static SEC_CHAR *
_mongoc_sspi_base64_encode (const SEC_CHAR *value, DWORD vlen)
{
SEC_CHAR *out = NULL;
DWORD len;
/* Get the correct size for the out buffer. */
if (CryptBinaryToStringA ((BYTE *) value,
vlen,
CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF,
NULL,
&len)) {
out = (SEC_CHAR *) malloc (sizeof (SEC_CHAR) * len);
if (out) {
/* Encode to the out buffer. */
if (CryptBinaryToStringA ((BYTE *) value,
vlen,
CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF,
out,
&len)) {
return out;
} else {
free (out);
}
}
}
MONGOC_ERROR ("%s", "CryptBinaryToString failed.");
return NULL;
}
static void *
_multi_upload_thread (void *p)
{
multi_upload_thread_context_t *ctx;
mongoc_gridfs_file_opt_t opt = { 0 };
mongoc_gridfs_file_t *file;
bson_error_t error;
ctx = (multi_upload_thread_context_t *) p;
opt.filename = ctx->filename;
/* upload chunks */
file = mongoc_gridfs_create_file_from_stream (ctx->gridfs,
ctx->stream,
&opt);
/* create fs.files document */
if (!mongoc_gridfs_file_save (file)) {
if (mongoc_gridfs_file_error (file, &error)) {
MONGOC_ERROR ("file_readv: %s\n", error.message);
} else {
MONGOC_ERROR ("file_readv: unknown error\n");
}
abort ();
}
mongoc_gridfs_file_destroy (file);
return (void *) 1;
}
static void
_upload_big_file (gridfs_test_t *gridfs_test,
bson_oid_t *oid /* OUT */)
{
mongoc_gridfs_file_t *file;
mongoc_iovec_t iov;
bson_error_t error;
const bson_value_t *value;
file = mongoc_gridfs_create_file (gridfs_test->gridfs, NULL);
iov.iov_base = (void *) gridfs_test->data;
iov.iov_len = gridfs_test->data_sz;
if (iov.iov_len != mongoc_gridfs_file_writev (file, &iov, 1, 0)) {
if (mongoc_gridfs_file_error (file, &error)) {
MONGOC_ERROR ("file_writev: %s\n", error.message);
} else {
MONGOC_ERROR ("file_writev: unknown error\n");
}
abort ();
}
mongoc_gridfs_file_save (file);
value = mongoc_gridfs_file_get_id (file);
assert (value->value_type == BSON_TYPE_OID);
bson_oid_copy (&value->value.v_oid, oid);
mongoc_gridfs_file_destroy (file);
}
static void *
_multi_download_thread (void *p)
{
multi_download_thread_context_t *ctx;
FILE *fp;
mongoc_gridfs_file_t *file;
bson_error_t error;
char buf[BUF_SZ];
mongoc_iovec_t iov;
ssize_t sz;
ctx = (multi_download_thread_context_t *) p;
fp = fopen (ctx->path, "w+");
if (!fp) {
perror ("fopen");
abort ();
}
file = mongoc_gridfs_find_one_by_filename (ctx->gridfs,
ctx->filename,
&error);
if (!file) {
MONGOC_ERROR ("find_one_by_filename: %s\n", error.message);
abort ();
}
iov.iov_base = buf;
iov.iov_len = BUF_SZ;
for (;;) {
/* a 255k chunk at a time */
sz = mongoc_gridfs_file_readv (file,
&iov,
1, /* iov count */
1, /* min bytes */
0 /* timeout */);
if (!sz) {
break;
}
assert (sz > 0);
fwrite (iov.iov_base, sizeof (char), (size_t) sz, fp);
}
if (mongoc_gridfs_file_error (file, &error)) {
MONGOC_ERROR ("gridfs_file_readv: %s\n", error.message);
abort ();
}
mongoc_gridfs_file_destroy (file);
fclose (fp);
return (void *) 1;
}
char *
mongoc_ssl_extract_subject (const char *filename, const char *passphrase)
{
char *retval;
if (!filename) {
MONGOC_ERROR ("No filename provided to extract subject from");
