yoshi kuwae yoshi
a
Fork of
http-example
by 
sandbox
Diff: source/mbed-http/https_request.h
- Revision:
- 2:4b4ac59ff9b0
- Parent:
- 1:3bff14db67c7
- Child:
- 3:0f5859a9e3de
--- a/source/mbed-http/https_request.h Thu Feb 16 11:13:40 2017 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,428 +0,0 @@
-#ifndef _MBED_HTTPS_REQUEST_H_
-#define _MBED_HTTPS_REQUEST_H_
-
-/* Change to a number between 1 and 4 to debug the TLS connection */
-#define DEBUG_LEVEL 0
-
-#include <string>
-#include <vector>
-#include <map>
-#include "http_parser.h"
-#include "http_response.h"
-#include "http_request_builder.h"
-#include "http_response_parser.h"
-#include "http_parsed_url.h"
-
-#include "mbedtls/platform.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/error.h"
-
-#if DEBUG_LEVEL > 0
-#include "mbedtls/debug.h"
-#endif
-
-/**
- * \brief HttpsRequest implements the logic for interacting with HTTPS servers.
- */
-class HttpsRequest {
-public:
- /**
- * HttpsRequest Constructor
- * Initializes the TCP socket, sets up event handlers and flags.
- *
- * @param[in] net_iface The network interface
- * @param[in] ssl_ca_pem String containing the trusted CAs
- * @param[in] method HTTP method to use
- * @param[in] url URL to the resource
- * @param[in] body_callback Callback on which to retrieve chunks of the response body.
- If not set, the complete body will be allocated on the HttpResponse object,
- which might use lots of memory.
- */
- HttpsRequest(NetworkInterface* net_iface,
- const char* ssl_ca_pem,
- http_method method,
- const char* url,
- Callback<void(const char *at, size_t length)> body_callback = 0)
- {
- _parsed_url = new ParsedUrl(url);
- _body_callback = body_callback;
- _tcpsocket = new TCPSocket(net_iface);
- _request_builder = new HttpRequestBuilder(method, _parsed_url);
- _response = NULL;
- _debug = false;
- _ssl_ca_pem = ssl_ca_pem;
-
- DRBG_PERS = "mbed TLS helloword client";
-
- mbedtls_entropy_init(&_entropy);
- mbedtls_ctr_drbg_init(&_ctr_drbg);
- mbedtls_x509_crt_init(&_cacert);
- mbedtls_ssl_init(&_ssl);
- mbedtls_ssl_config_init(&_ssl_conf);
- }
-
- /**
- * HttpsRequest Destructor
- */
- ~HttpsRequest() {
- mbedtls_entropy_free(&_entropy);
- mbedtls_ctr_drbg_free(&_ctr_drbg);
- mbedtls_x509_crt_free(&_cacert);
- mbedtls_ssl_free(&_ssl);
- mbedtls_ssl_config_free(&_ssl_conf);
-
- if (_request_builder) {
- delete _request_builder;
- }
-
- if (_tcpsocket) {
- delete _tcpsocket;
- }
-
- if (_parsed_url) {
- delete _parsed_url;
- }
-
- if (_response) {
- delete _response;
- }
-
- // @todo: free DRBG_PERS ?
- }
-
- /**
- * Execute the HTTPS request.
- *
- * @param[in] body Pointer to the request body
- * @param[in] body_size Size of the request body
- * @return An HttpResponse pointer on success, or NULL on failure.
- * See get_error() for the error code.
- */
- HttpResponse* send(const void* body = NULL, nsapi_size_t body_size = 0) {
- /* Initialize the flags */
- /*
- * Initialize TLS-related stuf.
