/src/botan/src/lib/utils/http_util/http_util.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Sketchy HTTP client |
3 | | * (C) 2013,2016 Jack Lloyd |
4 | | * 2017 René Korthaus, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/internal/http_util.h> |
10 | | #include <botan/internal/parsing.h> |
11 | | #include <botan/hex.h> |
12 | | #include <botan/internal/os_utils.h> |
13 | | #include <botan/internal/socket.h> |
14 | | #include <botan/internal/stl_util.h> |
15 | | #include <sstream> |
16 | | |
17 | | namespace Botan { |
18 | | |
19 | | namespace HTTP { |
20 | | |
21 | | namespace { |
22 | | |
23 | | /* |
24 | | * Connect to a host, write some bytes, then read until the server |
25 | | * closes the socket. |
26 | | */ |
27 | | std::string http_transact(const std::string& hostname, |
28 | | const std::string& service, |
29 | | const std::string& message, |
30 | | std::chrono::milliseconds timeout) |
31 | 0 | { |
32 | 0 | std::unique_ptr<OS::Socket> socket; |
33 | |
|
34 | 0 | const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now(); |
35 | |
|
36 | 0 | try |
37 | 0 | { |
38 | 0 | socket = OS::open_socket(hostname, service, timeout); |
39 | 0 | if(!socket) |
40 | 0 | throw Not_Implemented("No socket support enabled in build"); |
41 | 0 | } |
42 | 0 | catch(std::exception& e) |
43 | 0 | { |
44 | 0 | throw HTTP_Error("HTTP connection to " + hostname + " failed: " + e.what()); |
45 | 0 | } |
46 | | |
47 | | // Blocks until entire message has been written |
48 | 0 | socket->write(cast_char_ptr_to_uint8(message.data()), |
49 | 0 | message.size()); |
50 | |
|
51 | 0 | if(std::chrono::system_clock::now() - start_time > timeout) |
52 | 0 | throw HTTP_Error("Timeout during writing message body"); |
53 | | |
54 | 0 | std::ostringstream oss; |
55 | 0 | std::vector<uint8_t> buf(BOTAN_DEFAULT_BUFFER_SIZE); |
56 | 0 | while(true) |
57 | 0 | { |
58 | 0 | const size_t got = socket->read(buf.data(), buf.size()); |
59 | 0 | if(got == 0) // EOF |
60 | 0 | break; |
61 | | |
62 | 0 | if(std::chrono::system_clock::now() - start_time > timeout) |
63 | 0 | throw HTTP_Error("Timeout while reading message body"); |
64 | | |
65 | 0 | oss.write(cast_uint8_ptr_to_char(buf.data()), |
66 | 0 | static_cast<std::streamsize>(got)); |
67 | 0 | } |
68 | |
|
69 | 0 | return oss.str(); |
70 | 0 | } |
71 | | |
72 | | } |
73 | | |
74 | | std::string url_encode(const std::string& in) |
75 | 0 | { |
76 | 0 | std::ostringstream out; |
77 | |
|
78 | 0 | for(auto c : in) |
79 | 0 | { |
80 | 0 | if(c >= 'A' && c <= 'Z') |
81 | 0 | out << c; |
82 | 0 | else if(c >= 'a' && c <= 'z') |
83 | 0 | out << c; |
84 | 0 | else if(c >= '0' && c <= '9') |
85 | 0 | out << c; |
86 | 0 | else if(c == '-' || c == '_' || c == '.' || c == '~') |
87 | 0 | out << c; |
88 | 0 | else |
89 | 0 | out << '%' << hex_encode(cast_char_ptr_to_uint8(&c), 1); |
90 | 0 | } |
91 | |
|
92 | 0 | return out.str(); |
93 | 0 | } |
94 | | |
95 | | std::ostream& operator<<(std::ostream& o, const Response& resp) |
96 | 0 | { |
97 | 0 | o << "HTTP " << resp.status_code() << " " << resp.status_message() << "\n"; |
98 | 0 | for(auto h : resp.headers()) |