return NULL;
}
#ifdef _WIN32
if (_access (filename, 0) != 0) {
#else
if (access (filename, R_OK) != 0) {
#endif
MONGOC_ERROR ("Can't extract subject from unreadable file: '%s'",
filename);
return NULL;
}
#if defined(MONGOC_ENABLE_SSL_OPENSSL)
retval = _mongoc_openssl_extract_subject (filename, passphrase);
#elif defined(MONGOC_ENABLE_SSL_LIBRESSL)
MONGOC_WARNING (
"libtls doesn't support automatically extracting subject from "
"certificate to use with authentication");
retval = NULL;
#elif defined(MONGOC_ENABLE_SSL_SECURE_TRANSPORT)
retval = _mongoc_secure_transport_extract_subject (filename, passphrase);
#elif defined(MONGOC_ENABLE_SSL_SECURE_CHANNEL)
retval = _mongoc_secure_channel_extract_subject (filename, passphrase);
#endif
if (!retval) {
MONGOC_ERROR ("Can't extract subject from file '%s'", filename);
}
return retval;
}
void
_mongoc_ssl_opts_copy_to (const mongoc_ssl_opt_t *src, mongoc_ssl_opt_t *dst)
{
BSON_ASSERT (src);
BSON_ASSERT (dst);
dst->pem_file = bson_strdup (src->pem_file);
dst->pem_pwd = bson_strdup (src->pem_pwd);
dst->ca_file = bson_strdup (src->ca_file);
dst->ca_dir = bson_strdup (src->ca_dir);
dst->crl_file = bson_strdup (src->crl_file);
dst->weak_cert_validation = src->weak_cert_validation;
dst->allow_invalid_hostname = src->allow_invalid_hostname;
}
static void
multi_upload_before (perf_test_t *test)
{
multi_upload_test_t *upload_test;
mongoc_client_t *client;
mongoc_gridfs_t *gridfs;
bson_error_t error;
mongoc_database_t *db;
multi_upload_thread_context_t *ctx;
int i;
perf_test_before (test);
upload_test = (multi_upload_test_t *) test;
client = mongoc_client_pool_pop (upload_test->pool);
db = mongoc_client_get_database (client, "perftest");
if (!mongoc_database_drop (db, &error)) {
MONGOC_ERROR ("database_drop: %s\n", error.message);
abort ();
}
gridfs = mongoc_client_get_gridfs (client, "perftest", NULL, &error);
if (!gridfs) {
MONGOC_ERROR ("get_gridfs: %s\n", error.message);
abort ();
}
write_one_byte_file (gridfs);
mongoc_gridfs_destroy (gridfs);
mongoc_client_pool_push (upload_test->pool, client);
for (i = 0; i < upload_test->cnt; i++) {
ctx = &upload_test->contexts[i];
ctx->client = mongoc_client_pool_pop (upload_test->pool);
ctx->gridfs = mongoc_client_get_gridfs (ctx->client, "perftest",
NULL, &error);
if (!ctx->gridfs) {
MONGOC_ERROR ("get_gridfs: %s\n", error.message);
abort ();
}
ctx->stream = mongoc_stream_file_new_for_path (ctx->path, O_RDONLY, 0);
if (!ctx->stream) {
perror ("stream_new_for_path");
abort ();
}
}
mongoc_database_destroy (db);
}
void
mock_server_replies_to_find (request_t *request,
mongoc_query_flags_t flags,
int64_t cursor_id,
int32_t number_returned,
const char *ns,
const char *reply_json,
bool is_command)
{
char *find_reply;
char db[MONGOC_NAMESPACE_MAX];
_mongoc_get_db_name (ns, db);
/* minimal validation, we're not testing query / find cmd here */
if (request->is_command && !is_command) {
MONGOC_ERROR ("expected query, got command");
abort ();
}
if (!request->is_command && is_command) {
MONGOC_ERROR ("expected command, got query");
abort ();
}
if (!request_matches_flags (request, flags)) {
