1#! /bin/sh 2# $OpenLDAP$ 3## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4## 5## Copyright 1998-2011 The OpenLDAP Foundation. 6## All rights reserved. 7## 8## Redistribution and use in source and binary forms, with or without 9## modification, are permitted only as authorized by the OpenLDAP 10## Public License. 11## 12## A copy of this license is available in the file LICENSE in the 13## top-level directory of the distribution or, alternatively, at 14## <http://www.OpenLDAP.org/license.html>. 15 16echo "running defines.sh" 17. $SRCDIR/scripts/defines.sh 18 19## If you use this script then 20## Make sure that you turn on LDAP_COMP_MATCH in slapd source codes 21## and --enable-modules is configured yes 22if test "$AC_WITH_MODULES_ENABLED" != "yes" ; then 23 echo "dynamic module disabled, test skipped" 24 exit 0 25fi 26 27mkdir -p $TESTDIR $DBDIR1 28 29## Make sure that you set a proper path to component matching 30## module directory in $COMPCONF 31## moduleload path/to/component/library/compmatch.la 32## otherwise it fails to execute slapd 33echo "Running slapadd to build slapd database..." 34. $CONFFILTER $BACKEND $MONITORDB < $COMPCONF > $ADDCONF 35$SLAPADD -f $ADDCONF -l $LDIFCOMPMATCH 36RC=$? 37if test $RC != 0 ; then 38 echo "slapadd failed ($RC)!" 39 echo "Be sure to have a certificate module in tests/data/comp_libs " 40 echo "The module is in openldap/contrib/slapd-modules/comp_match" 41 echo "Test skipped." 42 exit 0 43fi 44 45echo "Running slapindex to index slapd database..." 46. $CONFFILTER $BACKEND $MONITORDB < $CONF > $CONF1 47$SLAPINDEX -f $CONF1 48RC=$? 49if test $RC != 0 ; then 50 echo "warning: slapindex failed ($RC)" 51 echo " assuming no indexing support" 52fi 53 54echo "Starting slapd on TCP/IP port $PORT1..." 55$SLAPD -f $ADDCONF -h $URI1 -d $LVL $TIMING > $LOG1 2>&1 & 56PID=$! 57if test $WAIT != 0 ; then 58 echo PID $PID 59 read foo 60fi 61KILLPIDS="$PID" 62 63sleep 1 64 65echo "Testing slapd searching..." 66for i in 0 1 2 3 4 5; do 67 $LDAPSEARCH -s base -b "$MONITOR" -h $LOCALHOST -p $PORT1 \ 68 'objectclass=*' > /dev/null 2>&1 69 RC=$? 70 if test $RC = 0 ; then 71 break 72 fi 73 echo "Waiting 5 seconds for slapd to start..." 74 sleep 5 75done 76 77if test $RC != 0 ; then 78 echo "ldapsearch failed ($RC)!" 79 test $KILLSERVERS != no && kill -HUP $KILLPIDS 80 exit $RC 81fi 82 83cat /dev/null > $SEARCHOUT 84 85echo "Testing Component Filter Match RFC3687 Certificate searching:" 86echo "# Testing Component Filter Match RFC3687 Certificate searching:" >> $SEARCHOUT 87 88FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.serialNumber\", rule allComponentsMatch, value 0 })" 89echo " f=$FILTER ..." 90echo "# f=$FILTER ..." >> $SEARCHOUT 91$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 92 "$FILTER" >> $SEARCHOUT 2>&1 93 94RC=$? 95if test $RC != 0 ; then 96 echo "ldapsearch failed ($RC)!" 97 test $KILLSERVERS != no && kill -HUP $KILLPIDS 98 exit $RC 99fi 100 101FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.version\", rule allComponentsMatch, value 2 })" 102echo " f=$FILTER ..." 103echo "# f=$FILTER ..." >> $SEARCHOUT 104$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 105 "$FILTER" >> $SEARCHOUT 2>&1 106 107RC=$? 108if test $RC != 0 ; then 109 echo "ldapsearch failed ($RC)!" 