.
*/
public class ExternalSASLMechanismHandlerTestCase
extends ExtensionsTestCase
{
/**
* Ensures that the Directory Server is running.
*
* @throws Exception If an unexpected problem occurs.
*/
@BeforeClass()
public void startServer()
throws Exception
{
}
/**
* Retrieves a set of invalid configurations that cannot be used to
* initialize the EXTERNAL SASL mechanism handler.
*
* @throws Exception If an unexpected problem occurs.
*/
public Object[][] getInvalidConfigurations()
throws Exception
{
"dn: cn=EXTERNAL,cn=SASL Mechanisms,cn=config",
"objectClass: top",
"objectClass: ds-cfg-sasl-mechanism-handler",
"objectClass: ds-cfg-external-sasl-mechanism-handler",
"cn: EXTERNAL",
"ds-cfg-sasl-mechanism-handler-class: org.opends.server.extensions." +
"ExternalSASLMechanismHandler",
"ds-cfg-sasl-mechanism-handler-enabled: true",
"ds-cfg-client-certificate-validation-policy: invalid",
"ds-cfg-certificate-attribute: userCertificate",
"",
"dn: cn=EXTERNAL,cn=SASL Mechanisms,cn=config",
"objectClass: top",
"objectClass: ds-cfg-sasl-mechanism-handler",
"objectClass: ds-cfg-external-sasl-mechanism-handler",
"cn: EXTERNAL",
"ds-cfg-sasl-mechanism-handler-class: org.opends.server.extensions." +
"ExternalSASLMechanismHandler",
"ds-cfg-sasl-mechanism-handler-enabled: true",
"ds-cfg-client-certificate-validation-policy: ifpresent",
"ds-cfg-certificate-attribute: invalid");
{
}
return configEntries;
}
/**
* Tests initialization with an invalid configuration.
*
* @param e The configuration entry to use to initialize the identity
* mapper.
*
* @throws Exception If an unexpected problem occurs.
*/
expectedExceptions = { ConfigException.class,
InitializationException.class })
public void testInvalidConfigs(Entry e)
throws Exception
{
}
/**
* Tests the <CODE>isPasswordBased</CODE> method.
*/
@Test()
public void testIsPasswordBased()
{
}
/**
* Tests the <CODE>isSecure</CODE> method.
*/
@Test()
public void testIsSecure()
{
}
/**
* Establishes an SSL-based connection to the server, provides a client
* certificate, and uses it to authenticate to the server. The server
* certificate will be trusted using a client trust store.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testEXTERNALTrustStore()
throws Exception
{
"dn: cn=Test User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Test User",
"givenName: Test",
"sn: User");
e.getOperationalAttributes());
{
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-P", trustStorePath,
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
/**
* Establishes an SSL-based connection to the server, provides a client
* certificate, and uses it to authenticate to the server. The server
* certificate will be blindly trusted.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testEXTERNALTrustAll()
throws Exception
{
"dn: cn=Test User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Test User",
"givenName: Test",
"sn: User");
e.getOperationalAttributes());
{
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-X",
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
/**
* Establishes a non-SSL-based connection to the server and verifies that
* EXTERNAL authentication fails over that connection.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testFailEXTERNALInsecureConnection()
throws Exception
{
s.close();
}
/**
* Establishes an SSL-based connection to the server, provides a client
* certificate, and uses it to authenticate to the server. The server
* certificate will be blindly trusted. The server will not be able to map
* the client certificate to a user entry.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testFailEXTERNALTrustAllNoSuchUser()
throws Exception
{
{
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-X",
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
/**
* Establishes an SSL-based connection to the server, provides a client
* certificate, and uses it to authenticate to the server. The server
* certificate will be blindly trusted. The server user entry will not have
* the required certificate attribute.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testFailEXTERNALTrustAllNoRequiredCert()
throws Exception
{
"dn: cn=Test User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Test User",
"givenName: Test",
"sn: User");
e.getOperationalAttributes());
{
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-X",
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
/**
* Establishes an SSL-based connection to the server, provides a client
* certificate, and uses it to authenticate to the server. The server
* certificate will be blindly trusted. The server user entry will have the
* optional certificate attribute and it will be valid.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testEXTERNALTrustAllValidOptionalCert()
throws Exception
{
inputStream.close();
"dn: cn=Test User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Test User",
"givenName: Test",
"sn: User",
e.getOperationalAttributes());
{
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-X",
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
/**
* Establishes an SSL-based connection to the server, provides a client
* certificate, and uses it to authenticate to the server. The server
* certificate will be blindly trusted. The server user entry will have the
* optional certificate attribute but it will not have a valid value.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testFailEXTERNALTrustAllInvalidOptionalCert()
throws Exception
{
"dn: cn=Test User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Test User",
"givenName: Test",
"sn: User",
"userCertificate;binary: invalid");
e.getOperationalAttributes());
{
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-X",
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
/**
* Establishes an SSL-based connection to the server, provides a client
* certificate, and uses it to authenticate to the server. The server
* certificate will be blindly trusted. The server user entry will have the
* required certificate attribute and it will be valid.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testEXTERNALTrustAllValidRequiredCert()
throws Exception
{
inputStream.close();
"dn: cn=Test User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Test User",
"givenName: Test",
"sn: User",
e.getOperationalAttributes());
{
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-X",
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
/**
* Establishes an SSL-based connection to the server, provides a client
* certificate, and uses it to authenticate to the server. The server
* certificate will be blindly trusted. The server user entry will have the
* required certificate attribute but it will not have a valid value.
*
* @throws Exception If an unexpected problem occurs.
*/
@Test()
public void testFailEXTERNALTrustAllInvalidRequiredCert()
throws Exception
{
"dn: cn=Test User,o=test",
"objectClass: top",
"objectClass: person",
"objectClass: organizationalPerson",
"objectClass: inetOrgPerson",
"cn: Test User",
"givenName: Test",
"sn: User",
"userCertificate;binary: invalid");
e.getOperationalAttributes());
{
"-h", "127.0.0.1",
"-Z",
"-K", keyStorePath,
"-W", "password",
"-X",
"-r",
"-b", "",
"-s", "base",
"(objectClass=*)"
};
}
}