/src/botan/src/lib/utils/http_util/http_util.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Sketchy HTTP client |
3 | | * (C) 2013,2016 Jack Lloyd |
4 | | * 2017 René Korthaus, Rohde & Schwarz Cybersecurity |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/internal/http_util.h> |
10 | | |
11 | | #include <botan/hex.h> |
12 | | #include <botan/mem_ops.h> |
13 | | #include <botan/internal/fmt.h> |
14 | | #include <botan/internal/parsing.h> |
15 | | #include <botan/internal/socket.h> |
16 | | #include <botan/internal/stl_util.h> |
17 | | #include <sstream> |
18 | | |
19 | | namespace Botan::HTTP { |
20 | | |
21 | | namespace { |
22 | | |
23 | | /* |
24 | | * Connect to a host, write some bytes, then read until the server |
25 | | * closes the socket. |
26 | | */ |
27 | | std::string http_transact(std::string_view hostname, |
28 | | std::string_view service, |
29 | | std::string_view message, |
30 | 0 | std::chrono::milliseconds timeout) { |
31 | 0 | std::unique_ptr<OS::Socket> socket; |
32 | |
|
33 | 0 | const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now(); |
34 | |
|
35 | 0 | try { |
36 | 0 | socket = OS::open_socket(hostname, service, timeout); |
37 | 0 | if(!socket) { |
38 | 0 | throw Not_Implemented("No socket support enabled in build"); |
39 | 0 | } |
40 | 0 | } catch(std::exception& e) { |
41 | 0 | throw HTTP_Error(fmt("HTTP connection to {} failed: {}", hostname, e.what())); |
42 | 0 | } |
43 | | |
44 | | // Blocks until entire message has been written |
45 | 0 | socket->write(cast_char_ptr_to_uint8(message.data()), message.size()); |
46 | |
|
47 | 0 | if(std::chrono::system_clock::now() - start_time > timeout) { |
48 | 0 | throw HTTP_Error("Timeout during writing message body"); |
49 | 0 | } |
50 | | |
51 | 0 | std::ostringstream oss; |
52 | 0 | std::vector<uint8_t> buf(DefaultBufferSize); |
53 | 0 | while(true) { |
54 | 0 | const size_t got = socket->read(buf.data(), buf.size()); |
55 | 0 | if(got == 0) { // EOF |
56 | 0 | break; |
57 | 0 | } |
58 | | |
59 | 0 | if(std::chrono::system_clock::now() - start_time > timeout) { |
60 | 0 | throw HTTP_Error("Timeout while reading message body"); |
61 | 0 | } |
62 | | |
63 | 0 | oss.write(cast_uint8_ptr_to_char(buf.data()), static_cast<std::streamsize>(got)); |
64 | 0 | } |
65 | | |
66 | 0 | return oss.str(); |
67 | 0 | } |
68 | | |
69 | 0 | bool needs_url_encoding(char c) { |
70 | 0 | if(c >= 'A' && c <= 'Z') { |
71 | 0 | return false; |
72 | 0 | } |
73 | 0 | if(c >= 'a' && c <= 'z') { |
74 | 0 | return false; |
75 | 0 | } |
76 | 0 | if(c >= '0' && c <= '9') { |
77 | 0 | return false; |
78 | 0 | } |
79 | 0 | if(c == '-' || c == '_' || c == '.' || c == '~') { |
80 | 0 | return false; |
81 | 0 | } |
82 | 0 | return true; |
83 | 0 | } |
84 | | |
85 | | } // namespace |
86 | | |
87 | 0 | std::string url_encode(std::string_view in) { |
88 | 0 | std::ostringstream out; |
89 | |
|
90 | 0 | for(auto c : in) { |
91 | 0 | if(needs_url_encoding(c)) { |
92 | 0 | out << '%' << hex_encode(cast_char_ptr_to_uint8(&c), 1); |
93 | 0 | } else { |
94 | 0 | out << c; |
95 | 0 | } |
96 | 0 | } |
97 | |
|
98 | 0 | return out.str(); |
99 | 0 | } |
100 | | |