abort ();
}
if (is_command) {
find_reply = bson_strdup_printf (
"{'ok': 1,"
" 'cursor': {"
" 'id': {'$numberLong': '%" PRId64 "'},"
" 'ns': '%s',"
" 'firstBatch': [%s]}}",
cursor_id,
ns,
reply_json);
mock_server_replies_simple (request, find_reply);
bson_free (find_reply);
} else {
mock_server_replies (request, MONGOC_REPLY_NONE, cursor_id, 0,
number_returned, reply_json);
}
}
static SEC_CHAR *
_mongoc_sspi_base64_decode (const SEC_CHAR *value, DWORD *rlen)
{
SEC_CHAR *out = NULL;
/* Get the correct size for the out buffer. */
if (CryptStringToBinaryA (
value, 0, CRYPT_STRING_BASE64, NULL, rlen, NULL, NULL)) {
out = (SEC_CHAR *) malloc (sizeof (SEC_CHAR) * *rlen);
if (out) {
/* Decode to the out buffer. */
if (CryptStringToBinaryA (value,
0,
CRYPT_STRING_BASE64,
(BYTE *) out,
rlen,
NULL,
NULL)) {
return out;
} else {
free (out);
}
}
}
MONGOC_ERROR ("%s", "CryptStringToBinary failed.");
return NULL;
}
static void
multi_download_task (perf_test_t *test)
{
multi_download_test_t *download_test;
multi_download_thread_context_t *ctx;
int i;
void *r;
download_test = (multi_download_test_t *) test;
for (i = 0; i < download_test->cnt; i++) {
ctx = &download_test->contexts[i];
pthread_create (&ctx->thread, NULL, _multi_download_thread, (void *) ctx);
}
for (i = 0; i < download_test->cnt; i++) {
if (pthread_join (download_test->contexts[i].thread, &r)) {
perror ("pthread_join");
abort ();
}
if ((intptr_t) r != 1) {
MONGOC_ERROR ("download_thread returned %p\n", r);
abort ();
}
}
}
static void
test_mongoc_client_authenticate (void)
{
mongoc_collection_t *collection;
mongoc_database_t *database;
mongoc_client_t *client;
mongoc_cursor_t *cursor;
const bson_t *doc;
bson_error_t error;
char *username;
char *uri;
bool r;
bson_t q;
username = gen_test_user ();
uri = gen_good_uri (username);
/*
* Add a user to the test database.
*/
client = mongoc_client_new(gTestUri);
database = mongoc_client_get_database(client, "test");
mongoc_database_remove_user (database, username, &error);
r = mongoc_database_add_user(database, username, "testpass", NULL, NULL, &error);
ASSERT_CMPINT(r, ==, 1);
mongoc_database_destroy(database);
mongoc_client_destroy(client);
/*
* Try authenticating with that user.
*/
bson_init(&q);
client = mongoc_client_new(uri);
collection = mongoc_client_get_collection(client, "test", "test");
cursor = mongoc_collection_find(collection, MONGOC_QUERY_NONE, 0, 1, 0,
&q, NULL, NULL);
r = mongoc_cursor_next(cursor, &doc);
if (!r) {
r = mongoc_cursor_error(cursor, &error);
if (r) {
MONGOC_ERROR("Authentication failure: \"%s\"", error.message);
}
assert(!r);
}
mongoc_cursor_destroy(cursor);
/*
* Remove all test users.
*/
database = mongoc_client_get_database (client, "test");
r = mongoc_database_remove_all_users (database, &error);
assert (r);
mongoc_database_destroy (database);
mongoc_collection_destroy(collection);
mongoc_client_destroy(client);
bson_free (username);
bson_free (uri);
}
/*
* Set some values in our global metadata struct. These values will be sent
* to the server as part of the initial connection handshake (isMaster).
