X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=tests%2Fscripts%2Ftest031-component-filter;h=40e38dc6cd1ca91a0ef82cb94ebb703a36eb2c2a;hb=58c0bf5ad12415ac4fde91d4ae39ac883eb28106;hp=3d16080fcd1167d19076fa36945f7f12c5801009;hpb=3492452a5b808aae97b8072a7a49f15e3a9a199d;p=openldap

diff --git a/tests/scripts/test031-component-filter b/tests/scripts/test031-component-filter
index 3d16080fcd..40e38dc6cd 100755
--- a/tests/scripts/test031-component-filter
+++ b/tests/scripts/test031-component-filter
@@ -2,7 +2,7 @@
 # $OpenLDAP$
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##
-## Copyright 1998-2004 The OpenLDAP Foundation.
+## Copyright 1998-2011 The OpenLDAP Foundation.
 ## All rights reserved.
 ##
 ## Redistribution and use in source and binary forms, with or without
@@ -18,10 +18,10 @@ echo "running defines.sh"
 
 ## If you use this script then
 ## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes
-## and --enable-modules  is configured yes
+## and --enable-modules is configured yes
 if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then
-        echo "dynamic module disabled "
-        exit
+        echo "dynamic module disabled, test skipped"
+        exit 0
 fi
 
 mkdir -p $TESTDIR $DBDIR1
@@ -38,7 +38,8 @@ if test $RC != 0 ; then
 	echo "slapadd failed ($RC)!"
 	echo "Be sure to have a certificate module in tests/data/comp_libs "
 	echo "The module is in openldap/contrib/slapd-modules/comp_match"
-	exit 
+	echo "Test skipped."
+	exit 0
 fi
 
 echo "Running slapindex to index slapd database..."
@@ -59,6 +60,8 @@ if test $WAIT != 0 ; then
 fi
 KILLPIDS="$PID"
 
+sleep 1
+
 echo "Testing slapd searching..."
 for i in 0 1 2 3 4 5; do
 	$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
@@ -82,7 +85,7 @@ cat /dev/null > $SEARCHOUT
 echo "Testing Component Filter Match RFC3687 Certificate searching:"
 echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.serialNumber\", rule allComponentsMatch, value 0 })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -95,7 +98,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.version\", rule allComponentsMatch, value 2 })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -108,7 +111,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -121,7 +124,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -134,7 +137,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -147,7 +150,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.0\", rule integerMatch, value 3 })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -160,7 +163,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{component \"tbsCertificate.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnID\", rule allComponentsMatch, value 2.5.29.14 })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -173,7 +176,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"tbsCertificate.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
+FILTER="(userCertificate:componentFilterMatch:=not:item:{ component \"toBeSigned.extensions.\2a\", rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -186,7 +189,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -199,7 +202,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -212,7 +215,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -226,7 +229,7 @@ if test $RC != 0 ; then
 fi
 
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -239,7 +242,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
+FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -252,7 +255,8 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(x509CertificateIssuer:distinguishedNameMatch:=c=US)"
+# extraction filter
+FILTER="(x509CertificateIssuer=c=US)"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -265,7 +269,8 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
-FILTER="(x509CertificateSerial:integerMatch:=0)"
+# extraction filter
+FILTER="(x509CertificateSerial=0)"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
@@ -278,6 +283,7 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
+# extraction filter
 FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)"
 echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT
@@ -291,10 +297,24 @@ if test $RC != 0 ; then
 	exit $RC
 fi
 
+FILTER="(certificateRevocationList:componentFilterMatch:=item:{ component \"tbsCertList.revokedCertificates.\2a.userCertificate\", rule integerMatch, value 952069669 })"
+echo "        f=$FILTER ..."
+echo "#         f=$FILTER ..." >> $SEARCHOUT
+$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
+	"$FILTER" >> $SEARCHOUT 2>&1
+
+RC=$?
+if test $RC != 0 ; then
+	echo "ldapsearch failed ($RC)!"
+	test $KILLSERVERS != no && kill -HUP $KILLPIDS
+	exit $RC
+fi
+
+
 test $KILLSERVERS != no && kill -HUP $KILLPIDS
 
 echo "Filtering ldapsearch results..."
-. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT
+$LDIFFILTER < $SEARCHOUT > $SEARCHFLT
 echo "Comparing filter output..."
 $CMP $SEARCHFLT $COMPSEARCHOUT > $CMPOUT
 
@@ -304,4 +324,7 @@ if test $? != 0 ; then
 fi
 
 echo ">>>>> Test succeeded"
+
+test $KILLSERVERS != no && wait
+
 exit 0