- */
- int ret;
- if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
- (const unsigned char *) DRBG_PERS,
- sizeof (DRBG_PERS))) != 0) {
- print_mbedtls_error("mbedtls_crt_drbg_init", ret);
- _error = ret;
- return NULL;
- }
-
- if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)_ssl_ca_pem,
- strlen(_ssl_ca_pem) + 1)) != 0) {
- print_mbedtls_error("mbedtls_x509_crt_parse", ret);
- _error = ret;
- return NULL;
- }
-
- if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
- print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
- _error = ret;
- return NULL;
- }
-
- mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
- mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
-
- /* It is possible to disable authentication by passing
- * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
- */
- mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
-
-#if DEBUG_LEVEL > 0
- mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL);
- mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL);
- mbedtls_debug_set_threshold(DEBUG_LEVEL);
-#endif
-
- if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
- print_mbedtls_error("mbedtls_ssl_setup", ret);
- _error = ret;
- return NULL;
- }
-
- mbedtls_ssl_set_hostname(&_ssl, _parsed_url->host());
-
- mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket),
- ssl_send, ssl_recv, NULL );
-
- /* Connect to the server */
- if (_debug) mbedtls_printf("Connecting to %s:%d\r\n", _parsed_url->host(), _parsed_url->port());
- ret = _tcpsocket->connect(_parsed_url->host(), _parsed_url->port());
- if (ret != NSAPI_ERROR_OK) {
- if (_debug) mbedtls_printf("Failed to connect\r\n");
- onError(_tcpsocket, -1);
- return NULL;
- }
-
- /* Start the handshake, the rest will be done in onReceive() */
- if (_debug) mbedtls_printf("Starting the TLS handshake...\r\n");
- ret = mbedtls_ssl_handshake(&_ssl);
- if (ret < 0) {
- if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
- print_mbedtls_error("mbedtls_ssl_handshake", ret);
- onError(_tcpsocket, -1);
- }
- else {
- _error = ret;
- }
- return NULL;
- }
-
- char* request = _request_builder->build(body, body_size);
- size_t request_size = strlen(request);
-
- ret = mbedtls_ssl_write(&_ssl, (const unsigned char *) request, request_size);
-
- free(request);
-
- if (ret < 0) {
- if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
- print_mbedtls_error("mbedtls_ssl_write", ret);
- onError(_tcpsocket, -1 );
- }
- else {
- _error = ret;
- }
- return NULL;
- }
-
- /* It also means the handshake is done, time to print info */
- if (_debug) mbedtls_printf("TLS connection to %s:%d established\r\n", _parsed_url->host(), _parsed_url->port());
-
- const uint32_t buf_size = 1024;
- char *buf = new char[buf_size];
- mbedtls_x509_crt_info(buf, buf_size, "\r ",
- mbedtls_ssl_get_peer_cert(&_ssl));
- if (_debug) mbedtls_printf("Server certificate:\r\n%s\r", buf);
-
- uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
- if( flags != 0 )
- {
- mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags);
- if (_debug) mbedtls_printf("Certificate verification failed:\r\n%s\r\r\n", buf);
- }
- else {
- if (_debug) mbedtls_printf("Certificate verification passed\r\n\r\n");
- }
-
- // Create a response object
- _response = new HttpResponse();
- // And a response parser
- HttpResponseParser parser(_response, _body_callback);
-
- // Set up a receive buffer (on the heap)
- uint8_t* recv_buffer = (uint8_t*)malloc(HTTP_RECEIVE_BUFFER_SIZE);
-
- /* Read data out of the socket */
- while ((ret = mbedtls_ssl_read(&_ssl, (unsigned char *) recv_buffer, HTTP_RECEIVE_BUFFER_SIZE)) > 0) {
- // Don't know if this is actually needed, but OK
- size_t _bpos = static_cast<size_t>(ret);
- recv_buffer[_bpos] = 0;
-
- size_t nparsed = parser.execute((const char*)recv_buffer, _bpos);
- if (nparsed != _bpos) {
- print_mbedtls_error("parser_error", nparsed);
- // parser error...
- _error = -2101;
- free(recv_buffer);
- return NULL;
- }
- // No more chunks? break out of this loop
- if (_bpos < HTTP_RECEIVE_BUFFER_SIZE) {
- break;
- }
- }
- if (ret < 0) {
- if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
- print_mbedtls_error("mbedtls_ssl_read", ret);
- onError(_tcpsocket, -1 );
- }
- else {
- _error = ret;
- }
- free(recv_buffer);
- return NULL;
- }
-
- parser.finish();
-
- _tcpsocket->close();
- free(recv_buffer);
-
- return _response;
- }
-
- /**
- * Closes the TCP socket
- */
- void close() {
- _tcpsocket->close();
- }
-
- /**
- * Set a header for the request.