* If this function is called more than once, or after we've connected to a
* mongod, then it will do nothing and return false. It will return true if it
* successfully sets the values.
*
* All arguments are optional.
*/
bool
mongoc_handshake_data_append (const char *driver_name,
const char *driver_version,
const char *platform)
{
int max_size = 0;
if (gMongocMetadata.frozen) {
MONGOC_ERROR ("Cannot set metadata more than once");
return false;
}
_append_and_truncate (&gMongocMetadata.driver_name, driver_name,
METADATA_DRIVER_NAME_MAX);
_append_and_truncate (&gMongocMetadata.driver_version, driver_version,
METADATA_DRIVER_VERSION_MAX);
max_size = METADATA_MAX_SIZE -
- _mongoc_strlen_or_zero (gMongocMetadata.os_type)
- _mongoc_strlen_or_zero (gMongocMetadata.os_name)
- _mongoc_strlen_or_zero (gMongocMetadata.os_version)
- _mongoc_strlen_or_zero (gMongocMetadata.os_architecture)
- _mongoc_strlen_or_zero (gMongocMetadata.driver_name)
- _mongoc_strlen_or_zero (gMongocMetadata.driver_version);
_append_and_truncate (&gMongocMetadata.platform, platform, max_size);
_mongoc_metadata_freeze ();
return true;
}
/**
* mongoc_write_concern_append:
* @write_concern: (in): A mongoc_write_concern_t.
* @command: (out): A pointer to a bson document.
*
* Appends a write_concern document to a command, to send to
* a server.
*
* Returns true on success, false on failure.
*
*/
bool
mongoc_write_concern_append (mongoc_write_concern_t *write_concern,
bson_t *command)
{
if (!mongoc_write_concern_is_valid (write_concern)) {
MONGOC_ERROR ("Invalid writeConcern passed into "
"mongoc_write_concern_append.");
return false;
}
if (!bson_append_document (command, "writeConcern", 12,
_mongoc_write_concern_get_bson (write_concern))) {
MONGOC_ERROR ("Could not append writeConcern to command.");
return false;
}
return true;
}
static void
multi_download_before (perf_test_t *test)
{
multi_download_test_t *download_test;
bson_error_t error;
multi_download_thread_context_t *ctx;
int i;
perf_test_before (test);
prep_tmp_dir (test->data_path);
download_test = (multi_download_test_t *) test;
for (i = 0; i < download_test->cnt; i++) {
ctx = &download_test->contexts[i];
ctx->client = mongoc_client_pool_pop (download_test->pool);
ctx->gridfs = mongoc_client_get_gridfs (ctx->client, "perftest",
NULL, &error);
if (!ctx->gridfs) {
MONGOC_ERROR ("get_gridfs: %s\n", error.message);
abort ();
}
}
}
bool
mongoc_compress (int32_t compressor_id,
int32_t compression_level,
char *uncompressed,
size_t uncompressed_len,
char *compressed,
size_t *compressed_len)
{
TRACE ("Compressing with '%s' (%d)",
mongoc_compressor_id_to_name (compressor_id),
compressor_id);
switch (compressor_id) {
case MONGOC_COMPRESSOR_SNAPPY_ID:
#ifdef MONGOC_ENABLE_COMPRESSION_SNAPPY
/* No compression_level option for snappy */
return snappy_compress (
uncompressed, uncompressed_len, compressed, compressed_len) ==
SNAPPY_OK;
break;
#else
MONGOC_ERROR ("Client attempting to use compress with snappy, but snappy "
"compression is not compiled in");
return false;
#endif
case MONGOC_COMPRESSOR_ZLIB_ID:
#ifdef MONGOC_ENABLE_COMPRESSION_ZLIB
