version 1.7, 2004/12/01 21:11:55
|
version 1.7.2.6, 2005/10/05 17:41:32
|
Line 1
|
Line 1
|
#! /bin/sh |
#! /bin/sh |
# $OpenLDAP: pkg/ldap/tests/scripts/test031-component-filter,v 1.2 2004/08/28 01:53:41 slim Exp $ |
# $OpenLDAP: pkg/ldap/tests/scripts/test031-component-filter,v 1.14 2005/09/30 05:32:50 hyc Exp $ |
## This work is part of OpenLDAP Software <http://www.openldap.org/>. |
## This work is part of OpenLDAP Software <http://www.openldap.org/>. |
## |
## |
## Copyright 1998-2004 The OpenLDAP Foundation. |
## Copyright 1998-2005 The OpenLDAP Foundation. |
## All rights reserved. |
## All rights reserved. |
## |
## |
## Redistribution and use in source and binary forms, with or without |
## Redistribution and use in source and binary forms, with or without |
Line 20 echo "running defines.sh"
|
Line 20 echo "running defines.sh"
|
## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes |
## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes |
## and --enable-modules is configured yes |
## and --enable-modules is configured yes |
if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then |
if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then |
echo "dynamic module disabled " |
echo "dynamic module disabled, test skipped" |
exit |
exit 0 |
fi |
fi |
|
|
mkdir -p $TESTDIR $DBDIR1 |
mkdir -p $TESTDIR $DBDIR1 |
Line 38 if test $RC != 0 ; then
|
Line 38 if test $RC != 0 ; then
|
echo "slapadd failed ($RC)!" |
echo "slapadd failed ($RC)!" |
echo "Be sure to have a certificate module in tests/data/comp_libs " |
echo "Be sure to have a certificate module in tests/data/comp_libs " |
echo "The module is in openldap/contrib/slapd-modules/comp_match" |
echo "The module is in openldap/contrib/slapd-modules/comp_match" |
exit |
echo "Test skipped." |
|
exit 0 |
fi |
fi |
|
|
echo "Running slapindex to index slapd database..." |
echo "Running slapindex to index slapd database..." |
Line 59 if test $WAIT != 0 ; then
|
Line 60 if test $WAIT != 0 ; then
|
fi |
fi |
KILLPIDS="$PID" |
KILLPIDS="$PID" |
|
|
|
sleep 1 |
|
|
echo "Testing slapd searching..." |
echo "Testing slapd searching..." |
for i in 0 1 2 3 4 5; do |
for i in 0 1 2 3 4 5; do |
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ |
Line 82 cat /dev/null > $SEARCHOUT
|
Line 85 cat /dev/null > $SEARCHOUT
|
echo "Testing Component Filter Match RFC3687 Certificate searching:" |
echo "Testing Component Filter Match RFC3687 Certificate searching:" |
echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT |
echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT |
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.serialNumber\", rule allComponentsMatch, value 0 })" |
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })" |
|
echo " f=$FILTER ..." |
|
echo "# f=$FILTER ..." >> $SEARCHOUT |
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
|
"$FILTER" >> $SEARCHOUT 2>&1 |
|
|
|
RC=$? |
|
if test $RC != 0 ; then |
|
echo "ldapsearch failed ($RC)!" |
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS |
|
exit $RC |
|
fi |
|
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 95 if test $RC != 0 ; then
|
Line 111 if test $RC != 0 ; then
|
exit $RC |
exit $RC |
fi |
fi |
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.version\", rule allComponentsMatch, value 2 })" |
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 108 if test $RC != 0 ; then
|
Line 124 if test $RC != 0 ; then
|
exit $RC |
exit $RC |
fi |
fi |
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })" |
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 121 if test $RC != 0 ; then
|
Line 137 if test $RC != 0 ; then
|
exit $RC |
exit $RC |
fi |
fi |
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })" |
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 134 if test $RC != 0 ; then
|
Line 150 if test $RC != 0 ; then
|
exit $RC |
exit $RC |
fi |
fi |
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })" |
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 147 if test $RC != 0 ; then
|
