Moving NSCP Directory Server from DirectoryBranch to TRUNK, initial drop. (foxworth)ldapserver7x

7 files changed, 2049 insertions, 0 deletions

diff --git a/ldap/servers/plugins/http/Makefile b/ldap/servers/plugins/http/Makefile
new file mode 100644
index 00000000..d23c26a5
--- /dev/null
+++ b/ldap/servers/plugins/http/Makefile
@@ -0,0 +1,80 @@
+#
+# PROPRIETARY/CONFIDENTIAL. Use of this product is subject to
+# license terms. Copyright 2001 Sun Microsystems, Inc.
+# Some preexisting portions Copyright 2001 Netscape Communications Corp.
+# All rights reserved.
+# 
+LDAP_SRC = ../../..
+MCOM_ROOT = ../../../../..
+
+NOSTDCLEAN=true # don't let nsconfig.mk define target clean
+NOSTDSTRIP=true # don't let nsconfig.mk define target strip
+NSPR20=true	# probably should be defined somewhere else (not sure where)
+
+OBJDEST = $(OBJDIR)/lib/libhttpclient
+LIBDIR = $(LIB_RELDIR)
+
+include $(MCOM_ROOT)/ldapserver/nsdefs.mk
+include $(MCOM_ROOT)/ldapserver/nsconfig.mk
+include $(LDAP_SRC)/nsldap.mk
+
+ifeq ($(ARCH), WINNT)
+DEF_FILE:=./http.def
+endif
+
+HTTP_OBJS =	http_client.o http_impl.o
+
+OBJS = $(addprefix $(OBJDEST)/, $(HTTP_OBJS)) 
+
+HTTP_DLL = http-client-plugin
+
+INCLUDES += -I../../slapd  -I../../../include
+
+CFLAGS+=$(SLCFLAGS) -DSLAPD_LOGGING 
+
+ifeq ($(ARCH), WINNT)
+CFLAGS+=-D_WIN32 -DXP_WIN -DXP_WIN32
+EXTRA_LIBS_DEP +=  $(LIBSLAPD_DEP) $(NSPR_DEP) $(SECURITY_DEP)
+EXTRA_LIBS += $(NSPRLINK) $(LIBSLAPD) $(SECURITYLINK)
+HTTP_DLL_OBJ = $(addprefix $(OBJDEST)/, dllmain.o)
+endif
+
+ifeq ($(ARCH), HPUX)
+EXTRA_LIBS_DEP += $(LIBSLAPD_DEP) $(LDAPSDK_DEP) $(NSPR_DEP) $(SECURITY_DEP)
+EXTRA_LIBS += $(DYN_NSHTTPD) $(ADMINUTIL_LINK) $(LDAPLINK) $(SECURITYLINK) $(NSPRLINK) $(ICULINK)
+endif
+
+ifeq ($(ARCH), AIX)
+LD=ld
+EXTRA_LIBS += $(LIBSLAPD) 
+endif
+
+HTTP=	$(addprefix $(LIBDIR)/, $(HTTP_DLL).$(DLL_SUFFIX))
+
+clientSDK: 
+
+all:	$(OBJDEST) $(LIBDIR) $(HTTP)
+
+ifeq ($(ARCH), WINNT)
+$(HTTP): $(OBJS) $(HTTP_DLL_OBJ) $(DEF_FILE)
+	$(LINK_DLL) $(HTTP_DLL_OBJ) $(EXTRA_LIBS) /DEF:$(DEF_FILE)
+else
+$(HTTP): $(OBJS) $(HTTP_DLL_OBJ) 
+	$(LINK_DLL) $(HTTP_DLL_OBJ) $(EXTRA_LIBS)
+endif
+
+
+veryclean: clean
+
+clean:
+	$(RM) $(OBJS)
+ifeq ($(ARCH), WINNT)
+	$(RM) $(HTTP_DLL_OBJ)
+endif
+	$(RM) $(HTTP)
+
+$(OBJDEST):
+	$(MKDIR) $(OBJDEST)
+
+$(LIBDIR):
+	$(MKDIR) $(LIBDIR)
diff --git a/ldap/servers/plugins/http/dllmain.c b/ldap/servers/plugins/http/dllmain.c
new file mode 100644
index 00000000..ef1f637a
--- /dev/null
+++ b/ldap/servers/plugins/http/dllmain.c
@@ -0,0 +1,98 @@
+/**
+ * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to
+ * license terms. Copyright 2001 Sun Microsystems, Inc.
+ * Some preexisting portions Copyright 2001 Netscape Communications Corp.
+ * All rights reserved.
+ */
+/*
+ * Microsoft Windows specifics for BACK-LDBM DLL
+ */
+#include "ldap.h"
+#include "lber.h"
+
+#ifdef _WIN32
+
+/* Lifted from Q125688
+ * How to Port a 16-bit DLL to a Win32 DLL
+ * on the MSVC 4.0 CD
+ */
+
+BOOL WINAPI DllMain (HANDLE hModule, DWORD fdwReason, LPVOID lpReserved)
+{
+	WSADATA	wsadata;
+
+	switch (fdwReason)
+	{
+	case DLL_PROCESS_ATTACH:
+		 /* Code from LibMain inserted here.  Return TRUE to keep the
+		    DLL loaded or return FALSE to fail loading the DLL.
+
+		    You may have to modify the code in your original LibMain to
+		    account for the fact that it may be called more than once.
+		    You will get one DLL_PROCESS_ATTACH for each process that
+		    loads the DLL. This is different from LibMain which gets
+		    called only once when the DLL is loaded. The only time this
+		    is critical is when you are using shared data sections.
+		    If you are using shared data sections for statically
+		    allocated data, you will need to be careful to initialize it
+		    only once. Check your code carefully.
+
+		    Certain one-time initializations may now need to be done for
+		    each process that attaches. You may also not need code from
+		    your original LibMain because the operating system may now
+		    be doing it for you.
+		 */
+		/*
+		 * 16 bit code calls UnlockData()
+		 * which is mapped to UnlockSegment in windows.h
+		 * in 32 bit world UnlockData is not defined anywhere
+		 * UnlockSegment is mapped to GlobalUnfix in winbase.h
+		 * and the docs for both UnlockSegment and GlobalUnfix say 
+		 * ".. function is oboslete.  Segments have no meaning 
+		 *  in the 32-bit environment".  So we do nothing here.
+		 */
+
+		if( errno = WSAStartup(0x0101, &wsadata ) != 0 )
+			return FALSE;
+
+		break;
+
+	case DLL_THREAD_ATTACH:
+		/* Called each time a thread is created in a process that has
+		   already loaded (attached to) this DLL. Does not get called
+		   for each thread that exists in the process before it loaded
+		   the DLL.
+
+		   Do thread-specific initialization here.
+		*/
+		break;
+
+	case DLL_THREAD_DETACH:
+		/* Same as above, but called when a thread in the process
+		   exits.
+
+		   Do thread-specific cleanup here.
+		*/
+		break;
+
+	case DLL_PROCESS_DETACH:
+		/* Code from _WEP inserted here.  This code may (like the
+		   LibMain) not be necessary.  Check to make certain that the
+		   operating system is not doing it for you.
+		*/
+		WSACleanup();
+
+		break;
+	}
+	/* The return value is only used for DLL_PROCESS_ATTACH; all other
+	conditions are ignored.  */
+	return TRUE;   /* successful DLL_PROCESS_ATTACH */
+}
+#else
+int CALLBACK
+LibMain( HINSTANCE hinst, WORD wDataSeg, WORD cbHeapSize, LPSTR lpszCmdLine )
+{
+	/*UnlockData( 0 );*/
+ 	return( 1 );
+}
+#endif
diff --git a/ldap/servers/plugins/http/http.def b/ldap/servers/plugins/http/http.def
new file mode 100644
index 00000000..ac2f3e05
--- /dev/null
+++ b/ldap/servers/plugins/http/http.def
@@ -0,0 +1,13 @@
+;-------------------------------------------------------------------------
+; PROPRIETARY/CONFIDENTIAL. Use of this product is subject to
+; license terms. Copyright 2001 Sun Microsystems, Inc.
+; Some preexisting portions Copyright 2001 Netscape Communications Corp.
+; All rights reserved.
+;-------------------------------------------------------------------------
+DESCRIPTION     'Netscape Directory Server Http Client'
+EXPORTS
+	http_client_init        @2
+	plugin_init_debug_level	@3
+	http_client_version		@4
+
+
diff --git a/ldap/servers/plugins/http/http_client.c b/ldap/servers/plugins/http/http_client.c
new file mode 100644
index 00000000..2fbbdd52
--- /dev/null
+++ b/ldap/servers/plugins/http/http_client.c
@@ -0,0 +1,290 @@
+/**
+ * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to
+ * license terms. Copyright 2001 Sun Microsystems, Inc.
+ * Some preexisting portions Copyright 2001 Netscape Communications Corp.
+ * All rights reserved.
