/*
* FUNCTION: pkix_pl_AiaMgr_FindLDAPClient
* DESCRIPTION:
*
* This function checks the collection of LDAPClient connections held by the
* AIAMgr pointed to by "aiaMgr" for one matching the domain name given by
* "domainName". The string may include a port number: e.g., "betty.nist.gov"
* or "nss.red.iplanet.com:1389". If a match is found, that LDAPClient is
* stored at "pClient". Otherwise, an LDAPClient is created and added to the
* collection, and then stored at "pClient".
*
* PARAMETERS:
* "aiaMgr"
* The AIAMgr whose LDAPClient connected are to be managed. Must be
* non-NULL.
* "domainName"
* Address of a string pointing to a server name. Must be non-NULL.
* "pClient"
* Address at which the returned LDAPClient is stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an AIAMgr Error if the function fails in a non-fatal way
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_AiaMgr_FindLDAPClient(
PKIX_PL_AIAMgr *aiaMgr,
char *domainName,
PKIX_PL_LdapClient **pClient,
void *plContext)
{
PKIX_PL_String *domainString = NULL;
PKIX_PL_LdapDefaultClient *client = NULL;
PKIX_ENTER(AIAMGR, "pkix_pl_AiaMgr_FindLDAPClient");
PKIX_NULLCHECK_THREE(aiaMgr, domainName, pClient);
/* create PKIX_PL_String from domain name */
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII, domainName, 0, &domainString, plContext),
PKIX_STRINGCREATEFAILED);
/* Is this domainName already in cache? */
PKIX_CHECK(PKIX_PL_HashTable_Lookup
(aiaConnectionCache,
(PKIX_PL_Object *)domainString,
(PKIX_PL_Object **)&client,
plContext),
PKIX_HASHTABLELOOKUPFAILED);
if (client == NULL) {
/* No, create a connection (and cache it) */
PKIX_CHECK(PKIX_PL_LdapDefaultClient_CreateByName
(domainName,
/* Do not use NBIO until we verify, that
* it is working. For now use 1 min timeout. */
PR_SecondsToInterval(
((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
NULL,
&client,
plContext),
PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED);
PKIX_CHECK(PKIX_PL_HashTable_Add
(aiaConnectionCache,
(PKIX_PL_Object *)domainString,
(PKIX_PL_Object *)client,
plContext),
PKIX_HASHTABLEADDFAILED);
}
*pClient = (PKIX_PL_LdapClient *)client;
cleanup:
PKIX_DECREF(domainString);
PKIX_RETURN(AIAMGR);
}
static PKIX_Error *
testSetupCertStore(PKIX_ValidateParams *valParams, char *ldapName)
{
PKIX_PL_String *dirString = NULL;
PKIX_CertStore *certStore = NULL;
PKIX_ProcessingParams *procParams = NULL;
PKIX_PL_LdapDefaultClient *ldapClient = NULL;
PKIX_TEST_STD_VARS();
subTest("PKIX_PL_CollectionCertStoreContext_Create");
/* Create LDAPCertStore */
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName
(ldapName,
0, /* timeout */
NULL, /* bindPtr */
&ldapClient,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create
((PKIX_PL_LdapClient *)ldapClient,
&certStore,
plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ValidateParams_GetProcessingParams
(valParams, &procParams, plContext));
subTest("PKIX_ProcessingParams_AddCertStore");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_AddCertStore
(procParams, certStore, plContext));
subTest("PKIX_ProcessingParams_SetRevocationEnabled");
PKIX_TEST_EXPECT_NO_ERROR(PKIX_ProcessingParams_SetRevocationEnabled
(procParams, PKIX_TRUE, plContext));
cleanup:
PKIX_TEST_DECREF_AC(dirString);
PKIX_TEST_DECREF_AC(procParams);
PKIX_TEST_DECREF_AC(certStore);
PKIX_TEST_DECREF_AC(ldapClient);
PKIX_TEST_RETURN();
return (0);
}
static PKIX_Error *
createLdapCertStore(
char *hostname,
PRIntervalTime timeout,
PKIX_CertStore **pLdapCertStore,
void *plContext)
{
PRIntn backlog = 0;
char *bindname = "";
char *auth = "";
LDAPBindAPI bindAPI;
LDAPBindAPI *bindPtr = NULL;
PKIX_PL_LdapDefaultClient *ldapClient = NULL;
PKIX_CertStore *ldapCertStore = NULL;
PKIX_TEST_STD_VARS();
if (usebind) {
bindPtr = &bindAPI;
bindAPI.selector = SIMPLE_AUTH;
bindAPI.chooser.simple.bindName = bindname;
bindAPI.chooser.simple.authentication = auth;
}
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapDefaultClient_CreateByName(hostname, timeout, bindPtr, &ldapClient, plContext));
PKIX_TEST_EXPECT_NO_ERROR(PKIX_PL_LdapCertStore_Create((PKIX_PL_LdapClient *)ldapClient,
&ldapCertStore,
plContext));
*pLdapCertStore = ldapCertStore;
cleanup:
PKIX_TEST_DECREF_AC(ldapClient);
PKIX_TEST_RETURN();
return (pkixTestErrorResult);
}
/*
* FUNCTION: pkix_pl_AiaMgr_FindLDAPClient
* DESCRIPTION:
*
* This function checks the collection of LDAPClient connections held by the
* AIAMgr pointed to by "aiaMgr" for one matching the domain name given by
* "domainName". The string may include a port number: e.g., "betty.nist.gov"
* or "nss.red.iplanet.com:1389". If a match is found, that LDAPClient is
* stored at "pClient". Otherwise, an LDAPClient is created and added to the
* collection, and then stored at "pClient".
