core/src/test/org/apache/ldap/server/jndi/SimpleAuthenticationTest.java

/*
 *   Copyright 2004 The Apache Software Foundation
 *
 *   Licensed under the Apache License, Version 2.0 (the "License");
 *   you may not use this file except in compliance with the License.
 *   You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *   Unless required by applicable law or agreed to in writing, software
 *   distributed under the License is distributed on an "AS IS" BASIS,
 *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *   See the License for the specific language governing permissions and
 *   limitations under the License.
 *
 */
package org.apache.ldap.server.jndi;


import java.io.File;
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.ConfigurationException;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.InitialLdapContext;

import org.apache.ldap.common.exception.LdapConfigurationException;
import org.apache.ldap.common.exception.LdapNoPermissionException;
import org.apache.ldap.common.util.ArrayUtils;
import org.apache.ldap.server.AbstractServerTest;
import org.apache.mina.util.AvailablePortFinder;


/**
 * A set of simple tests to make sure simple authentication is working as it
 * should.
 *
 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
 * @version $Rev$
 */
public class SimpleAuthenticationTest extends AbstractServerTest
{
    /**
     * Cleans up old database files on creation.
     * @throws IOException 
     */
    public SimpleAuthenticationTest() throws IOException
    {
        doDelete( new File( "target" + File.separator + "eve" ) );
    }


    /**
     * Customizes setup for each test case.
     *
     * <ul>
     *   <li>sets doDelete to false for test1AdminAccountCreation</li>
     *   <li>sets doDelete to false for test2AccountExistsOnRestart</li>
     *   <li>sets doDelete to true for all other cases</li>
     *   <li>bypasses normal setup for test5BuildDbNoPassWithPrincAuthNone</li>
     *   <li>bypasses normal setup for test4BuildDbNoPassNoPrincAuthNone</li>
     *   <li>bypasses normal setup for test6BuildDbNoPassNotAdminPrinc</li>
     * </ul>
     *
     * @throws Exception
     */
    protected void setUp() throws Exception
    {
        if ( getName().equals( "test1AdminAccountCreation" ) ||
             getName().equals( "test2AccountExistsOnRestart" ) )
        {
            super.doDelete = false;
        }
        else
        {
            super.doDelete = true;
        }

        if ( getName().equals( "test5BuildDbNoPassWithPrincAuthNone" ) ||
                getName().equals( "test6BuildDbNoPassNotAdminPrinc" ) ||
             getName().equals( "test4BuildDbNoPassNoPrincAuthNone" ) )
        {
            return;
        }

        super.setUp();
    }


    /**
     * Checks all attributes of the admin account entry minus the userPassword
     * attribute.
     *
     * @param attrs the entries attributes
     */
    protected void performAdminAccountChecks( Attributes attrs )
    {
        assertTrue( attrs.get( "objectClass" ).contains( "top" ) );
        assertTrue( attrs.get( "objectClass" ).contains( "person" ) );
        assertTrue( attrs.get( "objectClass" ).contains( "organizationalPerson" ) );
        assertTrue( attrs.get( "objectClass" ).contains( "inetOrgPerson" ) );
        assertTrue( attrs.get( "displayName" ).contains( "Directory Superuser" ) );
    }


    /**
     * Check the creation of the admin account.
     *
     * @throws NamingException if there are failures
     */
    public void test1AdminAccountCreation() throws NamingException
    {
        DirContext ctx = ( DirContext ) sysRoot.lookup( "uid=admin" );
        Attributes attrs = ctx.getAttributes( "" );
        performAdminAccountChecks( attrs );
        assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), "secret".getBytes() ));
    }


    /**
     * Check the creation of the admin account even after a restart.
     *
     * @throws NamingException if there are failures
     */
    public void test2AccountExistsOnRestart() throws NamingException
    {
        DirContext ctx = ( DirContext ) sysRoot.lookup( "uid=admin" );
        Attributes attrs = ctx.getAttributes( "" );

        performAdminAccountChecks( attrs );
        assertTrue( ArrayUtils.isEquals( attrs.get( "userPassword" ).get(), "secret".getBytes() ));
    }


    public void test3UseAkarasulu() throws NamingException
    {
        // now go in as anonymous user and we should be rejected
        Hashtable env = new Hashtable();
        env.put( Context.PROVIDER_URL, "ou=system" );
        env.put( Context.SECURITY_PRINCIPAL, "uid=akarasulu,ou=users,ou=system" );
        env.put( Context.SECURITY_CREDENTIALS, "test" );
        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.ServerContextFactory" );
        InitialDirContext ic = new InitialDirContext( env );
        Attributes attrs = ic.getAttributes( "uid=akarasulu,ou=users" );
        Attribute ou = attrs.get( "ou" );
        assertTrue( ou.contains( "Engineering" ) );
        assertTrue( ou.contains( "People" ) );

        Attribute objectClass = attrs.get( "objectClass" );
        assertTrue( objectClass.contains( "top" ) );
        assertTrue( objectClass.contains( "person" ) );
        assertTrue( objectClass.contains( "organizationalPerson" ) );
        assertTrue( objectClass.contains( "inetOrgPerson" ) );

        assertTrue( attrs.get( "telephonenumber" ).contains( "+1 408 555 4798" ) );
        assertTrue( attrs.get( "uid" ).contains( "akarasulu" ) );
        assertTrue( attrs.get( "givenname" ).contains( "Alex" ) );
        assertTrue( attrs.get( "mail" ).contains( "akarasulu@apache.org" ) );
        assertTrue( attrs.get( "l" ).contains( "Bogusville" ) );
        assertTrue( attrs.get( "sn" ).contains( "Karasulu" ) );
        assertTrue( attrs.get( "cn" ).contains( "Alex Karasulu" ) );
        assertTrue( attrs.get( "facsimiletelephonenumber" ).contains( "+1 408 555 9751" ) );
        assertTrue( attrs.get( "roomnumber" ).contains( "4612" ) );
    }