+ */
+
+/**
+ * Simple Http Client API broker plugin 
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "portable.h"
+#include "nspr.h"
+
+#include "slapi-plugin.h"
+#include "slapi-private.h"
+#include "dirlite_strings.h"
+#include "dirver.h"
+
+#include "http_client.h"
+#include "http_impl.h"
+
+/* get file mode flags for unix */
+#ifndef _WIN32
+#include <sys/stat.h>
+#endif
+
+/*** from proto-slap.h ***/
+
+int slapd_log_error_proc( char *subsystem, char *fmt, ... );
+
+/*** from ldaplog.h ***/
+
+/* edited ldaplog.h for LDAPDebug()*/
+#ifndef _LDAPLOG_H
+#define _LDAPLOG_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define LDAP_DEBUG_TRACE	0x00001		/*     1 */
+#define LDAP_DEBUG_ANY      0x04000		/* 16384 */
+#define LDAP_DEBUG_PLUGIN	0x10000		/* 65536 */
+
+/* debugging stuff */
+#    ifdef _WIN32
+       extern int	*module_ldap_debug;
+#      define LDAPDebug( level, fmt, arg1, arg2, arg3 )	\
+       { \
+		if ( *module_ldap_debug & level ) { \
+		        slapd_log_error_proc( NULL, fmt, arg1, arg2, arg3 ); \
+	    } \
+       }
+#    else /* _WIN32 */
+       extern int	slapd_ldap_debug;
+#      define LDAPDebug( level, fmt, arg1, arg2, arg3 )	\
+       { \
+		if ( slapd_ldap_debug & level ) { \
+		        slapd_log_error_proc( NULL, fmt, arg1, arg2, arg3 ); \
+	    } \
+       }
+#    endif /* Win32 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LDAP_H */
+
+#define HTTP_PLUGIN_SUBSYSTEM   "http-client-plugin"   /* used for logging */
+#define HTTP_PLUGIN_VERSION		0x00050050
+
+#define HTTP_SUCCESS	0
+#define HTTP_FAILURE	-1
+
+/**
+ * Implementation functions
+ */
+static void *api[7];
+
+/**
+ * Plugin identifiers
+ */
+static Slapi_PluginDesc pdesc = { "http-client",
+								  PLUGIN_MAGIC_VENDOR_STR,
+								  PRODUCTTEXT,
+								  "HTTP Client plugin" };
+
+static Slapi_ComponentId *plugin_id = NULL;
+
+/**
+ **	
+ **	Http plug-in management functions
+ **
+ **/
+int http_client_init(Slapi_PBlock *pb); 
+static int http_client_start(Slapi_PBlock *pb);
+static int http_client_close(Slapi_PBlock *pb);
+
+/**
+ * our functions
+ */
+static void _http_init(Slapi_ComponentId *plugin_id);
+static int _http_get_text(char *url, char **data, int *bytesRead);
+static int _http_get_binary(char *url, char **data, int *bytesRead);
+static int _http_get_redirected_uri(char *url, char **data, int *bytesRead);
+static int _http_post(char *url, httpheader **httpheaderArray, char *body, char **data, int *bytesRead);
+static void _http_shutdown( void );
+
+#ifdef _WIN32
+int *module_ldap_debug = 0;
+
+void plugin_init_debug_level(int *level_ptr)
+{
+	module_ldap_debug = level_ptr;
+}
+#endif
+
+/**
+ *	
+ * Get the presence plug-in version
+ *
+ */
+int http_client_version()
+{
+	return HTTP_PLUGIN_VERSION;
+}
+
+int http_client_init(Slapi_PBlock *pb)
+{
+	int status = HTTP_SUCCESS;
+	PRUint32 nssFlags = 0;
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> http_client_init -- BEGIN\n",0,0,0);
+
+	if ( slapi_pblock_set( pb, SLAPI_PLUGIN_VERSION,
+	    	SLAPI_PLUGIN_VERSION_01 ) != 0 ||
+	    slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
+        	     (void *) http_client_start ) != 0 ||
+	    slapi_pblock_set(pb, SLAPI_PLUGIN_CLOSE_FN,
+        	     (void *) http_client_close ) != 0 ||
+		slapi_pblock_set( pb, SLAPI_PLUGIN_DESCRIPTION,
+             (void *)&pdesc ) != 0 )
+	{
+		slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                     "http_client_init: failed to register plugin\n" );
+		status = HTTP_FAILURE;
+	}
+
+        /* Retrieve and save the plugin identity to later pass to
+        internal operations */
+        if (slapi_pblock_get(pb, SLAPI_PLUGIN_IDENTITY, &plugin_id) != 0) {
+         slapi_log_error(SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                        "http_client_init: Failed to retrieve SLAPI_PLUGIN_IDENTITY\n");
+         return HTTP_FAILURE;
+        }
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- http_client_init -- END\n",0,0,0);
+    return status;
+}
+
+static int http_client_start(Slapi_PBlock *pb)
+{
+	int status = HTTP_SUCCESS;
+	/**
+	 * do some init work here
+	 */
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> http_client_start -- BEGIN\n",0,0,0);
+
+	api[0] = 0; /* reserved for api broker use, must be zero */
+	api[1] = (void *)_http_init;
+	api[2] = (void *)_http_get_text;
+	api[3] = (void *)_http_get_binary;
+	api[4] = (void *)_http_get_redirected_uri;
+	api[5] = (void *)_http_shutdown;
+	api[6] = (void *)_http_post;
+
+	if( slapi_apib_register(HTTP_v1_0_GUID, api) ) {
+		slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                     "http_client_start: failed to register functions\n" );
+		status = HTTP_FAILURE;
+	}
+	
+	_http_init(plugin_id);
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- http_client_start -- END\n",0,0,0);
+	return status;
+}
+
+static int http_client_close(Slapi_PBlock *pb)
+{
+	int status = HTTP_SUCCESS;
+	/**
+	 * do cleanup 
+	 */
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> http_client_close -- BEGIN\n",0,0,0);
+
+	slapi_apib_unregister(HTTP_v1_0_GUID);
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- http_client_close -- END\n",0,0,0);
+
+	return status;
+}
+
+/**
+ * perform http initialization here 
+ */
+static void _http_init(Slapi_ComponentId *plugin_id)
+{
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> _http_init -- BEGIN\n",0,0,0);
+	
+	http_impl_init(plugin_id);
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- _http_init -- END\n",0,0,0);
+}
+
+/**
+ * This method gets the data in a text format based on the 
+ * URL send.
+ */
+static int _http_get_text(char *url, char **data, int *bytesRead)
+{
+	int status = HTTP_SUCCESS;
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> _http_get_text -- BEGIN\n",0,0,0);
+
+	status = http_impl_get_text(url, data, bytesRead);
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- _http_get_text -- END\n",0,0,0);
+	return status;
+}
+
+/**
+ * This method gets the data in a binary format based on the 
+ * URL send.
+ */
+static int _http_get_binary(char *url, char **data, int *bytesRead)
+{
+	int status = HTTP_SUCCESS;
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> _http_get_binary -- BEGIN\n",0,0,0);
+
+	status = http_impl_get_binary(url, data, bytesRead);
+	
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- _http_get_binary -- END\n",0,0,0);
+	return status;
+}
+
+/**
+ * This method intercepts the redirected URI and returns the location 
+ * information.
+ */
+static int _http_get_redirected_uri(char *url, char **data, int *bytesRead)
+{
+	int status = HTTP_SUCCESS;
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> _http_get_redirected_uri -- BEGIN\n",0,0,0);
+
+	status = http_impl_get_redirected_uri(url, data, bytesRead);
+	
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- _http_get_redirected_uri -- END\n",0,0,0);
+	return status;
+}
+
+/**
+ * This method posts the data based on the URL send. 
+ */
+static int _http_post(char *url, httpheader ** httpheaderArray, char *body, char **data, int *bytesRead)
+{
+	int status = HTTP_SUCCESS;
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> _http_post -- BEGIN\n",0,0,0);
+
+	status = http_impl_post(url, httpheaderArray, body, data, bytesRead);
+	
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- _http_post -- END\n",0,0,0);
+	return status;
+}
+
+/**
+ * perform http shutdown here 
+ */
+static void _http_shutdown( void )
+{
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> _http_shutdown -- BEGIN\n",0,0,0);
+	
+	http_impl_shutdown();
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- _http_shutdown -- END\n",0,0,0);
+}
+
diff --git a/ldap/servers/plugins/http/http_client.h b/ldap/servers/plugins/http/http_client.h
new file mode 100644
index 00000000..d849e18d
--- /dev/null
+++ b/ldap/servers/plugins/http/http_client.h
@@ -0,0 +1,64 @@
+/**
+ * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to
+ * license terms. Copyright 2001 Sun Microsystems, Inc.
+ * Some preexisting portions Copyright 2001 Netscape Communications Corp.
+ * All rights reserved.