99 | 0 | o << "Header '" << h.first << "' = '" << h.second << "'\n"; |
100 | 0 | o << "Body " << std::to_string(resp.body().size()) << " bytes:\n"; |
101 | 0 | o.write(cast_uint8_ptr_to_char(resp.body().data()), resp.body().size()); |
102 | 0 | return o; |
103 | 0 | } |
104 | | |
105 | | Response http_sync(http_exch_fn http_transact, |
106 | | const std::string& verb, |
107 | | const std::string& url, |
108 | | const std::string& content_type, |
109 | | const std::vector<uint8_t>& body, |
110 | | size_t allowable_redirects) |
111 | 0 | { |
112 | 0 | if(url.empty()) |
113 | 0 | throw HTTP_Error("URL empty"); |
114 | | |
115 | 0 | const auto protocol_host_sep = url.find("://"); |
116 | 0 | if(protocol_host_sep == std::string::npos) |
117 | 0 | throw HTTP_Error("Invalid URL '" + url + "'"); |
118 | | |
119 | 0 | const auto host_loc_sep = url.find('/', protocol_host_sep + 3); |
120 | |
|
121 | 0 | std::string hostname, loc, service; |
122 | |
|
123 | 0 | if(host_loc_sep == std::string::npos) |
124 | 0 | { |
125 | 0 | hostname = url.substr(protocol_host_sep + 3, std::string::npos); |
126 | 0 | loc = "/"; |
127 | 0 | } |
128 | 0 | else |
129 | 0 | { |
130 | 0 | hostname = url.substr(protocol_host_sep + 3, host_loc_sep-protocol_host_sep-3); |
131 | 0 | loc = url.substr(host_loc_sep, std::string::npos); |
132 | 0 | } |
133 | |
|
134 | 0 | const auto port_sep = hostname.find(":"); |
135 | 0 | if(port_sep == std::string::npos) |
136 | 0 | { |
137 | 0 | service = "http"; |
138 | | // hostname not modified |
139 | 0 | } |
140 | 0 | else |
141 | 0 | { |
142 | 0 | service = hostname.substr(port_sep + 1, std::string::npos); |
143 | 0 | hostname = hostname.substr(0, port_sep); |
144 | 0 | } |
145 | |
|
146 | 0 | std::ostringstream outbuf; |
147 | |
|
148 | 0 | outbuf << verb << " " << loc << " HTTP/1.0\r\n"; |
149 | 0 | outbuf << "Host: " << hostname << "\r\n"; |
150 | |
|
151 | 0 | if(verb == "GET") |
152 | 0 | { |
153 | 0 | outbuf << "Accept: */*\r\n"; |
154 | 0 | outbuf << "Cache-Control: no-cache\r\n"; |
155 | 0 | } |
156 | 0 | else if(verb == "POST") |
157 | 0 | outbuf << "Content-Length: " << body.size() << "\r\n"; |
158 | |
|
159 | 0 | if(!content_type.empty()) |
160 | 0 | outbuf << "Content-Type: " << content_type << "\r\n"; |
161 | 0 | outbuf << "Connection: close\r\n\r\n"; |
162 | 0 | outbuf.write(cast_uint8_ptr_to_char(body.data()), body.size()); |
163 | |
|
164 | 0 | std::istringstream io(http_transact(hostname, service, outbuf.str())); |
165 | |
|
166 | 0 | std::string line1; |
167 | 0 | std::getline(io, line1); |
168 | 0 | if(!io || line1.empty()) |
169 | 0 | throw HTTP_Error("No response"); |
170 | | |
171 | 0 | std::stringstream response_stream(line1); |
172 | 0 | std::string http_version; |
173 | 0 | unsigned int status_code; |
174 | 0 | std::string status_message; |
175 | |
|
176 | 0 | response_stream >> http_version >> status_code; |
177 | |
|
178 | 0 | std::getline(response_stream, status_message); |
179 | |
|
180 | 0 | if(!response_stream || http_version.substr(0,5) != "HTTP/") |
181 | 0 | throw HTTP_Error("Not an HTTP response"); |
182 | | |
183 | 0 | std::map<std::string, std::string> headers; |