110 test $KILLSERVERS != no && kill -HUP $KILLPIDS 111 exit $RC 112fi 113 114FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule caseExactMatch, value \"US\" })" 115echo " f=$FILTER ..." 116echo "# f=$FILTER ..." >> $SEARCHOUT 117$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 118 "$FILTER" >> $SEARCHOUT 2>&1 119 120RC=$? 121if test $RC != 0 ; then 122 echo "ldapsearch failed ($RC)!" 123 test $KILLSERVERS != no && kill -HUP $KILLPIDS 124 exit $RC 125fi 126 127FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1.1.value\", rule allComponentsMatch, value \"US\" })" 128echo " f=$FILTER ..." 129echo "# f=$FILTER ..." >> $SEARCHOUT 130$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 131 "$FILTER" >> $SEARCHOUT 2>&1 132 133RC=$? 134if test $RC != 0 ; then 135 echo "ldapsearch failed ($RC)!" 136 test $KILLSERVERS != no && kill -HUP $KILLPIDS 137 exit $RC 138fi 139 140FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule allComponentsMatch, value { { { type 2.5.4.6 , value \"US\" } } } })" 141echo " f=$FILTER ..." 142echo "# f=$FILTER ..." >> $SEARCHOUT 143$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 144 "$FILTER" >> $SEARCHOUT 2>&1 145 146RC=$? 147if test $RC != 0 ; then 148 echo "ldapsearch failed ($RC)!" 149 test $KILLSERVERS != no && kill -HUP $KILLPIDS 150 exit $RC 151fi 152 153FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.0\", rule integerMatch, value 3 })" 154echo " f=$FILTER ..." 155echo "# f=$FILTER ..." >> $SEARCHOUT 156$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 157 "$FILTER" >> $SEARCHOUT 2>&1 158 159RC=$? 160if test $RC != 0 ; then 161 echo "ldapsearch failed ($RC)!" 162 test $KILLSERVERS != no && kill -HUP $KILLPIDS 163 exit $RC 164fi 165 166FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnID\", rule allComponentsMatch, value 2.5.29.14 })" 167echo " f=$FILTER ..." 168echo "# f=$FILTER ..." >> $SEARCHOUT 169$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 170 "$FILTER" >> $SEARCHOUT 2>&1 171 172RC=$? 173if test $RC != 0 ; then 174 echo "ldapsearch failed ($RC)!" 175 test $KILLSERVERS != no && kill -HUP $KILLPIDS 176 exit $RC 177fi 178 179FILTER="(userCertificate:componentFilterMatch:=not:item:{ component \"toBeSigned.extensions.\2a\", rule allComponentsMatch, value { extnID 2.5.29.19 , extnValue '30030101FF'H })" 180echo " f=$FILTER ..." 181echo "# f=$FILTER ..." >> $SEARCHOUT 182$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 183 "$FILTER" >> $SEARCHOUT 2>&1 184 185RC=$? 186if test $RC != 0 ; then 187 echo "ldapsearch failed ($RC)!" 188 test $KILLSERVERS != no && kill -HUP $KILLPIDS 189 exit $RC 190fi 191 192FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence\", rule distinguishedNameMatch, value \"c=US\" })" 193echo " f=$FILTER ..." 194echo "# f=$FILTER ..." >> $SEARCHOUT 195$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 196 "$FILTER" >> $SEARCHOUT 2>&1 197 198RC=$? 199if test $RC != 0 ; then 200 echo "ldapsearch failed ($RC)!" 201 test $KILLSERVERS != no && kill -HUP $KILLPIDS 202 exit $RC 203fi 204 205FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.issuer.rdnSequence.1\", rule rdnMatch, value \"c=US\" })" 206echo " f=$FILTER ..." 207echo "# f=$FILTER ..." >> $SEARCHOUT 208$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 209 "$FILTER" >> $SEARCHOUT 2>&1 210 211RC=$? 212if test $RC != 0 ; then 213 echo "ldapsearch failed ($RC)!" 