+ */
+
+#ifndef _HTTP_CLIENT_H_
+#define _HTTP_CLIENT_H_
+
+/* Error codes */
+#define HTTP_CLIENT_ERROR_BAD_URL		-1
+#define HTTP_CLIENT_ERROR_NET_ADDR		-2
+#define HTTP_CLIENT_ERROR_SOCKET_CREATE     	-3
+#define HTTP_CLIENT_ERROR_CONNECT_FAILED	-4
+#define HTTP_CLIENT_ERROR_SEND_REQ		-5
+#define HTTP_CLIENT_ERROR_BAD_RESPONSE	-6
+#define HTTP_CLIENT_ERROR_SSLSOCKET_CREATE	-7
+ #define HTTP_CLIENT_ERROR_NSS_INITIALIZE    -8
+
+/*Structure to store HTTP Headers */
+typedef struct {
+        char    *name;
+        char    *value;
+}       httpheader;
+
+
+/* mechanics */
+
+
+typedef void (*api_http_init)(Slapi_ComponentId *plugin_id);
+typedef int (*api_http_get_text)(char *url, char **data, int *bytesRead);
+typedef int (*api_http_get_binary)(char *url, char **data, int *bytesRead);
+typedef int (*api_http_get_redirected_uri)(char *url, char **data, int *bytesRead);
+typedef void (*api_http_shutdown)();
+typedef int (*api_http_post)(char *url, httpheader **httpheaderArray, char *body, char **data, int *bytesRead);
+
+/* API ID for http_apib_get_interface */
+
+#define HTTP_v1_0_GUID "811c5ea2-fef4-4f1c-9ab4-fcf746cd6efc"
+
+/* API */
+
+/* the api broker reserves api[0] for its use */
+
+#define http_init(api) \
+	((api_http_init*)(api))[1](Slapi_ComponentId *plugin_id)
+
+#define http_get_text(api, url, data, bytesRead) \
+	((api_http_get_text*)(api))[2]( url, data, bytesRead)
+
+#define http_get_binary(api, url, data, bytesRead) \
+	((api_http_get_binary*)(api))[3](url, data, bytesRead)
+
+#define http_get_redirected_uri(api, url, data, bytesRead) \
+	((api_http_get_redirected_uri*)(api))[4](url, data, bytesRead)
+
+#define http_shutdown(api) \
+	((api_http_shutdown*)(api))[5]()
+
+#define http_post(api, url, httpheaderArray, body, data, bytesRead) \
+	((api_http_post*)(api))[6](url, httpheaderArray, body, data, bytesRead)
+
+#endif /*_HTTP_CLIENT_H_*/
diff --git a/ldap/servers/plugins/http/http_impl.c b/ldap/servers/plugins/http/http_impl.c
new file mode 100644
index 00000000..bad8315c
--- /dev/null
+++ b/ldap/servers/plugins/http/http_impl.c
@@ -0,0 +1,1479 @@
+/**
+ * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to
+ * license terms. Copyright 2001 Sun Microsystems, Inc.
+ * Some preexisting portions Copyright 2001 Netscape Communications Corp.
+ * All rights reserved.
+ */
+/**
+ * Implementation of a Simple HTTP Client
+ */
+#include <stdio.h>
+#include <string.h>
+
+#include "nspr.h"
+#include "nss.h"
+#include "pk11func.h"
+#include "ssl.h"
+#include "prprf.h"
+#include "plstr.h"
+#include "slapi-plugin.h"
+#include "http_client.h"
+#include "secerr.h"
+#include "sslerr.h"
+#include "slapi-private.h"
+#include "slapi-plugin-compat4.h"
+/* get file mode flags for unix */
+#ifndef _WIN32
+#include <sys/stat.h>
+#endif
+
+/*** from proto-slap.h ***/
+
+int slapd_log_error_proc( char *subsystem, char *fmt, ... );
+char *config_get_instancedir();
+
+/*** from ldaplog.h ***/
+
+/* edited ldaplog.h for LDAPDebug()*/
+#ifndef _LDAPLOG_H
+#define _LDAPLOG_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef BUILD_STANDALONE
+#define slapi_log_error(a,b,c,d) printf((c),(d))
+#define stricmp strcasecmp
+#endif
+
+#define LDAP_DEBUG_TRACE	0x00001		/*     1 */
+#define LDAP_DEBUG_ANY      0x04000		/* 16384 */
+#define LDAP_DEBUG_PLUGIN	0x10000		/* 65536 */
+
+/* debugging stuff */
+#    ifdef _WIN32
+       extern int	*module_ldap_debug;
+#      define LDAPDebug( level, fmt, arg1, arg2, arg3 )	\
+       { \
+		if ( *module_ldap_debug & level ) { \
+		        slapd_log_error_proc( NULL, fmt, arg1, arg2, arg3 ); \
+	    } \
+       }
+#    else /* _WIN32 */
+       extern int	slapd_ldap_debug;
+#      define LDAPDebug( level, fmt, arg1, arg2, arg3 )	\
+       { \
+		if ( slapd_ldap_debug & level ) { \
+		        slapd_log_error_proc( NULL, fmt, arg1, arg2, arg3 ); \
+	    } \
+       }
+#    endif /* Win32 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LDAP_H */
+
+#define HTTP_PLUGIN_SUBSYSTEM   "http-client-plugin"   /* used for logging */
+
+#define HTTP_IMPL_SUCCESS		0
+#define HTTP_IMPL_FAILURE		-1
+
+#define HTTP_REQ_TYPE_GET		1
+#define HTTP_REQ_TYPE_REDIRECT		2
+#define HTTP_REQ_TYPE_POST		3
+
+#define HTTP_GET			"GET"
+#define HTTP_POST			"POST"
+#define HTTP_PROTOCOL			"HTTP/1.0"
+#define HTTP_CONTENT_LENGTH		"Content-length:"
+#define HTTP_CONTENT_TYPE_URL_ENCODED	"Content-type: application/x-www-form-urlencoded"
+#define HTTP_GET_STD_LEN		18
+#define HTTP_POST_STD_LEN		85
+#define HTTP_DEFAULT_BUFFER_SIZE	4096
+#define HTTP_RESPONSE_REDIRECT		(retcode == 302 || retcode == 301)
+
+/**
+ * Error strings used for logging error messages
+ */
+#define HTTP_ERROR_BAD_URL			" Badly formatted URL"
+#define HTTP_ERROR_NET_ADDR			" NetAddr initialization failed"
+#define HTTP_ERROR_SOCKET_CREATE	" Creation of socket failed"
+#define HTTP_ERROR_SSLSOCKET_CREATE	" Creation of SSL socket failed"
+#define HTTP_ERROR_CONNECT_FAILED	" Couldn't connect to remote host"
+#define HTTP_ERROR_SEND_REQ			" Send request failed"
+#define HTTP_ERROR_BAD_RESPONSE		" Invalid response from remote host"
+
+#define HTTP_PLUGIN_DN			"cn=HTTP Client,cn=plugins,cn=config"
+#define CONFIG_DN			"cn=config"
+#define ATTR_CONNECTION_TIME_OUT	"nsHTTPConnectionTimeOut"
+#define ATTR_READ_TIME_OUT		"nsHTTPReadTimeOut"
+#define ATTR_RETRY_COUNT		"nsHTTPRetryCount"
+#define ATTR_DS_SECURITY		"nsslapd-security"
+#define ATTR_INSTANCE_PATH		"nsslapd-errorlog"
+
+/*static Slapi_ComponentId *plugin_id = NULL;*/
+
+typedef struct {
+    int        retryCount;
+    int        connectionTimeOut;
+    int        readTimeOut;
+    int        nssInitialized;
+    char      *DS_sslOn;
+} httpPluginConfig;
+
+httpPluginConfig *httpConfig;
+
+/**
+ * Public functions
+ */
+int http_impl_init(Slapi_ComponentId *plugin_id);
+int http_impl_get_text(char *url, char **data, int *bytesRead);
+int http_impl_get_binary(char *url, char **data, int *bytesRead);
+int http_impl_get_redirected_uri(char *url, char **data, int *bytesRead);
+int http_impl_post(char *url, httpheader **httpheaderArray, char *body, char **data, int *bytesRead);
+void http_impl_shutdown();
+
+/**
+ * Http handling functions
+ */
+static int doRequest(const char *url, httpheader **httpheaderArray, char *body, char **buf, int *bytesRead, int reqType);
+static int doRequestRetry(const char *url, httpheader **httpheaderArray, char *body, char **buf, int *bytesRead, int reqType);
+static void setTCPNoDelay(PRFileDesc* fd);
+static PRStatus sendGetReq(PRFileDesc *fd, const char *path);
+static PRStatus sendPostReq(PRFileDesc *fd, const char *path, httpheader **httpheaderArray, char *body);
+static PRStatus processResponse(PRFileDesc *fd, char **resBUF, int *bytesRead, int reqType);
+static PRStatus getChar(PRFileDesc *fd, char *buf);
+static PRInt32 http_read(PRFileDesc *fd, char *buf, int size);
+static PRStatus getBody(PRFileDesc *fd, char **buf, int *actualBytesRead);
+static PRBool isWhiteSpace(char ch);
+static PRStatus sendFullData( PRFileDesc *fd, char *buf, int timeOut);
+
+/**
+ * Helper functions to parse URL
+ */
+static PRStatus parseURI(const char *url, char **host, PRInt32 *port, char **path, int *sslOn);
+static void toLowerCase(char* str);
+static PRStatus parseAtPort(const char* url, PRInt32 *port, char **path);
+static PRStatus parseAtPath(const char *url, char **path);
+static PRInt32 getPort(const char* src);
+static PRBool isAsciiSpace(char aChar);
+static PRBool isAsciiDigit(char aChar);
+static char * isHttpReq(const char *url, int *sslOn);
+
+/*To get config from entry*/
+static int readConfigLDAPurl(Slapi_ComponentId *plugin_id, char *plugindn);
+static int parseHTTPConfigEntry(Slapi_Entry *e);
+static int parseConfigEntry(Slapi_Entry *e);
+
+static int nssReinitializationRequired();
+
+/*SSL functions */
+PRFileDesc* setupSSLSocket(PRFileDesc* fd);
+
+/*SSL callback functions */
+SECStatus   badCertHandler(void *arg, PRFileDesc *socket);
+SECStatus   authCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer);
+SECStatus   getClientAuthData(void *arg, PRFileDesc *socket,struct CERTDistNamesStr *caNames, struct CERTCertificateStr **pRetCert, struct SECKEYPrivateKeyStr **pRetKey);
+SECStatus   handshakeCallback(PRFileDesc *socket, void *arg);
