directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r683827 - in /directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server: operations/search/ ssl/ suites/
Date Fri, 08 Aug 2008 03:34:27 GMT
Author: akarasulu
Date: Thu Aug  7 20:34:27 2008
New Revision: 683827

URL: http://svn.apache.org/viewvc?rev=683827&view=rev
Log:
moved all ssl related tests to server-integ and started using new framework

Added:
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java
      - copied, changed from r683791, directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/BogusSSLContextFactory.java
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java
      - copied, changed from r683791, directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/BogusTrustManagerFactory.java
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsIT.java
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/SSLSocketFactory.java
      - copied, changed from r683791, directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/SSLSocketFactory.java
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsIT.java
Modified:
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/search/IndexedNegationSearchIT.java
    directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java

Modified: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/search/IndexedNegationSearchIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/search/IndexedNegationSearchIT.java?rev=683827&r1=683826&r2=683827&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/search/IndexedNegationSearchIT.java
(original)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/operations/search/IndexedNegationSearchIT.java
Thu Aug  7 20:34:27 2008
@@ -77,7 +77,7 @@
  * @version $Rev$, $Date$
  */
 @RunWith ( SiRunner.class ) 
-@CleanupLevel ( Level.SUITE )
+@CleanupLevel ( Level.CLASS )
 @Factory ( IndexedNegationSearchIT.Factory.class )
 @ApplyLdifs( {
     "dn: ou=test,ou=system\n" +

Copied: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java
(from r683791, directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/BogusSSLContextFactory.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java?p2=directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java&p1=directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/BogusSSLContextFactory.java&r1=683791&r2=683827&rev=683827&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/BogusSSLContextFactory.java
(original)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusSSLContextFactory.java
Thu Aug  7 20:34:27 2008
@@ -17,7 +17,7 @@
  *  under the License. 
  *  
  */
-package org.apache.directory.server.ssl.support;
+package org.apache.directory.server.ssl;
 
 
 import java.io.IOException;

Copied: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java
(from r683791, directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/BogusTrustManagerFactory.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java?p2=directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java&p1=directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/BogusTrustManagerFactory.java&r1=683791&r2=683827&rev=683827&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/BogusTrustManagerFactory.java
(original)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/BogusTrustManagerFactory.java
Thu Aug  7 20:34:27 2008
@@ -17,7 +17,7 @@
  *  under the License. 
  *  
  */
-package org.apache.directory.server.ssl.support;
+package org.apache.directory.server.ssl;
 
 
 import java.security.InvalidAlgorithmParameterException;

