Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 0B2C5200C0A for ; Sat, 14 Jan 2017 02:15:07 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 09C43160B47; Sat, 14 Jan 2017 01:15:07 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 02D2C160B3F for ; Sat, 14 Jan 2017 02:15:05 +0100 (CET) Received: (qmail 16189 invoked by uid 500); 14 Jan 2017 01:15:05 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 16180 invoked by uid 99); 14 Jan 2017 01:15:05 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 14 Jan 2017 01:15:05 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 915423A1E65 for ; Sat, 14 Jan 2017 01:15:04 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1778693 - /directory/apacheds/branches/apacheds-value/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java Date: Sat, 14 Jan 2017 01:15:04 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20170114011504.915423A1E65@svn01-us-west.apache.org> archived-at: Sat, 14 Jan 2017 01:15:07 -0000 Author: elecharny Date: Sat Jan 14 01:15:04 2017 New Revision: 1778693 URL: http://svn.apache.org/viewvc?rev=1778693&view=rev Log: Added some SSL/TLS tests Modified: directory/apacheds/branches/apacheds-value/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java Modified: directory/apacheds/branches/apacheds-value/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-value/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java?rev=1778693&r1=1778692&r2=1778693&view=diff ============================================================================== --- directory/apacheds/branches/apacheds-value/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java (original) +++ directory/apacheds/branches/apacheds-value/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java Sat Jan 14 01:15:04 2017 @@ -23,12 +23,13 @@ package org.apache.directory.shared.clie import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertEquals; -import java.io.IOException; import java.util.List; import org.apache.directory.api.ldap.codec.api.SchemaBinaryAttributeDetector; import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms; +import org.apache.directory.api.ldap.model.entry.Entry; import org.apache.directory.api.ldap.model.exception.LdapException; import org.apache.directory.api.ldap.model.name.Dn; import org.apache.directory.api.util.Network; @@ -49,7 +50,6 @@ import org.apache.directory.server.ldap. import org.apache.directory.server.ldap.handlers.sasl.ntlm.NtlmMechanismHandler; import org.apache.directory.server.ldap.handlers.sasl.plain.PlainMechanismHandler; import org.junit.Before; -import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; @@ -114,39 +114,71 @@ public class LdapSSLConnectionTest exten * @throws IOException */ @Test - public void testBindRequest() throws Exception + public void testBindRequestSSLConfig() throws Exception { - LdapConnection connection = null; - try + try ( LdapNetworkConnection connection = new LdapNetworkConnection( sslConfig ) ) { - connection = new LdapNetworkConnection( sslConfig ); connection.bind( "uid=admin,ou=system", "secret" ); + assertTrue( connection.getConfig().isUseSsl() ); assertTrue( connection.isAuthenticated() ); + assertTrue( connection.isSecured() ); } - finally + } + + + /** + * Test a successful bind request + * + * @throws IOException + */ + @Test + public void testBindRequestSSLAuto() throws Exception + { + try ( LdapNetworkConnection connection = + new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPortSSL(), true ) ) { - if ( connection != null ) - { - connection.close(); - } + connection.bind( "uid=admin,ou=system", "secret" ); + assertTrue( connection.getConfig().isUseSsl() ); + + assertTrue( connection.isAuthenticated() ); + assertTrue( connection.isSecured() ); } } + /** + * Test a successful bind request + * + * @throws IOException + */ @Test - public void testGetSupportedControls() throws Exception + public void testBindRequestSSLWithTrustManager() throws Exception { - LdapConnection connection = new LdapNetworkConnection( sslConfig ); - - Dn dn = new Dn( "uid=admin,ou=system" ); - connection.bind( dn.getName(), "secret" ); + try ( LdapNetworkConnection connection = + new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPortSSL(), new NoVerificationTrustManager() ) ) + { + connection.bind( "uid=admin,ou=system", "secret" ); + + assertTrue( connection.getConfig().isUseSsl() ); + assertTrue( connection.isAuthenticated() ); + assertTrue( connection.isSecured() ); + } + } - List controlList = connection.getSupportedControls(); - assertNotNull( controlList ); - assertFalse( controlList.isEmpty() ); - connection.close(); + @Test + public void testGetSupportedControls() throws Exception + { + try ( LdapConnection connection = new LdapNetworkConnection( sslConfig ) ) + { + Dn dn = new Dn( "uid=admin,ou=system" ); + connection.bind( dn.getName(), "secret" ); + + List controlList = connection.getSupportedControls(); + assertNotNull( controlList ); + assertFalse( controlList.isEmpty() ); + } } @@ -158,10 +190,8 @@ public class LdapSSLConnectionTest exten @Test