+
+static int doRequestRetry(const char *url, httpheader **httpheaderArray, char *body, char **buf, int *bytesRead, int reqType)
+{
+    int status = HTTP_IMPL_SUCCESS;
+	int retrycnt = 0;
+	int i = 1;
+
+	retrycnt = httpConfig->retryCount;
+	
+	if (retrycnt == 0) {
+		  LDAPDebug( LDAP_DEBUG_PLUGIN, "doRequestRetry: Retry Count cannot be read. Setting to default value of 3 \n", 0,0,0);
+	   	  retrycnt = 3;
+	}
+        status = doRequest(url, httpheaderArray, body, buf, bytesRead, reqType);
+	if (status != HTTP_IMPL_SUCCESS) {
+	       LDAPDebug( LDAP_DEBUG_PLUGIN, "doRequestRetry: Failed to perform http request \n", 0,0,0);
+       	 while (retrycnt > 0) {
+       	         LDAPDebug( LDAP_DEBUG_PLUGIN, "doRequestRetry: Retrying http request %d.\n", i,0,0);
+       	         status = doRequest(url, httpheaderArray, body, buf, bytesRead, reqType);
+       	         if (status == HTTP_IMPL_SUCCESS) {
+                        break;
+       	         }
+       	         retrycnt--;
+       	         i++;
+        }
+        if (status != HTTP_IMPL_SUCCESS) {
+                LDAPDebug( LDAP_DEBUG_ANY, "doRequestRetry: Failed to perform http request after %d attempts.\n", i,0,0);
+	LDAPDebug( LDAP_DEBUG_ANY, "doRequestRetry:  Verify plugin URI configuration and contact Directory Administrator.\n",0,0,0);
+        }
+
+	}
+    return status;
+}
+
+static int doRequest(const char *url, httpheader **httpheaderArray, char *body, char **buf, int *bytesRead, int reqType)
+{
+	PRStatus status = PR_SUCCESS;
+
+	char *host = NULL;
+	char *path = NULL;
+	char *val = NULL;
+	char *defaultprefix = NULL;
+   	PRFileDesc *fd = NULL;
+	PRNetAddr addr;
+	PRInt32 port;
+	PRInt32 errcode = 0;
+	PRInt32 http_connection_time_out = 0;
+	PRInt32 sslOn;
+	PRInt32 nssStatus;
+	PRUint32 nssFlags = 0;
+	char certDir[1024];
+	char certPref[1024];
+	char keyPref[1024];
+	
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> doRequest -- BEGIN\n",0,0,0);
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> url=[%s] \n",url,0,0);
+
+	/* Parse the URL and initialize the host, port, path */
+	if (parseURI(url, &host, &port, &path, &sslOn) == PR_FAILURE) {
+		slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                     "doRequest: %s \n", HTTP_ERROR_BAD_URL);
+		status = PR_FAILURE;
+		goto bail;
+	}
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> host=[%s] port[%d] path[%s] \n",host,port,path);
+
+	/* Initialize the Net Addr */
+    if (PR_StringToNetAddr(host, &addr) == PR_FAILURE) {
+        char buf[PR_NETDB_BUF_SIZE];
+        PRHostEnt ent;
+
+        status = PR_GetIPNodeByName(host, PR_AF_INET, PR_AI_DEFAULT, buf, sizeof(buf), &ent);
+		if (status == PR_SUCCESS) {
+            PR_EnumerateHostEnt(0, &ent, (PRUint16)port, &addr);
+        } else {
+			slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                     "doRequest: %s\n", HTTP_ERROR_NET_ADDR);
+			status = HTTP_CLIENT_ERROR_NET_ADDR;
+			goto bail;
+        }
+    } else {
+		addr.inet.port = (PRUint16)port;
+	}
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> Successfully created NetAddr \n",0,0,0);
+
+	/* open a TCP connection to the server */
+    fd = PR_NewTCPSocket();
+    if (!fd) {
+		slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                     "doRequest: %s\n", HTTP_ERROR_SOCKET_CREATE);
+        	status = HTTP_CLIENT_ERROR_SOCKET_CREATE;
+		goto bail;
+    }
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> Successfully created New TCP Socket \n",0,0,0);
+
+	/* immediately send the response */
+    setTCPNoDelay(fd);
+
+    if (sslOn) {
+	
+		/* Have to reinitialize NSS is the DS security is set to off.
+		This is because the HTTPS required the cert dbs to be created.
+		The default prefixes are used as per DS norm */
+
+		if (PL_strcasecmp(httpConfig->DS_sslOn, "off") == 0) {	
+			if (!httpConfig->nssInitialized) {
+				if (nssReinitializationRequired())
+				{
+					NSS_Shutdown();
+					nssFlags &= (~NSS_INIT_READONLY);
+       				val = config_get_instancedir();
+       				strcpy(certDir, val);
+					defaultprefix = strrchr(certDir, '/');
+					if (!defaultprefix)
+    						defaultprefix = strrchr(certDir, '\\');
+					if (!defaultprefix) /* still could not find it . . . */
+    						goto bail; /* . . . can't do anything */
+					defaultprefix++;
+					sprintf(certPref, "%s-",defaultprefix);
+					strcpy(keyPref, certPref);
+					*defaultprefix= '\0';
+					sprintf(certDir, "%salias", certDir);
+       				nssStatus = NSS_Initialize(certDir, certPref, keyPref, "secmod.db", nssFlags);
+					slapi_ch_free((void **)&val);
+		
+   					if (nssStatus != 0) {
+   	    	 	 			slapi_log_error(SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+   	    		   			"doRequest: Unable to initialize NSS Cert/Key Database\n");
+							status = HTTP_CLIENT_ERROR_NSS_INITIALIZE;
+   	     	 			goto bail;
+   					}
+   				}
+				httpConfig->nssInitialized = 1;
+			}
+		}
+
+		NSS_SetDomesticPolicy();
+
+		fd = setupSSLSocket(fd);
+		if (fd == NULL) {
+			slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                     	"doRequest: %s\n", HTTP_ERROR_SSLSOCKET_CREATE);
+        		status = HTTP_CLIENT_ERROR_SSLSOCKET_CREATE;
+			goto bail;
+		}
+	
+		if (SSL_SetURL(fd, host) != 0) {
+    			errcode = PR_GetError();
+				slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+		     	"doRequest: SSL_SetURL -> NSPR Error code (%d) \n", errcode);
+        		status = HTTP_CLIENT_ERROR_SSLSOCKET_CREATE;
+			goto bail;
+		}
+
+    }
+   
+    http_connection_time_out = httpConfig->connectionTimeOut;
+	/* connect to the host */
+    if (PR_Connect(fd, &addr, PR_MillisecondsToInterval(http_connection_time_out)) == PR_FAILURE) {
+    	errcode = PR_GetError();
+		slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+			"doRequest: %s (%s:%d) -> NSPR Error code (%d)\n",
+			HTTP_ERROR_CONNECT_FAILED, host, addr.inet.port, errcode);
+    	status = HTTP_CLIENT_ERROR_CONNECT_FAILED;
+		goto bail;
+    }
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> Successfully connected to host [%s] \n",host,0,0);
+
+	/* send the request to the server */
+	if (reqType == HTTP_REQ_TYPE_POST) {
+		if (sendPostReq(fd, path, httpheaderArray, body) == PR_FAILURE) {
+			slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+				"doRequest-sendPostReq: %s (%s)\n", HTTP_ERROR_SEND_REQ, path);
+       		status = HTTP_CLIENT_ERROR_SEND_REQ;
+			goto bail;
+		}
+	}
+	else {
+		if (sendGetReq(fd, path) == PR_FAILURE) {
+			slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+				"doRequest-sendGetReq: %s (%s)\n", HTTP_ERROR_SEND_REQ, path);
+       		status = HTTP_CLIENT_ERROR_SEND_REQ;
+			goto bail;
+		}
+	}
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> Successfully sent the request [%s] \n",path,0,0);
+
+	/* read the response */
+	if (processResponse(fd, buf, bytesRead, reqType) == PR_FAILURE) {
+		slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+			"doRequest: %s (%s)\n", HTTP_ERROR_BAD_RESPONSE, url);
+        status = HTTP_CLIENT_ERROR_BAD_RESPONSE;
+		goto bail;
+	}
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> Successfully read the response\n",0,0,0);
+bail:
+	if (host) {
+		PR_Free(host);
+	}
+	if (path) {
+		PR_Free(path);
+	}
+	if (fd) {
+		PR_Close(fd);
+		fd = NULL;
+	}
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- doRequest -- END\n",0,0,0);
+	return status;
+}
+
+static PRStatus processResponse(PRFileDesc *fd, char **resBUF, int *bytesRead, int reqType) 
+{
+	PRStatus status = PR_SUCCESS;
+	char *location = NULL;
+    char *protocol = NULL;
+    char *statusNum = NULL;
+	char *statusString = NULL;
+	char *headers = NULL;
+
+    char tmp[HTTP_DEFAULT_BUFFER_SIZE];
+    int pos=0;
+	char ch;
+	int index;
+	int retcode;
+
+    PRBool doneParsing = PR_FALSE;
+    PRBool isRedirect  = PR_FALSE;
+    char name[HTTP_DEFAULT_BUFFER_SIZE];
+	char value[HTTP_DEFAULT_BUFFER_SIZE];
+    PRBool atEOL = PR_FALSE;
+    PRBool inName = PR_TRUE;
+
+	/* PKBxxx: If we are getting a redirect and the response is more the
+	 * the HTTP_DEFAULT_BUFFER_SIZE, it will cause the server to crash. A 4k
+	 * buffer should be good enough.
