From ca3a1499c243c55ab33179d29d61cd8420be9fa8 Mon Sep 17 00:00:00 2001
From: Dustin Jenkins <Dustin.Jenkins@nrc-cnrc.gc.ca>
Date: Wed, 29 Oct 2014 13:00:44 -0700
Subject: [PATCH] Story 1711: Fix for TLS.
---
projects/cadcAccessControl-Server/build.xml | 3 +-
.../nrc/cadc/ac/server/ldap/LdapConfig.java | 7 +
.../ca/nrc/cadc/ac/server/ldap/LdapDAO.java | 98 ++++++---
.../nrc/cadc/ac/server/ldap/LdapUserDAO.java | 206 +++++++++---------
.../nrc/cadc/ac/server/ldap/LdapDAOTest.java | 42 ++--
.../cadc/ac/server/ldap/LdapDAOTestImpl.java | 6 +-
.../cadc/ac/server/ldap/LdapGroupDAOTest.java | 14 +-
7 files changed, 200 insertions(+), 176 deletions(-)
diff --git a/projects/cadcAccessControl-Server/build.xml b/projects/cadcAccessControl-Server/build.xml
index fcbdcb0a..dfdd6925 100644
--- a/projects/cadcAccessControl-Server/build.xml
+++ b/projects/cadcAccessControl-Server/build.xml
@@ -93,6 +93,7 @@
<property name="cadcRegistry" value="${lib}/cadcRegistryClient.jar" />
<property name="cadcUtil" value="${lib}/cadcUtil.jar" />
<property name="cadcUWS" value="${lib}/cadcUWS.jar" />
+ <property name="wsUtil" value="${lib}/wsUtil.jar" />
<property name="javacsv" value="${ext.lib}/javacsv.jar" />
<property name="jdom2" value="${ext.lib}/jdom2.jar" />
@@ -101,7 +102,7 @@
<property name="unboundid" value="${ext.lib}/unboundid-ldapsdk-se.jar" />
<property name="xerces" value="${ext.lib}/xerces.jar" />
- <property name="jars" value="${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}" />
+ <property name="jars" value="${javacsv}:${jdom2}:${log4j}:${servlet}:${unboundid}:${xerces}:${cadcAccessControl}:${cadcLog}:${cadcRegistry}:${cadcUtil}:${cadcUWS}:${wsUtil}" />
<target name="build" depends="compile">
<jar jarfile="${build}/lib/${project}.jar"
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java
index 17bd814f..c8c88122 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapConfig.java
@@ -93,6 +93,8 @@ public class LdapConfig
public static final String LDAP_AVAIL_TEST_GROUP = "availabilityTestGroup";
public static final String LDAP_AVAIL_TEST_CALLING_USER_DN = "availabilityTestCallingUserDN";
+ private final static int SECURE_PORT = 636;
+
private String usersDN;
private String groupsDN;
private String adminGroupsDN;
@@ -271,6 +273,11 @@ public class LdapConfig
return this.port;
}
+ public boolean isSecure()
+ {
+ return getPort() == SECURE_PORT;
+ }
+
public String getAdminUserDN()
{
return this.adminUserDN;
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java
index c33961f3..abd19b24 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapDAO.java
@@ -68,31 +68,28 @@
*/
package ca.nrc.cadc.ac.server.ldap;
-import java.security.AccessControlException;
-import java.security.AccessController;
-import java.security.Principal;
-import java.util.Set;
-
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
+import java.io.File;
+import java.net.MalformedURLException;
+import java.security.*;
+import java.security.cert.CertificateException;
+import java.util.Set;
+
+import com.unboundid.ldap.sdk.*;
+import com.unboundid.util.ssl.*;
-import ca.nrc.cadc.auth.HttpPrincipal;
-import ca.nrc.cadc.auth.NumericPrincipal;
-import ca.nrc.cadc.auth.OpenIdPrincipal;
+import ca.nrc.cadc.auth.*;
import ca.nrc.cadc.net.TransientException;
-import com.unboundid.ldap.sdk.DN;
-import com.unboundid.ldap.sdk.LDAPConnection;
-import com.unboundid.ldap.sdk.LDAPException;
-import com.unboundid.ldap.sdk.ResultCode;
-import com.unboundid.ldap.sdk.SearchResult;
-import com.unboundid.ldap.sdk.SearchResultEntry;
-import com.unboundid.ldap.sdk.SearchScope;
public abstract class LdapDAO
{
private LDAPConnection conn;
-
+
LdapConfig config;
DN subjDN = null;
@@ -114,34 +111,64 @@ public abstract class LdapDAO
}
protected LDAPConnection getConnection()
- throws LDAPException, AccessControlException
+ throws LDAPException, AccessControlException
{
if (conn == null)
{
- conn = new LDAPConnection(config.getServer(), config.getPort());
+ conn = new LDAPConnection(getSocketFactory(), config.getServer(),
+ config.getPort());
conn.bind(config.getAdminUserDN(), config.getAdminPasswd());
}
return conn;
}
+ private SocketFactory getSocketFactory()
+ {
+ final SocketFactory socketFactory;
+
+ if (config.isSecure())
+ {
+ socketFactory = createSSLSocketFactory();
+ }
+ else
+ {
+ socketFactory = SocketFactory.getDefault();
+ }
+
+ return socketFactory;
+ }
+
+ private SSLSocketFactory createSSLSocketFactory()
+ {
+ try
+ {
+ return new com.unboundid.util.ssl.SSLUtil().
