3 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 ## Copyright 1998-2012 The OpenLDAP Foundation.
6 ## All rights reserved.
8 ## Redistribution and use in source and binary forms, with or without
9 ## modification, are permitted only as authorized by the OpenLDAP
12 ## A copy of this license is available in the file LICENSE in the
13 ## top-level directory of the distribution or, alternatively, at
14 ## <http://www.OpenLDAP.org/license.html>.
16 echo "running defines.sh"
17 . $SRCDIR/scripts/defines.sh
19 ## If you use this script then
20 ## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes
21 ## and --enable-modules is configured yes
22 if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then
23 echo "dynamic module disabled, test skipped"
27 mkdir -p $TESTDIR $DBDIR1
29 ## Make sure that you set a proper path to component matching
30 ## module directory in $COMPCONF
31 ## moduleload path/to/component/library/compmatch.la
32 ## otherwise it fails to execute slapd
33 echo "Running slapadd to build slapd database..."
34 . $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF
35 $SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH
37 if test $RC != 0 ; then
38 echo "slapadd failed ($RC)!"
39 echo "Be sure to have a certificate module in tests/data/comp_libs "
40 echo "The module is in openldap/contrib/slapd-modules/comp_match"
45 echo "Running slapindex to index slapd database..."
46 . $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1
49 if test $RC != 0 ; then
50 echo "warning: slapindex failed ($RC)"
51 echo " assuming no indexing support"
54 echo "Starting slapd on TCP/IP port $PORT1..."
55 $SLAPD -f $ADDCONF -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 &
57 if test $WAIT != 0 ; then
65 echo "Testing slapd searching..."
66 for i in 0 1 2 3 4 5; do
67 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
68 'objectclass=*' > /dev/null 2>&1
70 if test $RC = 0 ; then
73 echo "Waiting 5 seconds for slapd to start..."
77 if test $RC != 0 ; then
78 echo "ldapsearch failed ($RC)!"
79 test $KILLSERVERS != no && kill -HUP $KILLPIDS
83 cat /dev/null > $SEARCHOUT
85 echo "Testing Component Filter Match RFC3687 Certificate searching:"
86 echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
88 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })"
90 echo "# f=$FILTER ..." >> $SEARCHOUT
91 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
92 "$FILTER" >> $SEARCHOUT 2>&1
95 if test $RC != 0 ; then
96 echo "ldapsearch failed ($RC)!"
97 test $KILLSERVERS != no && kill -HUP $KILLPIDS
101 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })"
102 echo " f=$FILTER ..."
103 echo "# f=$FILTER ..." >> $SEARCHOUT
104 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
105 "$FILTER" >> $SEARCHOUT 2>&1
108 if test $RC != 0 ; then
109 echo "ldapsearch failed ($RC)!"
110 test $KILLSERVERS != no && kill -HUP $KILLPIDS
114 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
115 echo " f=$FILTER ..."
116 echo "# f=$FILTER ..." >> $SEARCHOUT
117 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
118 "$FILTER" >> $SEARCHOUT 2>&1
121 if test $RC != 0 ; then
122 echo "ldapsearch failed ($RC)!"
123 test $KILLSERVERS != no && kill -HUP $KILLPIDS
127 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
128 echo " f=$FILTER ..."
129 echo "# f=$FILTER ..." >> $SEARCHOUT
130 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
131 "$FILTER" >> $SEARCHOUT 2>&1
134 if test $RC != 0 ; then
135 echo "ldapsearch failed ($RC)!"
136 test $KILLSERVERS != no && kill -HUP $KILLPIDS
140 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
141 echo " f=$FILTER ..."
142 echo "# f=$FILTER ..." >> $SEARCHOUT
143 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
144 "$FILTER" >> $SEARCHOUT 2>&1
147 if test $RC != 0 ; then
148 echo "ldapsearch failed ($RC)!"
149 test $KILLSERVERS != no && kill -HUP $KILLPIDS
153 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })"
154 echo " f=$FILTER ..."
155 echo "# f=$FILTER ..." >> $SEARCHOUT
156 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
157 "$FILTER" >> $SEARCHOUT 2>&1
160 if test $RC != 0 ; then
161 echo "ldapsearch failed ($RC)!"
162 test $KILLSERVERS != no && kill -HUP $KILLPIDS
166 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnID\", rule allComponentsMatch, value 2.5.29.14 })"
167 echo " f=$FILTER ..."
168 echo "# f=$FILTER ..." >> $SEARCHOUT
169 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
170 "$FILTER" >> $SEARCHOUT 2>&1
173 if test $RC != 0 ; then
174 echo "ldapsearch failed ($RC)!"
