Botan 2.19.1
Crypto and TLS for C&
http_util.cpp
Go to the documentation of this file.
1/*
2* Sketchy HTTP client
3* (C) 2013,2016 Jack Lloyd
4* 2017 René Korthaus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/http_util.h>
10#include <botan/parsing.h>
11#include <botan/hex.h>
12#include <botan/internal/os_utils.h>
13#include <botan/internal/socket.h>
14#include <botan/internal/stl_util.h>
15#include <sstream>
16
17namespace Botan {
18
19namespace HTTP {
20
21namespace {
22
23/*
24* Connect to a host, write some bytes, then read until the server
25* closes the socket.
26*/
27std::string http_transact(const std::string& hostname,
28 const std::string& service,
29 const std::string& message,
30 std::chrono::milliseconds timeout)
31 {
32 std::unique_ptr<OS::Socket> socket;
33
34 const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now();
35
36 try
37 {
38 socket = OS::open_socket(hostname, service, timeout);
39 if(!socket)
40 throw Not_Implemented("No socket support enabled in build");
41 }
42 catch(std::exception& e)
43 {
44 throw HTTP_Error("HTTP connection to " + hostname + " failed: " + e.what());
45 }
46
47 // Blocks until entire message has been written
48 socket->write(cast_char_ptr_to_uint8(message.data()),
49 message.size());
50
51 if(std::chrono::system_clock::now() - start_time > timeout)
52 throw HTTP_Error("Timeout during writing message body");
53
54 std::ostringstream oss;
55 std::vector<uint8_t> buf(BOTAN_DEFAULT_BUFFER_SIZE);
56 while(true)
57 {
58 const size_t got = socket->read(buf.data(), buf.size());
59 if(got == 0) // EOF
60 break;
61
62 if(std::chrono::system_clock::now() - start_time > timeout)
63 throw HTTP_Error("Timeout while reading message body");
64
65 oss.write(cast_uint8_ptr_to_char(buf.data()),
66 static_cast<std::streamsize>(got));
67 }
68
69 return oss.str();
70 }
71
72}
73
74std::string url_encode(const std::string& in)
75 {
76 std::ostringstream out;
77
78 for(auto c : in)
79 {
80 if(c >= 'A' && c <= 'Z')
81 out << c;
82 else if(c >= 'a' && c <= 'z')
83 out << c;
84 else if(c >= '0' && c <= '9')
85 out << c;
86 else if(c == '-' || c == '_' || c == '.' || c == '~')
87 out << c;
88 else
89 out << '%' << hex_encode(cast_char_ptr_to_uint8(&c), 1);
90 }
91
92 return out.str();
93 }
94
95std::ostream& operator<<(std::ostream& o, const Response& resp)
96 {
97 o << "HTTP " << resp.status_code() << " " << resp.status_message() << "\n";
98 for(auto h : resp.headers())
99 o << "Header '" << h.first << "' = '" << h.second << "'\n";
100 o << "Body " << std::to_string(resp.body().size()) << " bytes:\n";
101 o.write(cast_uint8_ptr_to_char(resp.body().data()), resp.body().size());
102 return o;
103 }
104
106 const std::string& verb,
107 const std::string& url,
108 const std::string& content_type,
109 const std::vector<uint8_t>& body,
110 size_t allowable_redirects)
111 {
112 if(url.empty())
113 throw HTTP_Error("URL empty");
114
115 const auto protocol_host_sep = url.find("://");
116 if(protocol_host_sep == std::string::npos)
117 throw HTTP_Error("Invalid URL '" + url + "'");
118
119 const auto host_loc_sep = url.find('/', protocol_host_sep + 3);
120
121 std::string hostname, loc, service;
122
123 if(host_loc_sep == std::string::npos)
124 {
125 hostname = url.substr(protocol_host_sep + 3, std::string::npos);
126 loc = "/";
127 }
128 else
129 {
130 hostname = url.substr(protocol_host_sep + 3, host_loc_sep-protocol_host_sep-3);
131 loc = url.substr(host_loc_sep, std::string::npos);
132 }
133
134 const auto port_sep = hostname.find(":");
135 if(port_sep == std::string::npos)
136 {
137 service = "http";
138 // hostname not modified
139 }
140 else
141 {
142 service = hostname.substr(port_sep + 1, std::string::npos);
143 hostname = hostname.substr(0, port_sep);
144 }
145
146 std::ostringstream outbuf;
147
148 outbuf << verb << " " << loc << " HTTP/1.0\r\n";
149 outbuf << "Host: " << hostname << "\r\n";
150
151 if(verb == "GET")
152 {
153 outbuf << "Accept: */*\r\n";
154 outbuf << "Cache-Control: no-cache\r\n";
155 }
156 else if(verb == "POST")
157 outbuf << "Content-Length: " << body.size() << "\r\n";
158
159 if(!content_type.empty())
160 outbuf << "Content-Type: " << content_type << "\r\n";
161 outbuf << "Connection: close\r\n\r\n";
162 outbuf.write(cast_uint8_ptr_to_char(body.data()), body.size());
163
164 std::istringstream io(http_transact(hostname, service, outbuf.str()));
165
166 std::string line1;
167 std::getline(io, line1);
168 if(!io || line1.empty())
169 throw HTTP_Error("No response");
170
171 std::stringstream response_stream(line1);
172 std::string http_version;
173 unsigned int status_code;