+ createSSLSocketFactory();
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new RuntimeException("Unexpected error.", e);
+ }
+ }
+
protected DN getSubjectDN() throws LDAPException
{
if (subjDN == null)
{
- Subject callerSubject =
+ Subject callerSubject =
Subject.getSubject(AccessController.getContext());
if (callerSubject == null)
{
throw new AccessControlException("Caller not authenticated.");
}
-
+
Set<Principal> principals = callerSubject.getPrincipals();
if (principals.isEmpty())
{
throw new AccessControlException("Caller not authenticated.");
}
-
+
String ldapField = null;
for (Principal p : principals)
{
@@ -172,31 +199,31 @@ public abstract class LdapDAO
throw new AccessControlException("Identity of caller unknown.");
}
- SearchResult searchResult =
- getConnection().search(config.getUsersDN(), SearchScope.ONE,
- ldapField, new String[] {"entrydn"});
+ SearchResult searchResult =
+ getConnection().search(config.getUsersDN(), SearchScope.ONE,
+ ldapField, "entrydn");
if (searchResult.getEntryCount() < 1)
{
throw new AccessControlException(
"No LDAP account when search with rule " + ldapField);
}
-
- subjDN = ((SearchResultEntry) searchResult.getSearchEntries()
- .get(0)).getAttributeValueAsDN("entrydn");
+
+ subjDN = (searchResult.getSearchEntries().get(0))
+ .getAttributeValueAsDN("entrydn");
}
return subjDN;
}
-
+
/**
* Checks the Ldap result code, and if the result is not SUCCESS,
- * throws an appropriate exception. This is the place to decide on
+ * throws an appropriate exception. This is the place to decide on
* mapping between ldap errors and exception types
- * @param code
- * @param errorMsg
- * @throws TransientException
+ *
+ * @param code The code returned from an LDAP request.
+ * @throws TransientException
*/
- protected static void checkLdapResult(ResultCode code)
+ protected static void checkLdapResult(ResultCode code)
throws TransientException
{
if (code == ResultCode.INSUFFICIENT_ACCESS_RIGHTS)
@@ -207,7 +234,8 @@ public abstract class LdapDAO
{
throw new AccessControlException("Invalid credentials ");
}
- else if ((code == ResultCode.SUCCESS) || (code == ResultCode.NO_SUCH_OBJECT) )
+ else if ((code == ResultCode.SUCCESS) || (code
+ == ResultCode.NO_SUCH_OBJECT))
{
// all good. nothing to do
}
@@ -216,7 +244,7 @@ public abstract class LdapDAO
throw new IllegalArgumentException("Error in Ldap parameters ");
}
else if (code == ResultCode.BUSY ||
- code == ResultCode.CONNECT_ERROR )
+ code == ResultCode.CONNECT_ERROR)
{
throw new TransientException("Connection problems ");
}
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
index c3e33dca..f9293855 100755
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/ldap/LdapUserDAO.java
@@ -68,6 +68,7 @@
*/
package ca.nrc.cadc.ac.server.ldap;
+import javax.security.auth.x500.X500Principal;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.Collection;
@@ -75,32 +76,25 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
-import javax.security.auth.x500.X500Principal;
-
+import com.unboundid.ldap.sdk.*;
+import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl;
import org.apache.log4j.Logger;
import ca.nrc.cadc.ac.PersonalDetails;
import ca.nrc.cadc.ac.User;
import ca.nrc.cadc.ac.UserNotFoundException;
-import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.net.TransientException;
-import com.unboundid.ldap.sdk.DN;
-import com.unboundid.ldap.sdk.Filter;
-import com.unboundid.ldap.sdk.LDAPException;
-import com.unboundid.ldap.sdk.SearchRequest;
-import com.unboundid.ldap.sdk.SearchResultEntry;
-import com.unboundid.ldap.sdk.SearchScope;
-import com.unboundid.ldap.sdk.controls.ProxiedAuthorizationV2RequestControl;
