Merged with origin

projects/cadcAccessControl-Server/build.xml

@@ -93,6 +93,7 @@
     <property name="cadcRegistry"        value="${lib}/cadcRegistryClient.jar" />
     <property name="cadcUtil"            value="${lib}/cadcUtil.jar" />
     <property name="cadcUWS"             value="${lib}/cadcUWS.jar" />
+    <property name="wsUtil"              value="${lib}/wsUtil.jar" />
 
     <property name="javacsv"             value="${ext.lib}/javacsv.jar" />
     <property name="jdom2"               value="${ext.lib}/jdom2.jar" />
@@ -101,7 +102,7 @@
     <property name="unboundid"           value="${ext.lib}/unboundid-ldapsdk-se.jar" />
     <property name="xerces"              value="${ext.lib}/xerces.jar" />
 
-    <property name="jars" value="${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}" />
+    <property name="jars" value="${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}:${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${wsUtil}" />
 
     <target name="build" depends="compile">
         <jar jarfile="${build}/lib/${project}.jar"

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java

@@ -100,6 +100,8 @@ public class LdapConfig
     public static final String LDAP_GROUPS_DN = "groupsDn";
     public static final String LDAP_ADMIN_GROUPS_DN  = "adminGroupsDn";
 
+    private final static int SECURE_PORT = 636;
+
     private String usersDN;
     private String groupsDN;
     private String adminGroupsDN;
@@ -286,6 +288,11 @@ public class LdapConfig
         return this.port;
     }
 
+    public boolean isSecure()
+    {
+        return getPort() == SECURE_PORT;
+    }
+
     public String getAdminUserDN()
     {
         return this.proxyUserDN;

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java

@@ -68,31 +68,28 @@
  */
 package ca.nrc.cadc.ac.server.ldap;
 
-import java.security.AccessControlException;
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Set;
-
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
+import java.io.File;
+import java.net.MalformedURLException;
+import java.security.*;
+import java.security.cert.CertificateException;
+import java.util.Set;
+
+import com.unboundid.ldap.sdk.*;
+import com.unboundid.util.ssl.*;
 
-import ca.nrc.cadc.auth.HttpPrincipal;
-import ca.nrc.cadc.auth.NumericPrincipal;
-import ca.nrc.cadc.auth.OpenIdPrincipal;
+import ca.nrc.cadc.auth.*;
 import ca.nrc.cadc.net.TransientException;
 
-import com.unboundid.ldap.sdk.DN;
-import com.unboundid.ldap.sdk.LDAPConnection;
-import com.unboundid.ldap.sdk.LDAPException;
-import com.unboundid.ldap.sdk.ResultCode;
-import com.unboundid.ldap.sdk.SearchResult;
-import com.unboundid.ldap.sdk.SearchResultEntry;
-import com.unboundid.ldap.sdk.SearchScope;
 
 public abstract class LdapDAO
 {
     private LDAPConnection conn;
-    
+
     LdapConfig config;
     DN subjDN = null;
 
@@ -114,34 +111,64 @@ public abstract class LdapDAO
     }
 
     protected LDAPConnection getConnection()
-        throws LDAPException, AccessControlException
+            throws LDAPException, AccessControlException
     {
         if (conn == null)
         {
-            conn = new LDAPConnection(config.getServer(), config.getPort());
-            conn.bind(config.getProxyUserDN(), config.getProxyPasswd());
+            conn = new LDAPConnection(getSocketFactory(), config.getServer(),
+                                      config.getPort());
+            conn.bind(config.getAdminUserDN(), config.getAdminPasswd());
         }
 
         return conn;
     }
 
+    private SocketFactory getSocketFactory()
+    {
+        final SocketFactory socketFactory;
+
+        if (config.isSecure())
+        {
+            socketFactory = createSSLSocketFactory();
+        }
+        else
+        {
+            socketFactory = SocketFactory.getDefault();
+        }
+
+        return socketFactory;
+    }
+
+    private SSLSocketFactory createSSLSocketFactory()
+    {
+        try
+        {
+            return new com.unboundid.util.ssl.SSLUtil().
+                    createSSLSocketFactory();
+        }
+        catch (GeneralSecurityException e)
+        {
+            throw new RuntimeException("Unexpected error.", e);
+        }
+    }
+
     protected DN getSubjectDN() throws LDAPException
     {
         if (subjDN == null)
         {
-            Subject callerSubject = 
+            Subject callerSubject =
                     Subject.getSubject(AccessController.getContext());
             if (callerSubject == null)
             {
                 throw new AccessControlException("Caller not authenticated.");
             }
-            
+
             Set<Principal> principals = callerSubject.getPrincipals();
             if (principals.isEmpty())
             {
                 throw new AccessControlException("Caller not authenticated.");
             }
-            
+
             String ldapField = null;
             for (Principal p : principals)
             {
@@ -172,31 +199,31 @@ public abstract class LdapDAO
                 throw new AccessControlException("Identity of caller unknown.");
             }
 
-            SearchResult searchResult = 
-                    getConnection().search(config.getUsersDN(), SearchScope.ONE, 
-                                ldapField, new String[] {"entrydn"});
+            SearchResult searchResult =
+                    getConnection().search(config.getUsersDN(), SearchScope.ONE,
+                                           ldapField, "entrydn");
 
             if (searchResult.getEntryCount() < 1)
             {
                 throw new AccessControlException(
                         "No LDAP account when search with rule " + ldapField);
             }
-            
-            subjDN = ((SearchResultEntry) searchResult.getSearchEntries()
-                    .get(0)).getAttributeValueAsDN("entrydn");
+
+            subjDN = (searchResult.getSearchEntries().get(0))
+                    .getAttributeValueAsDN("entrydn");
         }
         return subjDN;
     }
-    
+
     /**
      * Checks the Ldap result code, and if the result is not SUCCESS,
-     * throws an appropriate exception. This is the place to decide on 
+     * throws an appropriate exception. This is the place to decide on
      * mapping between ldap errors and exception types
-     * @param code
-     * @param errorMsg
-     * @throws TransientException 
+     *
+     * @param code          The code returned from an LDAP request.
+     * @throws TransientException
      */
-    protected static void checkLdapResult(ResultCode code) 
+    protected static void checkLdapResult(ResultCode code)
             throws TransientException
     {
         if (code == ResultCode.INSUFFICIENT_ACCESS_RIGHTS)
@@ -207,7 +234,8 @@ public abstract class LdapDAO
         {
             throw new AccessControlException("Invalid credentials ");
         }
-        else if ((code == ResultCode.SUCCESS) || (code == ResultCode.NO_SUCH_OBJECT) )
+        else if ((code == ResultCode.SUCCESS) || (code
+                                                  == ResultCode.NO_SUCH_OBJECT))
         {
             // all good. nothing to do
         }
@@ -216,7 +244,7 @@ public abstract class LdapDAO
             throw new IllegalArgumentException("Error in Ldap parameters ");
         }
         else if (code == ResultCode.BUSY ||
-                 code == ResultCode.CONNECT_ERROR )
+                 code == ResultCode.CONNECT_ERROR)
         {
             throw new TransientException("Connection problems ");
         }

projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java

@@ -68,6 +68,7 @@
  */
 package ca.nrc.cadc.ac.server.ldap;
 
+import javax.security.auth.x500.X500Principal;
 import java.security.AccessControlException;
 import java.security.Principal;
 import java.util.Collection;
@@ -75,32 +76,25 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 
-import javax.security.auth.x500.X500Principal;
-
+import com.unboundid.ldap.sdk.*;
+import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl;
 import org.apache.log4j.Logger;
 
 import ca.nrc.cadc.ac.PersonalDetails;
 import ca.nrc.cadc.ac.User;
 import ca.nrc.cadc.ac.UserNotFoundException;
-import ca.nrc.cadc.auth.AuthenticationUtil;
 import ca.nrc.cadc.auth.HttpPrincipal;
 import ca.nrc.cadc.net.TransientException;
 
-import com.unboundid.ldap.sdk.DN;
-import com.unboundid.ldap.sdk.Filter;
-import com.unboundid.ldap.sdk.LDAPException;
-import com.unboundid.ldap.sdk.SearchRequest;
-import com.unboundid.ldap.sdk.SearchResultEntry;
-import com.unboundid.ldap.sdk.SearchScope;
-import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl;
 
 public class LdapUserDAO<T extends Principal> extends LdapDAO
 {
     private static final Logger logger = Logger.getLogger(LdapUserDAO.class);
 
     // Map of identity type to LDAP attribute
-    private Map<Class<?>, String> userLdapAttrib = new HashMap<Class<?>, String>();
-    
+    private Map<Class<?>, String> userLdapAttrib =
+            new HashMap<Class<?>, String>();
+
     // User attributes returned to the GMS
     private static final String LDAP_FNAME = "givenname";
     private static final String LDAP_LNAME = "sn";
@@ -113,54 +107,60 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         super(config);
         this.userLdapAttrib.put(HttpPrincipal.class, "uid");
         this.userLdapAttrib.put(X500Principal.class, "distinguishedname");
-        
+
         // add the id attributes to user and member attributes
-        String[] princs = userLdapAttrib.values().toArray(new String[userLdapAttrib.values().size()]);
+        String[] princs = userLdapAttrib.values()
+                .toArray(new String[userLdapAttrib.values().size()]);
         String[] tmp = new String[userAttribs.length + princs.length];
         System.arraycopy(princs, 0, tmp, 0, princs.length);
-        System.arraycopy(userAttribs, 0, tmp, princs.length, userAttribs.length);
+        System.arraycopy(userAttribs, 0, tmp, princs.length,
+                         userAttribs.length);
         userAttribs = tmp;
-        
+
         tmp = new String[memberAttribs.length + princs.length];
         System.arraycopy(princs, 0, tmp, 0, princs.length);
-        System.arraycopy(memberAttribs, 0, tmp, princs.length, memberAttribs.length);
+        System.arraycopy(memberAttribs, 0, tmp, princs.length,
+                         memberAttribs.length);
         memberAttribs = tmp;
     }
-    
 
 
     /**
      * Get the user specified by userID.
      *
      * @param userID The userID.
-     *
      * @return User instance.
-     * 
-     * @throws UserNotFoundException when the user is not found.
-     * @throws TransientException If an temporary, unexpected problem occurred.
+     * @throws UserNotFoundException  when the user is not found.
+     * @throws TransientException     If an temporary, unexpected problem occurred.
      * @throws AccessControlException If the operation is not permitted.
      */
     public User<T> getUser(T userID)
-        throws UserNotFoundException, TransientException, AccessControlException
+            throws UserNotFoundException, TransientException,
+                   AccessControlException
     {
-        String searchField = (String) userLdapAttrib.get(userID.getClass());
+        String searchField = userLdapAttrib.get(userID.getClass());
         if (searchField == null)
         {
             throw new IllegalArgumentException(
                     "Unsupported principal type " + userID.getClass());
         }
 
-        searchField = "(&(objectclass=cadcaccount)(" + searchField + "=" + userID.getName() + "))";
+        searchField =
+                "(&(objectclass=cadcaccount)(" + searchField + "=" + userID
+                        .getName() + "))";
 
         SearchResultEntry searchResult = null;
         try
         {
-            SearchRequest searchRequest = new SearchRequest(config.getUsersDN(), 
-                    SearchScope.SUB, searchField, userAttribs);
- 
+            SearchRequest searchRequest = new SearchRequest(config.getUsersDN(),
+                                                            SearchScope.SUB,
+                                                            searchField,
+                                                            userAttribs);
+
             searchRequest.addControl(
-                    new ProxiedAuthorizationV2RequestControl("dn:" + 
-                            getSubjectDN().toNormalizedString()));
+                    new ProxiedAuthorizationV2RequestControl("dn:" +
+                                                             getSubjectDN()
+                                                                     .toNormalizedString()));
 
             searchResult = getConnection().searchForEntry(searchRequest);
         }
@@ -178,57 +178,57 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         User<T> user = new User<T>(userID);
         user.getIdentities().add(
                 new HttpPrincipal(searchResult.getAttributeValue(userLdapAttrib
-                        .get(HttpPrincipal.class))));
-        
+                                                                         .get(HttpPrincipal.class))));
+
         String fname = searchResult.getAttributeValue(LDAP_FNAME);
         String lname = searchResult.getAttributeValue(LDAP_LNAME);
         user.details.add(new PersonalDetails(fname, lname));
         //TODO populate user with the other returned personal or posix attributes
         return user;
-    }   
+    }
 
     /**
      * Get all groups the user specified by userID belongs to.
-     * 
-     * @param userID The userID.
+     *
+     * @param userID  The userID.
      * @param isAdmin
-     * 
      * @return Collection of Group instances.
-     * 
      * @throws UserNotFoundException  when the user is not found.
-     * @throws TransientException If an temporary, unexpected problem occurred., e.getMessage(
+     * @throws TransientException     If an temporary, unexpected problem occurred., e.getMessage(
      * @throws AccessControlException If the operation is not permitted.
      */
     public Collection<DN> getUserGroups(final T userID, final boolean isAdmin)
-        throws UserNotFoundException, TransientException, AccessControlException
+            throws UserNotFoundException, TransientException,
+                   AccessControlException
     {
         Collection<DN> groupDNs = new HashSet<DN>();
         try
         {
-            String searchField = (String) userLdapAttrib.get(userID.getClass());
+            String searchField = userLdapAttrib.get(userID.getClass());
             if (searchField == null)
             {
                 throw new IllegalArgumentException(
                         "Unsupported principal type " + userID.getClass());
             }
 
-            User<T> user = getUser(userID);            
+            User<T> user = getUser(userID);
             Filter filter = Filter.createANDFilter(
-                        Filter.createEqualityFilter(searchField, 
-                                                    user.getUserID().getName()),
-                        Filter.createPresenceFilter("memberOf"));
+                    Filter.createEqualityFilter(searchField,
+                                                user.getUserID().getName()),
+                    Filter.createPresenceFilter("memberOf"));
 
-            SearchRequest searchRequest = 
-                    new SearchRequest(config.getUsersDN(), SearchScope.SUB, 
+            SearchRequest searchRequest =
+                    new SearchRequest(config.getUsersDN(), SearchScope.SUB,
                                       filter, "memberOf");
 
             searchRequest.addControl(
-                    new ProxiedAuthorizationV2RequestControl("dn:" + 
-                            getSubjectDN().toNormalizedString()));
+                    new ProxiedAuthorizationV2RequestControl("dn:" +
+                                                             getSubjectDN()
+                                                                     .toNormalizedString()));
 
-            SearchResultEntry searchResult = 
+            SearchResultEntry searchResult =
                     getConnection().searchForEntry(searchRequest);
-            
+
             DN parentDN;
             if (isAdmin)
             {
@@ -238,7 +238,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
             {
                 parentDN = new DN(config.getGroupsDN());
             }
-            
+
             if (searchResult != null)
             {
                 String[] members = searchResult.getAttributeValues("memberOf");
@@ -253,7 +253,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
                         }
                     }
                 }
-            } 
+            }
         }
         catch (LDAPException e)
         {
@@ -261,26 +261,24 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         }
         return groupDNs;
     }
-    
+
     /**
      * Check whether the user is a member of the group.
      *
-     * @param userID The userID.
+     * @param userID  The userID.
      * @param groupID The groupID.
-     *
      * @return true or false
-     *
-     * @throws UserNotFoundException If the user is not found.
-     * @throws TransientException If an temporary, unexpected problem occurred.
+     * @throws UserNotFoundException  If the user is not found.
+     * @throws TransientException     If an temporary, unexpected problem occurred.
      * @throws AccessControlException If the operation is not permitted.
      */
     public boolean isMember(T userID, String groupID)
-        throws UserNotFoundException, TransientException,
-               AccessControlException
+            throws UserNotFoundException, TransientException,
+                   AccessControlException
     {
         try
         {
-            String searchField = (String) userLdapAttrib.get(userID.getClass());
+            String searchField = userLdapAttrib.get(userID.getClass());
             if (searchField == null)
             {
                 throw new IllegalArgumentException(
@@ -289,26 +287,23 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
 
             User<T> user = getUser(userID);
             Filter filter = Filter.createANDFilter(
-                        Filter.createEqualityFilter(searchField, 
-                                                    user.getUserID().getName()),
-                        Filter.createEqualityFilter("memberOf", groupID));
+                    Filter.createEqualityFilter(searchField,
+                                                user.getUserID().getName()),
+                    Filter.createEqualityFilter("memberOf", groupID));
 
-            SearchRequest searchRequest = 
-                    new SearchRequest(config.getUsersDN(), SearchScope.SUB, 
-                                      filter, new String[] {"cn"});
+            SearchRequest searchRequest =
+                    new SearchRequest(config.getUsersDN(), SearchScope.SUB,
+                                      filter, "cn");
 
             searchRequest.addControl(
-                    new ProxiedAuthorizationV2RequestControl("dn:" + 
-                            getSubjectDN().toNormalizedString()));
-            
-            SearchResultEntry searchResults = 
+                    new ProxiedAuthorizationV2RequestControl("dn:" +
+                                                             getSubjectDN()
+                                                                     .toNormalizedString()));
+
+            SearchResultEntry searchResults =
                     getConnection().searchForEntry(searchRequest);
-            
-            if (searchResults == null)
-            {
-                return false;
-            }
-            return true;
+
+            return (searchResults != null);
         }
         catch (LDAPException e)
         {
@@ -316,7 +311,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         }
         return false;
     }
-    
+
 //    public boolean isMember(T userID, String groupID)
 //        throws UserNotFoundException, TransientException,
 //               AccessControlException
@@ -351,29 +346,30 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
 //            throw new RuntimeException("Unexpected LDAP exception", e);
 //        }
 //    }
-    
+
     /**
      * Returns a member user identified by the X500Principal only. The
      * returned object has the fields required by the GMS.
-     * Note that this method binds as a proxy user and not as the 
+     * Note that this method binds as a proxy user and not as the
      * subject.
+     *
      * @param userDN
      * @return
      * @throws UserNotFoundException
      * @throws LDAPException
      */
     User<X500Principal> getMember(DN userDN)
-        throws UserNotFoundException, LDAPException
+            throws UserNotFoundException, LDAPException
     {
-        Filter filter = 
-            Filter.createEqualityFilter("entrydn", 
-                                        userDN.toNormalizedString());
-        
-        SearchRequest searchRequest = 
-                new SearchRequest(this.config.getUsersDN(), SearchScope.SUB, 
+        Filter filter =
+                Filter.createEqualityFilter("entrydn",
+                                            userDN.toNormalizedString());
+
+        SearchRequest searchRequest =
+                new SearchRequest(this.config.getUsersDN(), SearchScope.SUB,
                                   filter, memberAttribs);
-        
-        SearchResultEntry searchResult = 
+
+        SearchResultEntry searchResult =
                 getConnection().searchForEntry(searchRequest);
 
         if (searchResult == null)
@@ -384,9 +380,9 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         }
         User<X500Principal> user = new User<X500Principal>(
                 new X500Principal(searchResult.getAttributeValue(
-                        (String) userLdapAttrib.get(X500Principal.class))));
+                        userLdapAttrib.get(X500Principal.class))));
         String princ = searchResult.getAttributeValue(
-                (String) userLdapAttrib.get(HttpPrincipal.class));
+                userLdapAttrib.get(HttpPrincipal.class));
         if (princ != null)
         {
             user.getIdentities().add(new HttpPrincipal(princ));
@@ -396,32 +392,36 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
         user.details.add(new PersonalDetails(fname, lname));
         return user;
     }
-    
+
 
     DN getUserDN(User<? extends Principal> user)
-        throws UserNotFoundException, TransientException
+            throws UserNotFoundException, TransientException
     {
-        String searchField = (String) userLdapAttrib.get(user.getUserID().getClass());
+        String searchField =
+                userLdapAttrib.get(user.getUserID().getClass());
         if (searchField == null)
         {
             throw new IllegalArgumentException(
-                "Unsupported principal type " + user.getUserID().getClass());
+                    "Unsupported principal type " + user.getUserID()
+                            .getClass());
         }
 
-        searchField = "(" + searchField + "=" + 
-                user.getUserID().getName() + ")";
+        searchField = "(" + searchField + "=" +
+                      user.getUserID().getName() + ")";
 
         SearchResultEntry searchResult = null;
         try
         {
-            SearchRequest searchRequest = new SearchRequest(this.config.getUsersDN(), SearchScope.SUB, 
-                             searchField, new String[] {"entrydn"});
-        
+            SearchRequest searchRequest =
+                    new SearchRequest(this.config.getUsersDN(), SearchScope.SUB,
+                                      searchField, "entrydn");
 
-            searchResult = 
-                getConnection().searchForEntry(searchRequest);
 
-        } catch (LDAPException e)
+            searchResult =
+                    getConnection().searchForEntry(searchRequest);
+
+        }
+        catch (LDAPException e)
         {
             LdapDAO.checkLdapResult(e.getResultCode());
         }

projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java

@@ -68,38 +68,32 @@
 
 package ca.nrc.cadc.ac.server.ldap;
 
-import static ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest.config;
-import static org.junit.Assert.assertTrue;
-
 import java.security.PrivilegedExceptionAction;
 
+import javax.net.ssl.SSLSocketFactory;
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
 
-import org.junit.Test;
-
 import ca.nrc.cadc.auth.HttpPrincipal;
 import ca.nrc.cadc.auth.NumericPrincipal;
 
 import com.unboundid.ldap.sdk.LDAPConnection;
 
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+
 public class LdapDAOTest
 {
-    static String server = "mach275.cadc.dao.nrc.ca";
-    static int port = 389;
-    static String adminDN = "uid=webproxy,ou=WebProxy,ou=topologymanagement,o=netscaperoot";
-    static String adminPW = "go4it";
-    static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
-    static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
-    static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
-    
-    LdapConfig config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
+    final LdapConfig config = new TestLDAPConfig();
     