return compress2 ((unsigned char *) compressed,
(unsigned long *) compressed_len,
(unsigned char *) uncompressed,
uncompressed_len,
compression_level) == Z_OK;
break;
#else
MONGOC_ERROR ("Client attempting to use compress with zlib, but zlib "
"compression is not compiled in");
return false;
#endif
case MONGOC_COMPRESSOR_NOOP_ID:
memcpy (compressed, uncompressed, uncompressed_len);
*compressed_len = uncompressed_len;
return true;
default:
return false;
}
}
static void
test_clone (void)
{
mongoc_cursor_t *clone;
mongoc_cursor_t *cursor;
mongoc_client_t *client;
const bson_t *doc;
bson_error_t error;
mongoc_uri_t *uri;
bson_bool_t r;
bson_t q = BSON_INITIALIZER;
char *uristr;
uristr = bson_strdup_printf("mongodb://%s/", HOST);
uri = mongoc_uri_new(uristr);
bson_free(uristr);
client = mongoc_client_new_from_uri(uri);
BSON_ASSERT(client);
cursor = _mongoc_cursor_new(client, "test.test", MONGOC_QUERY_NONE, 0, 1, 1,
FALSE, &q, NULL, NULL);
BSON_ASSERT(cursor);
r = mongoc_cursor_next(cursor, &doc);
if (!r && mongoc_cursor_error(cursor, &error)) {
MONGOC_ERROR("%s", error.message);
abort();
}
clone = mongoc_cursor_clone(cursor);
BSON_ASSERT(cursor);
r = mongoc_cursor_next(clone, &doc);
if (!r && mongoc_cursor_error(clone, &error)) {
MONGOC_ERROR("%s", error.message);
abort();
}
mongoc_cursor_destroy(cursor);
mongoc_cursor_destroy(clone);
mongoc_client_destroy(client);
mongoc_uri_destroy(uri);
}
/**
* Deprecated. Was never supposed to be part of the public API.
* See mongoc_stream_tls_handshake.
*/
bool
mongoc_stream_tls_check_cert (mongoc_stream_t *stream,
const char *host)
{
mongoc_stream_tls_t *stream_tls = (mongoc_stream_tls_t *)mongoc_stream_get_tls_stream (stream);
BSON_ASSERT (stream_tls);
MONGOC_ERROR ("This function doesn't do anything. Please call mongoc_stream_tls_handshake()");
return false;
}
mongoc_client_pool_t *
mongoc_client_pool_new (const mongoc_uri_t *uri)
{
mongoc_topology_t *topology;
mongoc_client_pool_t *pool;
const bson_t *b;
bson_iter_t iter;
ENTRY;
BSON_ASSERT (uri);
#ifndef MONGOC_ENABLE_SSL
if (mongoc_uri_get_ssl (uri)) {
MONGOC_ERROR ("Can't create SSL client pool,"
" SSL not enabled in this build.");
return NULL;
}
#endif
pool = (mongoc_client_pool_t *)bson_malloc0(sizeof *pool);
mongoc_mutex_init(&pool->mutex);
_mongoc_queue_init(&pool->queue);
pool->uri = mongoc_uri_copy(uri);
pool->min_pool_size = 0;
pool->max_pool_size = 100;
pool->size = 0;
pool->topology_scanner_started = false;
topology = mongoc_topology_new(uri, false);
pool->topology = topology;
mongoc_client_metadata_init (&pool->topology->scanner->ismaster_metadata);
pool->error_api_version = MONGOC_ERROR_API_VERSION_LEGACY;
b = mongoc_uri_get_options(pool->uri);
if (bson_iter_init_find_case(&iter, b, "minpoolsize")) {
if (BSON_ITER_HOLDS_INT32(&iter)) {
pool->min_pool_size = BSON_MAX(0, bson_iter_int32(&iter));
}
}
if (bson_iter_init_find_case(&iter, b, "maxpoolsize")) {
if (BSON_ITER_HOLDS_INT32(&iter)) {
pool->max_pool_size = BSON_MAX(1, bson_iter_int32(&iter));
}
}
mongoc_counter_client_pools_active_inc();
RETURN(pool);
}
/**
* Deprecated. Was never supposed to be part of the public API.
