3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2004 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 ## If you use this script then
20 ## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes
21 ## and --enable-modules is configured yes
22 if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then
23 echo "dynamic module disabled "
27 mkdir -p $TESTDIR $DBDIR1
29 ## Make sure that you set a proper path to component matching
30 ## module directory in $COMPCONF
31 ## moduleload path/to/component/library/compmatch.la
32 ## otherwise it fails to execute slapd
33 echo "Running slapadd to build slapd database..."
34 . $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF
35 $SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH
37 if test $RC != 0 ; then
38 echo "slapadd failed ($RC)!"
39 echo "Be sure to have a certificate module in tests/data/comp_libs "
40 echo "The module is in openldap/contrib/slapd-modules/comp_match"
44 echo "Running slapindex to index slapd database..."
45 . $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
48 if test $RC != 0 ; then
49 echo "warning: slapindex failed ($RC)"
50 echo " assuming no indexing support"
53 echo "Starting slapd on TCP/IP port $PORT1..."
54 $SLAPD -f $ADDCONF -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
56 if test $WAIT != 0 ; then
62 echo "Testing slapd searching..."
63 for i in 0 1 2 3 4 5; do
64 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
65 'objectclass=*' > /dev/null 2>&1
67 if test $RC = 0 ; then
70 echo "Waiting 5 seconds for slapd to start..."
74 if test $RC != 0 ; then
75 echo "ldapsearch failed ($RC)!"
76 test $KILLSERVERS != no && kill -HUP $KILLPIDS
80 cat /dev/null > $SEARCHOUT
82 echo "Testing Component Filter Match RFC3687 Certificate searching:"
83 echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
85 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })"
87 echo "# f=$FILTER ..." >> $SEARCHOUT
88 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
89 "$FILTER" >> $SEARCHOUT 2>&1
92 if test $RC != 0 ; then
93 echo "ldapsearch failed ($RC)!"
94 test $KILLSERVERS != no && kill -HUP $KILLPIDS
98 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })"
100 echo "# f=$FILTER ..." >> $SEARCHOUT
101 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
102 "$FILTER" >> $SEARCHOUT 2>&1
105 if test $RC != 0 ; then
106 echo "ldapsearch failed ($RC)!"
107 test $KILLSERVERS != no && kill -HUP $KILLPIDS
111 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
112 echo " f=$FILTER ..."
113 echo "# f=$FILTER ..." >> $SEARCHOUT
114 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
115 "$FILTER" >> $SEARCHOUT 2>&1
118 if test $RC != 0 ; then
119 echo "ldapsearch failed ($RC)!"
120 test $KILLSERVERS != no && kill -HUP $KILLPIDS
124 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
125 echo " f=$FILTER ..."
126 echo "# f=$FILTER ..." >> $SEARCHOUT
127 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
128 "$FILTER" >> $SEARCHOUT 2>&1
131 if test $RC != 0 ; then
132 echo "ldapsearch failed ($RC)!"
133 test $KILLSERVERS != no && kill -HUP $KILLPIDS
137 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
138 echo " f=$FILTER ..."
139 echo "# f=$FILTER ..." >> $SEARCHOUT
140 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
141 "$FILTER" >> $SEARCHOUT 2>&1
144 if test $RC != 0 ; then
145 echo "ldapsearch failed ($RC)!"
146 test $KILLSERVERS != no && kill -HUP $KILLPIDS
150 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })"
151 echo " f=$FILTER ..."
152 echo "# f=$FILTER ..." >> $SEARCHOUT
153 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
154 "$FILTER" >> $SEARCHOUT 2>&1
157 if test $RC != 0 ; then
158 echo "ldapsearch failed ($RC)!"
159 test $KILLSERVERS != no && kill -HUP $KILLPIDS
163 FILTER="(userCertificate:componentFilterMatch:=item:{component \"toBeSigned.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })"
164 echo " f=$FILTER ..."