Added: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsIT.java?rev=683827&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsIT.java
(added)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/LdapsIT.java
Thu Aug  7 20:34:27 2008
@@ -0,0 +1,163 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.ssl;
+
+
+import org.apache.directory.server.core.DefaultDirectoryService;
+import org.apache.directory.server.core.DirectoryService;
+import org.apache.directory.server.core.integ.IntegrationUtils;
+import org.apache.directory.server.core.integ.Level;
+import org.apache.directory.server.core.integ.annotations.CleanupLevel;
+import org.apache.directory.server.core.integ.annotations.Factory;
+import org.apache.directory.server.integ.LdapServerFactory;
+import org.apache.directory.server.integ.SiRunner;
+import org.apache.directory.server.newldap.LdapServer;
+import org.apache.directory.server.newldap.handlers.bind.MechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.SimpleMechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.cramMD5.CramMd5MechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.digestMD5.DigestMd5MechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.gssapi.GssapiMechanismHandler;
+import org.apache.directory.server.newldap.handlers.bind.ntlm.NtlmMechanismHandler;
+import org.apache.directory.server.newldap.handlers.extended.StoredProcedureExtendedOperationHandler;
+import org.apache.directory.server.protocol.shared.SocketAcceptor;
+import org.apache.directory.server.ssl.SSLSocketFactory;
+import org.apache.directory.shared.ldap.constants.SupportedSaslMechanisms;
+import org.apache.directory.shared.ldap.message.AttributeImpl;
+import org.apache.directory.shared.ldap.message.AttributesImpl;
+import org.apache.mina.util.AvailablePortFinder;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import static org.junit.Assert.assertNotNull;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Map;
+
+
+/**
+ * Test case to verify DIREVE-216.  Starts up the server binds via SUN JNDI provider
+ * to perform add modify operations on entries.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 642496 $
+ */
+@RunWith ( SiRunner.class ) 
+@CleanupLevel ( Level.CLASS )
+@Factory ( LdapsIT.Factory.class )
+public class LdapsIT
+{
+    private static final String RDN = "cn=The Person";
+
+    
+    public static LdapServer ldapServer;
+
+    
+    public static class Factory implements LdapServerFactory
+    {
+        public LdapServer newInstance() throws Exception
+        {
+            DirectoryService service = new DefaultDirectoryService();
+            IntegrationUtils.doDelete( service.getWorkingDirectory() );
+            service.getChangeLog().setEnabled( true );
+            service.setShutdownHookEnabled( false );
+
+            // change the working directory to something that is unique
+            // on the system and somewhere either under target directory
+            // or somewhere in a temp area of the machine.
+
+            LdapServer ldapServer = new LdapServer();
+            ldapServer.setDirectoryService( service );
+            ldapServer.setSocketAcceptor( new SocketAcceptor( null ) );
+            ldapServer.setIpPort( AvailablePortFinder.getNextAvailable( 1024 ) );
+            ldapServer.setEnabled( true );
+            ldapServer.setEnableLdaps( true );
+            ldapServer.setConfidentialityRequired( true );
+            ldapServer.addExtendedOperationHandler( new StoredProcedureExtendedOperationHandler()
);
+
+            // Setup SASL Mechanisms
+            
+            Map<String, MechanismHandler> mechanismHandlerMap = new HashMap<String,MechanismHandler>();
+            mechanismHandlerMap.put( SupportedSaslMechanisms.PLAIN, new SimpleMechanismHandler()
);
+
+            CramMd5MechanismHandler cramMd5MechanismHandler = new CramMd5MechanismHandler();
+            mechanismHandlerMap.put( SupportedSaslMechanisms.CRAM_MD5, cramMd5MechanismHandler
);
+
+            DigestMd5MechanismHandler digestMd5MechanismHandler = new DigestMd5MechanismHandler();
+            mechanismHandlerMap.put( SupportedSaslMechanisms.DIGEST_MD5, digestMd5MechanismHandler
);
+
+            GssapiMechanismHandler gssapiMechanismHandler = new GssapiMechanismHandler();
+            mechanismHandlerMap.put( SupportedSaslMechanisms.GSSAPI, gssapiMechanismHandler
);
+
+            NtlmMechanismHandler ntlmMechanismHandler = new NtlmMechanismHandler();
+            mechanismHandlerMap.put( SupportedSaslMechanisms.NTLM, ntlmMechanismHandler );
+            mechanismHandlerMap.put( SupportedSaslMechanisms.GSS_SPNEGO, ntlmMechanismHandler
);
+
+            ldapServer.setSaslMechanismHandlers( mechanismHandlerMap );
+
+            return ldapServer;
+        }
+    }
+    
+    
+    /**
+     * Create an entry for a person.
+     */
+    public DirContext getSecureConnection() throws Exception
+    {
+        Hashtable<String, String> env = new Hashtable<String, String>();
+        env.put( "java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory" );
+        env.put( "java.naming.provider.url", "ldap://localhost:" + ldapServer.getIpPort()
+ "/ou=system" );
+        env.put( "java.naming.ldap.factory.socket", SSLSocketFactory.class.getName() );
+        env.put( "java.naming.security.principal", "uid=admin,ou=system" );
+        env.put( "java.naming.security.credentials", "secret" );
+        env.put( "java.naming.security.authentication", "simple" );
+        return new InitialDirContext( env );
+    }
+
+
+    /**
+     * Just a little test to check if the connection is made successfully.
+     * 
+     * @throws NamingException cannot create person
+     */
+    @Test
+    public void testLdapS() throws Exception
+    {
+        // Create a person
+        Attributes attributes = new AttributesImpl( true );
+        Attribute attribute = new AttributeImpl( "objectClass" );
+        attribute.add( "top" );
+        attribute.add( "person" );
+        attributes.put( attribute );
+        attributes.put( "cn", "The Person" );
+        attributes.put( "sn", "Person" );
+        attributes.put( "description", "this is a person" );
+        DirContext ctx = getSecureConnection();
+        DirContext person = ctx.createSubcontext( RDN, attributes );
+
+        assertNotNull( person );
+    }
+}