+	 */
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "--> processResponse -- BEGIN\n",0,0,0);
+
+	headers = (char *)PR_Calloc(1, 4 * HTTP_DEFAULT_BUFFER_SIZE);
+    /* Get protocol string */
+    index = 0;
+    while (1) {
+		status = getChar(fd, headers+pos);
+		if (status == PR_FAILURE) {
+			/* Error : */
+			goto bail;
+		}
+		ch = (char)headers[pos];
+		pos++;
+		if (!isWhiteSpace(ch)) {
+			tmp[index++] = ch;
+		} else {
+			break;
+		}
+	}
+    tmp[index] = '\0';
+    protocol = PL_strdup(tmp);
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> protocol=[%s] \n",protocol,0,0);
+
+    /* Get status num */
+    index = 0;
+    while (1) {
+		status = getChar(fd, headers+pos);
+		if (status == PR_FAILURE) {
+			/* Error : */
+			goto bail;
+		}
+		ch = (char)headers[pos];
+		pos++;
+		if (!isWhiteSpace(ch)) {
+			tmp[index++] = ch;
+		} else {
+			break;
+		}
+	}
+    tmp[index] = '\0';
+    statusNum = PL_strdup(tmp);
+	retcode=atoi(tmp);
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> statusNum=[%s] \n",statusNum,0,0);
+
+	if (HTTP_RESPONSE_REDIRECT && (reqType == HTTP_REQ_TYPE_REDIRECT)) {
+		isRedirect = PR_TRUE;
+	}
+    /* Get status string */
+    if (ch != '\r')
+	{
+        index = 0;
+        while (ch != '\r') {
+			status = getChar(fd, headers+pos);
+			if (status == PR_FAILURE) {
+				/* Error : */
+				goto bail;
+			}
+			ch = (char)headers[pos];
+			pos++;
+            tmp[index++] = ch;
+		}
+		tmp[index] = '\0';
+        statusString = PL_strdup(tmp);
+		LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> statusString [%s] \n",statusString,0,0);
+    }
+
+    /**
+	 * Skip CRLF
+	 */
+	status = getChar(fd, headers+pos);
+	if (status == PR_FAILURE) {
+		/* Error : */
+		goto bail;
+	}
+	ch = (char)headers[pos];
+	pos++;
+
+    /**
+	 * loop over response headers
+	 */
+    index = 0;
+    while (!doneParsing) {
+		status = getChar(fd, headers+pos);
+		if (status == PR_FAILURE) {
+			/* Error : */
+			goto bail;
+		}
+		ch = (char)headers[pos];
+		pos++;
+        switch(ch)
+		{
+            case ':':
+				if (inName) {
+				  name[index] = '\0';
+				  index = 0;
+				  inName = PR_FALSE;
+
+				  /* skip whitespace */
+				  ch = ' ';
+	
+				/*  status = getChar(fd, headers+pos);
+				  if (status == PR_FAILURE) {
+					  goto bail;
+				  }
+				  ch = (char)headers[pos];
+				  pos++; */
+
+				  while(isWhiteSpace(ch)) {
+						status = getChar(fd, headers+pos);
+						if (status == PR_FAILURE) {
+							/* Error : */
+							goto bail;
+						}
+						ch = (char)headers[pos];
+						pos++;
+				  }
+				  value[index++] = ch;
+				} else {
+				  value[index++] = ch;
+				}
+				break;
+            case '\r':
+				if (inName && !atEOL) {
+				   return PR_FALSE;
+				}
+				break;
+            case '\n':
+				if (atEOL) {
+				  doneParsing = PR_TRUE;
+				  break;
+				}
+				if (inName) {
+				   return PR_FALSE;
+				}
+				value[index] = '\0';
+				index = 0;
+				inName = PR_TRUE;
+				LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> name=[%s] value=[%s]\n",name,value,0);
+				if (isRedirect && !PL_strcasecmp(name,"location")) {
+				  location = PL_strdup(value);
+				}
+				atEOL = PR_TRUE;
+				break;
+            default:
+                atEOL = PR_FALSE;
+                if (inName) {
+                     name[index++] = ch;
+				} else {
+                     value[index++] = ch;
+				}
+                break;
+        }
+    }
+
+	if (!isRedirect) {
+		getBody(fd, resBUF, bytesRead);
+	} else {
+		*resBUF = PL_strdup(location);
+		*bytesRead = strlen(location);
+	}
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "----------> Response Buffer=[%s] bytesRead=[%d] \n",*resBUF,*bytesRead,0);
+
+bail:
+
+	if (headers) {
+		PR_Free(headers);
+	}
+    if (protocol) {
+		PL_strfree(protocol);
+	}
+    if (statusNum) {
+		PL_strfree(statusNum);
+	}
+	if (statusString) {
+		PL_strfree(statusString);
+	}
+	if (location) {
+		PL_strfree(location);
+	}
+	
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "<-- processResponse -- END\n",0,0,0);
+    return status;
+}
+
+static int nssReinitializationRequired()
+{
+	int nssReinitializationRequired = 0;
+	int err = 0;
+	int str_len = 0;
+	float version = 0;
+	const float DSVERSION = 6.1;
+	char *str = NULL;
+	char *value   = NULL;
+	char *ver_value   = NULL;
+	Slapi_Entry  **entry = NULL;
+	Slapi_PBlock *resultpb= NULL;
+
+	resultpb= slapi_search_internal( "", LDAP_SCOPE_BASE, "objectclass=*", NULL, NULL, 0);
+	slapi_pblock_get( resultpb, SLAPI_PLUGIN_INTOP_SEARCH_ENTRIES, &entry );
+	slapi_pblock_get( resultpb, SLAPI_PLUGIN_INTOP_RESULT, &err);
+	if ( err == LDAP_SUCCESS && entry!=NULL  && entry[0]!=NULL)
+	{
+		value = slapi_entry_attr_get_charptr(entry[0], "vendorVersion");
+		if (value == NULL || strncmp(value, "Netscape", strlen("Netscape")))		
+		{
+			slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+				"nssReinitializationRequired: vendor is not Netscape \n");
+			slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+				"or version is earlier than 6.0\n", value);
+			nssReinitializationRequired = 1;
+			slapi_free_search_results_internal(resultpb);
+			slapi_pblock_destroy(resultpb);
+			slapi_ch_free((void **)&value);
+			return nssReinitializationRequired;
+		}
+ 
+		if ( (str = strstr(value,"/")) != NULL )
+		{	
+			str++;
+			version = atof(str);
+			slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+				"nssReinitializationRequired: version is %f. \n", version);
+		}
+
+
+		if (str == NULL || version < DSVERSION)
+		{
+			nssReinitializationRequired = 1;
+		}
+		slapi_ch_free((void **)&value);
+
+	}
+	slapi_free_search_results_internal(resultpb);
+	slapi_pblock_destroy(resultpb);
+	return nssReinitializationRequired;
+
+}
+
+static PRStatus sendGetReq(PRFileDesc *fd, const char *path)
+{
+	PRStatus status = PR_SUCCESS;
+	char *reqBUF = NULL;
+	PRInt32 http_connection_time_out = 0;
+	int buflen = (HTTP_GET_STD_LEN + strlen(path));
+
+	reqBUF = (char *)PR_Calloc(1, buflen);
+
+	strcpy(reqBUF, HTTP_GET);
+	strcat(reqBUF, " ");
+	strcat(reqBUF, path);
+	strcat(reqBUF, " ");
+	strcat(reqBUF, HTTP_PROTOCOL);
+	strcat(reqBUF, "\r\n\r\n\0");
+
+	http_connection_time_out = httpConfig->connectionTimeOut;
+	status = sendFullData( fd, reqBUF, http_connection_time_out);
+
+bail:
+	if (reqBUF) {
+		PR_Free(reqBUF);
+		reqBUF = 0;
+	}
+	return status;
+}
+
+static PRStatus sendFullData( PRFileDesc *fd, char *buf, int timeOut)
+{
+	int dataSent = 0;
+	int bufLen = strlen(buf);
+	int retVal = 0;
+	PRInt32 errcode = 0;
+	while (dataSent < bufLen)
+	{
+		retVal = PR_Send(fd, buf+dataSent, bufLen-dataSent, 0, PR_MillisecondsToInterval(timeOut));
+		if (retVal == -1 )
+			break;
+		dataSent += retVal;
+	}
+	if (dataSent == bufLen )
+		return PR_SUCCESS;
+	else
+	{
+		errcode = PR_GetError();
+		slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+			"sendFullData: dataSent=%d bufLen=%d -> NSPR Error code (%d)\n",
+			dataSent, bufLen, errcode);
+		LDAPDebug( LDAP_DEBUG_PLUGIN, "---------->NSPR Error code (%d) \n", errcode,0,0);
+		return PR_FAILURE;
+	}
+}
+
+static PRStatus sendPostReq(PRFileDesc *fd, const char *path, httpheader **httpheaderArray, char *body)
+{
+    PRStatus status = PR_SUCCESS;
+	char body_len_str[20];
+    char *reqBUF = NULL;
+    PRInt32 http_connection_time_out = 0;
