Botan 3.9.0
Crypto and TLS for C&
http_util.cpp
Go to the documentation of this file.
1/*
2* Sketchy HTTP client
3* (C) 2013,2016 Jack Lloyd
4* 2017 René Korthaus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/http_util.h>
10
11#include <botan/mem_ops.h>
12#include <botan/internal/fmt.h>
13#include <botan/internal/mem_utils.h>
14#include <botan/internal/parsing.h>
15#include <botan/internal/socket.h>
16#include <botan/internal/stl_util.h>
17#include <iomanip>
18#include <sstream>
19
20namespace Botan::HTTP {
21
22namespace {
23
24/*
25* Connect to a host, write some bytes, then read until the server
26* closes the socket.
27*/
28std::string http_transact(std::string_view hostname,
29 std::string_view service,
30 std::string_view message,
31 std::chrono::milliseconds timeout) {
32 std::unique_ptr<OS::Socket> socket;
33
34 const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now();
35
36 try {
37 socket = OS::open_socket(hostname, service, timeout);
38 if(!socket) {
39 throw Not_Implemented("No socket support enabled in build");
40 }
41 } catch(std::exception& e) {
42 throw HTTP_Error(fmt("HTTP connection to {} failed: {}", hostname, e.what()));
43 }
44
45 // Blocks until entire message has been written
46 socket->write(as_span_of_bytes(message));
47
48 if(std::chrono::system_clock::now() - start_time > timeout) {
49 throw HTTP_Error("Timeout during writing message body");
50 }
51
52 std::ostringstream oss;
53 std::vector<uint8_t> buf(DefaultBufferSize);
54 while(true) {
55 const size_t got = socket->read(buf.data(), buf.size());
56 if(got == 0) { // EOF
57 break;
58 }
59
60 if(std::chrono::system_clock::now() - start_time > timeout) {
61 throw HTTP_Error("Timeout while reading message body");
62 }
63
64 oss.write(cast_uint8_ptr_to_char(buf.data()), static_cast<std::streamsize>(got));
65 }
66
67 return oss.str();
68}
69
70bool needs_url_encoding(char c) {
71 if(c >= 'A' && c <= 'Z') {
72 return false;
73 }
74 if(c >= 'a' && c <= 'z') {
75 return false;
76 }
77 if(c >= '0' && c <= '9') {
78 return false;
79 }
80 if(c == '-' || c == '_' || c == '.' || c == '~') {
81 return false;
82 }
83 return true;
84}
85
86} // namespace
87
88std::string url_encode(std::string_view in) {
89 std::ostringstream out;
90
91 for(auto c : in) {
92 if(needs_url_encoding(c)) {
93 out << '%' << std::uppercase << std::hex << std::setfill('0') << std::setw(2) << static_cast<int>(c);
94 out << std::dec << std::nouppercase; // reset flags
95 } else {
96 out << c;
97 }
98 }
99
100 return out.str();
101}
102
103std::ostream& operator<<(std::ostream& o, const Response& resp) {
104 o << "HTTP " << resp.status_code() << " " << resp.status_message() << "\n";
105 for(const auto& h : resp.headers()) {
106 o << "Header '" << h.first << "' = '" << h.second << "'\n";
107 }
108 o << "Body " << std::to_string(resp.body().size()) << " bytes:\n";
109 o.write(cast_uint8_ptr_to_char(resp.body().data()), resp.body().size());
110 return o;
111}
112
113Response http_sync(const http_exch_fn& http_transact,
114 std::string_view verb,
115 std::string_view url,
116 std::string_view content_type,
117 const std::vector<uint8_t>& body,
118 size_t allowable_redirects) {
119 if(url.empty()) {
120 throw HTTP_Error("URL empty");
121 }
122
123 const auto protocol_host_sep = url.find("://");
124 if(protocol_host_sep == std::string::npos) {
125 throw HTTP_Error(fmt("Invalid URL '{}'", url));
126 }
127
128 const auto host_loc_sep = url.find('/', protocol_host_sep + 3);
129
130 std::string hostname;
131 std::string loc;
132 std::string service;
133
134 if(host_loc_sep == std::string::npos) {
135 hostname = url.substr(protocol_host_sep + 3);
136 loc = "/";
137 } else {
138 hostname = url.substr(protocol_host_sep + 3, host_loc_sep - protocol_host_sep - 3);
139 loc = url.substr(host_loc_sep);
140 }
141
142 const auto port_sep = hostname.find(':');
143 if(port_sep == std::string::npos) {
144 service = "http";
145 // hostname not modified
146 } else {
147 service = hostname.substr(port_sep + 1, std::string::npos);
148 hostname = hostname.substr(0, port_sep);
149 }
150
151 std::ostringstream outbuf;
152
153 outbuf << verb << " " << loc << " HTTP/1.0\r\n";
154 outbuf << "Host: " << hostname << "\r\n";
155
156 if(verb == "GET") {
157 outbuf << "Accept: */*\r\n";
158 outbuf << "Cache-Control: no-cache\r\n";
159 } else if(verb == "POST") {
160 outbuf << "Content-Length: " << body.size() << "\r\n";
161 }
162
163 if(!content_type.empty()) {
164 outbuf << "Content-Type: " << content_type << "\r\n";
165 }
166 outbuf << "Connection: close\r\n\r\n";
167 outbuf.write(cast_uint8_ptr_to_char(body.data()), body.size());
