3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2005 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 ## If you use this script then
20 ## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes
21 ## and --enable-modules is configured yes
22 if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then
23 echo "dynamic module disabled, test skipped"
27 mkdir -p $TESTDIR $DBDIR1
29 ## Make sure that you set a proper path to component matching
30 ## module directory in $COMPCONF
31 ## moduleload path/to/component/library/compmatch.la
32 ## otherwise it fails to execute slapd
33 echo "Running slapadd to build slapd database..."
34 . $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF
35 $SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH
37 if test $RC != 0 ; then
38 echo "slapadd failed ($RC)!"
39 echo "Be sure to have a certificate module in tests/data/comp_libs "
40 echo "The module is in openldap/contrib/slapd-modules/comp_match"
45 echo "Running slapindex to index slapd database..."
46 . $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
49 if test $RC != 0 ; then
50 echo "warning: slapindex failed ($RC)"
51 echo " assuming no indexing support"
54 echo "Starting slapd on TCP/IP port $PORT1..."
55 $SLAPD -f $ADDCONF -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
57 if test $WAIT != 0 ; then
63 echo "Testing slapd searching..."
64 for i in 0 1 2 3 4 5; do
65 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
66 'objectclass=*' > /dev/null 2>&1
68 if test $RC = 0 ; then
71 echo "Waiting 5 seconds for slapd to start..."
75 if test $RC != 0 ; then
76 echo "ldapsearch failed ($RC)!"
77 test $KILLSERVERS != no && kill -HUP $KILLPIDS
81 cat /dev/null > $SEARCHOUT
83 echo "Testing Component Filter Match RFC3687 Certificate searching:"
84 echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
86 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })"
88 echo "# f=$FILTER ..." >> $SEARCHOUT
89 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
90 "$FILTER" >> $SEARCHOUT 2>&1
93 if test $RC != 0 ; then
94 echo "ldapsearch failed ($RC)!"
95 test $KILLSERVERS != no && kill -HUP $KILLPIDS
99 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })"
100 echo " f=$FILTER ..."
101 echo "# f=$FILTER ..." >> $SEARCHOUT
102 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
103 "$FILTER" >> $SEARCHOUT 2>&1
106 if test $RC != 0 ; then
107 echo "ldapsearch failed ($RC)!"
108 test $KILLSERVERS != no && kill -HUP $KILLPIDS
112 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
113 echo " f=$FILTER ..."
114 echo "# f=$FILTER ..." >> $SEARCHOUT
115 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
116 "$FILTER" >> $SEARCHOUT 2>&1
119 if test $RC != 0 ; then
120 echo "ldapsearch failed ($RC)!"
121 test $KILLSERVERS != no && kill -HUP $KILLPIDS
125 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
126 echo " f=$FILTER ..."
127 echo "# f=$FILTER ..." >> $SEARCHOUT
128 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
129 "$FILTER" >> $SEARCHOUT 2>&1
132 if test $RC != 0 ; then
133 echo "ldapsearch failed ($RC)!"
134 test $KILLSERVERS != no && kill -HUP $KILLPIDS
138 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
139 echo " f=$FILTER ..."
140 echo "# f=$FILTER ..." >> $SEARCHOUT
141 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
142 "$FILTER" >> $SEARCHOUT 2>&1
145 if test $RC != 0 ; then
146 echo "ldapsearch failed ($RC)!"
147 test $KILLSERVERS != no && kill -HUP $KILLPIDS
151 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })"
152 echo " f=$FILTER ..."
153 echo "# f=$FILTER ..." >> $SEARCHOUT
154 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
155 "$FILTER" >> $SEARCHOUT 2>&1
158 if test $RC != 0 ; then
159 echo "ldapsearch failed ($RC)!"
160 test $KILLSERVERS != no && kill -HUP $KILLPIDS
164 FILTER="(userCertificate:componentFilterMatch:=item:{component \"toBeSigned.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })"
165 echo " f=$FILTER ..."
166 echo "# f=$FILTER ..." >> $SEARCHOUT
167 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
168 "$FILTER" >> $SEARCHOUT 2>&1
171 if test $RC != 0 ; then
172 echo "ldapsearch failed ($RC)!"
173 test $KILLSERVERS != no && kill -HUP $KILLPIDS
177 FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"toBeSigned.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
178 echo " f=$FILTER ..."
