TestOpenLdap.java

/**
 * Copyright (c) 2014-2017 Evolveum
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.evolveum.midpoint.testing.conntest;

import static com.evolveum.midpoint.test.IntegrationTestTools.display;
import static org.testng.AssertJUnit.assertEquals;
import static org.testng.AssertJUnit.assertNotNull;
import static org.testng.AssertJUnit.assertNull;
import static org.testng.AssertJUnit.assertTrue;

import java.io.File;
import java.text.ParseException;
import java.util.Collection;

import javax.xml.namespace.QName;

import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.util.GeneralizedTime;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.testng.AssertJUnit;
import org.testng.annotations.Test;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.PrismProperty;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.schema.CapabilityUtil;
import com.evolveum.midpoint.schema.constants.MidPointConstants;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.processor.ResourceAttribute;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ShadowUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.test.AbstractIntegrationTest;
import com.evolveum.midpoint.test.IntegrationTestTools;
import com.evolveum.midpoint.test.util.MidPointTestConstants;
import com.evolveum.midpoint.test.util.TestUtil;
import com.evolveum.midpoint.util.MiscUtil;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ShadowType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationCapabilityType;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.ActivationLockoutStatusCapabilityType;

/**
 * @author semancik
 *
 */
public class TestOpenLdap extends AbstractLdapConnTest {

	@Override
	protected String getResourceOid() {
		return "2a7c7130-7a34-11e4-bdf6-001e8c717e5b";
	}

	@Override
	protected File getBaseDir() {
		return new File(MidPointTestConstants.TEST_RESOURCES_DIR, "openldap");
	}

	@Override
	public String getStartSystemCommand() {
		return "sudo "+getScriptDirectoryName()+"/openldap-start";
	}

	@Override
	public String getStopSystemCommand() {
		return "sudo "+getScriptDirectoryName()+"/openldap-stop";
	}

	@Override
	protected String getLdapServerHost() {
		return "localhost";
	}

	@Override
	protected int getLdapServerPort() {
		return 11389;
	}

	@Override
	protected String getLdapBindDn() {
		return "cn=admin,dc=example,dc=com";
	}

	@Override
	protected String getLdapBindPassword() {
		return "secret";
	}

	@Override
	protected String getAccount0Cn() {
		return "Riwibmix Juvotut (00000000)";
	}

	@Override
	protected int getSearchSizeLimit() {
		return 500;
	}
	
	@Override
	protected String getPeopleLdapSuffix() {
		return "ou=people,"+getLdapSuffix();
	}

	@Override
	protected String getGroupsLdapSuffix() {
		return "ou=groups,"+getLdapSuffix();
	}

	
	@Override
	protected String getLdapGroupObjectClass() {
		return "groupOfNames";
	}

	@Override
	protected String getLdapGroupMemberAttribute() {
		return "member";
	}

	@Override
	protected String getSyncTaskOid() {
		return "cd1e0ff2-0099-11e5-9e22-001e8c717e5b";
	}
	
	@Override
	protected boolean syncCanDetectDelete() {
		return false;
	}
	
	@Override
	protected boolean needsGroupFakeMemeberEntry() {
		return true;
	}

	@Override
	protected void assertActivationCapability(ActivationCapabilityType activationCapabilityType) {
		assertNotNull("No activation capability", activationCapabilityType);
		
		ActivationLockoutStatusCapabilityType lockoutCapability = CapabilityUtil.getEffectiveActivationLockoutStatus(activationCapabilityType);
		assertNotNull("No lockout capability", lockoutCapability);
		display("Lockout capability", lockoutCapability);
	}
	
	@Override
	protected void assertStepSyncToken(String syncTaskOid, int step, long tsStart, long tsEnd)
			throws ObjectNotFoundException, SchemaException {
		OperationResult result = new OperationResult(AbstractIntegrationTest.class.getName()+".assertSyncToken");
		Task task = taskManager.getTask(syncTaskOid, result);
		result.computeStatus();
		TestUtil.assertSuccess(result);
		
		PrismProperty<String> syncTokenProperty = task.getExtensionProperty(SchemaConstants.SYNC_TOKEN);
		assertNotNull("No sync token in "+task, syncTokenProperty);
		String syncToken = syncTokenProperty.getRealValue();
		assertNotNull("No sync token in "+task, syncToken);
		IntegrationTestTools.display("Sync token", syncToken);
		