* See mongoc_stream_tls_handshake.
*/
bool
mongoc_stream_tls_do_handshake (mongoc_stream_t *stream,
int32_t timeout_msec)
{
mongoc_stream_tls_t *stream_tls = (mongoc_stream_tls_t *)mongoc_stream_get_tls_stream (stream);
BSON_ASSERT (stream_tls);
MONGOC_ERROR ("This function doesn't do anything. Please call mongoc_stream_tls_handshake()");
return false;
}
void
_mongoc_sspi_set_gsserror (DWORD errCode, const SEC_CHAR *msg)
{
SEC_CHAR *err;
DWORD status;
DWORD flags = FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_IGNORE_INSERTS;
status = FormatMessageA (flags,
NULL,
errCode,
MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &err,
0,
NULL);
if (status) {
MONGOC_ERROR ("SSPI: %s: %s", msg, err);
LocalFree (err);
} else {
MONGOC_ERROR ("SSPI: %s", msg);
}
}
static void
download_task (perf_test_t *test)
{
download_test_t *gridfs_test;
bson_t query = BSON_INITIALIZER;
mongoc_gridfs_file_t *file;
mongoc_iovec_t iov;
bson_error_t error;
ssize_t read_sz;
gridfs_test = (download_test_t *) test;
bson_append_oid (&query, "_id", 3, &gridfs_test->file_id);
file = mongoc_gridfs_find_one (gridfs_test->base.gridfs, &query, &error);
if (!file) {
MONGOC_ERROR ("gridfs_find_one: %s\n", error.message);
abort ();
}
/* overwrite the buffer we used for _upload_big_file */
iov.iov_base = (void *) gridfs_test->base.data;
iov.iov_len = gridfs_test->base.data_sz;
read_sz = mongoc_gridfs_file_readv (file, &iov, 1, gridfs_test->base.data_sz,
0);
if (read_sz != gridfs_test->base.data_sz) {
if (mongoc_gridfs_file_error (file, &error)) {
MONGOC_ERROR ("file_readv: %s\n", error.message);
} else {
MONGOC_ERROR ("file_readv: unknown error\n");
}
abort ();
}
mongoc_gridfs_file_destroy (file);
bson_destroy (&query);
}
bool
mongoc_client_pool_set_error_api (mongoc_client_pool_t *pool,
int32_t version)
{
if (version != MONGOC_ERROR_API_VERSION_LEGACY &&
version != MONGOC_ERROR_API_VERSION_2) {
MONGOC_ERROR ("Unsupported Error API Version: %" PRId32, version);
return false;
}
pool->error_api_version = version;
return true;
}
int
_mongoc_rand_bytes (uint8_t *buf, int num)
{
static BCRYPT_ALG_HANDLE algorithm = 0;
NTSTATUS status = 0;
if (!algorithm) {
status = BCryptOpenAlgorithmProvider (
&algorithm, BCRYPT_RNG_ALGORITHM, NULL, 0);
if (!NT_SUCCESS (status)) {
MONGOC_ERROR ("BCryptOpenAlgorithmProvider(): %d", status);
return 0;
}
}
status = BCryptGenRandom (algorithm, buf, num, 0);
if (NT_SUCCESS (status)) {
return 1;
}
MONGOC_ERROR ("BCryptGenRandom(): %d", status);
return 0;
}
static void
start_scanner_if_needed (mongoc_client_pool_t *pool) {
bool r;
if (!pool->topology_scanner_started) {
r = mongoc_topology_start_background_scanner (pool->topology);
if (r) {
pool->topology_scanner_started = true;
} else {
MONGOC_ERROR ("Background scanner did not start!");
}
}
}
static void
_drop_database (gridfs_test_t *gridfs_test)
{
mongoc_database_t *db;
bson_error_t error;