165 echo "# f=$FILTER ..." >> $SEARCHOUT
166 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
167 "$FILTER" >> $SEARCHOUT 2>&1
170 if test $RC != 0 ; then
171 echo "ldapsearch failed ($RC)!"
172 test $KILLSERVERS != no && kill -HUP $KILLPIDS
176 FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"toBeSigned.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
177 echo " f=$FILTER ..."
178 echo "# f=$FILTER ..." >> $SEARCHOUT
179 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
180 "$FILTER" >> $SEARCHOUT 2>&1
183 if test $RC != 0 ; then
184 echo "ldapsearch failed ($RC)!"
185 test $KILLSERVERS != no && kill -HUP $KILLPIDS
189 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
190 echo " f=$FILTER ..."
191 echo "# f=$FILTER ..." >> $SEARCHOUT
192 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
193 "$FILTER" >> $SEARCHOUT 2>&1
196 if test $RC != 0 ; then
197 echo "ldapsearch failed ($RC)!"
198 test $KILLSERVERS != no && kill -HUP $KILLPIDS
202 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
203 echo " f=$FILTER ..."
204 echo "# f=$FILTER ..." >> $SEARCHOUT
205 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
206 "$FILTER" >> $SEARCHOUT 2>&1
209 if test $RC != 0 ; then
210 echo "ldapsearch failed ($RC)!"
211 test $KILLSERVERS != no && kill -HUP $KILLPIDS
215 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
216 echo " f=$FILTER ..."
217 echo "# f=$FILTER ..." >> $SEARCHOUT
218 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
219 "$FILTER" >> $SEARCHOUT 2>&1
222 if test $RC != 0 ; then
223 echo "ldapsearch failed ($RC)!"
224 test $KILLSERVERS != no && kill -HUP $KILLPIDS
229 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
230 echo " f=$FILTER ..."
231 echo "# f=$FILTER ..." >> $SEARCHOUT
232 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
233 "$FILTER" >> $SEARCHOUT 2>&1
236 if test $RC != 0 ; then
237 echo "ldapsearch failed ($RC)!"
238 test $KILLSERVERS != no && kill -HUP $KILLPIDS
242 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
243 echo " f=$FILTER ..."
244 echo "# f=$FILTER ..." >> $SEARCHOUT
245 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
246 "$FILTER" >> $SEARCHOUT 2>&1
249 if test $RC != 0 ; then
250 echo "ldapsearch failed ($RC)!"
251 test $KILLSERVERS != no && kill -HUP $KILLPIDS
255 FILTER="(x509CertificateIssuer:distinguishedNameMatch:=c=US)"
256 echo " f=$FILTER ..."
257 echo "# f=$FILTER ..." >> $SEARCHOUT
258 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
259 "$FILTER" >> $SEARCHOUT 2>&1
262 if test $RC != 0 ; then
263 echo "ldapsearch failed ($RC)!"
264 test $KILLSERVERS != no && kill -HUP $KILLPIDS
268 FILTER="(x509CertificateSerial:integerMatch:=0)"
269 echo " f=$FILTER ..."
270 echo "# f=$FILTER ..." >> $SEARCHOUT
271 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
272 "$FILTER" >> $SEARCHOUT 2>&1
275 if test $RC != 0 ; then
276 echo "ldapsearch failed ($RC)!"
277 test $KILLSERVERS != no && kill -HUP $KILLPIDS
281 FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)"
282 echo " f=$FILTER ..."
283 echo "# f=$FILTER ..." >> $SEARCHOUT
284 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
285 "$FILTER" >> $SEARCHOUT 2>&1
288 if test $RC != 0 ; then
289 echo "ldapsearch failed ($RC)!"
290 test $KILLSERVERS != no && kill -HUP $KILLPIDS
294 test $KILLSERVERS != no && kill -HUP $KILLPIDS
296 echo "Filtering ldapsearch results..."
297 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
298 echo "Comparing filter output..."
299 $CMP $SEARCHFLT $COMPSEARCHOUT > $CMPOUT
301 if test $? != 0 ; then
302 echo "Comparison failed"
306 echo ">>>>> Test succeeded"