oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/AbstractLdapIdentityProviderTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.oak.security.authentication.ldap.impl;

import org.apache.directory.server.constants.ServerDNConstants;
import org.apache.jackrabbit.oak.security.authentication.ldap.InternalLdapServer;
import org.apache.jackrabbit.oak.security.authentication.ldap.LdapServerClassLoader;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.util.Text;
import org.junit.After;
import org.junit.Before;

import javax.jcr.SimpleCredentials;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;

public abstract class AbstractLdapIdentityProviderTest {

    public static final String TEST_USER0_DN = "cn=Rat Ratterson,ou=users,ou=system";
    public static final String TEST_USER0_UID = "ratty";

    public static final String TEST_USER1_DN = "cn=Horatio Hornblower,ou=users,ou=system";
    public static final String TEST_USER1_UID = "hhornblo";
    public static final String TEST_USER1_PATH = "cn=Horatio Hornblower/ou=users/ou=system";

    public static final String TEST_USER2_DN = "cn=William Bush,ou=users,ou=system";
    public static final String TEST_USER3_DN = "cn=Thomas Quist,ou=users,ou=system";
    public static final String TEST_USER4_DN = "cn=Moultrie Crystal,ou=users,ou=system";

    public static final String TEST_USER5_UID = "=007=";
    public static final String TEST_USER5_DN = "cn=Special\\, Agent [007],ou=users,ou=system";
    public static final String TEST_USER5_PATH = "cn=Special\\, Agent %5B007%5D/ou=users/ou=system";

    public static final String TEST_GROUP1_DN = "cn=HMS Lydia,ou=crews,ou=groups,ou=system";
    public static final String TEST_GROUP1_NAME = "HMS Lydia";
    public static final String[] TEST_GROUP1_MEMBERS = {
            TEST_USER0_DN, TEST_USER1_DN, TEST_USER2_DN, TEST_USER3_DN, TEST_USER4_DN
    };

    public static final String TEST_GROUP2_DN = "cn=HMS Victory,ou=crews,ou=groups,ou=system";
    public static final String TEST_GROUP2_NAME = "HMS Victory";

    public static final String TEST_GROUP3_DN = "cn=HMS Bounty,ou=crews,ou=groups,ou=system";
    public static final String TEST_GROUP3_NAME = "HMS Bounty";

    public static final String[] TEST_USER0_GROUPS = {TEST_GROUP1_DN, TEST_GROUP2_DN, TEST_GROUP3_DN};
    public static final String[] TEST_USER1_GROUPS = {TEST_GROUP1_DN};

    //loaded by a separate ClassLoader unavailable to the client (needed because the server is using old libraries)
    protected LdapServerClassLoader.Proxy proxy;

    private static final String TUTORIAL_LDIF = "apache-ds-tutorial.ldif";
    public static final String IDP_NAME = "ldap";

    public static final String[] DEFAULT_USER_PROPERTIES = new String[] { "objectclass", "uid", "givenname", "description", "sn", "cn"};

    protected LdapIdentityProvider idp;
    protected LdapProviderConfig providerConfig;

    @Before
    public void before() throws Exception {
        LdapServerClassLoader serverClassLoader = LdapServerClassLoader.createServerClassLoader();
        proxy = serverClassLoader.createAndSetupServer();
        proxy.loadLdif(getClass().getResourceAsStream(TUTORIAL_LDIF));
        idp = createIDP();
    }

    @After
    public void after() throws Exception {
        proxy.tearDown();
        if (idp != null) {
            idp.close();
            idp = null;
        }
    }

    protected LdapIdentityProvider createIDP() {
        //The attribute "mail" is excluded deliberately
        return createIDP(DEFAULT_USER_PROPERTIES);
    }

    protected LdapIdentityProvider createIDP(String[] userProperties) {
        providerConfig = createProviderConfig(userProperties);
        return new LdapIdentityProvider(providerConfig);
    }

    protected LdapProviderConfig createProviderConfig(String[] userProperties) {
        LdapProviderConfig providerConfig = new LdapProviderConfig()
                .setName(IDP_NAME)
                .setHostname("127.0.0.1")
                .setPort(proxy.port)
                .setBindDN(ServerDNConstants.ADMIN_SYSTEM_DN)
                .setBindPassword(InternalLdapServer.ADMIN_PW)
                .setGroupMemberAttribute("uniquemember")
                .setCustomAttributes(userProperties);

        providerConfig.getUserConfig()
                .setBaseDN(ServerDNConstants.USERS_SYSTEM_DN)
                .setObjectClasses("inetOrgPerson");
        providerConfig.getGroupConfig()
                .setBaseDN(ServerDNConstants.GROUPS_SYSTEM_DN)
                .setObjectClasses("groupOfUniqueNames");

        providerConfig.getAdminPoolConfig().setMaxActive(0);
        providerConfig.getUserPoolConfig().setMaxActive(0);
        return providerConfig;
    }

    public static void authenticateInternal(LdapIdentityProvider idp, String id) throws Exception {
        SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
        ExternalUser user = idp.authenticate(creds);
        assertNotNull("User 1 must authenticate", user);
        assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName());
        assertEquals("User Ref", id, user.getExternalId().getId());
    }

    public static void authenticateValidateInternal(LdapIdentityProvider idp, String id) throws Exception {
        SimpleCredentials creds = new SimpleCredentials(TEST_USER1_UID, "pass".toCharArray());
        for (int i=0; i<8; i++) {
            ExternalUser user = idp.authenticate(creds);
            assertNotNull("User 1 must authenticate (i=" + i + ")", user);
            assertEquals("User Ref", TEST_USER1_DN, ((LdapUser)user).getEntry().getDn().getName());
            assertEquals("User Ref", id, user.getExternalId().getId());
        }
    }

    public static void assertIfEquals(String message, String[] expected, Iterable<ExternalIdentityRef> result) {
        List<String> dns = new LinkedList<>();
        for (ExternalIdentityRef ref: result) {
            dns.add(ref.getId());
        }
        Collections.sort(dns);
        Arrays.sort(expected);
        String exp = Text.implode(expected, ",\n");
        String res = Text.implode(dns.toArray(new String[dns.size()]), ",\n");
        assertEquals(message, exp, res);
    }
}