Copied: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/SSLSocketFactory.java
(from r683791, directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/SSLSocketFactory.java)
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/SSLSocketFactory.java?p2=directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/SSLSocketFactory.java&p1=directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/SSLSocketFactory.java&r1=683791&r2=683827&rev=683827&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-unit/src/test/java/org/apache/directory/server/ssl/support/SSLSocketFactory.java
(original)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/SSLSocketFactory.java
Thu Aug  7 20:34:27 2008
@@ -17,7 +17,7 @@
  *  under the License. 
  *  
  */
-package org.apache.directory.server.ssl.support;
+package org.apache.directory.server.ssl;
 
 
 import java.io.IOException;

Added: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsIT.java?rev=683827&view=auto
==============================================================================
--- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsIT.java
(added)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/ssl/StartTlsIT.java
Thu Aug  7 20:34:27 2008
@@ -0,0 +1,392 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.apache.directory.server.ssl;
+
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Hashtable;
+import java.util.List;
+import java.util.Set;
+
+import javax.naming.AuthenticationNotSupportedException;
+import javax.naming.Context;
+import javax.naming.NameNotFoundException;
+import javax.naming.NamingEnumeration;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.ModificationItem;
+import javax.naming.directory.SearchControls;
+import javax.naming.directory.SearchResult;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.LdapContext;
+import javax.naming.ldap.StartTlsRequest;
+import javax.naming.ldap.StartTlsResponse;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
+
+import org.apache.directory.server.core.CoreSession;
+import org.apache.directory.server.core.entry.ClonedServerEntry;
+import org.apache.directory.server.core.integ.Level;
+import org.apache.directory.server.core.integ.annotations.CleanupLevel;
+import org.apache.directory.server.integ.ServerIntegrationUtils;
+import org.apache.directory.server.integ.SiRunner;
+import org.apache.directory.server.newldap.LdapServer;
+import org.apache.directory.shared.ldap.message.AttributeImpl;
+import org.apache.directory.shared.ldap.message.AttributesImpl;
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+
+/**
+ * Test case to verify proper operation of confidentiality requirements as 
+ * specified in https://issues.apache.org/jira/browse/DIRSERVER-1189.  
+ * 
+ * Starts up the server binds via SUN JNDI provider to perform various 
+ * operations on entries which should be rejected when a TLS secured 
+ * connection is not established.
+ * 
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ * @version $Rev: 639006 $
+ */
+@RunWith ( SiRunner.class ) 
+@CleanupLevel ( Level.SUITE )
+public class StartTlsIT
+{
+    private static final Logger LOG = LoggerFactory.getLogger( StartTlsIT.class );
+    private static final String[] CERT_IDS = new String[] { "userCertificate" };
+    private static final int CONNECT_ITERATIONS = 10;
+    private static final boolean VERBOSE = false;
+    private File ksFile;
+
+    
+    public static LdapServer ldapServer;
+    boolean oldConfidentialityRequiredValue;
+    
+    
+    /**
+     * Sets up the key store and installs the self signed certificate for the 
+     * server (created on first startup) which is to be used by the StartTLS 
+     * JDNDI client that will connect.  The key store is created from scratch
+     * programmatically and whipped on each run.  The certificate is acquired 
+     * by pulling down the bytes for administrator's userCertificate from 
+     * uid=admin,ou=system.  We use sysRoot direct context instead of one over
+     * the wire since the server is configured to prevent connections without
+     * TLS secured connections.
+     */
+    @Before