179 echo "# f=$FILTER ..." >> $SEARCHOUT
180 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
181 "$FILTER" >> $SEARCHOUT 2>&1
184 if test $RC != 0 ; then
185 echo "ldapsearch failed ($RC)!"
186 test $KILLSERVERS != no && kill -HUP $KILLPIDS
190 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
191 echo " f=$FILTER ..."
192 echo "# f=$FILTER ..." >> $SEARCHOUT
193 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
194 "$FILTER" >> $SEARCHOUT 2>&1
197 if test $RC != 0 ; then
198 echo "ldapsearch failed ($RC)!"
199 test $KILLSERVERS != no && kill -HUP $KILLPIDS
203 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
204 echo " f=$FILTER ..."
205 echo "# f=$FILTER ..." >> $SEARCHOUT
206 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
207 "$FILTER" >> $SEARCHOUT 2>&1
210 if test $RC != 0 ; then
211 echo "ldapsearch failed ($RC)!"
212 test $KILLSERVERS != no && kill -HUP $KILLPIDS
216 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
217 echo " f=$FILTER ..."
218 echo "# f=$FILTER ..." >> $SEARCHOUT
219 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
220 "$FILTER" >> $SEARCHOUT 2>&1
223 if test $RC != 0 ; then
224 echo "ldapsearch failed ($RC)!"
225 test $KILLSERVERS != no && kill -HUP $KILLPIDS
230 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
231 echo " f=$FILTER ..."
232 echo "# f=$FILTER ..." >> $SEARCHOUT
233 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
234 "$FILTER" >> $SEARCHOUT 2>&1
237 if test $RC != 0 ; then
238 echo "ldapsearch failed ($RC)!"
239 test $KILLSERVERS != no && kill -HUP $KILLPIDS
243 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
244 echo " f=$FILTER ..."
245 echo "# f=$FILTER ..." >> $SEARCHOUT
246 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
247 "$FILTER" >> $SEARCHOUT 2>&1
250 if test $RC != 0 ; then
251 echo "ldapsearch failed ($RC)!"
252 test $KILLSERVERS != no && kill -HUP $KILLPIDS
256 FILTER="(x509CertificateIssuer=c=US)"
257 echo " f=$FILTER ..."
258 echo "# f=$FILTER ..." >> $SEARCHOUT
259 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
260 "$FILTER" >> $SEARCHOUT 2>&1
263 if test $RC != 0 ; then
264 echo "ldapsearch failed ($RC)!"
265 test $KILLSERVERS != no && kill -HUP $KILLPIDS
269 FILTER="(x509CertificateSerial=0)"
270 echo " f=$FILTER ..."
271 echo "# f=$FILTER ..." >> $SEARCHOUT
272 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
273 "$FILTER" >> $SEARCHOUT 2>&1
276 if test $RC != 0 ; then
277 echo "ldapsearch failed ($RC)!"
278 test $KILLSERVERS != no && kill -HUP $KILLPIDS
282 FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)"
283 echo " f=$FILTER ..."
284 echo "# f=$FILTER ..." >> $SEARCHOUT
285 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
286 "$FILTER" >> $SEARCHOUT 2>&1
289 if test $RC != 0 ; then
290 echo "ldapsearch failed ($RC)!"
291 test $KILLSERVERS != no && kill -HUP $KILLPIDS
295 FILTER="(certificateRevocationList:componentFilterMatch:=item:{ component \"tbsCertList.revokedCertificates.\2a.userCertificate\", rule integerMatch, value 952069669 })"
296 echo " f=$FILTER ..."
297 echo "# f=$FILTER ..." >> $SEARCHOUT
298 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
299 "$FILTER" >> $SEARCHOUT 2>&1
302 if test $RC != 0 ; then
303 echo "ldapsearch failed ($RC)!"
304 test $KILLSERVERS != no && kill -HUP $KILLPIDS
309 test $KILLSERVERS != no && kill -HUP $KILLPIDS
311 echo "Filtering ldapsearch results..."
312 . $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
313 echo "Comparing filter output..."
314 $CMP $SEARCHFLT $COMPSEARCHOUT > $CMPOUT
316 if test $? != 0 ; then
317 echo "Comparison failed"
321 echo ">>>>> Test succeeded"