+	int i = 0;
+	int body_len, buflen = 0; 
+
+	body_len = strlen(body);
+	PR_snprintf(body_len_str, sizeof(body_len_str), "%d", body_len);
+
+    buflen = (HTTP_POST_STD_LEN + strlen(path) + body_len + strlen(body_len_str));
+
+    for (i = 0; httpheaderArray[i] != NULL; i++) {
+
+                if (httpheaderArray[i]->name != NULL)
+				{
+                    buflen += strlen(httpheaderArray[i]->name) + 2;
+                	if (httpheaderArray[i]->value != NULL)
+                        buflen += strlen(httpheaderArray[i]->value) + 2;
+				}
+
+    }
+
+    reqBUF = (char *)PR_Calloc(1, buflen);
+
+    strcpy(reqBUF, HTTP_POST);
+    strcat(reqBUF, " ");
+    strcat(reqBUF, path);
+    strcat(reqBUF, " ");
+    strcat(reqBUF, HTTP_PROTOCOL);
+    strcat(reqBUF, "\r\n");
+    strcat(reqBUF, HTTP_CONTENT_LENGTH);
+    strcat(reqBUF, " ");
+    strcat(reqBUF, body_len_str);
+    strcat(reqBUF, "\r\n");
+    strcat(reqBUF, HTTP_CONTENT_TYPE_URL_ENCODED);
+    strcat(reqBUF, "\r\n");
+ 
+	for (i = 0; httpheaderArray[i] != NULL; i++) {
+
+		if (httpheaderArray[i]->name != NULL)
+			strcat(reqBUF, httpheaderArray[i]->name);
+        	strcat(reqBUF, ": ");
+		if (httpheaderArray[i]->value != NULL)
+			strcat(reqBUF, httpheaderArray[i]->value);
+       		strcat(reqBUF, "\r\n");
+
+	}
+
+    strcat(reqBUF, "\r\n");
+    strcat(reqBUF, body);
+    strcat(reqBUF, "\0");
+
+	LDAPDebug( LDAP_DEBUG_PLUGIN, "---------->reqBUF is %s \n",reqBUF,0,0);
+    http_connection_time_out = httpConfig->connectionTimeOut;
+
+	status = sendFullData( fd, reqBUF, http_connection_time_out);
+
+bail:
+    if (reqBUF) {
+            PR_Free(reqBUF);
+            reqBUF = 0;
+    }
+    return status;
+}
+
+
+static PRStatus getChar(PRFileDesc *fd, char *buf)
+{
+    PRInt32 bytesRead = http_read(fd, buf, 1);
+	if (bytesRead <=0) {
+    	PRInt32 errcode = PR_GetError();
+		slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+			"getChar: NSPR Error code (%d)\n", errcode);
+		return PR_FAILURE;
+	}
+    return PR_SUCCESS;
+}
+
+static PRStatus getBody(PRFileDesc *fd, char **buf, int *actualBytesRead)
+{
+	int totalBytesRead = 0;
+	int size = 4 * HTTP_DEFAULT_BUFFER_SIZE;
+	int bytesRead = size;
+	char *data = (char *) PR_Calloc(1, size);
+	while (bytesRead == size) {
+		bytesRead = http_read(fd, (data+totalBytesRead), size);
+		if (bytesRead <= 0) {
+			/* Read error */
+			return PR_FAILURE;
+		}
+		if (bytesRead == size) {
+			/* more data to be read so increase the buffer */
+			size = size * 2 ;
+			data = (char *) PR_Realloc(data, size);
+		}
+		totalBytesRead += bytesRead;
+	}
+	*buf = data;
+	*actualBytesRead = totalBytesRead;
+
+	return PR_SUCCESS;
+}
+
+static PRInt32 http_read(PRFileDesc *fd, char *buf, int size)
+{
+    PRInt32 http_read_time_out = 0;
+    http_read_time_out = httpConfig->readTimeOut;
+    return PR_Recv(fd, buf, size, 0, PR_MillisecondsToInterval(http_read_time_out));
+}
+
+static PRBool isWhiteSpace(char ch) 
+{
+	PRBool b = PR_FALSE;
+	if (ch == ' ') {
+		b = PR_TRUE;
+	}
+	return b;
+}
+
+static PRStatus parseURI(const char *urlstr, char **host, PRInt32 *port, char **path, int *sslOn)
+{
+	PRStatus status = PR_SUCCESS;
+	char *brk;
+    int len;
+    static const char delimiters[] = ":/?#";
+	char *url = isHttpReq(urlstr, sslOn);
+	
+	if (*sslOn)  {
+		*port = 443;
+	}
+	else  {
+		*port = 80; 
+	}
+	if (url == NULL) {
+		/* Error : */
+		status = PR_FAILURE;
+		goto bail;
+	}
+	len = PL_strlen(url);
+	/* Currently we do not support Ipv6 addresses */
+    brk = PL_strpbrk(url, delimiters);
+    if (!brk) { 
+		*host = PL_strndup(url, len);
+        toLowerCase(*host);
+		goto bail;
+    }
+    switch (*brk) 
+	{
+		case '/' :
+		case '?' :
+		case '#' :
+			/* Get the Host, the rest is Path */
+			*host = PL_strndup(url, (brk - url));
+			toLowerCase(*host);
+			status = parseAtPath(brk, path);
+			break;
+		case ':' :
+			/* Get the Host and process port, path */
+			*host = PL_strndup(url, (brk - url));
+			toLowerCase(*host);
+			status = parseAtPort(brk+1, port, path);
+			break;
+		default:
+			/* Error : HTTP_BAD_URL */
+			break;
+    }
+
+bail:
+	if (url) {
+		PR_Free(url);
+	}
+	return status;
+}
+
+static PRStatus parseAtPort(const char* url, PRInt32 *port, char **path)
+{
+	PRStatus status = PR_SUCCESS;
+    static const char delimiters[] = "/?#"; 
+    char* brk = PL_strpbrk(url, delimiters);
+    if (!brk) /* everything is a Port */
+    {
+        *port = getPort(url);
+        if (*port <= 0) {
+			/* Error : HTTP_BAD_URL */
+            return PR_FAILURE;
+		} else {
+            return status;
+		}
+    }
+
+    switch (*brk)
+    {
+		case '/' :
+		case '?' :
+		case '#' :
+			/* Get the Port, the rest is Path */
+			*port = getPort(url);
+			if (*port <= 0) {
+				/* Error : HTTP_BAD_URL */
+				return PR_FAILURE;
+			}
+			status = parseAtPath(brk, path);
+			break;
+		default:
+			/* Error : HTTP_BAD_URL */
+			break;
+	}
+    return status;
+}
+
+static PRStatus parseAtPath(const char *url, char **path)
+{
+	PRStatus status = PR_SUCCESS;
+	char *dir = "%s%s"; 
+	*path = (char *)PR_Calloc(1, (strlen(dir) + 1024));
+
+    /* Just write the path and check for a starting / */
+    if ('/' != *url) {
+		PR_sscanf(*path, dir, "/", url);
+	} else {
+		strcpy(*path, url);
+	}
+	if (!*path) {
+		/* Error : HTTP_BAD_URL */
+		status = PR_FAILURE;
+	}
+    return status;
+}
+
+static void toLowerCase(char* str)
+{
+    if (str) {
+        char* lstr = str;
+        PRInt8 shift = 'a' - 'A';
+        for(; (*lstr != '\0'); ++lstr) {
+            if ((*(lstr) <= 'Z') && (*(lstr) >= 'A')) {
+                *(lstr) = *(lstr) + shift;
+			}
+        }
+    }
+}
+
+static PRInt32 getPort(const char* src)
+{
+    /* search for digits up to a slash or the string ends */
+    const char* port = src;
+    PRInt32 returnValue = -1;
+    char c;
+
+    /* skip leading white space */
+    while (isAsciiSpace(*port))
+        port++;
+
+    while ((c = *port++) != '\0') {
+        /* stop if slash or ? or # reached */
+        if (c == '/' || c == '?' || c == '#')
+            break;
+        else if (!isAsciiDigit(c))
+            return returnValue;
+    }
+    return (0 < PR_sscanf(src, "%d", &returnValue)) ? returnValue : -1;
+}
+
+
+static PRBool isAsciiSpace(char aChar)
+{
+  if ((aChar == ' ') || (aChar == '\r') || (aChar == '\n') || (aChar == '\t')) {
+    return PR_TRUE;
+  }
+  return PR_FALSE;
+}
+
+static PRBool isAsciiDigit(char aChar)
+{
+	if ((aChar >= '0') && (aChar <= '9')) {
+		return PR_TRUE;
+	}
+	return PR_FALSE;
+}
+
+static void setTCPNoDelay(PRFileDesc* fd)
+{
+	PRStatus status = PR_SUCCESS;
+    PRSocketOptionData opt;
+
+    opt.option = PR_SockOpt_NoDelay;
+    opt.value.no_delay = PR_FALSE;
+
+    status = PR_GetSocketOption(fd, &opt);
+    if (status == PR_FAILURE) {
+        return;
+    }
+
+    opt.option = PR_SockOpt_NoDelay;
+    opt.value.no_delay = PR_TRUE;
+    status = PR_SetSocketOption(fd, &opt);
+    if (status == PR_FAILURE) {
+        return;
+    }
+    return;
+}
+
+static char * isHttpReq(const char *url, int *sslOn)
+{
+    static const char http_protopol_header[] = "http://"; 
+    static const char https_protopol_header[] = "https://"; 
+	char *newstr = NULL;
+    /* skip leading white space */
+    while (isAsciiSpace(*url))