+    public void installKeyStoreWithCertificate() throws Exception
+    {
+    	if ( ksFile != null && ksFile.exists() )
+    	{
+    		ksFile.delete();
+    	}
+    	
+    	ksFile = File.createTempFile( "testStore", "ks" );
+    	
+    	CoreSession session = ldapServer.getDirectoryService().getAdminSession();
+    	ClonedServerEntry entry = session.lookup( new LdapDN( "uid=admin,ou=system" ), CERT_IDS
);
+    	byte[] userCertificate = entry.get( CERT_IDS[0] ).getBytes();
+    	assertNotNull( userCertificate );
+
+    	ByteArrayInputStream in = new ByteArrayInputStream( userCertificate );
+    	CertificateFactory factory = CertificateFactory.getInstance( "X.509" );
+    	Certificate cert = factory.generateCertificate( in );
+    	KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() );
+    	ks.load( null, null );
+    	ks.setCertificateEntry( "apacheds", cert );
+    	ks.store( new FileOutputStream( ksFile ), "changeit".toCharArray() );
+    	LOG.debug( "Keystore file installed: {}", ksFile.getAbsolutePath() );
+    	
+        oldConfidentialityRequiredValue = ldapServer.isConfidentialityRequired();
+    }
+    
+    
+    /**
+     * Just deletes the generated key store file.
+     */
+    @After
+    public void deleteKeyStore() throws Exception
+    {
+    	if ( ksFile != null && ksFile.exists() )
+    	{
+    		ksFile.delete();
+    	}
+    	
+    	LOG.debug( "Keystore file deleted: {}", ksFile.getAbsolutePath() );
+    	ldapServer.setConfidentialityRequired( oldConfidentialityRequiredValue );
+    }
+    
+
+    private LdapContext getSecuredContext() throws Exception
+    {
+    	System.setProperty ( "javax.net.ssl.trustStore", ksFile.getAbsolutePath() );
+    	System.setProperty ( "javax.net.ssl.keyStore", ksFile.getAbsolutePath() );
+    	System.setProperty ( "javax.net.ssl.keyStorePassword", "changeit" );
+    	LOG.debug( "testStartTls() test starting ... " );
+    	
+    	// Set up environment for creating initial context
+    	Hashtable<String, Object> env = new Hashtable<String,Object>();
+        env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory" );
+        
+        // Must use the name of the server that is found in its certificate?
+        env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getIpPort() );
+
+        // Create initial context
+        LOG.debug( "About to get initial context" );
+        LdapContext ctx = new InitialLdapContext( env, null );
+
+        // Start TLS
+        LOG.debug( "About send startTls extended operation" );
+        StartTlsResponse tls = ( StartTlsResponse ) ctx.extendedOperation( new StartTlsRequest()
);
+        LOG.debug( "Extended operation issued" );
+        tls.setHostnameVerifier( new HostnameVerifier() {
+            public boolean verify( String hostname, SSLSession session )
+            {
+                return true;
+            } 
+        } );
+        LOG.debug( "TLS negotion about to begin" );
+        tls.negotiate();
+        return ctx;
+    }
+    
+
+    /**
+     * Checks to make sure insecure binds fail while secure binds succeed.
+     */
+    @Test
+    public void testConfidentiality() throws Exception
+    {
+        ldapServer.setConfidentialityRequired( true );
+
+        // -------------------------------------------------------------------
+    	// Unsecured bind should fail
+    	// -------------------------------------------------------------------
+
+    	try
+    	{
+    		ServerIntegrationUtils.getWiredContext( ldapServer );
+    		fail( "Should not get here due to violation of confidentiality requirements" );
+    	}
+    	catch( AuthenticationNotSupportedException e )
+    	{
+    	}
+    	
+    	// -------------------------------------------------------------------
+    	// get anonymous connection with StartTLS (no bind request sent)
+    	// -------------------------------------------------------------------
+
+    	LdapContext ctx = getSecuredContext();
+    	assertNotNull( ctx );
+    	
+    	// -------------------------------------------------------------------
+    	// upgrade connection via bind request (same physical connection - TLS)
