Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 89826 invoked from network); 16 Feb 2011 14:45:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 16 Feb 2011 14:45:48 -0000 Received: (qmail 38261 invoked by uid 500); 16 Feb 2011 14:45:48 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 38201 invoked by uid 500); 16 Feb 2011 14:45:47 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 38194 invoked by uid 99); 16 Feb 2011 14:45:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Feb 2011 14:45:46 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Feb 2011 14:45:43 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id E02B623889E7; Wed, 16 Feb 2011 14:45:21 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1071273 - /directory/apacheds/branches/m1/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java Date: Wed, 16 Feb 2011 14:45:21 -0000 To: commits@directory.apache.org From: pamarcelot@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20110216144521.E02B623889E7@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: pamarcelot Date: Wed Feb 16 14:45:21 2011 New Revision: 1071273 URL: http://svn.apache.org/viewvc?rev=1071273&view=rev Log: Fix for DIRAPI-42 (Add additional classes and clean method arguments for SASL binds (CRAM-MD5, DIGEST-MD5, GSS-API)). Modified: directory/apacheds/branches/m1/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java Modified: directory/apacheds/branches/m1/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/m1/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java?rev=1071273&r1=1071272&r2=1071273&view=diff ============================================================================== --- directory/apacheds/branches/m1/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java (original) +++ directory/apacheds/branches/m1/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java Wed Feb 16 14:45:21 2011 @@ -38,6 +38,9 @@ import javax.naming.directory.InitialDir import org.apache.commons.lang.ArrayUtils; import org.apache.commons.net.SocketClient; import org.apache.directory.junit.tools.MultiThreadedMultiInvoker; +import org.apache.directory.ldap.client.api.CramMd5Request; +import org.apache.directory.ldap.client.api.DigestMd5Request; +import org.apache.directory.ldap.client.api.GssApiRequest; import org.apache.directory.ldap.client.api.LdapConnection; import org.apache.directory.ldap.client.api.LdapNetworkConnection; import org.apache.directory.server.annotations.CreateKdcServer; @@ -166,6 +169,7 @@ public class SaslBindIT extends Abstract @Rule public MultiThreadedMultiInvoker i = new MultiThreadedMultiInvoker( MultiThreadedMultiInvoker.NOT_THREADSAFE ); + public SaslBindIT() throws Exception { // On Windows 7 and Server 2008 the loopback address 127.0.0.1 @@ -231,7 +235,7 @@ public class SaslBindIT extends Abstract Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); LdapConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); BindRequest bindReq = new BindRequestImpl(); - bindReq.setCredentials( "secret".getBytes() ); + bindReq.setCredentials( "secret" ); bindReq.setName( userDn ); bindReq.setSaslMechanism( SupportedSaslMechanisms.PLAIN ); @@ -255,7 +259,7 @@ public class SaslBindIT extends Abstract Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); LdapConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); BindRequest bindReq = new BindRequestImpl(); - bindReq.setCredentials( "secret".getBytes() ); + bindReq.setCredentials( "secret" ); bindReq.setName( userDn ); bindReq.setSaslMechanism( "" ); // invalid mechanism bindReq.setSimple( false ); @@ -283,7 +287,11 @@ public class SaslBindIT extends Abstract Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); - BindResponse resp = connection.bindCramMd5( userDn.getRdn().getUpValue().getString(), "secret", null ); + CramMd5Request request = new CramMd5Request(); + request.setUsername( userDn.getRdn().getUpValue().getString() ); + request.setCredentials( "secret" ); + + BindResponse resp = connection.bind( request ); assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() ); Entry entry = connection.lookup( userDn ); @@ -302,7 +310,11 @@ public class SaslBindIT extends