101 | 0 | std::ostream& operator<<(std::ostream& o, const Response& resp) { |
102 | 0 | o << "HTTP " << resp.status_code() << " " << resp.status_message() << "\n"; |
103 | 0 | for(const auto& h : resp.headers()) { |
104 | 0 | o << "Header '" << h.first << "' = '" << h.second << "'\n"; |
105 | 0 | } |
106 | 0 | o << "Body " << std::to_string(resp.body().size()) << " bytes:\n"; |
107 | 0 | o.write(cast_uint8_ptr_to_char(resp.body().data()), resp.body().size()); |
108 | 0 | return o; |
109 | 0 | } |
110 | | |
111 | | Response http_sync(const http_exch_fn& http_transact, |
112 | | std::string_view verb, |
113 | | std::string_view url, |
114 | | std::string_view content_type, |
115 | | const std::vector<uint8_t>& body, |
116 | 0 | size_t allowable_redirects) { |
117 | 0 | if(url.empty()) { |
118 | 0 | throw HTTP_Error("URL empty"); |
119 | 0 | } |
120 | | |
121 | 0 | const auto protocol_host_sep = url.find("://"); |
122 | 0 | if(protocol_host_sep == std::string::npos) { |
123 | 0 | throw HTTP_Error(fmt("Invalid URL '{}'", url)); |
124 | 0 | } |
125 | | |
126 | 0 | const auto host_loc_sep = url.find('/', protocol_host_sep + 3); |
127 | |
|
128 | 0 | std::string hostname, loc, service; |
129 | |
|
130 | 0 | if(host_loc_sep == std::string::npos) { |
131 | 0 | hostname = url.substr(protocol_host_sep + 3, std::string::npos); |
132 | 0 | loc = "/"; |
133 | 0 | } else { |
134 | 0 | hostname = url.substr(protocol_host_sep + 3, host_loc_sep - protocol_host_sep - 3); |
135 | 0 | loc = url.substr(host_loc_sep, std::string::npos); |
136 | 0 | } |
137 | |
|
138 | 0 | const auto port_sep = hostname.find(':'); |
139 | 0 | if(port_sep == std::string::npos) { |
140 | 0 | service = "http"; |
141 | | // hostname not modified |
142 | 0 | } else { |
143 | 0 | service = hostname.substr(port_sep + 1, std::string::npos); |
144 | 0 | hostname = hostname.substr(0, port_sep); |
145 | 0 | } |
146 | |
|
147 | 0 | std::ostringstream outbuf; |
148 | |
|
149 | 0 | outbuf << verb << " " << loc << " HTTP/1.0\r\n"; |
150 | 0 | outbuf << "Host: " << hostname << "\r\n"; |
151 | |
|
152 | 0 | if(verb == "GET") { |
153 | 0 | outbuf << "Accept: */*\r\n"; |
154 | 0 | outbuf << "Cache-Control: no-cache\r\n"; |
155 | 0 | } else if(verb == "POST") { |
156 | 0 | outbuf << "Content-Length: " << body.size() << "\r\n"; |
157 | 0 | } |
158 | |
|
159 | 0 | if(!content_type.empty()) { |
160 | 0 | outbuf << "Content-Type: " << content_type << "\r\n"; |
161 | 0 | } |
162 | 0 | outbuf << "Connection: close\r\n\r\n"; |
163 | 0 | outbuf.write(cast_uint8_ptr_to_char(body.data()), body.size()); |
164 | |
|
165 | 0 | std::istringstream io(http_transact(hostname, service, outbuf.str())); |
166 | |
|
167 | 0 | std::string line1; |
168 | 0 | std::getline(io, line1); |
169 | 0 | if(!io || line1.empty()) { |
170 | 0 | throw HTTP_Error("No response"); |
171 | 0 | } |
172 | | |
173 | 0 | std::stringstream response_stream(line1); |
174 | 0 | std::string http_version; |
175 | 0 | unsigned int status_code; |
176 | 0 | std::string status_message; |
177 | |
|
178 | 0 | response_stream >> http_version >> status_code; |
179 | |
|
180 | 0 | std::getline(response_stream, status_message); |
181 | |
|
