X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tests%2Fscripts%2Ftest021-certificate;h=7663d0e394ff47a7f732b37a1c0a2cfad17d058b;hb=c8c34cdd43d3603f3b64a56841b4425379c98f45;hp=ce102f0221041681a040a0797e03eb3d33ec72b6;hpb=a4ef4b0e06b01e8151327f17b64b66c52d8404d4;p=openldap diff --git a/tests/scripts/test021-certificate b/tests/scripts/test021-certificate index ce102f0221..7663d0e394 100755 --- a/tests/scripts/test021-certificate +++ b/tests/scripts/test021-certificate @@ -2,7 +2,7 @@ # $OpenLDAP$ ## This work is part of OpenLDAP Software . ## -## Copyright 1998-2005 The OpenLDAP Foundation. +## Copyright 1998-2011 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without @@ -16,11 +16,6 @@ echo "running defines.sh" . $SRCDIR/scripts/defines.sh -if test "$AC_WITH_TLS" != "yes" ; then - echo "test disabled, requires --with-tls" - exit 0 -fi - mkdir -p $TESTDIR $DBDIR1 echo "Running slapadd to build slapd database..." @@ -77,7 +72,7 @@ changetype: modify add: objectClass objectClass: extensibleObject - -add: cAcertificate +add: cAcertificate;binary cAcertificate;binary:: MIIDVDCCAr2gAwIBAgIBADANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg @@ -103,7 +98,7 @@ changetype: modify add: objectClass objectClass: strongAuthenticationUser - -add: userCertificate +add: userCertificate;binary userCertificate;binary:: MIIDazCCAtSgAwIBAgIBAjANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg @@ -130,7 +125,7 @@ changetype: modify add: objectClass objectClass: strongAuthenticationUser - -add: userCertificate +add: userCertificate;binary userCertificate;binary:: MIIDcDCCAtmgAwIBAgIBATANBgkqhkiG9w0BAQQFADB3MQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEfMB0GA1UEChMWT3BlbkxEQVAgRXhhbXBsZSwg @@ -257,7 +252,20 @@ fi SNAI='2$EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US' -echo 'Using ldapsearch to retrieve (userCertificate=serialNumberAndIssuer) ...' +echo 'Using ldapsearch to retrieve (userCertificate=serialNumberAndIssuer) [old format] ...' +echo "# (userCertificate=$SNAI)" >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "(userCertificate=$SNAI)" >> $SEARCHOUT 2>&1 +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +SNAI='{ serialNumber 2, issuer "EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US" }' + +echo 'Using ldapsearch to retrieve (userCertificate=serialNumberAndIssuer) [new format] ...' echo "# (userCertificate=$SNAI)" >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ "(userCertificate=$SNAI)" >> $SEARCHOUT 2>&1 @@ -270,7 +278,7 @@ fi SNAI='3$EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US' -echo 'Using ldapsearch to retrieve (userCertificate:certificateExactMatch:=serialNumberAndIssuer) ...' +echo 'Using ldapsearch to retrieve (userCertificate:certificateExactMatch:=serialNumberAndIssuer) [old format] ...' echo "# (userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ "(userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT 2>&1 @@ -281,12 +289,12 @@ if test $RC != 0 ; then exit $RC fi -CERT='\30\82\03\54\30\82\02\bd\a0\03\02\01\02\02\01\00\30\0d\06\09\2a\86\48\86\f7\0d\01\01\04\05\00\30\77\31\0b\30\09\06\03\55\04\06\13\02\55\53\31\13\30\11\06\03\55\04\08\13\0a\43\61\6c\69\66\6f\72\6e\69\61\31\1f\30\1d\06\03\55\04\0a\13\16\4f\70\65\6e\4c\44\41\50\20\45\78\61\6d\70\6c\65\2c\20\4c\74\64\2e\31\13\30\11\06\03\55\04\03\13\0a\45\78\61\6d\70\6c\65\20\43\41\31\1d\30\1b\06\09\2a\86\48\86\f7\0d\01\09\01\16\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\30\1e\17\0d\30\33\31\30\31\37\31\36\33\30\34\31\5a\17\0d\30\34\31\30\31\36\31\36\33\30\34\31\5a\30\77\31\0b\30\09\06\03\55\04\06\13\02\55\53\31\13\30\11\06\03\55\04\08\13\0a\43\61\6c\69\66\6f\72\6e\69\61\31\1f\30\1d\06\03\55\04\0a\13\16\4f\70\65\6e\4c\44\41\50\20\45\78\61\6d\70\6c\65\2c\20\4c\74\64\2e\31\13\30\11\06\03\55\04\03\13\0a\45\78\61\6d\70\6c\65\20\43\41\31\1d\30\1b\06\09\2a\86\48\86\f7\0d\01\09\01\16\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\30\81\9f\30\0d\06\09\2a\86\48\86\f7\0d\01\01\01\05\00\03\81\8d\00\30\81\89\02\81\81\00\d9\63\50\6c\62\8a\c0\33\12\20\0b\ba\4c\ed\dc\68\ff\db\83\11\c3\52\74\01\9c\7a\1a\77\17\2e\1a\4d\26\c0\05\c8\0d\1b\61\97\40\ce\0b\f2\74\a7\aa\fe\e5\f4\8b\9a\3f\e0\1c\9c\dc\6e\f5\5c\00\1c\6c\96\71\0c\fb\6b\2f\0a\43\01\d3\0d\38\1b\ca\57\6a\fa\ef\24\e0\9e\96\ad\14\b7\c6\46\df\c5\59\ac\e3\e4\46\c5\62\4a\2b\59\64\de\fb\87\84\05\df\55\3f\37\9b\1d\d2\26\f8\33\c7\8a\95\1f\20\0c\d1\a0\d7\a3\02\03\01\00\01\a3\81\ef\30\81\ec\30\1d\06\03\55\1d\0e\04\16\04\14\4b\6f\21\1a\36\24\d2\90\f9\43\b0\53\47\2d\7d\e1\c0\e6\98\23\30\81\a1\06\03\55\1d\23\04\81\99\30\81\96\80\14\4b\6f\21\1a\36\24\d2\90\f9\43\b0\53\47\2d\7d\e1\c0\e6\98\23\a1\7b\a4\79\30\77\31\0b\30\09\06\03\55\04\06\13\02\55\53\31\13\30\11\06\03\55\04\08\13\0a\43\61\6c\69\66\6f\72\6e\69\61\31\1f\30\1d\06\03\55\04\0a\13\16\4f\70\65\6e\4c\44\41\50\20\45\78\61\6d\70\6c\65\2c\20\4c\74\64\2e\31\13\30\11\06\03\55\04\03\13\0a\45\78\61\6d\70\6c\65\20\43\41\31\1d\30\1b\06\09\2a\86\48\86\f7\0d\01\09\01\16\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\82\01\00\30\0c\06\03\55\1d\13\04\05\30\03\01\01\ff\30\19\06\03\55\1d\11\04\12\30\10\81\0e\63\61\40\65\78\61\6d\70\6c\65\2e\63\6f\6d\30\0d\06\09\2a\86\48\86\f7\0d\01\01\04\05\00\03\81\81\00\a0\5c\3f\fe\db\c1\25\dc\65\e2\fe\ec\4c\34\42\aa\b6\72\21\41\d4\e7\35\4e\22\97\47\d9\ea\97\26\1c\f1\42\fb\ad\41\75\da\30\f7\46\59\66\1e\46\6e\0e\59\07\11\51\84\35\cd\f0\af\df\8b\1d\de\c1\14\a3\01\2b\78\d1\d1\a5\10\e0\e4\13\e1\6c\2c\cb\74\e2\c6\25\ea\45\fb\44\62\a0\f5\ae\3a\0e\47\86\fa\ec\d9\9c\df\f7\db\9d\ae\0a\08\7e\ae\33\4c\14\08\25\b9\e5\13\11\1b\f7\12\d5\01\d6\25\c4\a1\4d\c6\c8' +SNAI='{ issuer "EMAIL=ca@example.com,CN=Example CA,O=Openldap Example\5C, Ltd.,ST=California,C=US", serialNumber 3 }' -echo 'Using ldapsearch to retrieve (cAcertificate;binary:certificateMatch:=certificate) ...' -echo '# (cAcertificate;binary:certificateMatch:=--CERTIFICATE--)' >> $SEARCHOUT +echo 'Using ldapsearch to retrieve (userCertificate:certificateExactMatch:=serialNumberAndIssuer) [new format]...' +echo "# (userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ - "(cAcertificate;binary:certificateMatch:=$CERT)" >> $SEARCHOUT 2>&1 + "(userCertificate:certificateExactMatch:=$SNAI)" >> $SEARCHOUT 2>&1 RC=$? if test $RC != 0 ; then echo "ldapsearch failed ($RC)!" @@ -296,17 +304,12 @@ fi test $KILLSERVERS != no && kill -HUP $KILLPIDS -if test "$WITHTLS" = no ; then - echo "Certificate matching not suported without TLS" - LDIF=$CERTIFICATEOUT -else - LDIF=$CERTIFICATETLS -fi +LDIF=$CERTIFICATETLS echo "Filtering ldapsearch results..." -. $LDIFFILTER < $SEARCHOUT > $SEARCHFLT +$LDIFFILTER < $SEARCHOUT > $SEARCHFLT echo "Filtering original ldif used to create database..." -. $LDIFFILTER < $LDIF > $LDIFFLT +$LDIFFILTER < $LDIF > $LDIFFLT echo "Comparing filter output..." $CMP $SEARCHFLT $LDIFFLT > $CMPOUT @@ -316,4 +319,7 @@ if test $? != 0 ; then fi echo ">>>>> Test succeeded" + +test $KILLSERVERS != no && wait + exit 0