+    	// -------------------------------------------------------------------
+
+    	ctx.addToEnvironment( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
+    	ctx.addToEnvironment( Context.SECURITY_CREDENTIALS, "secret" );
+    	ctx.addToEnvironment( Context.SECURITY_AUTHENTICATION, "simple" );
+    	ctx.reconnect( null );
+    	
+    	// -------------------------------------------------------------------
+    	// do a search and confirm
+    	// -------------------------------------------------------------------
+
+    	NamingEnumeration<SearchResult> results = ctx.search( "ou=system", "(objectClass=*)",
new SearchControls() );
+    	Set<String> names = new HashSet<String>();
+    	while( results.hasMore() )
+    	{
+    		names.add( results.next().getName() );
+    	}
+    	results.close();
+    	assertTrue( names.contains( "prefNodeName=sysPrefRoot" ) );
+    	assertTrue( names.contains( "ou=users" ) );
+    	assertTrue( names.contains( "ou=configuration" ) );
+    	assertTrue( names.contains( "uid=admin" ) );
+    	assertTrue( names.contains( "ou=groups" ) );
+    	
+    	// -------------------------------------------------------------------
+    	// do add and confirm
+    	// -------------------------------------------------------------------
+
+    	AttributesImpl attrs = new AttributesImpl( "objectClass", "person", true );
+    	attrs.put( "sn", "foo" );
+    	attrs.put( "cn", "foo bar" );
+    	ctx.createSubcontext( "cn=foo bar,ou=system", attrs );
+    	assertNotNull( ctx.lookup( "cn=foo bar,ou=system" ) );
+    	
+    	// -------------------------------------------------------------------
+    	// do modify and confirm
+    	// -------------------------------------------------------------------
+
+    	ModificationItem[] mods = new ModificationItem[] {
+    			new ModificationItem( DirContext.ADD_ATTRIBUTE, new AttributeImpl( "cn", "fbar" )
)
+    	};
+    	ctx.modifyAttributes( "cn=foo bar,ou=system", mods );
+    	Attributes reread = ( Attributes ) ctx.getAttributes( "cn=foo bar,ou=system" );
+    	assertTrue( reread.get( "cn" ).contains( "fbar" ) );
+    	
+    	// -------------------------------------------------------------------
+    	// do rename and confirm 
+    	// -------------------------------------------------------------------
+
+    	ctx.rename( "cn=foo bar,ou=system", "cn=fbar,ou=system" );
+    	try
+    	{
+    		ctx.getAttributes( "cn=foo bar,ou=system" );
+    		fail( "old name of renamed entry should not be found" );
+    	}
+    	catch ( NameNotFoundException e )
+    	{
+    	}
+    	reread = ( Attributes ) ctx.getAttributes( "cn=fbar,ou=system" );
+    	assertTrue( reread.get( "cn" ).contains( "fbar" ) );
+    	
+    	// -------------------------------------------------------------------
+    	// do delete and confirm
+    	// -------------------------------------------------------------------
+
+    	ctx.destroySubcontext( "cn=fbar,ou=system" );
+    	try
+    	{
+    		ctx.getAttributes( "cn=fbar,ou=system" );
+    		fail( "deleted entry should not be found" );
+    	}
+    	catch ( NameNotFoundException e )
+    	{
+    	}
+    	
+    	ctx.close();
+    }
+
+
+    private void search( int ii, LdapContext securedContext ) throws Exception
+    {
+        SearchControls controls = new SearchControls();
+        controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
+        
+        if ( VERBOSE )
+        {
+            System.out.println( "Searching on " + ii + "-th iteration:" );
+        }
+        
+        List<String> results = new ArrayList<String>();
+        NamingEnumeration<SearchResult> ne = securedContext.search( "ou=system", "(objectClass=*)",
controls );
+        while ( ne.hasMore() )
+        {
+            String dn = ne.next().getNameInNamespace();
+            results.add( dn );
+            
+            if ( VERBOSE )
+            {
+                System.out.println( "\tSearch Result = " + dn );
+            }
+        }
+        ne.close();
+        
+        assertEquals( "ou=system", results.get( 0 ) );
+        assertEquals( "uid=admin,ou=system", results.get( 1 ) );
+        assertEquals( "ou=users,ou=system", results.get( 2 ) );
