PasswordPolicyResponseControlTests.java

/*
 * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.security.ldap.ppolicy;

import static org.assertj.core.api.Assertions.*;

import org.junit.Test;

/**
 * Tests for <tt>PasswordPolicyResponse</tt>.
 *
 * @author Luke Taylor
 */
public class PasswordPolicyResponseControlTests {
	// ~ Methods
	// ========================================================================================================

	/**
	 * Useful method for obtaining data from a server for use in tests
	 */
	// public void testAgainstServer() throws Exception {
	// Hashtable env = new Hashtable();
	// env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
	// env.put(Context.PROVIDER_URL, "ldap://gorille:389/");
	// env.put(Context.SECURITY_AUTHENTICATION, "simple");
	// env.put(Context.SECURITY_PRINCIPAL, "cn=manager,dc=security,dc=org");
	// env.put(Context.SECURITY_CREDENTIALS, "security");
	// env.put(LdapContext.CONTROL_FACTORIES,
	// PasswordPolicyControlFactory.class.getName());
	//
	// InitialLdapContext ctx = new InitialLdapContext(env, null);
	//
	// Control[] rctls = { new PasswordPolicyControl(false) };
	//
	// ctx.setRequestControls(rctls);
	//
	// try {
	// ctx.addToEnvironment(Context.SECURITY_PRINCIPAL,
	// "uid=bob,ou=people,dc=security,dc=org" );
	// ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, "bobspassword");
	// Object o = ctx.lookup("");
	//
	// System.out.println(o);
	//
	// } catch(NamingException ne) {
	// // Ok.
	// System.err.println(ne);
	// }
	//
	// PasswordPolicyResponseControl ctrl = getPPolicyResponseCtl(ctx);
	// System.out.println(ctrl);
	//
	// assertThat(ctrl).isNotNull();
	//
	// //com.sun.jndi.ldap.LdapPoolManager.showStats(System.out);
	// }

	// private PasswordPolicyResponseControl getPPolicyResponseCtl(InitialLdapContext ctx)
	// throws NamingException {
	// Control[] ctrls = ctx.getResponseControls();
	//
	// for (int i = 0; ctrls != null && i < ctrls.length; i++) {
	// if (ctrls[i] instanceof PasswordPolicyResponseControl) {
	// return (PasswordPolicyResponseControl) ctrls[i];
	// }
	// }
	//
	// return null;
	// }

	@Test
	public void openLDAP33SecondsTillPasswordExpiryCtrlIsParsedCorrectly() {
		byte[] ctrlBytes = { 0x30, 0x05, (byte) 0xA0, 0x03, (byte) 0xA0, 0x1, 0x21 };

		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes);

		assertThat(ctrl.hasWarning()).isTrue();
		assertThat(ctrl.getTimeBeforeExpiration()).isEqualTo(33);
	}

	@Test
	public void openLDAP496GraceLoginsRemainingCtrlIsParsedCorrectly() {
		byte[] ctrlBytes = { 0x30, 0x06, (byte) 0xA0, 0x04, (byte) 0xA1, 0x02, 0x01,
				(byte) 0xF0 };

		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes);

		assertThat(ctrl.hasWarning()).isTrue();
		assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(496);
	}

	static final byte[] OPENLDAP_5_LOGINS_REMAINING_CTRL = { 0x30, 0x05, (byte) 0xA0,
			0x03, (byte) 0xA1, 0x01, 0x05 };

	@Test
	public void openLDAP5GraceLoginsRemainingCtrlIsParsedCorrectly() {
		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(
				OPENLDAP_5_LOGINS_REMAINING_CTRL);

		assertThat(ctrl.hasWarning()).isTrue();
		assertThat(ctrl.getGraceLoginsRemaining()).isEqualTo(5);
	}

	static final byte[] OPENLDAP_LOCKED_CTRL = { 0x30, 0x03, (byte) 0xA1, 0x01, 0x01 };

	@Test
	public void openLDAPAccountLockedCtrlIsParsedCorrectly() {
		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(
				OPENLDAP_LOCKED_CTRL);

		assertThat(ctrl.hasError() && ctrl.isLocked()).isTrue();
		assertThat(ctrl.hasWarning()).isFalse();
	}

	@Test
	public void openLDAPPasswordExpiredCtrlIsParsedCorrectly() {
		byte[] ctrlBytes = { 0x30, 0x03, (byte) 0xA1, 0x01, 0x00 };

		PasswordPolicyResponseControl ctrl = new PasswordPolicyResponseControl(ctrlBytes);

		assertThat(ctrl.hasError() && ctrl.isExpired()).isTrue();
		assertThat(ctrl.hasWarning()).isFalse();
	}
}