Botan 3.0.0-alpha0
Crypto and TLS for C&
http_util.cpp
Go to the documentation of this file.
1/*
2* Sketchy HTTP client
3* (C) 2013,2016 Jack Lloyd
4* 2017 René Korthaus, Rohde & Schwarz Cybersecurity
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/http_util.h>
10#include <botan/internal/parsing.h>
11#include <botan/hex.h>
12#include <botan/internal/os_utils.h>
13#include <botan/internal/socket.h>
14#include <botan/internal/stl_util.h>
15#include <sstream>
16
17namespace Botan::HTTP {
18
19namespace {
20
21/*
22* Connect to a host, write some bytes, then read until the server
23* closes the socket.
24*/
25std::string http_transact(const std::string& hostname,
26 const std::string& service,
27 const std::string& message,
28 std::chrono::milliseconds timeout)
29 {
30 std::unique_ptr<OS::Socket> socket;
31
32 const std::chrono::system_clock::time_point start_time = std::chrono::system_clock::now();
33
34 try
35 {
36 socket = OS::open_socket(hostname, service, timeout);
37 if(!socket)
38 throw Not_Implemented("No socket support enabled in build");
39 }
40 catch(std::exception& e)
41 {
42 throw HTTP_Error("HTTP connection to " + hostname + " failed: " + e.what());
43 }
44
45 // Blocks until entire message has been written
46 socket->write(cast_char_ptr_to_uint8(message.data()),
47 message.size());
48
49 if(std::chrono::system_clock::now() - start_time > timeout)
50 throw HTTP_Error("Timeout during writing message body");
51
52 std::ostringstream oss;
53 std::vector<uint8_t> buf(BOTAN_DEFAULT_BUFFER_SIZE);
54 while(true)
55 {
56 const size_t got = socket->read(buf.data(), buf.size());
57 if(got == 0) // EOF
58 break;
59
60 if(std::chrono::system_clock::now() - start_time > timeout)
61 throw HTTP_Error("Timeout while reading message body");
62
63 oss.write(cast_uint8_ptr_to_char(buf.data()),
64 static_cast<std::streamsize>(got));
65 }
66
67 return oss.str();
68 }
69
70bool needs_url_encoding(char c)
71 {
72 if(c >= 'A' && c <= 'Z')
73 return false;
74 if(c >= 'a' && c <= 'z')
75 return false;
76 if(c >= '0' && c <= '9')
77 return false;
78 if(c == '-' || c == '_' || c == '.' || c == '~')
79 return false;
80 return true;
81 }
82
83}
84
85std::string url_encode(const std::string& in)
86 {
87 std::ostringstream out;
88
89 for(auto c : in)
90 {
91 if(needs_url_encoding(c))
92 out << '%' << hex_encode(cast_char_ptr_to_uint8(&c), 1);
93 else
94 out << c;
95 }
96
97 return out.str();
98 }
99
100std::ostream& operator<<(std::ostream& o, const Response& resp)
101 {
102 o << "HTTP " << resp.status_code() << " " << resp.status_message() << "\n";
103 for(const auto& h : resp.headers())
104 o << "Header '" << h.first << "' = '" << h.second << "'\n";
105 o << "Body " << std::to_string(resp.body().size()) << " bytes:\n";
106 o.write(cast_uint8_ptr_to_char(resp.body().data()), resp.body().size());
107 return o;
108 }
109
110Response http_sync(const http_exch_fn& http_transact,
111 const std::string& verb,
112 const std::string& url,
113 const std::string& content_type,
114 const std::vector<uint8_t>& body,
115 size_t allowable_redirects)
116 {
117 if(url.empty())
118 throw HTTP_Error("URL empty");
119
120 const auto protocol_host_sep = url.find("://");
121 if(protocol_host_sep == std::string::npos)
122 throw HTTP_Error("Invalid URL '" + url + "'");
123
124 const auto host_loc_sep = url.find('/', protocol_host_sep + 3);
125
126 std::string hostname, loc, service;
127
128 if(host_loc_sep == std::string::npos)
129 {
130 hostname = url.substr(protocol_host_sep + 3, std::string::npos);
131 loc = "/";
132 }
133 else
134 {
135 hostname = url.substr(protocol_host_sep + 3, host_loc_sep-protocol_host_sep-3);
136 loc = url.substr(host_loc_sep, std::string::npos);
137 }
138
139 const auto port_sep = hostname.find(':');
140 if(port_sep == std::string::npos)
141 {
142 service = "http";
143 // hostname not modified
144 }
145 else
146 {
147 service = hostname.substr(port_sep + 1, std::string::npos);
148 hostname = hostname.substr(0, port_sep);
149 }
150
151 std::ostringstream outbuf;
152
153 outbuf << verb << " " << loc << " HTTP/1.0\r\n";
154 outbuf << "Host: " << hostname << "\r\n";
155
156 if(verb == "GET")
157 {
158 outbuf << "Accept: */*\r\n";
159 outbuf << "Cache-Control: no-cache\r\n";
160 }
161 else if(verb == "POST")
162 outbuf << "Content-Length: " << body.size() << "\r\n";
163
164 if(!content_type.empty())
165 outbuf << "Content-Type: " << content_type << "\r\n";
166 outbuf << "Connection: close\r\n\r\n";
167 outbuf.write(cast_uint8_ptr_to_char(body.data()), body.size());
168
169 std::istringstream io(http_transact(hostname, service, outbuf.str()));
170
171 std::string line1;
172 std::getline(io, line1);
173 if(!io || line1.empty())
174 throw HTTP_Error("No response");
175
176 std::stringstream response_stream(line1);