+        assertEquals( "ou=groups,ou=system", results.get( 3 ) );
+        assertEquals( "cn=Administrators,ou=groups,ou=system", results.get( 4 ) );
+        assertEquals( "ou=configuration,ou=system", results.get( 5 ) );
+        assertEquals( "ou=partitions,ou=configuration,ou=system", results.get( 6 ) );
+        assertEquals( "ou=services,ou=configuration,ou=system", results.get( 7 ) );
+        assertEquals( "ou=interceptors,ou=configuration,ou=system", results.get( 8 ) );
+        assertEquals( "prefNodeName=sysPrefRoot,ou=system", results.get( 9 ) );
+    }
+    
+    
+    /**
+     * Tests StartTLS by creating a JNDI connection using the generated key 
+     * store with the installed self signed certificate.  It then searches 
+     * the server and verifies the presence of the expected entries and closes
+     * the connection.  This process repeats for a number of iterations.  
+     * Modify the CONNECT_ITERATIONS constant to change the number of 
+     * iterations.  Modify the VERBOSE constant to print out information while
+     * performing searches.
+     */
+    @Test
+    public void testStartTls() throws Exception
+    {
+        for ( int ii = 0; ii < CONNECT_ITERATIONS; ii++ )
+        {
+            if ( VERBOSE )
+            {
+                System.out.println( "Performing " + ii + "-th iteration to connect via StartTLS."
);
+            }
+
+            System.setProperty ( "javax.net.ssl.trustStore", ksFile.getAbsolutePath() );
+            System.setProperty ( "javax.net.ssl.keyStore", ksFile.getAbsolutePath() );
+            System.setProperty ( "javax.net.ssl.keyStorePassword", "changeit" );
+            LOG.debug( "testStartTls() test starting ... " );
+            
+            // Set up environment for creating initial context
+            Hashtable<String, Object> env = new Hashtable<String,Object>();
+            env.put( Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"
);
+            env.put( "java.naming.security.principal", "uid=admin,ou=system" );
+            env.put( "java.naming.security.credentials", "secret" );
+            env.put( "java.naming.security.authentication", "simple" );
+            
+            // Must use the name of the server that is found in its certificate?
+            env.put( Context.PROVIDER_URL, "ldap://localhost:" + ldapServer.getIpPort() );
+    
+            // Create initial context
+            LOG.debug( "About to get initial context" );
+            LdapContext ctx = new InitialLdapContext( env, null );
+    
+            // Start TLS
+            LOG.debug( "About send startTls extended operation" );
+            StartTlsResponse tls = ( StartTlsResponse ) ctx.extendedOperation( new StartTlsRequest()
);
+            LOG.debug( "Extended operation issued" );
+            tls.setHostnameVerifier( new HostnameVerifier() {
+                public boolean verify( String hostname, SSLSession session )
+                {
+                    return true;
+                } 
+            } );
+            LOG.debug( "TLS negotion about to begin" );
+            tls.negotiate();
+
+            search( ii, ctx );
+            
+            tls.close();
+            ctx.close();
+        }
+    }
+}

Modified: directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java?rev=683827&r1=683826&r2=683827&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java
(original)
+++ directory/apacheds/branches/bigbang/server-integ/src/test/java/org/apache/directory/server/suites/StockServerISuite.java
Thu Aug  7 20:34:27 2008
@@ -44,6 +44,7 @@
 import org.apache.directory.server.operations.search.ReferralSearchIT;
 import org.apache.directory.server.operations.search.SchemaSearchIT;
 import org.apache.directory.server.operations.search.SearchIT;
+import org.apache.directory.server.ssl.StartTlsIT;
 import org.junit.runner.RunWith;
 import org.junit.runners.Suite;
 
@@ -74,6 +75,7 @@
         NegationSearchIT.class,
         SchemaSearchIT.class,
         ReferralSearchIT.class,
+        StartTlsIT.class,
         ModifyDnReferralIT.class
         } )
 @CleanupLevel ( Level.SUITE )



Mime
View raw message