182 | 0 | if(!response_stream || http_version.substr(0, 5) != "HTTP/") { |
183 | 0 | throw HTTP_Error("Not an HTTP response"); |
184 | 0 | } |
185 | | |
186 | 0 | std::map<std::string, std::string> headers; |
187 | 0 | std::string header_line; |
188 | 0 | while(std::getline(io, header_line) && header_line != "\r") { |
189 | 0 | auto sep = header_line.find(": "); |
190 | 0 | if(sep == std::string::npos || sep > header_line.size() - 2) { |
191 | 0 | throw HTTP_Error(fmt("Invalid HTTP header '{}'", header_line)); |
192 | 0 | } |
193 | 0 | const std::string key = header_line.substr(0, sep); |
194 | |
|
195 | 0 | if(sep + 2 < header_line.size() - 1) { |
196 | 0 | const std::string val = header_line.substr(sep + 2, (header_line.size() - 1) - (sep + 2)); |
197 | 0 | headers[key] = val; |
198 | 0 | } |
199 | 0 | } |
200 | | |
201 | 0 | if(status_code == 301 && headers.contains("Location")) { |
202 | 0 | if(allowable_redirects == 0) { |
203 | 0 | throw HTTP_Error("HTTP redirection count exceeded"); |
204 | 0 | } |
205 | 0 | return GET_sync(headers["Location"], allowable_redirects - 1); |
206 | 0 | } |
207 | | |
208 | 0 | std::vector<uint8_t> resp_body; |
209 | 0 | std::vector<uint8_t> buf(4096); |
210 | 0 | while(io.good()) { |
211 | 0 | io.read(cast_uint8_ptr_to_char(buf.data()), buf.size()); |
212 | 0 | const size_t got = static_cast<size_t>(io.gcount()); |
213 | 0 | resp_body.insert(resp_body.end(), buf.data(), &buf[got]); |
214 | 0 | } |
215 | |
|
216 | 0 | auto cl_hdr = headers.find("Content-Length"); |
217 | 0 | if(cl_hdr != headers.end()) { |
218 | 0 | const std::string header_size = cl_hdr->second; |
219 | 0 | if(resp_body.size() != to_u32bit(header_size)) { |
220 | 0 | throw HTTP_Error(fmt("Content-Length disagreement, header says {} got {}", header_size, resp_body.size())); |
221 | 0 | } |
222 | 0 | } |
223 | | |
224 | 0 | return Response(status_code, status_message, resp_body, headers); |
225 | 0 | } |
226 | | |
227 | | Response http_sync(std::string_view verb, |
228 | | std::string_view url, |
229 | | std::string_view content_type, |
230 | | const std::vector<uint8_t>& body, |
231 | | size_t allowable_redirects, |
232 | 0 | std::chrono::milliseconds timeout) { |
233 | 0 | auto transact_with_timeout = [timeout]( |
234 | 0 | std::string_view hostname, std::string_view service, std::string_view message) { |
235 | 0 | return http_transact(hostname, service, message, timeout); |
236 | 0 | }; |
237 | |
|
238 | 0 | return http_sync(transact_with_timeout, verb, url, content_type, body, allowable_redirects); |
239 | 0 | } |
240 | | |
241 | 0 | Response GET_sync(std::string_view url, size_t allowable_redirects, std::chrono::milliseconds timeout) { |
242 | 0 | return http_sync("GET", url, "", std::vector<uint8_t>(), allowable_redirects, timeout); |
243 | 0 | } |
244 | | |
245 | | Response POST_sync(std::string_view url, |
246 | | std::string_view content_type, |
247 | | const std::vector<uint8_t>& body, |
248 | | size_t allowable_redirects, |
249 | 0 | std::chrono::milliseconds timeout) { |
250 | 0 | return http_sync("POST", url, content_type, body, allowable_redirects, timeout); |
251 | 0 | } |
252 | | |
253 | | } // namespace Botan::HTTP |