Abstract Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); - BindResponse resp = connection.bindCramMd5( userDn.getRdn().getUpValue().getString(), "badsecret", null ); + CramMd5Request request = new CramMd5Request(); + request.setUsername( userDn.getRdn().getUpValue().getString() ); + request.setCredentials( "badsecret" ); + + BindResponse resp = connection.bind( request ); assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resp.getLdapResult().getResultCode() ); connection.close(); } @@ -317,9 +329,11 @@ public class SaslBindIT extends Abstract Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); - BindResponse resp = connection.bindDigestMd5( userDn.getRdn().getUpValue().getString(), "secret", null, - ldapServer.getSaslRealms() - .get( 0 ) ); + DigestMd5Request request = new DigestMd5Request(); + request.setUsername( userDn.getRdn().getUpValue().getString() ); + request.setCredentials( "secret" ); + request.setRealmName( ldapServer.getSaslRealms().get( 0 ) ); + BindResponse resp = connection.bind( request ); assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() ); Entry entry = connection.lookup( userDn ); @@ -330,36 +344,39 @@ public class SaslBindIT extends Abstract /** - * GSSAPI test + * Tests to make sure DIGEST-MD5 binds below the RootDSE fail if the realm is bad. */ @Test - public void testSaslGssApiBind() throws Exception + public void testSaslDigestMd5BindBadRealm() throws Exception { Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); - BindResponse resp = connection.bindGssApi( userDn.getRdn().getUpValue().getString(), "secret", ldapServer - .getSaslRealms().get( 0 ) - .toUpperCase(), "localhost", 6088 ); - assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() ); - - Entry entry = connection.lookup( userDn ); - assertEquals( "hnelson", entry.get( "uid" ).getString() ); + DigestMd5Request request = new DigestMd5Request(); + request.setUsername( userDn.getRdn().getUpValue().getString() ); + request.setCredentials( "secret" ); + request.setRealmName( "badrealm.com" ); + BindResponse resp = connection.bind( request ); + assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resp.getLdapResult().getResultCode() ); connection.close(); } /** - * Tests to make sure DIGEST-MD5 binds below the RootDSE fail if the realm is bad. + * Tests to make sure DIGEST-MD5 binds below the RootDSE fail if the password is bad. */ @Test - public void testSaslDigestMd5BindBadRealm() throws Exception + public void testSaslDigestMd5BindBadPassword() throws Exception { Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); - BindResponse resp = connection.bindDigestMd5( userDn.getName(), "secret", null, "badrealm.com" ); + DigestMd5Request request = new DigestMd5Request(); + request.setUsername( userDn.getRdn().getUpValue().getString() ); + request.setCredentials( "badsecret" ); + request.setRealmName( ldapServer.getSaslRealms().get( 0 ) ); + BindResponse resp = connection.bind( request ); assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resp.getLdapResult().getResultCode() ); connection.close(); @@ -367,23 +384,91 @@ public class SaslBindIT extends Abstract /** - * Tests to make sure DIGEST-MD5 binds below the RootDSE fail if the password is bad. + * Tests to make sure GSS-API binds below the RootDSE work. */ @Test - public void testSaslDigestMd5BindBadPassword() throws Exception + public void testSaslGssApiBind() throws Exception { Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); - BindResponse resp = connection.bindDigestMd5( userDn.getName(), "badsecret", null, ldapServer - .getSaslRealms().get( 0 ) ); - assertEquals( ResultCodeEnum.INVALID_CREDENTIALS, resp.getLdapResult().getResultCode() ); + GssApiRequest request = new GssApiRequest(); + request.setUsername( userDn.getRdn().getUpValue().getString() ); + request.setCredentials( "secret" ); + request.setRealmName( ldapServer.getSaslRealms().get( 0 ).toUpperCase() ); + request.setKdcHost( "localhost" ); + request.setKdcPort( 6088 ); + BindResponse resp = connection.bind( request ); + assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() ); + + Entry entry = connection.lookup( userDn ); + assertEquals( "hnelson", entry.get( "uid" ).getString() ); connection.close(); } /** + * Tests