177 std::string http_version;
178 unsigned int status_code;
179 std::string status_message;
180
181 response_stream >> http_version >> status_code;
182
183 std::getline(response_stream, status_message);
184
185 if(!response_stream || http_version.substr(0,5) != "HTTP/")
186 throw HTTP_Error("Not an HTTP response");
187
188 std::map<std::string, std::string> headers;
189 std::string header_line;
190 while (std::getline(io, header_line) && header_line != "\r")
191 {
192 auto sep = header_line.find(": ");
193 if(sep == std::string::npos || sep > header_line.size() - 2)
194 throw HTTP_Error("Invalid HTTP header " + header_line);
195 const std::string key = header_line.substr(0, sep);
196
197 if(sep + 2 < header_line.size() - 1)
198 {
199 const std::string val = header_line.substr(sep + 2, (header_line.size() - 1) - (sep + 2));
200 headers[key] = val;
201 }
202 }
203
204 if(status_code == 301 && headers.count("Location"))
205 {
206 if(allowable_redirects == 0)
207 throw HTTP_Error("HTTP redirection count exceeded");
208 return GET_sync(headers["Location"], allowable_redirects - 1);
209 }
210
211 std::vector<uint8_t> resp_body;
212 std::vector<uint8_t> buf(4096);
213 while(io.good())
214 {
215 io.read(cast_uint8_ptr_to_char(buf.data()), buf.size());
216 const size_t got = static_cast<size_t>(io.gcount());
217 resp_body.insert(resp_body.end(), buf.data(), &buf[got]);
218 }
219
220 const std::string header_size = search_map(headers, std::string("Content-Length"));
221
222 if(!header_size.empty())
223 {
224 if(resp_body.size() != to_u32bit(header_size))
225 throw HTTP_Error("Content-Length disagreement, header says " +
226 header_size + " got " + std::to_string(resp_body.size()));
227 }
228
229 return Response(status_code, status_message, resp_body, headers);
230 }
231
232Response http_sync(const std::string& verb,
233 const std::string& url,
234 const std::string& content_type,
235 const std::vector<uint8_t>& body,
236 size_t allowable_redirects,
237 std::chrono::milliseconds timeout)
238 {
239 auto transact_with_timeout =
240 [timeout](const std::string& hostname, const std::string& service, const std::string& message)
241 {
242 return http_transact(hostname, service, message, timeout);
243 };
244
245 return http_sync(
246 transact_with_timeout,
247 verb,
248 url,
249 content_type,
250 body,
251 allowable_redirects);
252 }
253
254Response GET_sync(const std::string& url,
255 size_t allowable_redirects,
256 std::chrono::milliseconds timeout)
257 {
258 return http_sync("GET", url, "", std::vector<uint8_t>(), allowable_redirects, timeout);
259 }
260
261Response POST_sync(const std::string& url,
262 const std::string& content_type,
263 const std::vector<uint8_t>& body,
264 size_t allowable_redirects,
265 std::chrono::milliseconds timeout)
266 {
267 return http_sync("POST", url, content_type, body, allowable_redirects, timeout);
268 }
269
270}
const std::vector< uint8_t > & body() const
Definition: http_util.h:52
const std::map< std::string, std::string > & headers() const
Definition: http_util.h:54
unsigned int status_code() const
Definition: http_util.h:50
std::string status_message() const
Definition: http_util.h:56
#define BOTAN_DEFAULT_BUFFER_SIZE
Definition: build.h:361
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:209
std::string url_encode(const std::string &in)
Definition: http_util.cpp:85
Response http_sync(const http_exch_fn &http_transact, const std::string &verb, const std::string &url, const std::string &content_type, const std::vector< uint8_t > &body, size_t allowable_redirects)
Definition: http_util.cpp:110
Response GET_sync(const std::string &url, size_t allowable_redirects, std::chrono::milliseconds timeout)
Definition: http_util.cpp:254
std::function< std::string(const std::string &, const std::string &, const std::string &)> http_exch_fn
Definition: http_util.h:73
std::ostream & operator<<(std::ostream &o, const Response &resp)
Definition: http_util.cpp:100
Response POST_sync(const std::string &url, const std::string &content_type, const std::vector< uint8_t > &body, size_t allowable_redirects, std::chrono::milliseconds timeout)
Definition: http_util.cpp:261
std::unique_ptr< Socket > BOTAN_TEST_API open_socket(const std::string &hostname, const std::string &service, std::chrono::milliseconds timeout)
Definition: socket.cpp:357
V search_map(const std::map< K, V > &mapping, const K &key, const V &null_result=V())
Definition: stl_util.h:55
void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase)
Definition: hex.cpp:31
const char * cast_uint8_ptr_to_char(const uint8_t *b)
Definition: mem_ops.h:188
uint32_t to_u32bit(const std::string &str)
Definition: parsing.cpp:29
const uint8_t * cast_char_ptr_to_uint8(const char *s)
Definition: mem_ops.h:183