175 test $KILLSERVERS != no && kill -HUP $KILLPIDS
179 FILTER="(userCertificate:componentFilterMatch:=not:item:{ component \"toBeSigned.extensions.\2a\", rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
180 echo " f=$FILTER ..."
181 echo "# f=$FILTER ..." >> $SEARCHOUT
182 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
183 "$FILTER" >> $SEARCHOUT 2>&1
186 if test $RC != 0 ; then
187 echo "ldapsearch failed ($RC)!"
188 test $KILLSERVERS != no && kill -HUP $KILLPIDS
192 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
193 echo " f=$FILTER ..."
194 echo "# f=$FILTER ..." >> $SEARCHOUT
195 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
196 "$FILTER" >> $SEARCHOUT 2>&1
199 if test $RC != 0 ; then
200 echo "ldapsearch failed ($RC)!"
201 test $KILLSERVERS != no && kill -HUP $KILLPIDS
205 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
206 echo " f=$FILTER ..."
207 echo "# f=$FILTER ..." >> $SEARCHOUT
208 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
209 "$FILTER" >> $SEARCHOUT 2>&1
212 if test $RC != 0 ; then
213 echo "ldapsearch failed ($RC)!"
214 test $KILLSERVERS != no && kill -HUP $KILLPIDS
218 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
219 echo " f=$FILTER ..."
220 echo "# f=$FILTER ..." >> $SEARCHOUT
221 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
222 "$FILTER" >> $SEARCHOUT 2>&1
225 if test $RC != 0 ; then
226 echo "ldapsearch failed ($RC)!"
227 test $KILLSERVERS != no && kill -HUP $KILLPIDS
232 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
233 echo " f=$FILTER ..."
234 echo "# f=$FILTER ..." >> $SEARCHOUT
235 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
236 "$FILTER" >> $SEARCHOUT 2>&1
239 if test $RC != 0 ; then
240 echo "ldapsearch failed ($RC)!"
241 test $KILLSERVERS != no && kill -HUP $KILLPIDS
245 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
246 echo " f=$FILTER ..."
247 echo "# f=$FILTER ..." >> $SEARCHOUT
248 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
249 "$FILTER" >> $SEARCHOUT 2>&1
252 if test $RC != 0 ; then
253 echo "ldapsearch failed ($RC)!"
254 test $KILLSERVERS != no && kill -HUP $KILLPIDS
259 FILTER="(x509CertificateIssuer=c=US)"
260 echo " f=$FILTER ..."
261 echo "# f=$FILTER ..." >> $SEARCHOUT
262 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
263 "$FILTER" >> $SEARCHOUT 2>&1
266 if test $RC != 0 ; then
267 echo "ldapsearch failed ($RC)!"
268 test $KILLSERVERS != no && kill -HUP $KILLPIDS
273 FILTER="(x509CertificateSerial=0)"
274 echo " f=$FILTER ..."
275 echo "# f=$FILTER ..." >> $SEARCHOUT
276 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
277 "$FILTER" >> $SEARCHOUT 2>&1
280 if test $RC != 0 ; then
281 echo "ldapsearch failed ($RC)!"
282 test $KILLSERVERS != no && kill -HUP $KILLPIDS
287 FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)"
288 echo " f=$FILTER ..."
289 echo "# f=$FILTER ..." >> $SEARCHOUT
290 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
291 "$FILTER" >> $SEARCHOUT 2>&1
294 if test $RC != 0 ; then
295 echo "ldapsearch failed ($RC)!"
296 test $KILLSERVERS != no && kill -HUP $KILLPIDS
300 FILTER="(certificateRevocationList:componentFilterMatch:=item:{ component \"tbsCertList.revokedCertificates.\2a.userCertificate\", rule integerMatch, value 952069669 })"
301 echo " f=$FILTER ..."
302 echo "# f=$FILTER ..." >> $SEARCHOUT
303 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
304 "$FILTER" >> $SEARCHOUT 2>&1
307 if test $RC != 0 ; then
308 echo "ldapsearch failed ($RC)!"
309 test $KILLSERVERS != no && kill -HUP $KILLPIDS
314 test $KILLSERVERS != no && kill -HUP $KILLPIDS
316 echo "Filtering ldapsearch results..."
317 $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
318 echo "Comparing filter output..."
319 $CMP $SEARCHFLT $COMPSEARCHOUT > $CMPOUT
321 if test $? != 0 ; then
322 echo "Comparison failed"
326 echo ">>>>> Test succeeded"
328 test $KILLSERVERS != no && wait