to make sure GSS-API binds below the RootDSE fail if the realm is bad. + */ + @Test + public void testSaslGssApiBindBadRealm() throws Exception + { + Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); + LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); + + GssApiRequest request = new GssApiRequest(); + request.setUsername( userDn.getRdn().getUpValue().getString() ); + request.setCredentials( "secret" ); + request.setRealmName( "badrealm.com" ); + request.setKdcHost( "localhost" ); + request.setKdcPort( 6088 ); + try + { + connection.bind( request ); + } + catch ( Exception e ) + { + assertTrue( e instanceof LdapException ); + } + finally + { + connection.close(); + } + } + + + /** + * Tests to make sure GSS-API binds below the RootDSE fail if the password is bad. + */ + @Test + public void testSaslGssApiBindBadPassword() throws Exception + { + Dn userDn = new Dn( "uid=hnelson,ou=users,dc=example,dc=com" ); + LdapNetworkConnection connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); + + GssApiRequest request = new GssApiRequest(); + request.setUsername( userDn.getRdn().getUpValue().getString() ); + request.setCredentials( "badsecret" ); + request.setRealmName( ldapServer.getSaslRealms().get( 0 ).toUpperCase() ); + request.setKdcHost( "localhost" ); + request.setKdcPort( 6088 ); + try + { + connection.bind( request ); + } + catch ( Exception e ) + { + assertTrue( e instanceof LdapException ); + } + finally + { + connection.close(); + } + } + + + /** * Tests that the plumbing for NTLM bind works. */ @Test @@ -453,9 +538,11 @@ public class SaslBindIT extends Abstract // Digest-MD5 connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); - resp = connection.bindDigestMd5( userDn.getRdn().getUpValue().getString(), "secret", null, ldapServer - .getSaslRealms() - .get( 0 ) ); + DigestMd5Request digetDigestMd5Request = new DigestMd5Request(); + digetDigestMd5Request.setUsername( userDn.getRdn().getUpValue().getString() ); + digetDigestMd5Request.setCredentials( "secret" ); + digetDigestMd5Request.setRealmName( ldapServer.getSaslRealms().get( 0 ) ); + resp = connection.bind( digetDigestMd5Request ); assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() ); entry = connection.lookup( userDn ); assertEquals( "hnelson", entry.get( "uid" ).getString() ); @@ -463,7 +550,10 @@ public class SaslBindIT extends Abstract // Cram-MD5 connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); - resp = connection.bindCramMd5( userDn.getRdn().getUpValue().getString(), "secret", null ); + CramMd5Request cramMd5Request = new CramMd5Request(); + cramMd5Request.setUsername( userDn.getRdn().getUpValue().getString() ); + cramMd5Request.setCredentials( "secret" ); + resp = connection.bind( cramMd5Request ); assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() ); entry = connection.lookup( userDn ); assertEquals( "hnelson", entry.get( "uid" ).getString() ); @@ -471,9 +561,13 @@ public class SaslBindIT extends Abstract // GSSAPI connection = new LdapNetworkConnection( "localhost", ldapServer.getPort() ); - resp = connection.bindGssApi( userDn.getRdn().getUpValue().getString(), "secret", ldapServer - .getSaslRealms().get( 0 ) - .toUpperCase(), "localhost", 6088 ); + GssApiRequest gssApiRequest = new GssApiRequest(); + gssApiRequest.setUsername( userDn.getRdn().getUpValue().getString() ); + gssApiRequest.setCredentials( "secret" ); + gssApiRequest.setRealmName( ldapServer.getSaslRealms().get( 0 ) ); + gssApiRequest.setKdcHost( "localhost" ); + gssApiRequest.setKdcPort( 6088 ); + resp = connection.bind( gssApiRequest ); assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() ); entry = connection.lookup( userDn ); assertEquals( "hnelson", entry.get( "uid" ).getString() ); @@ -539,10 +633,10 @@ public class SaslBindIT extends Abstract } // Retrieve the response back from server to my last request. - LdapMessageContainer container = new LdapMessageContainer( + LdapMessageContainer container = new LdapMessageContainer( ldapServer.getDirectoryService().getLdapCodecService() ); decoder.setLdapMessageContainer( container ); - return (BindResponse) decoder.decode( null, _input_ ); + return ( BindResponse ) decoder.decode( null, _input_ ); }