X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tests%2Fscripts%2Ftest031-component-filter;h=f4e0a97f09470b0d0e49cbf98db9107c68696352;hb=d8fbe2d32cc5885698215234758d45610d132411;hp=42d7747226be839c40180d8335e1360511bc7953;hpb=2af645777109012a2fc36da45bcbef0fe35ef301;p=openldap diff --git a/tests/scripts/test031-component-filter b/tests/scripts/test031-component-filter index 42d7747226..f4e0a97f09 100755 --- a/tests/scripts/test031-component-filter +++ b/tests/scripts/test031-component-filter @@ -2,7 +2,7 @@ # $OpenLDAP$ ## This work is part of OpenLDAP Software . ## -## Copyright 1998-2004 The OpenLDAP Foundation. +## Copyright 1998-2005 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without @@ -18,21 +18,27 @@ echo "running defines.sh" ## If you use this script then ## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes -## To disable, set "WITH_COMP_MATHC=no" in source_root/openldap/tests/run.in -if test "$AC_WITH_COMP_MATCH" != "yes" ; then - echo "test disabled " +## and --enable-modules is configured yes +if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then + echo "dynamic module disabled " exit fi mkdir -p $TESTDIR $DBDIR1 +## Make sure that you set a proper path to component matching +## module directory in $COMPCONF +## moduleload path/to/component/library/compmatch.la +## otherwise it fails to execute slapd echo "Running slapadd to build slapd database..." -. $CONFFILTER $BACKEND $MONITORDB < $MCONF > $ADDCONF +. $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF $SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH RC=$? if test $RC != 0 ; then echo "slapadd failed ($RC)!" - exit $RC + echo "Be sure to have a certificate module in tests/data/comp_libs " + echo "The module is in openldap/contrib/slapd-modules/comp_match" + exit fi echo "Running slapindex to index slapd database..." @@ -45,7 +51,7 @@ if test $RC != 0 ; then fi echo "Starting slapd on TCP/IP port $PORT1..." -$SLAPD -f $CONF1 -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & +$SLAPD -f $ADDCONF -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & PID=$! if test $WAIT != 0 ; then echo PID $PID @@ -73,10 +79,154 @@ fi cat /dev/null > $SEARCHOUT -echo "Testing Component Filter Match RFC3687 searching:" -echo "# Testing Component Filter Match RFC3687 searching:" >> $SEARCHOUT +echo "Testing Component Filter Match RFC3687 Certificate searching:" +echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{component \"toBeSigned.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"toBeSigned.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 + +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })" +echo " f=$FILTER ..." +echo "# f=$FILTER ..." >> $SEARCHOUT +$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ + "$FILTER" >> $SEARCHOUT 2>&1 -FILTER="(componentTest:componentFilterMatch:=item:{ component \"id\", rule caseExactMatch, value \"worldcup\" )" +RC=$? +if test $RC != 0 ; then + echo "ldapsearch failed ($RC)!" + test $KILLSERVERS != no && kill -HUP $KILLPIDS + exit $RC +fi + + +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -89,7 +239,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(componentTest:componentFilterMatch:=not:item:{ component \"id2\", rule caseExactMatch, value \"worldcup\" )" +FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -102,7 +252,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(componentTest:componentFilterMatch:=not:item:{ component \"id2\", rule componentFilterMatch, value not:item:{ component \"id.0\", rule integerMatch, value 5 }})" +FILTER="(x509CertificateIssuer=c=US)" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -115,7 +265,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(componentTest:componentFilterMatch:=and:{item:{ component \"100\", rule caseIgnoreMatch, value "foobar" },item:{ component \"id2.rr.kk\", rule componentFilterMatch, value item:{ component \"id3\", rule integerMatch, value 1 }}})" +FILTER="(x509CertificateSerial=0)" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -128,7 +278,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(componentTest:componentFilterMatch:=and:{not:item:{ component \"100\", rule caseIgnoreMatch, value "foobar" },not:item:{ component \"id2.rr.kk\", rule componentFilterMatch, value item:{ component \"id3\", rule integerMatch, value 1 }}})" +FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -141,7 +291,7 @@ if test $RC != 0 ; then exit $RC fi -FILTER="(componentTest:componentFilterMatch:=or:{not:item:{ component \"100\", rule caseIgnoreMatch, value "foobar" },not:item:{ component \"id2.rr.kk\", rule componentFilterMatch, value item:{ component \"id3\", rule integerMatch, value 1 }}})" +FILTER="(certificateRevocationList:componentFilterMatch:=item:{ component \"tbsCertList.revokedCertificates.\2a.userCertificate\", rule integerMatch, value 952069669 })" echo " f=$FILTER ..." echo "# f=$FILTER ..." >> $SEARCHOUT $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ @@ -153,6 +303,8 @@ if test $RC != 0 ; then test $KILLSERVERS != no && kill -HUP $KILLPIDS exit $RC fi + + test $KILLSERVERS != no && kill -HUP $KILLPIDS echo "Filtering ldapsearch results..."