public class LdapUserDAO<T extends Principal> extends LdapDAO
{
private static final Logger logger = Logger.getLogger(LdapUserDAO.class);
// Map of identity type to LDAP attribute
- private Map<Class<?>, String> userLdapAttrib = new HashMap<Class<?>, String>();
-
+ private Map<Class<?>, String> userLdapAttrib =
+ new HashMap<Class<?>, String>();
+
// User attributes returned to the GMS
private static final String LDAP_FNAME = "givenname";
private static final String LDAP_LNAME = "sn";
@@ -113,54 +107,60 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
super(config);
this.userLdapAttrib.put(HttpPrincipal.class, "uid");
this.userLdapAttrib.put(X500Principal.class, "distinguishedname");
-
+
// add the id attributes to user and member attributes
- String[] princs = userLdapAttrib.values().toArray(new String[userLdapAttrib.values().size()]);
+ String[] princs = userLdapAttrib.values()
+ .toArray(new String[userLdapAttrib.values().size()]);
String[] tmp = new String[userAttribs.length + princs.length];
System.arraycopy(princs, 0, tmp, 0, princs.length);
- System.arraycopy(userAttribs, 0, tmp, princs.length, userAttribs.length);
+ System.arraycopy(userAttribs, 0, tmp, princs.length,
+ userAttribs.length);
userAttribs = tmp;
-
+
tmp = new String[memberAttribs.length + princs.length];
System.arraycopy(princs, 0, tmp, 0, princs.length);
- System.arraycopy(memberAttribs, 0, tmp, princs.length, memberAttribs.length);
+ System.arraycopy(memberAttribs, 0, tmp, princs.length,
+ memberAttribs.length);
memberAttribs = tmp;
}
-
/**
* Get the user specified by userID.
*
* @param userID The userID.
- *
* @return User instance.
- *
- * @throws UserNotFoundException when the user is not found.
- * @throws TransientException If an temporary, unexpected problem occurred.
+ * @throws UserNotFoundException when the user is not found.
+ * @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public User<T> getUser(T userID)
- throws UserNotFoundException, TransientException, AccessControlException
+ throws UserNotFoundException, TransientException,
+ AccessControlException
{
- String searchField = (String) userLdapAttrib.get(userID.getClass());
+ String searchField = userLdapAttrib.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
"Unsupported principal type " + userID.getClass());
}
- searchField = "(&(objectclass=cadcaccount)(" + searchField + "=" + userID.getName() + "))";
+ searchField =
+ "(&(objectclass=cadcaccount)(" + searchField + "=" + userID
+ .getName() + "))";
SearchResultEntry searchResult = null;
try
{
- SearchRequest searchRequest = new SearchRequest(config.getUsersDN(),
- SearchScope.SUB, searchField, userAttribs);
-
+ SearchRequest searchRequest = new SearchRequest(config.getUsersDN(),
+ SearchScope.SUB,
+ searchField,
+ userAttribs);
+
searchRequest.addControl(
- new ProxiedAuthorizationV2RequestControl("dn:" +
- getSubjectDN().toNormalizedString()));
+ new ProxiedAuthorizationV2RequestControl("dn:" +
+ getSubjectDN()
+ .toNormalizedString()));
searchResult = getConnection().searchForEntry(searchRequest);
}
@@ -178,57 +178,57 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
User<T> user = new User<T>(userID);
user.getIdentities().add(
new HttpPrincipal(searchResult.getAttributeValue(userLdapAttrib
- .get(HttpPrincipal.class))));
-
+ .get(HttpPrincipal.class))));
+
String fname = searchResult.getAttributeValue(LDAP_FNAME);
String lname = searchResult.getAttributeValue(LDAP_LNAME);
user.details.add(new PersonalDetails(fname, lname));
//TODO populate user with the other returned personal or posix attributes
return user;
- }
+ }
/**
* Get all groups the user specified by userID belongs to.