public void testStartTLSBindRequest() throws Exception { - LdapNetworkConnection connection = null; - try + try ( LdapNetworkConnection connection = new LdapNetworkConnection( tlsConfig ) ) { - connection = new LdapNetworkConnection( tlsConfig ); tlsConfig.setUseTls( true ); connection.connect(); @@ -174,61 +204,155 @@ public class LdapSSLConnectionTest exten connection.bind( "uid=admin,ou=system", "secret" ); assertTrue( connection.isAuthenticated() ); + assertTrue( connection.isSecured() ); connection.unBind(); } - finally + } + + + /** + * Test a request before setting up TLS + * + * @throws IOException + */ + @Test + public void testStartTLSAfterBind() throws Exception + { + try ( LdapNetworkConnection connection = + new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPort() ) ) { - if ( connection != null ) - { - connection.close(); - } + connection.connect(); + + connection.bind( "uid=admin,ou=system", "secret" ); + assertFalse( connection.isSecured() ); + + Entry rootDse = connection.getRootDse( "*", "+" ); + + assertNotNull( rootDse ); + + // startTLS + connection.startTls(); + + // try multiple binds with startTLS DIRAPI-173 + assertTrue( connection.isSecured() ); + + Entry admin = connection.lookup( "uid=admin,ou=system" ); + + assertNotNull( admin ); + assertEquals( "uid=admin,ou=system", admin.getDn().getName() ); + + connection.unBind(); } } + /** + * Test the startTLS call + * + * @throws IOException + */ @Test - public void testGetSupportedControlsWithStartTLS() throws Exception + public void testStartTLS() throws Exception { - LdapNetworkConnection connection = new LdapNetworkConnection( tlsConfig ); - tlsConfig.setUseTls( true ); - connection.connect(); - - Dn dn = new Dn( "uid=admin,ou=system" ); - connection.bind( dn.getName(), "secret" ); - - List controlList = connection.getSupportedControls(); - assertNotNull( controlList ); - assertFalse( controlList.isEmpty() ); + try ( LdapNetworkConnection connection = + new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPort() ) ) + { + assertFalse( connection.isConnected() ); + + // Send the startTLS extended operation + connection.startTls(); + assertTrue( connection.isSecured() ); + + connection.bind( "uid=admin,ou=system", "secret" ); + assertTrue( connection.isSecured() ); - connection.close(); + Entry admin = connection.lookup( "uid=admin,ou=system" ); + + assertNotNull( admin ); + assertEquals( "uid=admin,ou=system", admin.getDn().getName() ); + + connection.unBind(); + } + } + + + /** + * Test the startTLS call + * + * @throws IOException + */ + @Test + public void testStartTLSWithConfig() throws Exception + { + try ( LdapNetworkConnection connection = + new LdapNetworkConnection( tlsConfig ) ) + { + assertFalse( connection.isConnected() ); + + // Send the startTLS extended operation + connection.startTls(); + assertTrue( connection.isSecured() ); + + connection.bind( "uid=admin,ou=system", "secret" ); + assertTrue( connection.isSecured() ); + + Entry admin = connection.lookup( "uid=admin,ou=system" ); + + assertNotNull( admin ); + assertEquals( "uid=admin,ou=system", admin.getDn().getName() ); + + connection.unBind(); + } + } + + + @Test + public void testGetSupportedControlsWithStartTLS() throws Exception + { + try ( LdapNetworkConnection connection = new LdapNetworkConnection( tlsConfig ) ) + { + tlsConfig.setUseTls( true ); + connection.connect(); + + Dn dn = new Dn( "uid=admin,ou=system" ); + connection.bind( dn.getName(), "secret" ); + + List controlList = connection.getSupportedControls(); + assertNotNull( controlList ); + assertFalse( controlList.isEmpty() ); + } } @Test(expected = LdapException.class) public void testFailsStartTLSWhenSSLIsInUse() throws Exception { - LdapNetworkConnection connection = new LdapNetworkConnection( tlsConfig ); - tlsConfig.setUseSsl( true ); - tlsConfig.setLdapPort( ldapServer.getPortSSL() ); - connection.connect(); - connection.startTls(); + try ( LdapNetworkConnection connection = new LdapNetworkConnection( tlsConfig ) ) + { + tlsConfig.setUseSsl( true ); + tlsConfig.setLdapPort( ldapServer.getPortSSL() ); + connection.connect(); + connection.startTls(); + } } @Test(expected = InvalidConnectionException.class) - @Ignore( "This test is failing from time to time when runnig integ tests... To be investgated") public void testStallingSsl() throws Exception { LdapConnectionConfig sslConfig = new LdapConnectionConfig(); sslConfig.setLdapHost( Network.LOOPBACK_HOSTNAME ); sslConfig.setUseSsl( true ); sslConfig.setLdapPort( getLdapServer().getPortSSL() ); - //sslConfig.setTrustManagers( new NoVerificationTrustManager() ); - - LdapNetworkConnection connection = new LdapNetworkConnection( sslConfig ); - // We should get an exception here, as we don't have a trustManager defined - connection.bind(); + try ( LdapNetworkConnection connection = new LdapNetworkConnection( sslConfig ) ) + { + // We should get an exception here, as we don't have a trustManager defined + connection.bind(); + + assertTrue( connection.getConfig().isUseSsl() ); + assertTrue( connection.isConnected() ); + } } }