184 | 0 | std::string header_line; |
185 | 0 | while (std::getline(io, header_line) && header_line != "\r") |
186 | 0 | { |
187 | 0 | auto sep = header_line.find(": "); |
188 | 0 | if(sep == std::string::npos || sep > header_line.size() - 2) |
189 | 0 | throw HTTP_Error("Invalid HTTP header " + header_line); |
190 | 0 | const std::string key = header_line.substr(0, sep); |
191 | |
|
192 | 0 | if(sep + 2 < header_line.size() - 1) |
193 | 0 | { |
194 | 0 | const std::string val = header_line.substr(sep + 2, (header_line.size() - 1) - (sep + 2)); |
195 | 0 | headers[key] = val; |
196 | 0 | } |
197 | 0 | } |
198 | |
|
199 | 0 | if(status_code == 301 && headers.count("Location")) |
200 | 0 | { |
201 | 0 | if(allowable_redirects == 0) |
202 | 0 | throw HTTP_Error("HTTP redirection count exceeded"); |
203 | 0 | return GET_sync(headers["Location"], allowable_redirects - 1); |
204 | 0 | } |
205 | | |
206 | 0 | std::vector<uint8_t> resp_body; |
207 | 0 | std::vector<uint8_t> buf(4096); |
208 | 0 | while(io.good()) |
209 | 0 | { |
210 | 0 | io.read(cast_uint8_ptr_to_char(buf.data()), buf.size()); |
211 | 0 | const size_t got = static_cast<size_t>(io.gcount()); |
212 | 0 | resp_body.insert(resp_body.end(), buf.data(), &buf[got]); |
213 | 0 | } |
214 | |
|
215 | 0 | const std::string header_size = search_map(headers, std::string("Content-Length")); |
216 | |
|
217 | 0 | if(!header_size.empty()) |
218 | 0 | { |
219 | 0 | if(resp_body.size() != to_u32bit(header_size)) |
220 | 0 | throw HTTP_Error("Content-Length disagreement, header says " + |
221 | 0 | header_size + " got " + std::to_string(resp_body.size())); |
222 | 0 | } |
223 | | |
224 | 0 | return Response(status_code, status_message, resp_body, headers); |
225 | 0 | } |
226 | | |
227 | | Response http_sync(const std::string& verb, |
228 | | const std::string& url, |
229 | | const std::string& content_type, |
230 | | const std::vector<uint8_t>& body, |
231 | | size_t allowable_redirects, |
232 | | std::chrono::milliseconds timeout) |
233 | 0 | { |
234 | 0 | auto transact_with_timeout = |
235 | 0 | [timeout](const std::string& hostname, const std::string& service, const std::string& message) |
236 | 0 | { |
237 | 0 | return http_transact(hostname, service, message, timeout); |
238 | 0 | }; |
239 | |
|
240 | 0 | return http_sync( |
241 | 0 | transact_with_timeout, |
242 | 0 | verb, |
243 | 0 | url, |
244 | 0 | content_type, |
245 | 0 | body, |
246 | 0 | allowable_redirects); |
247 | 0 | } |
248 | | |
249 | | Response GET_sync(const std::string& url, |
250 | | size_t allowable_redirects, |
251 | | std::chrono::milliseconds timeout) |
252 | 0 | { |
253 | 0 | return http_sync("GET", url, "", std::vector<uint8_t>(), allowable_redirects, timeout); |
254 | 0 | } |
255 | | |
256 | | Response POST_sync(const std::string& url, |
257 | | const std::string& content_type, |
258 | | const std::vector<uint8_t>& body, |
259 | | size_t allowable_redirects, |
260 | | std::chrono::milliseconds timeout) |
261 | 0 | { |
262 | 0 | return http_sync("POST", url, content_type, body, allowable_redirects, timeout); |
263 | 0 | } |
264 | | |
265 | | } |
266 | | |
267 | | } |