    /**
     * Tests to make sure we throw an error when Context.SECURITY_AUTHENTICATION
     * is set to "none" when trying to bootstrap the system.  Only the admin
     * user is allowed to bootstrap.
     *
     * @throws Exception if anything goes wrong
     */
    public void test4BuildDbNoPassNoPrincAuthNone() throws Exception
    {
        // clean out the database
        tearDown();
        doDelete( new File( "target" + File.separator + "eve" ) );
        Hashtable env = new Hashtable();
        env.put( Context.SECURITY_AUTHENTICATION, "none" );
        env.put( EnvKeys.DISABLE_ANONYMOUS, "true" );

        int port = AvailablePortFinder.getNextAvailable( 1024 );

        env.put( EnvKeys.LDAP_PORT, String.valueOf( port ) );

        try
        {
            setSysRoot( env );
            fail( "should not get here due to exception" );
        }
        catch( LdapNoPermissionException e )
        {
        }

        // ok this should start up the system now as admin
        Hashtable anonymous = new Hashtable();

        anonymous.put( EnvKeys.LDAP_PORT, String.valueOf( port ) );

        InitialLdapContext ctx = ( InitialLdapContext ) setSysRoot( anonymous );
        assertNotNull( ctx );

        // now go in as anonymous user and we should be wh
        env.put( Context.PROVIDER_URL, "ou=system" );
        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.ServerContextFactory" );

        InitialLdapContext initial = new InitialLdapContext( env, null );

        try
        {
            ctx = ( InitialLdapContext ) initial.lookup( "uid=admin" );
            fail( "should not get here due to exception cuz anonymous user is "
                    + "not allowed read access to the admin account entry" );
        }
        catch( LdapConfigurationException e )
        {
        }
        catch( LdapNoPermissionException e )
        {
        }
    }


    /**
     * Tests to make sure we throw an error when Context.SECURITY_AUTHENTICATION
     * is set to "none" when trying to bootstrap the system even when the
     * principal is set to the admin user.  Only the admin user is allowed to
     * bootstrap.  This is a configuration issue or a nonsense set of property
     * values.
     *
     * @throws Exception if anything goes wrong
     */
    public void test5BuildDbNoPassWithPrincAuthNone() throws Exception
    {
        // clean out the database
        tearDown();
        doDelete( new File( "target" + File.separator + "eve" ) );
        Hashtable env = new Hashtable();
        env.put( Context.SECURITY_AUTHENTICATION, "none" );
        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );

        try
        {
            setSysRoot( env );
            fail( "should not get here due to exception" );
        }
        catch( ConfigurationException e )
        {
        }
    }


    /**
     * Tests to make sure we throw an error when Context.SECURITY_AUTHENTICATION
     * is set to "simple" when trying to bootstrap the system but the admin is
     * not the principal.  Only the admin user is allowed to bootstrap.
     * Subsequent calls can 'bind' (authenticate in our case since there is no
     * network connection) anonymously though.
     *
     * @throws Exception if anything goes wrong
     */
    public void test6BuildDbNoPassNotAdminPrinc() throws Exception
    {
        // clean out the database
        tearDown();
        doDelete( new File( "target" + File.separator + "eve" ) );
        Hashtable env = new Hashtable();
        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
        env.put( Context.SECURITY_PRINCIPAL, "uid=akarasulu,ou=users,ou=system" );

        try
        {
            setSysRoot( env );
            fail( "should not get here due to exception" );
        }
        catch( ConfigurationException e )
        {
        }
    }


    /**
     * Tests to make sure we can authenticate after the database has already
     * been build as the admin user when simple authentication is in effect.
     *
     * @throws Exception if anything goes wrong
     */
    public void test8PassPrincAuthTypeSimple() throws Exception
    {
        // now go in as anonymous user and we should be rejected
        Hashtable env = new Hashtable();
        env.put( Context.PROVIDER_URL, "ou=system" );
        env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
        env.put( Context.SECURITY_CREDENTIALS, "secret" );
        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.ServerContextFactory" );
        assertNotNull( new InitialContext( env ) );
    }


    /**
     * Checks to see if we can authenticate as a test user after the admin fires
     * up and builds the the system database.
     *
     * @throws Exception if anything goes wrong
     */
    public void test10TestNonAdminUser() throws Exception
    {
        // now go in as anonymous user and we should be rejected
        Hashtable env = new Hashtable();
        env.put( Context.PROVIDER_URL, "ou=system" );
        env.put( Context.SECURITY_PRINCIPAL, "uid=akarasulu,ou=users,ou=system" );
        env.put( Context.SECURITY_CREDENTIALS, "test" );
        env.put( Context.SECURITY_AUTHENTICATION, "simple" );
        env.put( Context.INITIAL_CONTEXT_FACTORY, "org.apache.ldap.server.jndi.ServerContextFactory" );
        assertNotNull( new InitialContext( env ) );
    }
}