1   /*
2    *  Licensed to the Apache Software Foundation (ASF) under one
3    *  or more contributor license agreements.  See the NOTICE file
4    *  distributed with this work for additional information
5    *  regarding copyright ownership.  The ASF licenses this file
6    *  to you under the Apache License, Version 2.0 (the
7    *  "License"); you may not use this file except in compliance
8    *  with the License.  You may obtain a copy of the License at
9    *  
10   *    http://www.apache.org/licenses/LICENSE-2.0
11   *  
12   *  Unless required by applicable law or agreed to in writing,
13   *  software distributed under the License is distributed on an
14   *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *  KIND, either express or implied.  See the License for the
16   *  specific language governing permissions and limitations
17   *  under the License. 
18   *  
19   */
20  package org.apache.directory.server.core.authz.support;
21  
22  
23  import java.util.ArrayList;
24  import java.util.Collection;
25  import java.util.Collections;
26  import java.util.HashSet;
27  import java.util.Set;
28  
29  import javax.naming.NamingException;
30  
31  import junit.framework.Assert;
32  import junit.framework.TestCase;
33  
34  import org.apache.directory.server.core.authz.support.OperationScope;
35  import org.apache.directory.server.core.authz.support.RelatedUserClassFilter;
36  import org.apache.directory.server.core.subtree.SubtreeEvaluator;
37  import org.apache.directory.shared.ldap.aci.ACITuple;
38  import org.apache.directory.shared.ldap.aci.MicroOperation;
39  import org.apache.directory.shared.ldap.aci.ProtectedItem;
40  import org.apache.directory.shared.ldap.aci.UserClass;
41  import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
42  import org.apache.directory.shared.ldap.name.LdapDN;
43  
44  
45  /**
46   * Tests {@link RelatedUserClassFilter}.
47   *
48   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
49   * @version $Rev: 681489 $, $Date: 2008-07-31 23:00:49 +0200 (Do, 31 Jul 2008) $
50   */
51  public class RelatedUserClassFilterTest extends TestCase
52  {
53      private static final Collection<ACITuple> EMPTY_ACI_TUPLE_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ACITuple>() );
54      private static final Collection<ProtectedItem> EMPTY_PROTECTED_ITEM_COLLECTION = Collections.unmodifiableCollection( new ArrayList<ProtectedItem>() );
55  
56      private static final Set<MicroOperation> EMPTY_MICRO_OPERATION_SET = Collections.unmodifiableSet( new HashSet<MicroOperation>() );
57  
58      private static final LdapDN GROUP_NAME;
59      private static final LdapDN USER_NAME;
60      private static final Set<LdapDN> USER_NAMES = new HashSet<LdapDN>();
61      private static final Set<LdapDN> GROUP_NAMES = new HashSet<LdapDN>();
62  
63      private static final SubtreeEvaluator SUBTREE_EVALUATOR;
64  
65      private static final RelatedUserClassFilter filter;
66  
67      static
68      {
69          SUBTREE_EVALUATOR = new SubtreeEvaluator( new DummyOidRegistry(), new DummyAttributeTypeRegistry(true) );
70          filter = new RelatedUserClassFilter( SUBTREE_EVALUATOR );
71          
72          try
73          {
74              GROUP_NAME = new LdapDN( "ou=test,ou=groups,ou=system" );
75              USER_NAME = new LdapDN( "ou=test, ou=users, ou=system" );
76          }
77          catch ( NamingException e )
78          {
79              throw new Error();
80          }
81  
82          USER_NAMES.add( USER_NAME );
83          GROUP_NAMES.add( GROUP_NAME );
84      }
85  
86  
87      public void testZeroTuple() throws Exception
88      {
89          Assert.assertEquals( 0, filter.filter( null, EMPTY_ACI_TUPLE_COLLECTION, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null,
90              null, null, null, null, null, null, null, null, null ).size() );
91      }
92  
93  
94      public void testAllUsers() throws Exception
95      {
96          Collection<ACITuple> tuples = getTuples( UserClass.ALL_USERS );
97  
98          Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
99              AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
100     }
101 
102 
103     public void testThisEntry() throws Exception
104     {
105         Collection<ACITuple> tuples = getTuples( UserClass.THIS_ENTRY );
106 
107         Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
108             AuthenticationLevel.NONE, USER_NAME, null, null, null, null, null ).size() );
109         Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
110             AuthenticationLevel.NONE, new LdapDN( "ou=unrelated" ), null, null, null, null, null ).size() );
111     }
112     