*
* PARAMETERS:
* "aiaMgr"
* The AIAMgr whose LDAPClient connected are to be managed. Must be
* non-NULL.
* "domainName"
* Address of a string pointing to a server name. Must be non-NULL.
* An empty string (which means no <host> is given in the LDAP URL) is
* not supported.
* "pClient"
* Address at which the returned LDAPClient is stored. Must be non-NULL.
* "plContext"
* Platform-specific context pointer.
* THREAD SAFETY:
* Thread Safe (see Thread Safety Definitions in Programmer's Guide)
* RETURNS:
* Returns NULL if the function succeeds.
* Returns an AIAMgr Error if the function fails in a non-fatal way
* Returns a Fatal Error if the function fails in an unrecoverable way.
*/
static PKIX_Error *
pkix_pl_AiaMgr_FindLDAPClient(
PKIX_PL_AIAMgr *aiaMgr,
char *domainName,
PKIX_PL_LdapClient **pClient,
void *plContext)
{
PKIX_PL_String *domainString = NULL;
PKIX_PL_LdapDefaultClient *client = NULL;
PKIX_ENTER(AIAMGR, "pkix_pl_AiaMgr_FindLDAPClient");
PKIX_NULLCHECK_THREE(aiaMgr, domainName, pClient);
/*
* An LDAP URL may not have a <host> part, for example,
* ldap:///o=University%20of%20Michigan,c=US
* PKIX_PL_LdapDefaultClient doesn't know how to discover the default
* LDAP server, so we don't support this kind of LDAP URL.
*/
if (*domainName == '\0') {
/* Simulate a PKIX_PL_LdapDefaultClient_CreateByName failure. */
PKIX_ERROR(PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED);
}
/* create PKIX_PL_String from domain name */
PKIX_CHECK(PKIX_PL_String_Create
(PKIX_ESCASCII, domainName, 0, &domainString, plContext),
PKIX_STRINGCREATEFAILED);
/* Is this domainName already in cache? */
PKIX_CHECK(PKIX_PL_HashTable_Lookup
(aiaConnectionCache,
(PKIX_PL_Object *)domainString,
(PKIX_PL_Object **)&client,
plContext),
PKIX_HASHTABLELOOKUPFAILED);
if (client == NULL) {
/* No, create a connection (and cache it) */
PKIX_CHECK(PKIX_PL_LdapDefaultClient_CreateByName
(domainName,
/* Do not use NBIO until we verify, that
* it is working. For now use 1 min timeout. */
PR_SecondsToInterval(
((PKIX_PL_NssContext*)plContext)->timeoutSeconds),
NULL,
&client,
plContext),
PKIX_LDAPDEFAULTCLIENTCREATEBYNAMEFAILED);
PKIX_CHECK(PKIX_PL_HashTable_Add
(aiaConnectionCache,
(PKIX_PL_Object *)domainString,
(PKIX_PL_Object *)client,
plContext),
PKIX_HASHTABLEADDFAILED);
}
*pClient = (PKIX_PL_LdapClient *)client;
cleanup:
PKIX_DECREF(domainString);
PKIX_RETURN(AIAMGR);
}