- *
- * @param userID The userID.
+ *
+ * @param userID The userID.
* @param isAdmin
- *
* @return Collection of Group instances.
- *
* @throws UserNotFoundException when the user is not found.
- * @throws TransientException If an temporary, unexpected problem occurred., e.getMessage(
+ * @throws TransientException If an temporary, unexpected problem occurred., e.getMessage(
* @throws AccessControlException If the operation is not permitted.
*/
public Collection<DN> getUserGroups(final T userID, final boolean isAdmin)
- throws UserNotFoundException, TransientException, AccessControlException
+ throws UserNotFoundException, TransientException,
+ AccessControlException
{
Collection<DN> groupDNs = new HashSet<DN>();
try
{
- String searchField = (String) userLdapAttrib.get(userID.getClass());
+ String searchField = userLdapAttrib.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
"Unsupported principal type " + userID.getClass());
}
- User<T> user = getUser(userID);
+ User<T> user = getUser(userID);
Filter filter = Filter.createANDFilter(
- Filter.createEqualityFilter(searchField,
- user.getUserID().getName()),
- Filter.createPresenceFilter("memberOf"));
+ Filter.createEqualityFilter(searchField,
+ user.getUserID().getName()),
+ Filter.createPresenceFilter("memberOf"));
- SearchRequest searchRequest =
- new SearchRequest(config.getUsersDN(), SearchScope.SUB,
+ SearchRequest searchRequest =
+ new SearchRequest(config.getUsersDN(), SearchScope.SUB,
filter, "memberOf");
searchRequest.addControl(
- new ProxiedAuthorizationV2RequestControl("dn:" +
- getSubjectDN().toNormalizedString()));
+ new ProxiedAuthorizationV2RequestControl("dn:" +
+ getSubjectDN()
+ .toNormalizedString()));
- SearchResultEntry searchResult =
+ SearchResultEntry searchResult =
getConnection().searchForEntry(searchRequest);
-
+
DN parentDN;
if (isAdmin)
{
@@ -238,7 +238,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
{
parentDN = new DN(config.getGroupsDN());
}
-
+
if (searchResult != null)
{
String[] members = searchResult.getAttributeValues("memberOf");
@@ -253,7 +253,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
}
}
- }
+ }
}
catch (LDAPException e)
{
@@ -261,26 +261,24 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
return groupDNs;
}
-
+
/**
* Check whether the user is a member of the group.
*
- * @param userID The userID.
+ * @param userID The userID.
* @param groupID The groupID.
- *
* @return true or false
- *
- * @throws UserNotFoundException If the user is not found.
- * @throws TransientException If an temporary, unexpected problem occurred.
+ * @throws UserNotFoundException If the user is not found.
+ * @throws TransientException If an temporary, unexpected problem occurred.
* @throws AccessControlException If the operation is not permitted.
*/
public boolean isMember(T userID, String groupID)
- throws UserNotFoundException, TransientException,
- AccessControlException
+ throws UserNotFoundException, TransientException,
+ AccessControlException
{
try
{
- String searchField = (String) userLdapAttrib.get(userID.getClass());
+ String searchField = userLdapAttrib.get(userID.getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
@@ -289,26 +287,23 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
User<T> user = getUser(userID);
Filter filter = Filter.createANDFilter(
- Filter.createEqualityFilter(searchField,
- user.getUserID().getName()),
- Filter.createEqualityFilter("memberOf", groupID));
+ Filter.createEqualityFilter(searchField,
+ user.getUserID().getName()),
+ Filter.createEqualityFilter("memberOf", groupID));
- SearchRequest searchRequest =
- new SearchRequest(config.getUsersDN(), SearchScope.SUB,
- filter, new String[] {"cn"});
+ SearchRequest searchRequest =
+ new SearchRequest(config.getUsersDN(), SearchScope.SUB,
+ filter, "cn");
searchRequest.addControl(
- new ProxiedAuthorizationV2RequestControl("dn:" +
- getSubjectDN().toNormalizedString()));
-
- SearchResultEntry searchResults =
+ new ProxiedAuthorizationV2RequestControl("dn:" +
+ getSubjectDN()
+ .toNormalizedString()));
+
+ SearchResultEntry searchResults =
getConnection().searchForEntry(searchRequest);
-
- if (searchResults == null)
- {
- return false;
- }
- return true;
+
+ return (searchResults != null);
}
catch (LDAPException e)
{
@@ -316,7 +311,7 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
return false;
}
-
+
// public boolean isMember(T userID, String groupID)
// throws UserNotFoundException, TransientException,
// AccessControlException
@@ -351,29 +346,30 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
// throw new RuntimeException("Unexpected LDAP exception", e);
// }
// }
-
+
/**
* Returns a member user identified by the X500Principal only. The
* returned object has the fields required by the GMS.