		GeneralizedTime syncTokenGt;
		try {
			syncTokenGt = new GeneralizedTime(syncToken);
		} catch (ParseException e) {
			throw new RuntimeException(e.getMessage(),e);
		}
		TestUtil.assertBetween("Wrong time in sync token: "+syncToken, roundTsDown(tsStart), roundTsUp(tsEnd), syncTokenGt.getCalendar().getTimeInMillis());
		
	}
	
	@Test
    public void test700CheckBarbossaLockoutStatus() throws Exception {
		final String TEST_NAME = "test700CheckBarbossaLockoutStatus";
        TestUtil.displayTestTile(this, TEST_NAME);

        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        PrismObject<ShadowType> shadow = getShadowModel(accountBarbossaOid);
        
        // THEN
        TestUtil.displayThen(TEST_NAME);
        display("Shadow (model)", shadow);
        ActivationType activation = shadow.asObjectable().getActivation();
        if (activation != null) {
	        LockoutStatusType lockoutStatus = shadow.asObjectable().getActivation().getLockoutStatus();
	        if (lockoutStatus != null && lockoutStatus != LockoutStatusType.NORMAL) {
	        	AssertJUnit.fail("Barbossa is locked!");
	        }
        }

        assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_PASSWORD_2);
	}
	
	@Test
    public void test702LockOutBarbossa() throws Exception {
		final String TEST_NAME = "test702LockOutBarbossa";
        TestUtil.displayTestTile(this, TEST_NAME);
        
        Entry entry = getLdapAccountByUid(USER_BARBOSSA_USERNAME);
        display("LDAP Entry before", entry);

        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        for (int i = 0; i < 10; i++) {
        	LdapNetworkConnection conn;
        	try {
        		conn = ldapConnect(null, entry.getDn().toString(), "this password is wrong");
        	} catch (SecurityException e) {
        		// Good bad attempt
        		continue;
        	}
        	assertNotReached();
        }
        
        // THEN
        TestUtil.displayThen(TEST_NAME);
        
        entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME);
        display("LDAP Entry after", entry);
        
        PrismObject<ShadowType> shadow = getShadowModel(accountBarbossaOid);
        display("Shadow (model)", shadow);
        ActivationType activation = shadow.asObjectable().getActivation();
        assertNotNull("No activation", activation);
        LockoutStatusType lockoutStatus = shadow.asObjectable().getActivation().getLockoutStatus();
        assertEquals("Wrong lockout status", LockoutStatusType.LOCKED, lockoutStatus);
	}
	

	@Test
    public void test705UnlockBarbossaAccount() throws Exception {
		final String TEST_NAME = "test705UnlockBarbossaAccount";
        TestUtil.displayTestTile(this, TEST_NAME);

        // GIVEN
        Task task = taskManager.createTaskInstance(this.getClass().getName() + "." + TEST_NAME);
        OperationResult result = task.getResult();
        
        ObjectDelta<ShadowType> accountDelta = createModifyAccountShadowReplaceDelta(accountBarbossaOid, null, 
        		SchemaConstants.PATH_ACTIVATION_LOCKOUT_STATUS, LockoutStatusType.NORMAL);
        
        // WHEN
        TestUtil.displayWhen(TEST_NAME);
        executeChanges(accountDelta, null, task, result);
        
        // THEN
        TestUtil.displayThen(TEST_NAME);
        result.computeStatus();
        TestUtil.assertSuccess(result);
        
        PrismObject<ShadowType> shadow = getShadowModel(accountBarbossaOid);
        display("Shadow (model)", shadow);
        
        ActivationType activation = shadow.asObjectable().getActivation();
        if (activation != null) {
	        LockoutStatusType lockoutStatus = shadow.asObjectable().getActivation().getLockoutStatus();
	        if (lockoutStatus != null && lockoutStatus != LockoutStatusType.NORMAL) {
	        	AssertJUnit.fail("Barbossa is locked!");
	        }
        }
        
        Entry entry = assertLdapAccount(USER_BARBOSSA_USERNAME, USER_BARBOSSA_FULL_NAME);
        display("LDAP Entry", entry);
        assertNoAttribute(entry, "pwdAccountLockedTime");
        
        assertLdapPassword(USER_BARBOSSA_USERNAME, USER_BARBOSSA_PASSWORD_2);
	}

}