+        url++;
+
+	if (strncmp(url, http_protopol_header, strlen(http_protopol_header)) == 0) {
+		newstr = (char *)PR_Calloc(1, (strlen(url)-strlen(http_protopol_header) + 1));				
+		strcpy(newstr, url+7);
+		strcat(newstr,"\0");
+		*sslOn = 0;
+	}
+	else if (strncmp(url, https_protopol_header, strlen(https_protopol_header)) == 0) {
+		newstr = (char *)PR_Calloc(1, (strlen(url)-strlen(https_protopol_header) + 1));				
+		strcpy(newstr, url+8);
+		strcat(newstr,"\0");
+		*sslOn = 1;
+	}
+
+	return newstr;
+}
+
+PRFileDesc* setupSSLSocket(PRFileDesc* fd)
+{
+	SECStatus   secStatus;
+	PRFileDesc* sslSocket;
+	PRSocketOptionData      socketOption;
+	char *certNickname = NULL;
+
+	socketOption.option                 = PR_SockOpt_Nonblocking;
+	socketOption.value.non_blocking = PR_FALSE;
+	if( PR_SetSocketOption(fd, &socketOption) != 0) {
+        	slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+			"Cannot set socket option NSS \n");
+		return NULL;
+	}
+
+	sslSocket = SSL_ImportFD(NULL, fd);
+	if (!sslSocket) {
+                slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+                     "setupSSLSocket: Cannot import to SSL Socket\n" );
+				goto sslbail;
+	}
+	
+    slapi_log_error( SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                     "setupSSLSocket: setupssl socket created\n" );
+
+	secStatus = SSL_OptionSet(sslSocket, SSL_SECURITY, 1);
+	if (SECSuccess != secStatus) {
+                slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+                     "setupSSLSocket: Cannot set SSL_SECURITY option\n");
+				goto sslbail;
+	}
+
+	secStatus = SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, 1);
+	if (SECSuccess != secStatus) {
+                slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+                     "setupSSLSocket: CAnnot set SSL_HANDSHAKE_AS_CLIENT option\n");
+				goto sslbail;
+	}
+	
+	/* Set SSL callback routines. */
+
+    secStatus = SSL_GetClientAuthDataHook(sslSocket,
+                                  (SSLGetClientAuthData)  getClientAuthData,
+                                  (void *)certNickname);
+    if (secStatus != SECSuccess) {
+                slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+           		"setupSSLSocket: SSL_GetClientAuthDataHook Failed\n");
+    	       	goto sslbail;
+    }
+
+    secStatus = SSL_AuthCertificateHook(sslSocket,
+                           (SSLAuthCertificate)   authCertificate,
+                           (void *)CERT_GetDefaultCertDB());
+    if (secStatus != SECSuccess) {
+                slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+                     "setupSSLSocket: SSL_AuthCertificateHook Failed\n");
+                goto sslbail;
+    }
+
+	secStatus = SSL_BadCertHook(sslSocket,
+                        (SSLBadCertHandler)  badCertHandler, NULL);
+    if (secStatus != SECSuccess) {
+                slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+                     "setupSSLSocket: SSL_BadCertHook Failed\n");
+                goto sslbail;
+    }
+
+    secStatus = SSL_HandshakeCallback(sslSocket,
+                        (SSLHandshakeCallback)  handshakeCallback, NULL);
+    if (secStatus != SECSuccess) {
+                slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+                     "setupSSLSocket: SSL_HandshakeCallback Failed\n");
+                goto sslbail;
+    }
+
+    return sslSocket;
+
+sslbail:
+    PR_Close(fd);
+    return NULL;	
+}
+
+SECStatus
+  authCertificate(void *arg, PRFileDesc *socket,
+                  PRBool checksig, PRBool isServer)
+{
+
+    SECCertUsage        certUsage;
+    CERTCertificate *   cert;
+    void *              pinArg;
+    char *              hostName;
+    SECStatus           secStatus;
+
+    if (!arg || !socket) {
+    	slapi_log_error(SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+                " authCertificate: Faulty socket in callback function \n");
+        return SECFailure;
+    }
+
+    /* Define how the cert is being used based upon the isServer flag. */
+
+    certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
+
+    cert = SSL_PeerCertificate(socket);
+
+    pinArg = SSL_RevealPinArg(socket);
+
+    secStatus = CERT_VerifyCertNow((CERTCertDBHandle *)arg,
+                                       cert,
+                                       checksig,
+                                       certUsage,
+                                       pinArg);
+
+    /* If this is a server, we're finished. */
+    if (isServer || secStatus != SECSuccess) {
+                return secStatus;
+    }
+
+    hostName = SSL_RevealURL(socket);
+
+    if (hostName && hostName[0]) {
+                secStatus = CERT_VerifyCertName(cert, hostName);
+    } else {
+                PR_SetError(SSL_ERROR_BAD_CERT_DOMAIN, 0);
+                secStatus = SECFailure;
+    }
+
+    if (hostName)
+                PR_Free(hostName);
+
+    return secStatus;
+}
+
+SECStatus
+  badCertHandler(void *arg, PRFileDesc *socket)
+{
+
+    SECStatus   secStatus = SECFailure;
+    PRErrorCode err;
+
+    /* log invalid cert here */
+
+    if (!arg) {
+                return secStatus;
+    }
+
+    *(PRErrorCode *)arg = err = PORT_GetError();
+    switch (err) {
+    case SEC_ERROR_INVALID_AVA:
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_BAD_SIGNATURE:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SEC_ERROR_UNTRUSTED_CERT:
+    case SEC_ERROR_CERT_VALID:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_CRL_EXPIRED:
+    case SEC_ERROR_CRL_BAD_SIGNATURE:
+    case SEC_ERROR_EXTENSION_VALUE_INVALID:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case SEC_ERROR_CERT_USAGES_INVALID:
+    case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
+                secStatus = SECSuccess;
+        break;
+    default:
+                secStatus = SECFailure;
+        break;
+    }
+
+       	slapi_log_error(SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+        "Bad certificate: %d\n", err);
+
+    return secStatus;
+}
+
+SECStatus
+  getClientAuthData(void *arg,
+                    PRFileDesc *socket,
+                    struct CERTDistNamesStr *caNames,
+                    struct CERTCertificateStr **pRetCert,
+                    struct SECKEYPrivateKeyStr **pRetKey)
+{
+    CERTCertificate *  cert;
+    SECKEYPrivateKey * privKey;
+    char *             chosenNickName = (char *)arg;
+    void *             proto_win      = NULL;
+    SECStatus          secStatus      = SECFailure;
+    proto_win = SSL_RevealPinArg(socket);
+
+    if (chosenNickName) {
+                cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
+                if (cert) {
+                    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+                    if (privKey) {
+                                secStatus = SECSuccess;
+                    } else {
+                                CERT_DestroyCertificate(cert);
+                    }
+                }
+    } else { /* no nickname given, automatically find the right cert */
+        CERTCertNicknames *names;
+        int                i;
+
+        names = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
+                                      SEC_CERT_NICKNAMES_USER, proto_win);
+