- * Note that this method binds as a proxy user and not as the
+ * Note that this method binds as a proxy user and not as the
* subject.
+ *
* @param userDN
* @return
* @throws UserNotFoundException
* @throws LDAPException
*/
User<X500Principal> getMember(DN userDN)
- throws UserNotFoundException, LDAPException
+ throws UserNotFoundException, LDAPException
{
- Filter filter =
- Filter.createEqualityFilter("entrydn",
- userDN.toNormalizedString());
-
- SearchRequest searchRequest =
- new SearchRequest(this.config.getUsersDN(), SearchScope.SUB,
+ Filter filter =
+ Filter.createEqualityFilter("entrydn",
+ userDN.toNormalizedString());
+
+ SearchRequest searchRequest =
+ new SearchRequest(this.config.getUsersDN(), SearchScope.SUB,
filter, memberAttribs);
-
- SearchResultEntry searchResult =
+
+ SearchResultEntry searchResult =
getConnection().searchForEntry(searchRequest);
if (searchResult == null)
@@ -384,9 +380,9 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
}
User<X500Principal> user = new User<X500Principal>(
new X500Principal(searchResult.getAttributeValue(
- (String) userLdapAttrib.get(X500Principal.class))));
+ userLdapAttrib.get(X500Principal.class))));
String princ = searchResult.getAttributeValue(
- (String) userLdapAttrib.get(HttpPrincipal.class));
+ userLdapAttrib.get(HttpPrincipal.class));
if (princ != null)
{
user.getIdentities().add(new HttpPrincipal(princ));
@@ -396,32 +392,36 @@ public class LdapUserDAO<T extends Principal> extends LdapDAO
user.details.add(new PersonalDetails(fname, lname));
return user;
}
-
+
DN getUserDN(User<? extends Principal> user)
- throws UserNotFoundException, TransientException
+ throws UserNotFoundException, TransientException
{
- String searchField = (String) userLdapAttrib.get(user.getUserID().getClass());
+ String searchField =
+ userLdapAttrib.get(user.getUserID().getClass());
if (searchField == null)
{
throw new IllegalArgumentException(
- "Unsupported principal type " + user.getUserID().getClass());
+ "Unsupported principal type " + user.getUserID()
+ .getClass());
}
- searchField = "(" + searchField + "=" +
- user.getUserID().getName() + ")";
+ searchField = "(" + searchField + "=" +
+ user.getUserID().getName() + ")";
SearchResultEntry searchResult = null;
try
{
- SearchRequest searchRequest = new SearchRequest(this.config.getUsersDN(), SearchScope.SUB,
- searchField, new String[] {"entrydn"});
-
+ SearchRequest searchRequest =
+ new SearchRequest(this.config.getUsersDN(), SearchScope.SUB,
+ searchField, "entrydn");
- searchResult =
- getConnection().searchForEntry(searchRequest);
- } catch (LDAPException e)
+ searchResult =
+ getConnection().searchForEntry(searchRequest);
+
+ }
+ catch (LDAPException e)
{
LdapDAO.checkLdapResult(e.getResultCode());
}
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
index a79aa1a4..51a531cb 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTest.java
@@ -68,38 +68,32 @@
package ca.nrc.cadc.ac.server.ldap;
-import static ca.nrc.cadc.ac.server.ldap.LdapGroupDAOTest.config;
-import static org.junit.Assert.assertTrue;
-
import java.security.PrivilegedExceptionAction;
+import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
-import org.junit.Test;
-
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NumericPrincipal;
import com.unboundid.ldap.sdk.LDAPConnection;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+
public class LdapDAOTest
{
- static String server = "mach275.cadc.dao.nrc.ca";
- static int port = 389;
- static String adminDN = "uid=webproxy,ou=WebProxy,ou=topologymanagement,o=netscaperoot";
- static String adminPW = "go4it";
- static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
- static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
- static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
-
- LdapConfig config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
+ final LdapConfig config = new TestLDAPConfig();
@Test
public void testLdapBindConnection() throws Exception
{
//TODO use a test user to test with. To be done when addUser available.