Line 163 if test $RC != 0 ; then
|
exit $RC |
exit $RC |
fi |
fi |
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.0\", rule integerMatch, value 3 })" |
FILTER="(userCertificate:componentFilterMatch:=item:{component \"toBeSigned.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 160 if test $RC != 0 ; then
|
Line 176 if test $RC != 0 ; then
|
exit $RC |
exit $RC |
fi |
fi |
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{component \"tbsCertificate.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })" |
FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"toBeSigned.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 173 if test $RC != 0 ; then
|
Line 189 if test $RC != 0 ; then
|
exit $RC |
exit $RC |
fi |
fi |
|
|
FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"tbsCertificate.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })" |
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 186 if test $RC != 0 ; then
|
Line 202 if test $RC != 0 ; then
|
exit $RC |
exit $RC |
fi |
fi |
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })" |
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 199 if test $RC != 0 ; then
|
Line 215 if test $RC != 0 ; then
|
exit $RC |
exit $RC |
fi |
fi |
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })" |
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })" |
echo " f=$FILTER ..." |
echo " f=$FILTER ..." |
echo "# f=$FILTER ..." >> $SEARCHOUT |
echo "# f=$FILTER ..." >> $SEARCHOUT |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
Line 213 if test $RC != 0 ; then
|
Line 229 if test $RC != 0 ; then
|
fi |
fi |
|
|
|
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })" |
|
echo " f=$FILTER ..." |
|
echo "# f=$FILTER ..." >> $SEARCHOUT |
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
|
"$FILTER" >> $SEARCHOUT 2>&1 |
|
|
|
RC=$? |
|
if test $RC != 0 ; then |
|
echo "ldapsearch failed ($RC)!" |
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS |
|
exit $RC |
|
fi |
|
|
|
FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })" |
|
echo " f=$FILTER ..." |
|
echo "# f=$FILTER ..." >> $SEARCHOUT |
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
|
"$FILTER" >> $SEARCHOUT 2>&1 |
|
|
|
RC=$? |
|
if test $RC != 0 ; then |
|
echo "ldapsearch failed ($RC)!" |
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS |
|
exit $RC |
|
fi |
|
|
|
FILTER="(x509CertificateIssuer=c=US)" |
|
echo " f=$FILTER ..." |
|
echo "# f=$FILTER ..." >> $SEARCHOUT |
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
|
"$FILTER" >> $SEARCHOUT 2>&1 |
|
|
|
RC=$? |
|
if test $RC != 0 ; then |
|
echo "ldapsearch failed ($RC)!" |
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS |
|
exit $RC |
|
fi |
|
|
|
FILTER="(x509CertificateSerial=0)" |
|
echo " f=$FILTER ..." |
|
echo "# f=$FILTER ..." >> $SEARCHOUT |
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
|
"$FILTER" >> $SEARCHOUT 2>&1 |
|
|
|
RC=$? |
|
if test $RC != 0 ; then |
|
echo "ldapsearch failed ($RC)!" |
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS |
|
exit $RC |
|
fi |
|
|
|
FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)" |
|
echo " f=$FILTER ..." |
|
echo "# f=$FILTER ..." >> $SEARCHOUT |
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
|
"$FILTER" >> $SEARCHOUT 2>&1 |
|
|
|
RC=$? |
|
if test $RC != 0 ; then |
|
echo "ldapsearch failed ($RC)!" |
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS |
|
exit $RC |
|
fi |
|
|
|
FILTER="(certificateRevocationList:componentFilterMatch:=item:{ component \"tbsCertList.revokedCertificates.\2a.userCertificate\", rule integerMatch, value 952069669 })" |
|
echo " f=$FILTER ..." |
|
echo "# f=$FILTER ..." >> $SEARCHOUT |
|
$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ |
|
"$FILTER" >> $SEARCHOUT 2>&1 |
|
|
|
RC=$? |
|
if test $RC != 0 ; then |
|
echo "ldapsearch failed ($RC)!" |
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS |
|
exit $RC |
|
fi |
|
|
|
|
test $KILLSERVERS != no && kill -HUP $KILLPIDS |
test $KILLSERVERS != no && kill -HUP $KILLPIDS |
|
|