db = mongoc_client_get_database (gridfs_test->client, "perftest");
if (!mongoc_database_drop (db, &error)) {
MONGOC_ERROR ("database_drop: %s\n", error.message);
abort ();
}
mongoc_database_destroy (db);
}
static void
_init_gridfs (gridfs_test_t *gridfs_test)
{
bson_error_t error;
/* ensures indexes */
gridfs_test->gridfs = mongoc_client_get_gridfs (gridfs_test->client,
"perftest", NULL, &error);
if (!gridfs_test->gridfs) {
MONGOC_ERROR ("get_gridfs: %s\n", error.message);
abort ();
}
}
bool
_mongoc_openssl_import_cert_store (LPWSTR store_name,
DWORD dwFlags,
X509_STORE *openssl_store)
{
PCCERT_CONTEXT cert = NULL;
HCERTSTORE cert_store;
cert_store = CertOpenStore (
CERT_STORE_PROV_SYSTEM, /* provider */
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, /* certificate encoding */
0, /* unused */
dwFlags, /* dwFlags */
store_name); /* system store name. "My" or "Root" */
if (cert_store == NULL) {
LPTSTR msg = NULL;
FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_ARGUMENT_ARRAY,
NULL,
GetLastError (),
LANG_NEUTRAL,
(LPTSTR) &msg,
0,
NULL);
MONGOC_ERROR ("Can't open CA store: 0x%.8X: '%s'", (unsigned int) GetLastError (), msg);
LocalFree (msg);
return false;
}
while ((cert = CertEnumCertificatesInStore (cert_store, cert)) != NULL) {
X509 *x509Obj = d2i_X509 (NULL,
(const unsigned char **) &cert->pbCertEncoded,
cert->cbCertEncoded);
if (x509Obj == NULL) {
MONGOC_WARNING (
"Error parsing X509 object from Windows certificate store");
continue;
}
X509_STORE_add_cert (openssl_store, x509Obj);
X509_free (x509Obj);
}
CertCloseStore (cert_store, 0);
return true;
}
void
mongoc_crypto_cng_init (void)
{
NTSTATUS status = STATUS_UNSUCCESSFUL;
_sha1_hash_algo = 0;
status = BCryptOpenAlgorithmProvider (
&_sha1_hash_algo, BCRYPT_SHA1_ALGORITHM, NULL, 0);
if (!NT_SUCCESS (status)) {
MONGOC_ERROR ("BCryptOpenAlgorithmProvider(SHA1): %x", status);
}
_sha1_hmac_algo = 0;
status = BCryptOpenAlgorithmProvider (&_sha1_hmac_algo,
BCRYPT_SHA1_ALGORITHM,
NULL,
BCRYPT_ALG_HANDLE_HMAC_FLAG);
if (!NT_SUCCESS (status)) {
MONGOC_ERROR ("BCryptOpenAlgorithmProvider(SHA1 HMAC): %x", status);
}
_sha256_hash_algo = 0;
status = BCryptOpenAlgorithmProvider (
&_sha256_hash_algo, BCRYPT_SHA256_ALGORITHM, NULL, 0);
if (!NT_SUCCESS (status)) {
MONGOC_ERROR ("BCryptOpenAlgorithmProvider(SHA256): %x", status);
}
_sha256_hmac_algo = 0;
status = BCryptOpenAlgorithmProvider (&_sha256_hmac_algo,
BCRYPT_SHA256_ALGORITHM,
NULL,
BCRYPT_ALG_HANDLE_HMAC_FLAG);
if (!NT_SUCCESS (status)) {
MONGOC_ERROR ("BCryptOpenAlgorithmProvider(SHA256 HMAC): %x", status);
}
}
bool
mongoc_secure_transport_setup_ca (
mongoc_stream_tls_secure_transport_t *secure_transport,
mongoc_ssl_opt_t *opt)
{
if (opt->ca_file) {
CFArrayRef items;
SecExternalItemType type = kSecItemTypeCertificate;
bool success = _mongoc_secure_transport_import_pem (
opt->ca_file, NULL, &items, &type);
if (!success) {
MONGOC_ERROR ("Can't find certificate in \"%s\"", opt->ca_file);