168
169 std::istringstream io(http_transact(hostname, service, outbuf.str()));
170
171 std::string line1;
172 std::getline(io, line1);
173 if(!io || line1.empty()) {
174 throw HTTP_Error("No response");
175 }
176
177 std::stringstream response_stream(line1);
178 std::string http_version;
179 unsigned int status_code = 0;
180 std::string status_message;
181
182 response_stream >> http_version >> status_code;
183
184 std::getline(response_stream, status_message);
185
186 if(!response_stream || !http_version.starts_with("HTTP/")) {
187 throw HTTP_Error("Not an HTTP response");
188 }
189
190 std::map<std::string, std::string> headers;
191 std::string header_line;
192 while(std::getline(io, header_line) && header_line != "\r") {
193 auto sep = header_line.find(": ");
194 if(sep == std::string::npos || sep > header_line.size() - 2) {
195 throw HTTP_Error(fmt("Invalid HTTP header '{}'", header_line));
196 }
197 const std::string key = header_line.substr(0, sep);
198
199 if(sep + 2 < header_line.size() - 1) {
200 const std::string val = header_line.substr(sep + 2, (header_line.size() - 1) - (sep + 2));
201 headers[key] = val;
202 }
203 }
204
205 if(status_code == 301 && headers.contains("Location")) {
206 if(allowable_redirects == 0) {
207 throw HTTP_Error("HTTP redirection count exceeded");
208 }
209 return GET_sync(headers["Location"], allowable_redirects - 1);
210 }
211
212 std::vector<uint8_t> resp_body;
213 std::vector<uint8_t> buf(4096);
214 while(io.good()) {
215 io.read(cast_uint8_ptr_to_char(buf.data()), buf.size());
216 const size_t got = static_cast<size_t>(io.gcount());
217 resp_body.insert(resp_body.end(), buf.data(), &buf[got]);
218 }
219
220 auto cl_hdr = headers.find("Content-Length");
221 if(cl_hdr != headers.end()) {
222 const std::string header_size = cl_hdr->second;
223 if(resp_body.size() != to_u32bit(header_size)) {
224 throw HTTP_Error(fmt("Content-Length disagreement, header says {} got {}", header_size, resp_body.size()));
225 }
226 }
227
228 return Response(status_code, status_message, resp_body, headers);
229}
230
231Response http_sync(std::string_view verb,
232 std::string_view url,
233 std::string_view content_type,
234 const std::vector<uint8_t>& body,
235 size_t allowable_redirects,
236 std::chrono::milliseconds timeout) {
237 auto transact_with_timeout = [timeout](
238 std::string_view hostname, std::string_view service, std::string_view message) {
239 return http_transact(hostname, service, message, timeout);
240 };
241
242 return http_sync(transact_with_timeout, verb, url, content_type, body, allowable_redirects);
243}
244
245Response GET_sync(std::string_view url, size_t allowable_redirects, std::chrono::milliseconds timeout) {
246 return http_sync("GET", url, "", std::vector<uint8_t>(), allowable_redirects, timeout);
247}
248
249Response POST_sync(std::string_view url,
250 std::string_view content_type,
251 const std::vector<uint8_t>& body,
252 size_t allowable_redirects,
253 std::chrono::milliseconds timeout) {
254 return http_sync("POST", url, content_type, body, allowable_redirects, timeout);
255}
256
257} // namespace Botan::HTTP
const std::vector< uint8_t > & body() const
Definition http_util.h:43
const std::map< std::string, std::string > & headers() const
Definition http_util.h:45
unsigned int status_code() const
Definition http_util.h:41
std::string status_message() const
Definition http_util.h:47
std::function< std::string(std::string_view, std::string_view, std::string_view)> http_exch_fn
Definition http_util.h:64
Response POST_sync(std::string_view url, std::string_view content_type, const std::vector< uint8_t > &body, size_t allowable_redirects, std::chrono::milliseconds timeout)
Response http_sync(const http_exch_fn &http_transact, std::string_view verb, std::string_view url, std::string_view content_type, const std::vector< uint8_t > &body, size_t allowable_redirects)
std::string url_encode(std::string_view in)
Definition http_util.cpp:88
Response GET_sync(std::string_view url, size_t allowable_redirects, std::chrono::milliseconds timeout)
std::ostream & operator<<(std::ostream &o, const Response &resp)
std::unique_ptr< Socket > BOTAN_TEST_API open_socket(std::string_view hostname, std::string_view service, std::chrono::milliseconds timeout)
Definition socket.cpp:355
uint32_t to_u32bit(std::string_view str_view)
Definition parsing.cpp:32
std::span< const uint8_t > as_span_of_bytes(const char *s, size_t len)
Definition mem_utils.h:28
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition mem_ops.h:282
constexpr size_t DefaultBufferSize
Definition types.h:137