+        if (names != NULL) {
+            for(i = 0; i < names->numnicknames; i++ ) {
+
+                cert = PK11_FindCertFromNickname(names->nicknames[i],
+                                                 proto_win);
+                if (!cert) {
+                    continue;
+                }
+
+                /* Only check unexpired certs */
+                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE)
+                      != secCertTimeValid ) {
+                    CERT_DestroyCertificate(cert);
+                    continue;
+                }
+
+                secStatus = NSS_CmpCertChainWCANames(cert, caNames);
+                if (secStatus == SECSuccess) {
+                    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+                    if (privKey) {
+                        break;
+                    }
+                    secStatus = SECFailure;
+                    break;
+                }
+                CERT_FreeNicknames(names);
+            } /* for loop */
+        }
+    }
+
+    if (secStatus == SECSuccess) {
+                *pRetCert = cert;
+                *pRetKey  = privKey;
+    }
+
+    return secStatus;
+}
+
+SECStatus
+  handshakeCallback(PRFileDesc *socket, void *arg)
+{
+    slapi_log_error(SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+    	"----------> Handshake has completed, ready to send data securely.\n");
+    return SECSuccess;
+}
+
+
+/**
+ * PUBLIC FUNCTIONS IMPLEMENTATION
+ */
+int http_impl_init(Slapi_ComponentId *plugin_id)
+{
+	int status = HTTP_IMPL_SUCCESS;
+       	slapi_log_error(SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+		"-> http_impl_init \n");
+	httpConfig = NULL;
+
+   	httpConfig = (httpPluginConfig *) slapi_ch_calloc(1, sizeof(httpPluginConfig));
+
+	status = readConfigLDAPurl(plugin_id, HTTP_PLUGIN_DN); 
+    if (status != 0) {
+       		 slapi_log_error(SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                        "http_impl_start: Unable to get HTTP config information \n");
+        	 return HTTP_IMPL_FAILURE;
+   	}
+	
+	status = readConfigLDAPurl(plugin_id, CONFIG_DN); 
+    if (status != 0) {
+       		 slapi_log_error(SLAPI_LOG_FATAL, HTTP_PLUGIN_SUBSYSTEM,
+                        "http_impl_start: Unable to get config information \n");
+        	 return HTTP_IMPL_FAILURE;
+    }
+	
+       	slapi_log_error(SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+		"<- http_impl_init \n");
+
+	return status;
+
+}
+
+
+int http_impl_get_text(char *url, char **data, int *bytesRead)
+{
+	int status = HTTP_IMPL_SUCCESS;
+	status = doRequestRetry(url, NULL, NULL, data, bytesRead, HTTP_REQ_TYPE_GET);
+	return status;
+}
+
+int http_impl_get_binary(char *url, char **data, int *bytesRead)
+{
+	int status = HTTP_IMPL_SUCCESS;
+	status = doRequestRetry(url, NULL, NULL, data, bytesRead, HTTP_REQ_TYPE_GET);
+	return status;
+}
+
+int http_impl_get_redirected_uri(char *url, char **data, int *bytesRead)
+{
+	int status = HTTP_IMPL_SUCCESS;
+	status = doRequestRetry(url, NULL, NULL, data, bytesRead, HTTP_REQ_TYPE_REDIRECT);
+	return status;
+}
+
+int http_impl_post(char *url, httpheader **httpheaderArray, char *body, char **data, int *bytesRead)
+{
+	int status = HTTP_IMPL_SUCCESS;
+	status = doRequestRetry(url, httpheaderArray, body, data, bytesRead, HTTP_REQ_TYPE_POST);
+	return status;
+}
+
+void http_impl_shutdown()
+{
+	int status = HTTP_IMPL_SUCCESS;
+	/**
+	 * Put cleanup code here
+	 */
+}
+
+static int readConfigLDAPurl(Slapi_ComponentId *plugin_id, char *plugindn) {
+
+	int rc = LDAP_SUCCESS;
+	Slapi_DN *sdn = NULL;
+	int status = HTTP_IMPL_SUCCESS;
+	Slapi_Entry  *entry = NULL;
+	
+	sdn = slapi_sdn_new_dn_byref(plugindn);
+	rc = slapi_search_internal_get_entry(sdn, NULL, &entry, plugin_id);
+    	slapi_sdn_free(&sdn);
+	if (rc != LDAP_SUCCESS) {
+            slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+                       "readConfigLDAPurl: Could not find entry %s (error %d)\n", plugindn, rc);
+            status = HTTP_IMPL_FAILURE;
+            return status;
+   	}
+	if (NULL == entry)
+    	{
+            slapi_log_error( SLAPI_LOG_PLUGIN, HTTP_PLUGIN_SUBSYSTEM,
+                       "readConfigLDAPurl: No entries found for <%s>\n", plugindn);
+
+            status = HTTP_IMPL_FAILURE;
+            return status;
+    	}
+
+	if ((PL_strcasecmp(plugindn, HTTP_PLUGIN_DN) == 0))
+		status = parseHTTPConfigEntry(entry);
+	else
+		status = parseConfigEntry(entry);
+
+	slapi_entry_free(entry);
+    	return status;
+
+}
+
+/* Retrieves the plugin configuration info */
+
+/* Retrieves security info as well as the path info required for the SSL
+config dir */
+static int parseConfigEntry(Slapi_Entry *e)
+{
+    char *value = NULL;
+
+    value = slapi_entry_attr_get_charptr(e, ATTR_DS_SECURITY);
+    if (value) {
+           httpConfig->DS_sslOn = value;
+    }
+
+    return HTTP_IMPL_SUCCESS;
+
+}
+
+
+static int parseHTTPConfigEntry(Slapi_Entry *e)
+{
+    int value = 0;
+
+
+    value = slapi_entry_attr_get_int(e, ATTR_RETRY_COUNT);
+    if (value) {
+            httpConfig->retryCount = value;
+    }
+
+    value = slapi_entry_attr_get_int(e, ATTR_CONNECTION_TIME_OUT);
+    if (value) {
+            httpConfig->connectionTimeOut = value;
+    }
+   	else {
+                 LDAPDebug( LDAP_DEBUG_PLUGIN, "parseHTTPConfigEntry: HTTP Connection Time Out cannot be read. Setting to default value of 5000 ms \n", 0,0,0);
+                 httpConfig->connectionTimeOut = 5000;
+   	}
+
+
+    value = slapi_entry_attr_get_int(e, ATTR_READ_TIME_OUT);
+    if (value) {
+            httpConfig->readTimeOut = value;
+    }
+    else {
+                 LDAPDebug( LDAP_DEBUG_PLUGIN, "parseHTTPConfigEntry: HTTP Read Time Out cannot be read. Setting to default value of 5000 ms \n", 0,0,0);
+                 httpConfig->readTimeOut = 5000;
+   	}
+	
+	httpConfig->nssInitialized = 0;
+
+    return HTTP_IMPL_SUCCESS;
+
+}
+
+/**
+ * Self Testing
+ */
+#ifdef BUILD_STANDALONE
+int main(int argc, char **argv)
+{
+	PRStatus status = PR_SUCCESS;
+	char *buf;
+	int bytes;
+	char *host;
+	PRInt32 port;
+	char *path;
+	if (argc < 2) {
+		printf("URL missing\n");
+		return -1;
+	}
+	PR_Init(PR_USER_THREAD,PR_PRIORITY_NORMAL, 0);
+	doRequest(argv[1], &buf, &bytes, 2);
+	printf( "%s\n", buf );
+	return -1;
+}
+#endif
+
diff --git a/ldap/servers/plugins/http/http_impl.h b/ldap/servers/plugins/http/http_impl.h
new file mode 100644
index 00000000..0bca3ca2
--- /dev/null
+++ b/ldap/servers/plugins/http/http_impl.h
@@ -0,0 +1,25 @@
+/**
+ * PROPRIETARY/CONFIDENTIAL. Use of this product is subject to
+ * license terms. Copyright 2001 Sun Microsystems, Inc.
+ * Some preexisting portions Copyright 2001 Netscape Communications Corp.
+ * All rights reserved.
+ */
+#ifndef HTTP_IMPL_H__
+#define HTTP_IMPL_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int http_impl_init(Slapi_ComponentId *plugin_id);
+int http_impl_get_text(char *url, char **data, int *bytesRead);
+int http_impl_get_binary(char *url, char **data, int *bytesRead);
+int http_impl_get_redirected_uri(char *url, char **data, int *bytesRead);
+int http_impl_post(char *url, httpheader **httpheaderArray, char *body, char **data, int *bytesRead);
+void http_impl_shutdown();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif