/*
* (C) Copyright 2006-2016 Nuxeo SA (http://nuxeo.com/) and others.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Contributors:
* Nuxeo - initial API and implementation
*
*/
package org.nuxeo.ecm.directory.ldap;
import java.io.File;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.inject.Inject;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.directory.server.protocol.shared.store.LdifFileLoader;
import org.apache.directory.server.protocol.shared.store.LdifLoadFilter;
import org.bouncycastle.x509.X509V1CertificateGenerator;
import org.junit.After;
import org.junit.Before;
import org.junit.runner.RunWith;
import org.nuxeo.ecm.core.test.CoreFeature;
import org.nuxeo.ecm.core.test.annotations.Granularity;
import org.nuxeo.ecm.core.test.annotations.RepositoryConfig;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.test.runner.Deploy;
import org.nuxeo.runtime.test.runner.Features;
import org.nuxeo.runtime.test.runner.FeaturesRunner;
import org.nuxeo.runtime.test.runner.LocalDeploy;
import org.nuxeo.runtime.test.runner.RuntimeHarness;
/**
* @author <a href="ogrisel@nuxeo.com">Olivier Grisel</a>
*/
@RunWith(FeaturesRunner.class)
@Features(CoreFeature.class)
@RepositoryConfig(cleanup = Granularity.METHOD)
@Deploy({ "org.nuxeo.ecm.directory", //
"org.nuxeo.ecm.directory.sql", //
"org.nuxeo.ecm.directory.ldap", //
"org.nuxeo.ecm.directory.ldap.tests", //
})
@LocalDeploy({ "org.nuxeo.ecm.directory.ldap.tests:ldap-test-setup/DirectoryTypes.xml",
"org.nuxeo.ecm.directory.ldap.tests:TestSQLDirectories.xml", })
public abstract class LDAPDirectoryTestCase {
private static final Log log = LogFactory.getLog(LDAPDirectoryTestCase.class);
protected MockLdapServer server;
// change this flag to use an external LDAP directory instead of the
// non networked default ApacheDS implementation
public static final boolean USE_EXTERNAL_TEST_LDAP_SERVER = false;
// change this flag in case the external LDAP server considers the
// posixGroup class structural
public static final boolean POSIXGROUP_IS_STRUCTURAL = true;
// change this flag if your test server has support for dynamic groups
// through the groupOfURLs objectclass, eg for OpenLDAP:
// http://www.ldap.org.br/modules/ldap/files/files///dyngroup.schema
public static final boolean HAS_DYNGROUP_SCHEMA = false;
public static final String INTERNAL_SERVER_SETUP_UPPER_ID = "TestDirectoriesWithInternalApacheDS-override-upper-id.xml";
// These variables are changed in subclasses
public String EXTERNAL_SERVER_SETUP = "TestDirectoriesWithExternalOpenLDAP.xml";
public String INTERNAL_SERVER_SETUP = "TestDirectoriesWithInternalApacheDS.xml";
public String EXTERNAL_SERVER_SETUP_OVERRIDE = "TestDirectoriesWithExternalOpenLDAP-override.xml";
public String INTERNAL_SERVER_SETUP_OVERRIDE = "TestDirectoriesWithInternalApacheDS-override.xml";
@Inject
protected RuntimeHarness runtimeHarness;
public List<String> getLdifFiles() {
List<String> ldifFiles = new ArrayList<>();
ldifFiles.add("sample-users.ldif");
ldifFiles.add("sample-groups.ldif");
if (HAS_DYNGROUP_SCHEMA) {
ldifFiles.add("sample-dynamic-groups.ldif");
}
return ldifFiles;
}
@Before
public void setUp() throws Exception {
if (USE_EXTERNAL_TEST_LDAP_SERVER) {
runtimeHarness.deployContrib("org.nuxeo.ecm.directory.ldap.tests", EXTERNAL_SERVER_SETUP);
} else {
runtimeHarness.deployContrib("org.nuxeo.ecm.directory.ldap.tests", INTERNAL_SERVER_SETUP);
server = new MockLdapServer(new File(Framework.getRuntime().getHome(), "ldap"));
getLDAPDirectory("userDirectory").setTestServer(server);
getLDAPDirectory("groupDirectory").setTestServer(server);
