1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  
21  package org.apache.directory.server.core.subtree;
22  
23  
24  import org.apache.directory.server.core.DirectoryService;
25  import org.apache.directory.server.core.integ.CiRunner;
26  import static org.apache.directory.server.core.integ.IntegrationUtils.getSystemContext;
27  import org.apache.directory.shared.ldap.constants.SchemaConstants;
28  import static org.junit.Assert.assertEquals;
29  import static org.junit.Assert.assertTrue;
30  import static org.junit.Assert.assertFalse;
31  import org.junit.Test;
32  import org.junit.runner.RunWith;
33  
34  import javax.naming.NamingEnumeration;
35  import javax.naming.directory.Attribute;
36  import javax.naming.directory.Attributes;
37  import javax.naming.directory.BasicAttribute;
38  import javax.naming.directory.BasicAttributes;
39  import javax.naming.directory.DirContext;
40  import javax.naming.directory.ModificationItem;
41  import javax.naming.directory.SearchControls;
42  import javax.naming.directory.SearchResult;
43  import javax.naming.ldap.LdapContext;
44  import java.util.HashMap;
45  import java.util.Map;
46  
47  
48  /**
49   * Testcases for the SubentryInterceptor. Investigation on some serious problems.
50   *
51   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
52   * @version $Rev$
53   */
54  @RunWith ( CiRunner.class )
55  public class BadSubentryServiceIT
56  {
57      public static DirectoryService service;
58  
59  
60      public Attributes getTestEntry( String cn )
61      {
62          Attributes entry = new BasicAttributes( true );
63          Attribute objectClass = new BasicAttribute( "objectClass" );
64          objectClass.add( "top" );
65          objectClass.add( "person" );
66          entry.put( objectClass );
67          entry.put( "cn", cn );
68          entry.put( "sn", cn );
69          return entry;
70      }
71  
72  
73      public Attributes getCollectiveAttributeTestSubentry( String cn )
74      {
75          Attributes subentry = new BasicAttributes( true );
76          Attribute objectClass = new BasicAttribute( "objectClass" );
77          objectClass.add( "top" );
78          objectClass.add( SchemaConstants.SUBENTRY_OC );
79          objectClass.add( "collectiveAttributeSubentry" );
80          subentry.put( objectClass );
81          subentry.put( "subtreeSpecification", "{ }" );
82          subentry.put( "c-o", "Test Org" );
83          subentry.put( "cn", cn );
84          return subentry;
85      }
86      
87      
88      public Attributes getAccessControlTestSubentry( String cn )
89      {
90          Attributes subentry = new BasicAttributes( true );
91          Attribute objectClass = new BasicAttribute( "objectClass" );
92          objectClass.add( "top" );
93          objectClass.add( SchemaConstants.SUBENTRY_OC );
94          objectClass.add( "accessControlSubentry" );
95          subentry.put( objectClass );
96          subentry.put( "subtreeSpecification", "{ }" );
97          subentry.put( "prescriptiveACI",
98              "{ " +
99              "identificationTag \"alllUsersFullAccessACI\", " +
100             "precedence 14, " +
101             "authenticationLevel none, " +
102             "itemOrUserFirst userFirst: " +
103             "{ " +
104               "userClasses " +
105               "{ " +
106                 "allUsers " +
107               "}, " +
108               "userPermissions " +
109               "{ " + 
110                 "{ " +
111                   "protectedItems " +
112                   "{ " +
113                     "entry, allUserAttributeTypesAndValues " +
114                   "}, " +
115                   "grantsAndDenials " +
116                   "{ " +
117                     "grantAdd, grantDiscloseOnError, grantRead, " +
118                     "grantRemove, grantBrowse, grantExport, grantImport, " +
119                     "grantModify, grantRename, grantReturnDN, " +
120                     "grantCompare, grantFilterMatch, grantInvoke " +
121                   "} " + 
122                 "} " +
123               "} " +
124             "} " + 
125           "} "
126            );
127         subentry.put( "cn", cn );
128         return subentry;
129     }
130 
131 
132     public void addAdministrativeRoles() throws Exception
133     {
134         LdapContext sysRoot = getSystemContext( service );
135         Attribute attribute = new BasicAttribute( "administrativeRole" );
136         attribute.add( "autonomousArea" );
137         attribute.add( "collectiveAttributeSpecificArea" );
138         attribute.add( "accessControlSpecificArea" );
139         ModificationItem item = new ModificationItem( DirContext.ADD_ATTRIBUTE, attribute );
140         sysRoot.modifyAttributes( "", new ModificationItem[] { item } );
141     }
142 
143 
144     public Map<String, Attributes> getAllEntries() throws Exception
145     {
146         LdapContext sysRoot = getSystemContext( service );
147         Map<String, Attributes> resultMap = new HashMap<String, Attributes>();
148         SearchControls controls = new SearchControls();
149         controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
150         controls.setReturningAttributes( new String[] { "+", "*" } );
151         NamingEnumeration<SearchResult> results = sysRoot.search( "", "(objectClass=*)", controls );
152         
153         while ( results.hasMore() )
154         {
155             SearchResult result = results.next();
156             resultMap.put( result.getName(), result.getAttributes() );
157         }
158         
159         return resultMap;
160     }
161     
162 
163     /*
164      * FIXME: The test fails badly.
165      */
166     @Test
167     public void testTrackingOfSubentryOperationals() throws Exception
168     {
169         LdapContext sysRoot = getSystemContext( service );
170         addAdministrativeRoles();
171         sysRoot.createSubcontext( "cn=collectiveAttributeTestSubentry",
172             getCollectiveAttributeTestSubentry( "collectiveAttributeTestSubentry" ) );
173         sysRoot.createSubcontext( "cn=accessControlTestSubentry",
174             getAccessControlTestSubentry( "accessControlTestSubentry" ) );
175         sysRoot.createSubcontext( "cn=testEntry", getTestEntry( "testEntry" ) );
176         
177         Map<String, Attributes> results = getAllEntries();
178         Attributes testEntry = results.get( "cn=testEntry,ou=system" );
179         
180         //----------------------------------------------------------------------
181         
182         Attribute collectiveAttributeSubentries = testEntry.get( "collectiveAttributeSubentries" );
183         
184         assertTrue( collectiveAttributeSubentries.contains( "2.5.4.3=collectiveattributetestsubentry,2.5.4.11=system" ) );
185         
186         assertFalse( "'collectiveAttributeSubentries' operational attribute SHOULD NOT " + 
187             "contain references to non-'collectiveAttributeSubentry's like 'accessControlSubentry's", 
188             collectiveAttributeSubentries.contains( "2.5.4.3=accesscontroltestsubentry,2.5.4.11=system" ) );
189         
190         assertEquals( 1, collectiveAttributeSubentries.size() );
191         
192         //----------------------------------------------------------------------
193         
194         Attribute accessControlSubentries = testEntry.get( "accessControlSubentries" );
195         
196         assertTrue( accessControlSubentries.contains( "2.5.4.3=accesscontroltestsubentry,2.5.4.11=system" ) );
197         
198         assertFalse( "'accessControlSubentries' operational attribute SHOULD NOT " + 
199             "contain references to non-'accessControlSubentry's like 'collectiveAttributeSubentry's", 
200             accessControlSubentries.contains( "2.5.4.3=collectiveattributetestsubentry,2.5.4.11=system" ) );
201         
202         assertEquals( 1, accessControlSubentries.size() );
203         
204     }
205 }