return false;
}
if (type == kSecItemTypeAggregate) {
CFMutableArrayRef anchors = CFArrayCreateMutable (
kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks);
for (CFIndex i = 0; i < CFArrayGetCount (items); ++i) {
CFTypeID item_id = CFGetTypeID (CFArrayGetValueAtIndex (items, i));
if (item_id == SecCertificateGetTypeID ()) {
CFArrayAppendValue (anchors, CFArrayGetValueAtIndex (items, i));
}
}
secure_transport->anchors = anchors;
CFRelease (items);
} else if (type == kSecItemTypeCertificate) {
secure_transport->anchors = items;
} else {
CFRelease (items);
}
/* This should be SSLSetCertificateAuthorities But the /TLS/ tests fail
* when it is */
success = !SSLSetTrustedRoots (
secure_transport->ssl_ctx_ref, secure_transport->anchors, true);
TRACE ("Setting certificate authority %s (%s)",
success ? "succeeded" : "failed",
opt->ca_file);
return true;
}
TRACE ("%s", "No CA provided, using defaults");
return false;
}
mongoc_client_t *
_mongoc_client_new_from_uri (const mongoc_uri_t *uri, mongoc_topology_t *topology)
{
mongoc_client_t *client;
const mongoc_read_prefs_t *read_prefs;
const mongoc_read_concern_t *read_concern;
const mongoc_write_concern_t *write_concern;
BSON_ASSERT (uri);
#ifndef MONGOC_ENABLE_SSL
if (mongoc_uri_get_ssl (uri)) {
MONGOC_ERROR ("Can't create SSL client, SSL not enabled in this build.");
return NULL;
}
#endif
client = (mongoc_client_t *)bson_malloc0(sizeof *client);
client->uri = mongoc_uri_copy (uri);
client->request_id = rand ();
client->initiator = mongoc_client_default_stream_initiator;
client->initiator_data = client;
client->topology = topology;
write_concern = mongoc_uri_get_write_concern (client->uri);
client->write_concern = mongoc_write_concern_copy (write_concern);
read_concern = mongoc_uri_get_read_concern (client->uri);
client->read_concern = mongoc_read_concern_copy (read_concern);
read_prefs = mongoc_uri_get_read_prefs_t (client->uri);
client->read_prefs = mongoc_read_prefs_copy (read_prefs);
mongoc_cluster_init (&client->cluster, client->uri, client);
#ifdef MONGOC_ENABLE_SSL
client->use_ssl = false;
if (mongoc_uri_get_ssl (client->uri)) {
/* sets use_ssl = true */
mongoc_client_set_ssl_opts (client, mongoc_ssl_opt_get_default ());
}
#endif
mongoc_counter_clients_active_inc ();
return client;
}
/**
* mongoc_read_concern_append:
* @read_concern: (in): A mongoc_read_concern_t.
* @opts: (out): A pointer to a bson document.
*
* Appends a read_concern document to command options to send to
* a server.
*
* Returns true on success, false on failure.
*
*/
bool
mongoc_read_concern_append (mongoc_read_concern_t *read_concern,
bson_t *command)
{
BSON_ASSERT (read_concern);
if (!read_concern->level) {
return true;
}
if (!bson_append_document (command, "readConcern", 11,
_mongoc_read_concern_get_bson (read_concern))) {
MONGOC_ERROR ("Could not append readConcern to command.");
return false;
}
return true;
}