}
;
try (LDAPSession session = (LDAPSession) getLDAPDirectory("userDirectory").getSession()) {
DirContext ctx = session.getContext();
for (String ldifFile : getLdifFiles()) {
loadDataFromLdif(ldifFile, ctx);
}
}
}
@After
public void tearDown() throws Exception {
if (USE_EXTERNAL_TEST_LDAP_SERVER) {
try (LDAPSession session = (LDAPSession) getLDAPDirectory("userDirectory").getSession()) {
DirContext ctx = session.getContext();
destroyRecursively("ou=people,dc=example,dc=com", ctx, -1);
destroyRecursively("ou=groups,dc=example,dc=com", ctx, -1);
}
runtimeHarness.undeployContrib("org.nuxeo.ecm.directory.ldap.tests", EXTERNAL_SERVER_SETUP);
} else {
if (server != null) {
try {
server.shutdownLdapServer();
} finally {
server = null;
}
}
runtimeHarness.undeployContrib("org.nuxeo.ecm.directory.ldap.tests", INTERNAL_SERVER_SETUP);
}
}
protected static void loadDataFromLdif(String ldif, DirContext ctx) {
List<LdifLoadFilter> filters = new ArrayList<>();
LdifFileLoader loader = new LdifFileLoader(ctx, new File(ldif), filters, Thread.currentThread()
.getContextClassLoader());
loader.execute();
}
protected void destroyRecursively(String dn, DirContext ctx, int limit) throws NamingException {
if (limit == 0) {
log.warn("Reach recursion limit, stopping deletion at" + dn);
return;
}
SearchControls scts = new SearchControls();
scts.setSearchScope(SearchControls.ONELEVEL_SCOPE);
String providerUrl = (String) ctx.getEnvironment().get(Context.PROVIDER_URL);
NamingEnumeration<SearchResult> children = ctx.search(dn, "(objectClass=*)", scts);
try {
while (children.hasMore()) {
SearchResult child = children.next();
String subDn = child.getName();
if (!USE_EXTERNAL_TEST_LDAP_SERVER && subDn.endsWith(providerUrl)) {
subDn = subDn.substring(0, subDn.length() - providerUrl.length() - 1);
} else {
subDn = subDn + ',' + dn;
}
destroyRecursively(subDn, ctx, limit);
}
} catch (SizeLimitExceededException e) {
log.warn("SizeLimitExceededException: trying again on partial results " + dn);
if (limit == -1) {
limit = 100;
}
destroyRecursively(dn, ctx, limit - 1);
}
ctx.destroySubcontext(dn);
}
public static LDAPDirectory getLDAPDirectory(String name) throws DirectoryException {
DirectoryService directoryService = Framework.getService(DirectoryService.class);
return (LDAPDirectory) directoryService.getDirectory(name);
}
/**
* Method to create a X509 certificate used to test the creation and the update of an entry in the ldap.
*
* @return A X509 certificate
* @throws CertificateException
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
* @throws SignatureException
* @throws IllegalStateException
* @since 5.9.3
*/
protected X509Certificate createCertificate(String dnNameStr) throws NoSuchAlgorithmException,
CertificateException, InvalidKeyException, IllegalStateException, SignatureException {
X509Certificate cert = null;
// Parameters used to define the certificate
// yesterday
Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
// in 2 years
Date validityEndDate = new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000);
// Generate the key pair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// Define the content of the certificate
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal(dnNameStr);
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setSubjectDN(dnName);
certGen.setIssuerDN(dnName); // use the same
certGen.setNotBefore(validityBeginDate);
certGen.setNotAfter(validityEndDate);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSA");
cert = certGen.generate(keyPair.getPrivate());
return cert;
}
}