# $OpenLDAP$
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2005 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
echo "Testing Component Filter Match RFC3687 Certificate searching:"
echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
-FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.serialNumber\", rule allComponentsMatch, value 0 })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
exit $RC
fi
-FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.version\", rule allComponentsMatch, value 2 })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
exit $RC
fi
-FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule octetStringMatch, value \"US\" })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
exit $RC
fi
-FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
exit $RC
fi
-FILTER="(componentCertificate:componentCertificateMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
echo " f=$FILTER ..."
echo "# f=$FILTER ..." >> $SEARCHOUT
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
exit $RC
fi
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{component \"toBeSigned.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"toBeSigned.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(x509CertificateIssuer=c=US)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(x509CertificateSerial=0)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
+FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)"
+echo " f=$FILTER ..."
+echo "# f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+ "$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapsearch failed ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
test $KILLSERVERS != no && kill -HUP $KILLPIDS