diff options
Diffstat (limited to 'comm/third_party/botan/src/lib/utils/http_util/http_util.cpp')
| -rw-r--r-- | comm/third_party/botan/src/lib/utils/http_util/http_util.cpp | 267 |
1 files changed, 267 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/lib/utils/http_util/http_util.cpp b/comm/third_party/botan/src/lib/utils/http_util/http_util.cpp new file mode 100644 index 0000000000..342fe2e843 --- /dev/null +++ b/comm/third_party/botan/src/lib/utils/http_util/http_util.cpp @@ -0,0 +1,267 @@ +/* +* Sketchy HTTP client +* (C) 2013,2016 Jack Lloyd +* 2017 René Korthaus, Rohde & Schwarz Cybersecurity +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/http_util.h> +#include <botan/parsing.h> +#include <botan/hex.h> +#include <botan/internal/os_utils.h> +#include <botan/internal/socket.h> +#include <botan/internal/stl_util.h> +#include <sstream> + +namespace Botan { + +namespace HTTP { + +namespace { + +/* +* Connect to a host, write some bytes, then read until the server +* closes the socket. +*/ +std::string http_transact(const std::string& hostname, + const std::string& service, + const std::string& message, + std::chrono::milliseconds timeout) + { + std::unique_ptr<OS::Socket> socket; + + const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now(); + + try + { + socket = OS::open_socket(hostname, service, timeout); + if(!socket) + throw Not_Implemented("No socket support enabled in build"); + } + catch(std::exception& e) + { + throw HTTP_Error("HTTP connection to " + hostname + " failed: " + e.what()); + } + + // Blocks until entire message has been written + socket->write(cast_char_ptr_to_uint8(message.data()), + message.size()); + + if(std::chrono::system_clock::now() - start_time > timeout) + throw HTTP_Error("Timeout during writing message body"); + + std::ostringstream oss; + std::vector<uint8_t> buf(BOTAN_DEFAULT_BUFFER_SIZE); + while(true) + { + const size_t got = socket->read(buf.data(), buf.size()); + if(got == 0) // EOF + break; + + if(std::chrono::system_clock::now() - start_time > timeout) + throw HTTP_Error("Timeout while reading message body"); + + oss.write(cast_uint8_ptr_to_char(buf.data()), + static_cast<std::streamsize>(got)); + } + + return oss.str(); + } + +} + +std::string url_encode(const std::string& in) + { + std::ostringstream out; + + for(auto c : in) + { + if(c >= 'A' && c <= 'Z') + out << c; + else if(c >= 'a' && c <= 'z') + out << c; + else if(c >= '0' && c <= '9') + out << c; + else if(c == '-' || c == '_' || c == '.' || c == '~') + out << c; + else + out << '%' << hex_encode(cast_char_ptr_to_uint8(&c), 1); + } + + return out.str(); + } + +std::ostream& operator<<(std::ostream& o, const Response& resp) + { + o << "HTTP " << resp.status_code() << " " << resp.status_message() << "\n"; + for(auto h : resp.headers()) + o << "Header '" << h.first << "' = '" << h.second << "'\n"; + o << "Body " << std::to_string(resp.body().size()) << " bytes:\n"; + o.write(cast_uint8_ptr_to_char(resp.body().data()), resp.body().size()); + return o; + } + +Response http_sync(http_exch_fn http_transact, + const std::string& verb, + const std::string& url, + const std::string& content_type, + const std::vector<uint8_t>& body, + size_t allowable_redirects) + { + if(url.empty()) + throw HTTP_Error("URL empty"); + + const auto protocol_host_sep = url.find("://"); + if(protocol_host_sep == std::string::npos) + throw HTTP_Error("Invalid URL '" + url + "'"); + + const auto host_loc_sep = url.find('/', protocol_host_sep + 3); + + std::string hostname, loc, service; + + if(host_loc_sep == std::string::npos) + { + hostname = url.substr(protocol_host_sep + 3, std::string::npos); + loc = "/"; + } + else + { + hostname = url.substr(protocol_host_sep + 3, host_loc_sep-protocol_host_sep-3); + loc = url.substr(host_loc_sep, std::string::npos); + } + + const auto port_sep = hostname.find(":"); + if(port_sep == std::string::npos) + { + service = "http"; + // hostname not modified + } + else + { + service = hostname.substr(port_sep + 1, std::string::npos); + hostname = hostname.substr(0, port_sep); + } + + std::ostringstream outbuf; + + outbuf << verb << " " << loc << " HTTP/1.0\r\n"; + outbuf << "Host: " << hostname << "\r\n"; + + if(verb == "GET") + { + outbuf << "Accept: */*\r\n"; + outbuf << "Cache-Control: no-cache\r\n"; + } + else if(verb == "POST") + outbuf << "Content-Length: " << body.size() << "\r\n"; + + if(!content_type.empty()) + outbuf << "Content-Type: " << content_type << "\r\n"; + outbuf << "Connection: close\r\n\r\n"; + outbuf.write(cast_uint8_ptr_to_char(body.data()), body.size()); + + std::istringstream io(http_transact(hostname, service, outbuf.str())); + + std::string line1; + std::getline(io, line1); + if(!io || line1.empty()) + throw HTTP_Error("No response"); + + std::stringstream response_stream(line1); + std::string http_version; + unsigned int status_code; + std::string status_message; + + response_stream >> http_version >> status_code; + + std::getline(response_stream, status_message); + + if(!response_stream || http_version.substr(0,5) != "HTTP/") + throw HTTP_Error("Not an HTTP response"); + + std::map<std::string, std::string> headers; + std::string header_line; + while (std::getline(io, header_line) && header_line != "\r") + { + auto sep = header_line.find(": "); + if(sep == std::string::npos || sep > header_line.size() - 2) + throw HTTP_Error("Invalid HTTP header " + header_line); + const std::string key = header_line.substr(0, sep); + + if(sep + 2 < header_line.size() - 1) + { + const std::string val = header_line.substr(sep + 2, (header_line.size() - 1) - (sep + 2)); + headers[key] = val; + } + } + + if(status_code == 301 && headers.count("Location")) + { + if(allowable_redirects == 0) + throw HTTP_Error("HTTP redirection count exceeded"); + return GET_sync(headers["Location"], allowable_redirects - 1); + } + + std::vector<uint8_t> resp_body; + std::vector<uint8_t> buf(4096); + while(io.good()) + { + io.read(cast_uint8_ptr_to_char(buf.data()), buf.size()); + const size_t got = static_cast<size_t>(io.gcount()); + resp_body.insert(resp_body.end(), buf.data(), &buf[got]); + } + + const std::string header_size = search_map(headers, std::string("Content-Length")); + + if(!header_size.empty()) + { + if(resp_body.size() != to_u32bit(header_size)) + throw HTTP_Error("Content-Length disagreement, header says " + + header_size + " got " + std::to_string(resp_body.size())); + } + + return Response(status_code, status_message, resp_body, headers); + } + +Response http_sync(const std::string& verb, + const std::string& url, + const std::string& content_type, + const std::vector<uint8_t>& body, + size_t allowable_redirects, + std::chrono::milliseconds timeout) + { + auto transact_with_timeout = + [timeout](const std::string& hostname, const std::string& service, const std::string& message) + { + return http_transact(hostname, service, message, timeout); + }; + + return http_sync( + transact_with_timeout, + verb, + url, + content_type, + body, + allowable_redirects); + } + +Response GET_sync(const std::string& url, + size_t allowable_redirects, + std::chrono::milliseconds timeout) + { + return http_sync("GET", url, "", std::vector<uint8_t>(), allowable_redirects, timeout); + } + +Response POST_sync(const std::string& url, + const std::string& content_type, + const std::vector<uint8_t>& body, + size_t allowable_redirects, + std::chrono::milliseconds timeout) + { + return http_sync("POST", url, content_type, body, allowable_redirects, timeout); + } + +} + +} |