//LdapUserDAO<X500Principal> userDAO = new LdapUserDAO<X500Principal>();
+ final X500Principal subjPrincipal = new X500Principal(
+ "cn=cadcdaotest1,ou=cadc,o=hia,c=ca");
// User authenticated with HttpPrincipal
HttpPrincipal httpPrincipal = new HttpPrincipal("CadcDaoTest1");
@@ -115,8 +109,7 @@ public class LdapDAOTest
{
try
{
- LDAPConnection ldapCon = ldapDao.getConnection();
- assertTrue(ldapCon.isConnected());
+ testConnection(ldapDao.getConnection());
return null;
}
catch (Exception e)
@@ -126,9 +119,7 @@ public class LdapDAOTest
}
});
-
- X500Principal subjPrincipal = new X500Principal(
- "cn=cadcdaotest1,ou=cadc,o=hia,c=ca");
+
subject = new Subject();
subject.getPrincipals().add(subjPrincipal);
@@ -138,8 +129,7 @@ public class LdapDAOTest
{
try
{
- LDAPConnection ldapCon = ldapDao.getConnection();
- assertTrue(ldapCon.isConnected());
+ testConnection(ldapDao.getConnection());
return null;
}
catch (Exception e)
@@ -160,8 +150,7 @@ public class LdapDAOTest
try
{
- LDAPConnection ldapCon = ldapDao.getConnection();
- assertTrue(ldapCon.isConnected());
+ testConnection(ldapDao.getConnection());
return null;
}
catch (Exception e)
@@ -172,4 +161,11 @@ public class LdapDAOTest
});
}
+
+ private void testConnection(final LDAPConnection ldapCon)
+ {
+ assertTrue("Not connected but should be.", ldapCon.isConnected());
+ assertFalse("Should be SSLSocketFactory.",
+ (ldapCon.getSocketFactory() instanceof SSLSocketFactory));
+ }
}
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTestImpl.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTestImpl.java
index cf3c8d2e..7d3be479 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTestImpl.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapDAOTestImpl.java
@@ -66,7 +66,6 @@
*/
-
package ca.nrc.cadc.ac.server.ldap;
import java.security.AccessControlException;
@@ -74,16 +73,17 @@ import java.security.AccessControlException;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
+
public class LdapDAOTestImpl extends LdapDAO
{
public LdapDAOTestImpl(LdapConfig config)
{
super(config);
}
-
+
@Override
public LDAPConnection getConnection() throws LDAPException,
- AccessControlException
+ AccessControlException
{
return super.getConnection();
}
diff --git a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
index 4af0b592..46cf0a66 100644
--- a/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
+++ b/projects/cadcAccessControl-Server/test/src/ca/nrc/cadc/ac/server/ldap/LdapGroupDAOTest.java
@@ -65,13 +65,7 @@ public class LdapGroupDAOTest
{
private static final Logger log = Logger.getLogger(LdapGroupDAOTest.class);
- static String server = "mach275.cadc.dao.nrc.ca";
- static int port = 389;
- static String adminDN = "uid=webproxy,ou=webproxy,ou=topologymanagement,o=netscaperoot";
- static String adminPW = "go4it";
- static String usersDN = "ou=Users,ou=ds,dc=canfartest,dc=net";
- static String groupsDN = "ou=Groups,ou=ds,dc=canfartest,dc=net";
- static String adminGroupsDN = "ou=adminGroups,ou=ds,dc=canfartest,dc=net";
+ static String adminDN = "uid=webproxy,ou=SpecialUsers,dc=canfar,dc=net";
// static String usersDN = "ou=Users,ou=ds,dc=canfar,dc=net";
// static String groupsDN = "ou=Groups,ou=ds,dc=canfar,dc=net";
@@ -95,8 +89,8 @@ public class LdapGroupDAOTest
static Subject daoTestUser1Subject;
static Subject daoTestUser2Subject;
static Subject anonSubject;
-
- static LdapConfig config;
+
+ final LdapConfig config = new TestLDAPConfig();
@BeforeClass
public static void setUpBeforeClass()
@@ -124,8 +118,6 @@ public class LdapGroupDAOTest
anonSubject = new Subject();
anonSubject.getPrincipals().add(unknownUser.getUserID());
-
- config = new LdapConfig(server, port, adminDN, adminPW, usersDN, groupsDN, adminGroupsDN);
}
LdapGroupDAO<X500Principal> getGroupDAO()
--
GitLab