     @Test
     public void testLdapBindConnection() throws Exception
     {
         //TODO use a test user to test with. To be done when addUser available.
         //LdapUserDAO<X500Principal> userDAO = new LdapUserDAO<X500Principal>();
+        final X500Principal subjPrincipal = new X500Principal(
+                "cn=cadcdaotest1,ou=cadc,o=hia,c=ca");
 
         // User authenticated with HttpPrincipal
         HttpPrincipal httpPrincipal = new HttpPrincipal("CadcDaoTest1");
@@ -115,8 +109,7 @@ public class LdapDAOTest
             {
                 try
                 {
-                    LDAPConnection ldapCon = ldapDao.getConnection();
-                    assertTrue(ldapCon.isConnected());
+                    testConnection(ldapDao.getConnection());
                     return null;
                 }
                 catch (Exception e)
@@ -126,9 +119,7 @@ public class LdapDAOTest
             }
         });
                
-        
-        X500Principal subjPrincipal = new X500Principal(
-                "cn=cadcdaotest1,ou=cadc,o=hia,c=ca");
+
         subject = new Subject();
         subject.getPrincipals().add(subjPrincipal);
         
@@ -138,8 +129,7 @@ public class LdapDAOTest
             {
                 try
                 {
-                    LDAPConnection ldapCon = ldapDao.getConnection();
-                    assertTrue(ldapCon.isConnected());
+                    testConnection(ldapDao.getConnection());
                     return null;
                 }
                 catch (Exception e)
@@ -160,8 +150,7 @@ public class LdapDAOTest
                 try
                 {
 
-                    LDAPConnection ldapCon = ldapDao.getConnection();
-                    assertTrue(ldapCon.isConnected());
+                    testConnection(ldapDao.getConnection());
                     return null;
                 }
                 catch (Exception e)
@@ -172,4 +161,11 @@ public class LdapDAOTest
         });
 
     }
+
+    private void testConnection(final LDAPConnection ldapCon)
+    {
+        assertTrue("Not connected but should be.", ldapCon.isConnected());
+        assertFalse("Should be SSLSocketFactory.",
+                   (ldapCon.getSocketFactory() instanceof SSLSocketFactory));
+    }
 }

projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTestImpl.java

@@ -66,7 +66,6 @@
  */
 
 
-
 package ca.nrc.cadc.ac.server.ldap;
 
 import java.security.AccessControlException;
@@ -74,16 +73,17 @@ import java.security.AccessControlException;
 import com.unboundid.ldap.sdk.LDAPConnection;
 import com.unboundid.ldap.sdk.LDAPException;
 
+
 public class LdapDAOTestImpl extends LdapDAO
 {
     public LdapDAOTestImpl(LdapConfig config)
     {
         super(config);
     }
-    
+
     @Override
     public LDAPConnection getConnection() throws LDAPException,
-    AccessControlException
+                                                 AccessControlException
     {
         return super.getConnection();
     }

projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java

@@ -65,13 +65,7 @@ public class LdapGroupDAOTest
 {
     private static final Logger log = Logger.getLogger(LdapGroupDAOTest.class);
     
-    static String server = "mach275.cadc.dao.nrc.ca";
-    static int port = 389;
-    static String adminDN = "uid=webproxy,ou=webproxy,ou=topologymanagement,o=netscaperoot";
-    static String adminPW = "go4it";
-    static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
-    static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
-    static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
+    static String adminDN = "uid=webproxy,ou=SpecialUsers,dc=canfar,dc=net";
 //    static String usersDN = "ou=Users,ou=ds,dc=canfar,dc=net";
 //    static String groupsDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
     
@@ -95,8 +89,8 @@ public class LdapGroupDAOTest
     static Subject daoTestUser1Subject;
     static Subject daoTestUser2Subject;
     static Subject anonSubject;
-    
-    static LdapConfig config;
+
+    final LdapConfig config = new TestLDAPConfig();
     
     @BeforeClass
     public static void setUpBeforeClass()
@@ -124,8 +118,6 @@ public class LdapGroupDAOTest
         
         anonSubject = new Subject();
         anonSubject.getPrincipals().add(unknownUser.getUserID());
-    
-        config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
     }
 
     LdapGroupDAO<X500Principal> getGroupDAO()