Diff for /tests/scripts/test031-component-filter between versions 1.7 and 1.7.2.7

version 1.7, 2004/12/01 21:11:55 version 1.7.2.7, 2005/11/03 18:03:03
Line 1 Line 1
 #! /bin/sh  #! /bin/sh
 # $OpenLDAP: pkg/ldap/tests/scripts/test031-component-filter,v 1.2 2004/08/28 01:53:41 slim Exp $  # $OpenLDAP: pkg/ldap/tests/scripts/test031-component-filter,v 1.15 2005/11/01 18:59:23 kurt Exp $
 ## This work is part of OpenLDAP Software <http://www.openldap.org/>.  ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
 ##  ##
 ## Copyright 1998-2004 The OpenLDAP Foundation.  ## Copyright 1998-2005 The OpenLDAP Foundation.
 ## All rights reserved.  ## All rights reserved.
 ##  ##
 ## Redistribution and use in source and binary forms, with or without  ## Redistribution and use in source and binary forms, with or without
Line 18  echo "running defines.sh" Line 18  echo "running defines.sh"
   
 ## If you use this script then  ## If you use this script then
 ## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes  ## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes
 ## and --enable-modules  is configured yes  ## and --enable-modules is configured yes
 if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then  if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then
         echo "dynamic module disabled "          echo "dynamic module disabled, test skipped"
         exit          exit 0
 fi  fi
   
 mkdir -p $TESTDIR $DBDIR1  mkdir -p $TESTDIR $DBDIR1
Line 38  if test $RC != 0 ; then Line 38  if test $RC != 0 ; then
         echo "slapadd failed ($RC)!"          echo "slapadd failed ($RC)!"
         echo "Be sure to have a certificate module in tests/data/comp_libs "          echo "Be sure to have a certificate module in tests/data/comp_libs "
         echo "The module is in openldap/contrib/slapd-modules/comp_match"          echo "The module is in openldap/contrib/slapd-modules/comp_match"
         exit           echo "Test skipped."
           exit 0
 fi  fi
   
 echo "Running slapindex to index slapd database..."  echo "Running slapindex to index slapd database..."
Line 59  if test $WAIT != 0 ; then Line 60  if test $WAIT != 0 ; then
 fi  fi
 KILLPIDS="$PID"  KILLPIDS="$PID"
   
   sleep 1
   
 echo "Testing slapd searching..."  echo "Testing slapd searching..."
 for i in 0 1 2 3 4 5; do  for i in 0 1 2 3 4 5; do
         $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \          $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \
Line 82  cat /dev/null > $SEARCHOUT Line 85  cat /dev/null > $SEARCHOUT
 echo "Testing Component Filter Match RFC3687 Certificate searching:"  echo "Testing Component Filter Match RFC3687 Certificate searching:"
 echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT  echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT
   
 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.serialNumber\", rule allComponentsMatch, value 0 })"  FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })"
   echo "        f=$FILTER ..."
   echo "#         f=$FILTER ..." >> $SEARCHOUT
   $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
           "$FILTER" >> $SEARCHOUT 2>&1
   
   RC=$?
   if test $RC != 0 ; then
           echo "ldapsearch failed ($RC)!"
           test $KILLSERVERS != no && kill -HUP $KILLPIDS
           exit $RC
   fi
   
   FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 95  if test $RC != 0 ; then Line 111  if test $RC != 0 ; then
         exit $RC          exit $RC
 fi  fi
   
 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.version\", rule allComponentsMatch, value 2 })"  FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 108  if test $RC != 0 ; then Line 124  if test $RC != 0 ; then
         exit $RC          exit $RC
 fi  fi
   
 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })"  FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 121  if test $RC != 0 ; then Line 137  if test $RC != 0 ; then
         exit $RC          exit $RC
 fi  fi
   
 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })"  FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 134  if test $RC != 0 ; then Line 150  if test $RC != 0 ; then
         exit $RC          exit $RC
 fi  fi
   
 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })"  FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 147  if test $RC != 0 ; then Line 163  if test $RC != 0 ; then
         exit $RC          exit $RC
 fi  fi
   
 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.extensions.0\", rule integerMatch, value 3 })"  FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnID\", rule allComponentsMatch, value 2.5.29.14 })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 160  if test $RC != 0 ; then Line 176  if test $RC != 0 ; then
         exit $RC          exit $RC
 fi  fi
   