214 test $KILLSERVERS != no && kill -HUP $KILLPIDS 215 exit $RC 216fi 217 218FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.extensions.\2a.extnValue.content.\282.5.29.35\29.authorityCertSerialNumber\", rule integerMatch, value 0 })" 219echo " f=$FILTER ..." 220echo "# f=$FILTER ..." >> $SEARCHOUT 221$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 222 "$FILTER" >> $SEARCHOUT 2>&1 223 224RC=$? 225if test $RC != 0 ; then 226 echo "ldapsearch failed ($RC)!" 227 test $KILLSERVERS != no && kill -HUP $KILLPIDS 228 exit $RC 229fi 230 231 232FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a\", rule rdnMatch, value \"c=US\" })" 233echo " f=$FILTER ..." 234echo "# f=$FILTER ..." >> $SEARCHOUT 235$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 236 "$FILTER" >> $SEARCHOUT 2>&1 237 238RC=$? 239if test $RC != 0 ; then 240 echo "ldapsearch failed ($RC)!" 241 test $KILLSERVERS != no && kill -HUP $KILLPIDS 242 exit $RC 243fi 244 245FILTER="(userCertificate:componentFilterMatch:=item:{ component \"toBeSigned.subject.rdnSequence.\2a.\2a.value.\282.5.4.6\29\", rule caseExactMatch, value \"US\" })" 246echo " f=$FILTER ..." 247echo "# f=$FILTER ..." >> $SEARCHOUT 248$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 249 "$FILTER" >> $SEARCHOUT 2>&1 250 251RC=$? 252if test $RC != 0 ; then 253 echo "ldapsearch failed ($RC)!" 254 test $KILLSERVERS != no && kill -HUP $KILLPIDS 255 exit $RC 256fi 257 258# extraction filter 259FILTER="(x509CertificateIssuer=c=US)" 260echo " f=$FILTER ..." 261echo "# f=$FILTER ..." >> $SEARCHOUT 262$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 263 "$FILTER" >> $SEARCHOUT 2>&1 264 265RC=$? 266if test $RC != 0 ; then 267 echo "ldapsearch failed ($RC)!" 268 test $KILLSERVERS != no && kill -HUP $KILLPIDS 269 exit $RC 270fi 271 272# extraction filter 273FILTER="(x509CertificateSerial=0)" 274echo " f=$FILTER ..." 275echo "# f=$FILTER ..." >> $SEARCHOUT 276$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 277 "$FILTER" >> $SEARCHOUT 2>&1 278 279RC=$? 280if test $RC != 0 ; then 281 echo "ldapsearch failed ($RC)!" 282 test $KILLSERVERS != no && kill -HUP $KILLPIDS 283 exit $RC 284fi 285 286# extraction filter 287FILTER="(x509CertificateSerialAndIssuer:certificateExactMatch:=0\$c=US)" 288echo " f=$FILTER ..." 289echo "# f=$FILTER ..." >> $SEARCHOUT 290$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 291 "$FILTER" >> $SEARCHOUT 2>&1 292 293RC=$? 294if test $RC != 0 ; then 295 echo "ldapsearch failed ($RC)!" 296 test $KILLSERVERS != no && kill -HUP $KILLPIDS 297 exit $RC 298fi 299 300FILTER="(certificateRevocationList:componentFilterMatch:=item:{ component \"tbsCertList.revokedCertificates.\2a.userCertificate\", rule integerMatch, value 952069669 })" 301echo " f=$FILTER ..." 302echo "# f=$FILTER ..." >> $SEARCHOUT 303$LDAPSEARCH -S "" -b "$BASEDN" -h $LOCALHOST -p $PORT1 \ 304 "$FILTER" >> $SEARCHOUT 2>&1 305 306RC=$? 307if test $RC != 0 ; then 308 echo "ldapsearch failed ($RC)!" 309 test $KILLSERVERS != no && kill -HUP $KILLPIDS 310 exit $RC 311fi 312 313 314test $KILLSERVERS != no && kill -HUP $KILLPIDS 315 316echo "Filtering ldapsearch results..." 317$LDIFFILTER < $SEARCHOUT > $SEARCHFLT 318echo "Comparing filter output..." 319$CMP $SEARCHFLT $COMPSEARCHOUT > $CMPOUT 320 321if test $? != 0 ; then 322 echo "Comparison failed" 323 exit 1 324fi 325 326echo ">>>>> Test succeeded" 327 328test $KILLSERVERS != no && wait 329 330exit 0 331