174 std::string status_message;
175
176 response_stream >> http_version >> status_code;
177
178 std::getline(response_stream, status_message);
179
180 if(!response_stream || http_version.substr(0,5) != "HTTP/")
181 throw HTTP_Error("Not an HTTP response");
182
183 std::map<std::string, std::string> headers;
184 std::string header_line;
185 while (std::getline(io, header_line) && header_line != "\r")
186 {
187 auto sep = header_line.find(": ");
188 if(sep == std::string::npos || sep > header_line.size() - 2)
189 throw HTTP_Error("Invalid HTTP header " + header_line);
190 const std::string key = header_line.substr(0, sep);
191
192 if(sep + 2 < header_line.size() - 1)
193 {
194 const std::string val = header_line.substr(sep + 2, (header_line.size() - 1) - (sep + 2));
195 headers[key] = val;
196 }
197 }
198
199 if(status_code == 301 && headers.count("Location"))
200 {
201 if(allowable_redirects == 0)
202 throw HTTP_Error("HTTP redirection count exceeded");
203 return GET_sync(headers["Location"], allowable_redirects - 1);
204 }
205
206 std::vector<uint8_t> resp_body;
207 std::vector<uint8_t> buf(4096);
208 while(io.good())
209 {
210 io.read(cast_uint8_ptr_to_char(buf.data()), buf.size());
211 const size_t got = static_cast<size_t>(io.gcount());
212 resp_body.insert(resp_body.end(), buf.data(), &buf[got]);
213 }
214
215 const std::string header_size = search_map(headers, std::string("Content-Length"));
216
217 if(!header_size.empty())
218 {
219 if(resp_body.size() != to_u32bit(header_size))
220 throw HTTP_Error("Content-Length disagreement, header says " +
221 header_size + " got " + std::to_string(resp_body.size()));
222 }
223
224 return Response(status_code, status_message, resp_body, headers);
225 }
226
227Response http_sync(const std::string& verb,
228 const std::string& url,
229 const std::string& content_type,
230 const std::vector<uint8_t>& body,
231 size_t allowable_redirects,
232 std::chrono::milliseconds timeout)
233 {
234 auto transact_with_timeout =
235 [timeout](const std::string& hostname, const std::string& service, const std::string& message)
236 {
237 return http_transact(hostname, service, message, timeout);
238 };
239
240 return http_sync(
241 transact_with_timeout,
242 verb,
243 url,
244 content_type,
245 body,
246 allowable_redirects);
247 }
248
249Response GET_sync(const std::string& url,
250 size_t allowable_redirects,
251 std::chrono::milliseconds timeout)
252 {
253 return http_sync("GET", url, "", std::vector<uint8_t>(), allowable_redirects, timeout);
254 }
255
256Response POST_sync(const std::string& url,
257 const std::string& content_type,
258 const std::vector<uint8_t>& body,
259 size_t allowable_redirects,
260 std::chrono::milliseconds timeout)
261 {
262 return http_sync("POST", url, content_type, body, allowable_redirects, timeout);
263 }
264
265}
266
267}
const std::vector< uint8_t > & body() const
Definition: http_util.h:54
const std::map< std::string, std::string > & headers() const
Definition: http_util.h:56
unsigned int status_code() const
Definition: http_util.h:52
std::string status_message() const
Definition: http_util.h:58
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:213
std::ostream & operator<<(std::ostream &o, const Response &resp)
Definition: http_util.cpp:95
std::string url_encode(const std::string &in)
Definition: http_util.cpp:74
Response GET_sync(const std::string &url, size_t allowable_redirects, std::chrono::milliseconds timeout)
Definition: http_util.cpp:249
std::function< std::string(const std::string &, const std::string &, const std::string &)> http_exch_fn
Definition: http_util.h:75
Response http_sync(http_exch_fn http_transact, const std::string &verb, const std::string &url, const std::string &content_type, const std::vector< uint8_t > &body, size_t allowable_redirects)
Definition: http_util.cpp:105
Response POST_sync(const std::string &url, const std::string &content_type, const std::vector< uint8_t > &body, size_t allowable_redirects, std::chrono::milliseconds timeout)
Definition: http_util.cpp:256
std::unique_ptr< Socket > BOTAN_TEST_API open_socket(const std::string &hostname, const std::string &service, std::chrono::milliseconds timeout)
Definition: socket.cpp:352
Definition: alg_id.cpp:13
V search_map(const std::map< K, V > &mapping, const K &key, const V &null_result=V())
Definition: stl_util.h:52
void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase)
Definition: hex.cpp:31
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:195
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:35
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:190