 FILTER="(userCertificate:componentFilterMatch:=item:{component \"tbsCertificate.extensions.\2a.extnID\",rule allComponentsMatch, value 2.5.29.14 })"  FILTER="(userCertificate:componentFilterMatch:=not:item:{ component \"toBeSigned.extensions.\2a\", rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 173  if test $RC != 0 ; then Line 189  if test $RC != 0 ; then
         exit $RC          exit $RC
 fi  fi
   
 FILTER="(userCertificate:componentFilterMatch:=not:item:{component \"tbsCertificate.extensions.\2a\",rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })"  FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 186  if test $RC != 0 ; then Line 202  if test $RC != 0 ; then
         exit $RC          exit $RC
 fi  fi
   
 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })"  FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 199  if test $RC != 0 ; then Line 215  if test $RC != 0 ; then
         exit $RC          exit $RC
 fi  fi
   
 FILTER="(userCertificate:componentFilterMatch:=item:{ component \"tbsCertificate.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })"  FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })"
 echo "        f=$FILTER ..."  echo "        f=$FILTER ..."
 echo "#         f=$FILTER ..." >> $SEARCHOUT  echo "#         f=$FILTER ..." >> $SEARCHOUT
 $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \  $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
Line 213  if test $RC != 0 ; then Line 229  if test $RC != 0 ; then
 fi  fi
   
   
   FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })"
   echo "        f=$FILTER ..."
   echo "#         f=$FILTER ..." >> $SEARCHOUT
   $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
           "$FILTER" >> $SEARCHOUT 2>&1
   
   RC=$?
   if test $RC != 0 ; then
           echo "ldapsearch failed ($RC)!"
           test $KILLSERVERS != no && kill -HUP $KILLPIDS
           exit $RC
   fi
   
   FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })"
   echo "        f=$FILTER ..."
   echo "#         f=$FILTER ..." >> $SEARCHOUT
   $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
           "$FILTER" >> $SEARCHOUT 2>&1
   
   RC=$?
   if test $RC != 0 ; then
           echo "ldapsearch failed ($RC)!"
           test $KILLSERVERS != no && kill -HUP $KILLPIDS
           exit $RC
   fi
   
   # extraction filter
   FILTER="(x509CertificateIssuer=c=US)"
   echo "        f=$FILTER ..."
   echo "#         f=$FILTER ..." >> $SEARCHOUT
   $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
           "$FILTER" >> $SEARCHOUT 2>&1
   
   RC=$?
   if test $RC != 0 ; then
           echo "ldapsearch failed ($RC)!"
           test $KILLSERVERS != no && kill -HUP $KILLPIDS
           exit $RC
   fi
   
   # extraction filter
   FILTER="(x509CertificateSerial=0)"
   echo "        f=$FILTER ..."
   echo "#         f=$FILTER ..." >> $SEARCHOUT
   $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
           "$FILTER" >> $SEARCHOUT 2>&1
   
   RC=$?
   if test $RC != 0 ; then
           echo "ldapsearch failed ($RC)!"
           test $KILLSERVERS != no && kill -HUP $KILLPIDS
           exit $RC
   fi
   
   # extraction filter
   FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)"
   echo "        f=$FILTER ..."
   echo "#         f=$FILTER ..." >> $SEARCHOUT
   $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
           "$FILTER" >> $SEARCHOUT 2>&1
   
   RC=$?
   if test $RC != 0 ; then
           echo "ldapsearch failed ($RC)!"
           test $KILLSERVERS != no && kill -HUP $KILLPIDS
           exit $RC
   fi
   
   FILTER="(certificateRevocationList:componentFilterMatch:=item:{ component \"tbsCertList.revokedCertificates.\2a.userCertificate\", rule integerMatch, value 952069669 })"
   echo "        f=$FILTER ..."
   echo "#         f=$FILTER ..." >> $SEARCHOUT
   $LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \
           "$FILTER" >> $SEARCHOUT 2>&1
   
   RC=$?
   if test $RC != 0 ; then
           echo "ldapsearch failed ($RC)!"
           test $KILLSERVERS != no && kill -HUP $KILLPIDS
           exit $RC
   fi
   
   
 test $KILLSERVERS != no && kill -HUP $KILLPIDS  test $KILLSERVERS != no && kill -HUP $KILLPIDS
   

Removed from v.1.7  
changed lines
  Added in v.1.7.2.7


______________
© Copyright 1998-2020, OpenLDAP Foundation, info@OpenLDAP.org