AmbariLdapUtilsTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.ambari.server.security;

import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertTrue;
import static org.easymock.EasyMock.createNiceMock;
import static org.easymock.EasyMock.createStrictMock;
import static org.easymock.EasyMock.expect;
import static org.easymock.EasyMock.replay;
import static org.easymock.EasyMock.verify;

import javax.naming.Name;
import javax.naming.NamingException;

import org.apache.ambari.server.security.authorization.AmbariLdapUtils;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.support.LdapUtils;

public class AmbariLdapUtilsTest {

  private static final String USER_BASE_DN = "ou=hdp,ou=Users,dc=apache,dc=org";
  private static final String USER_RELATIVE_DN = "uid=myuser";
  private static final String USER_DN = USER_RELATIVE_DN + "," + USER_BASE_DN;

  @Test
  public void testIsUserPrincipalNameFormat_True() throws Exception {
    // Given
    String testLoginName = "testuser@domain1.d_1.com";

    // When
    boolean isUserPrincipalNameFormat = AmbariLdapUtils.isUserPrincipalNameFormat(testLoginName);

    // Then
    assertTrue(isUserPrincipalNameFormat);
  }

  @Test
  public void testIsUserPrincipalNameFormatMultipleAtSign_True() throws Exception {
    // Given
    String testLoginName = "@testuser@domain1.d_1.com";

    // When
    boolean isUserPrincipalNameFormat = AmbariLdapUtils.isUserPrincipalNameFormat(testLoginName);

    // Then
    assertTrue(isUserPrincipalNameFormat);
  }

  @Test
  public void testIsUserPrincipalNameFormat_False() throws Exception {
    // Given
    String testLoginName = "testuser";

    // When
    boolean isUserPrincipalNameFormat = AmbariLdapUtils.isUserPrincipalNameFormat(testLoginName);

    // Then
    assertFalse(isUserPrincipalNameFormat);
  }

  @Test
  public void testIsUserPrincipalNameFormatWithAtSign_False() throws Exception {
    // Given
    String testLoginName = "@testuser";

    // When
    boolean isUserPrincipalNameFormat = AmbariLdapUtils.isUserPrincipalNameFormat(testLoginName);

    // Then
    assertFalse(isUserPrincipalNameFormat);
  }

  @Test
  public void testIsUserPrincipalNameFormatWithAtSign1_False() throws Exception {
    // Given
    String testLoginName = "testuser@";

    // When
    boolean isUserPrincipalNameFormat = AmbariLdapUtils.isUserPrincipalNameFormat(testLoginName);

    // Then
    assertFalse(isUserPrincipalNameFormat);
  }

  @Test
  public void testIsLdapObjectOutOfScopeFromBaseDn() throws NamingException {
    // GIVEN
    Name fullDn = LdapUtils.newLdapName(USER_DN);

    DirContextAdapter adapter = createNiceMock(DirContextAdapter.class);
    expect(adapter.getDn()).andReturn(fullDn);
    expect(adapter.getNameInNamespace()).andReturn(USER_DN);

    replay(adapter);

    // WHEN
    boolean isOutOfScopeFromBaseDN = AmbariLdapUtils.isLdapObjectOutOfScopeFromBaseDn(adapter, "dc=apache,dc=org");
    // THEN
    assertFalse(isOutOfScopeFromBaseDN);

    verify(adapter);
  }

  @Test
  public void testIsLdapObjectOutOfScopeFromBaseDn_dnOutOfScope() throws NamingException {
    // GIVEN
    Name fullDn = LdapUtils.newLdapName(USER_DN);
    DirContextAdapter adapter = createNiceMock(DirContextAdapter.class);

    expect(adapter.getDn()).andReturn(fullDn);
    expect(adapter.getNameInNamespace()).andReturn(USER_DN);

    replay(adapter);

    // WHEN
    boolean isOutOfScopeFromBaseDN = AmbariLdapUtils.isLdapObjectOutOfScopeFromBaseDn(adapter, "dc=apache,dc=org,ou=custom");
    // THEN
    assertTrue(isOutOfScopeFromBaseDN);

    verify(adapter);
  }

  @Test
  public void testGetFullDn() throws Exception {

    DirContextAdapter adapterFullDn = createStrictMock(DirContextAdapter.class);
    expect(adapterFullDn.getNameInNamespace()).andReturn(USER_DN).anyTimes();

    DirContextAdapter adapterBaseDn = createStrictMock(DirContextAdapter.class);
    expect(adapterBaseDn.getNameInNamespace()).andReturn(USER_BASE_DN).anyTimes();

    Name absoluteDn = LdapUtils.newLdapName(USER_DN);
    Name relativeDn = LdapUtils.newLdapName(USER_RELATIVE_DN);

    replay(adapterFullDn, adapterBaseDn);

    Name fullDn;

    // ****************************
    // getFullDn(Name, Context)
    fullDn = AmbariLdapUtils.getFullDn(absoluteDn, adapterFullDn);
    Assert.assertEquals(absoluteDn, fullDn);

    fullDn = AmbariLdapUtils.getFullDn(absoluteDn, adapterBaseDn);
    Assert.assertEquals(absoluteDn, fullDn);

    fullDn = AmbariLdapUtils.getFullDn(relativeDn, adapterBaseDn);
    Assert.assertEquals(absoluteDn, fullDn);
    // ****************************


    // ****************************
    // getFullDn(String, Context)
    fullDn = AmbariLdapUtils.getFullDn(absoluteDn.toString(), adapterFullDn);
    Assert.assertEquals(absoluteDn, fullDn);

    fullDn = AmbariLdapUtils.getFullDn(absoluteDn.toString(), adapterBaseDn);
    Assert.assertEquals(absoluteDn, fullDn);

    fullDn = AmbariLdapUtils.getFullDn(relativeDn.toString(), adapterBaseDn);
    Assert.assertEquals(absoluteDn, fullDn);
    // ****************************

    // ****************************
    // getFullDn(Name, Name)
    Name nameInNamespaceFullDn = LdapUtils.newLdapName(adapterFullDn.getNameInNamespace());
    Name nameInNamespaceBaseDn = LdapUtils.newLdapName(adapterBaseDn.getNameInNamespace());

    fullDn = AmbariLdapUtils.getFullDn(absoluteDn, nameInNamespaceFullDn);
    Assert.assertEquals(absoluteDn, fullDn);

    fullDn = AmbariLdapUtils.getFullDn(absoluteDn, nameInNamespaceBaseDn);
    Assert.assertEquals(absoluteDn, fullDn);

    fullDn = AmbariLdapUtils.getFullDn(relativeDn, nameInNamespaceBaseDn);
    Assert.assertEquals(absoluteDn, fullDn);

    // Make sure nameInNamespace was not altered
    Assert.assertEquals(adapterFullDn.getNameInNamespace(), nameInNamespaceFullDn.toString());
    Assert.assertEquals(adapterBaseDn.getNameInNamespace(), nameInNamespaceBaseDn.toString());
    // ****************************

    verify(adapterFullDn, adapterBaseDn);
  }
}