113     
114     public void testParentOfEntry() throws Exception
115     {
116         Collection<ACITuple> tuples = getTuples( UserClass.PARENT_OF_ENTRY );
117 
118         Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
119             AuthenticationLevel.NONE, new LdapDN( "ou=phoneBook, ou=test, ou=users, ou=system" ), null, null, null, null, null ).size() );
120         Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
121             AuthenticationLevel.NONE, new LdapDN( "ou=unrelated" ), null, null, null, null, null ).size() );
122     }
123 
124 
125     public void testName() throws Exception
126     {
127         Collection<ACITuple> tuples = getTuples( new UserClass.Name( USER_NAMES ) );
128         Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null,
129             AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
130         Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null,
131             new LdapDN( "ou=unrelateduser, ou=users" ), null, AuthenticationLevel.NONE, USER_NAME, null, null, null,
132             null, null ).size() );
133     }
134 
135 
136     public void testUserGroup() throws Exception
137     {
138         Collection<ACITuple> tuples = getTuples( new UserClass.UserGroup( GROUP_NAMES ) );
139         Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, GROUP_NAMES, USER_NAME, null,
140             AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
141 
142         Set<LdapDN> wrongGroupNames = new HashSet<LdapDN>();
143         wrongGroupNames.add( new LdapDN( "ou=unrelatedgroup" ) );
144 
145         Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, wrongGroupNames, USER_NAME, null,
146             AuthenticationLevel.NONE, USER_NAME, null, null, null, null, null ).size() );
147     }
148 
149 
150     public void testSubtree() throws Exception
151     {
152         // TODO Don't know how to test yet.
153     }
154 
155 
156     public void testAuthenticationLevel() throws Exception
157     {
158         Collection<ACITuple> tuples = getTuples( AuthenticationLevel.SIMPLE, true );
159 
160         Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
161             AuthenticationLevel.STRONG, null, null, null, null, null, null ).size() );
162         Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
163             AuthenticationLevel.SIMPLE, null, null, null, null, null, null ).size() );
164         Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
165             AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
166 
167         tuples = getTuples( AuthenticationLevel.SIMPLE, false );
168 
169         Assert.assertEquals( 1, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
170             AuthenticationLevel.NONE, null, null, null, null, null, null ).size() );
171 
172         Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
173             AuthenticationLevel.STRONG, null, null, null, null, null, null ).size() );
174 
175         tuples = getTuples( AuthenticationLevel.SIMPLE, false );
176 
177         Assert.assertEquals( 0, filter.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
178             AuthenticationLevel.SIMPLE, null, null, null, null, null, null ).size() );
179     }
180 
181 
182     private static Collection<ACITuple> getTuples( UserClass userClass )
183     {
184         Collection<UserClass> classes = new ArrayList<UserClass>();
185         classes.add( userClass );
186 
187         Collection<ACITuple> tuples = new ArrayList<ACITuple>();
188         tuples.add( new ACITuple( classes, AuthenticationLevel.NONE, EMPTY_PROTECTED_ITEM_COLLECTION, 
189             EMPTY_MICRO_OPERATION_SET, true, 0 ) );
190 
191         return tuples;
192     }
193 
194 
195     private static Collection<ACITuple> getTuples( AuthenticationLevel level, boolean grant )
196     {
197         Collection<UserClass> classes = new ArrayList<UserClass>();
198         
199         if ( grant )
200         {
201             classes.add( UserClass.ALL_USERS );
202         }
203         else
204         {
205             Set<LdapDN> names = new HashSet<LdapDN>();
206             
207             try
208             {
209                 names.add( new LdapDN( "dummy=dummy" ) );
210             }
211             catch ( NamingException e )
212             {
213                 throw new Error();
214             }
215 
216             classes.add( new UserClass.Name( names ) );
217         }
218 
219         Collection<ACITuple> tuples = new ArrayList<ACITuple>();
220         tuples.add( new ACITuple( classes, level, EMPTY_PROTECTED_ITEM_COLLECTION, EMPTY_MICRO_OPERATION_SET, grant, 0 ) );
221 
222         return tuples;
223     }
224 }