- *
- * The 'Host' and 'Content-Length' headers are set automatically.
- * Setting the same header twice will overwrite the previous entry.
- *
- * @param[in] key Header key
- * @param[in] value Header value
- */
- void set_header(string key, string value) {
- _request_builder->set_header(key, value);
- }
-
- /**
- * Get the error code.
- *
- * When send() fails, this error is set.
- */
- nsapi_error_t get_error() {
- return _error;
- }
-
- /**
- * Set the debug flag.
- *
- * If this flag is set, debug information from mbed TLS will be logged to stdout.
- */
- void set_debug(bool debug) {
- _debug = debug;
- }
-
-protected:
- /**
- * Helper for pretty-printing mbed TLS error codes
- */
- static void print_mbedtls_error(const char *name, int err) {
- char buf[128];
- mbedtls_strerror(err, buf, sizeof (buf));
- mbedtls_printf("%s() failed: -0x%04x (%d): %s\r\n", name, -err, err, buf);
- }
-
-#if DEBUG_LEVEL > 0
- /**
- * Debug callback for mbed TLS
- * Just prints on the USB serial port
- */
- static void my_debug(void *ctx, int level, const char *file, int line,
- const char *str)
- {
- const char *p, *basename;
- (void) ctx;
-
- /* Extract basename from file */
- for(p = basename = file; *p != '\0'; p++) {
- if(*p == '/' || *p == '\\') {
- basename = p + 1;
- }
- }
-
- if (_debug) {
- mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
- }
- }
-
- /**
- * Certificate verification callback for mbed TLS
- * Here we only use it to display information on each cert in the chain
- */
- static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
- {
- const uint32_t buf_size = 1024;
- char *buf = new char[buf_size];
- (void) data;
-
- if (_debug) mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
- mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
- if (_debug) mbedtls_printf("%s", buf);
-
- if (*flags == 0)
- if (_debug) mbedtls_printf("No verification issue for this certificate\n");
- else
- {
- mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
- if (_debug) mbedtls_printf("%s\n", buf);
- }
-
- delete[] buf;
- return 0;
- }
-#endif
-
- /**
- * Receive callback for mbed TLS
- */
- static int ssl_recv(void *ctx, unsigned char *buf, size_t len) {
- int recv = -1;
- TCPSocket *socket = static_cast<TCPSocket *>(ctx);
- recv = socket->recv(buf, len);
-
- if (NSAPI_ERROR_WOULD_BLOCK == recv) {
- return MBEDTLS_ERR_SSL_WANT_READ;
- }
- else if (recv < 0) {
- return -1;
- }
- else {
- return recv;
- }
- }
-
- /**
- * Send callback for mbed TLS
- */
- static int ssl_send(void *ctx, const unsigned char *buf, size_t len) {
- int size = -1;
- TCPSocket *socket = static_cast<TCPSocket *>(ctx);
- size = socket->send(buf, len);
-
- if(NSAPI_ERROR_WOULD_BLOCK == size) {
- return len;
- }
- else if (size < 0){
- return -1;
- }
- else {
- return size;
- }
- }
-
- void onError(TCPSocket *s, int error) {
- s->close();
- _error = error;
- }
-
-protected:
- TCPSocket* _tcpsocket;
-
- Callback<void(const char *at, size_t length)> _body_callback;
- ParsedUrl* _parsed_url;
- HttpRequestBuilder* _request_builder;
- HttpResponse* _response;
- const char *DRBG_PERS;
- const char *_ssl_ca_pem;
-
- nsapi_error_t _error;
- bool _debug;
-
- mbedtls_entropy_context _entropy;
- mbedtls_ctr_drbg_context _ctr_drbg;
- mbedtls_x509_crt _cacert;
- mbedtls_ssl_context _ssl;
- mbedtls_ssl_config _ssl_conf;
-};
-
-#endif // _MBED_HTTPS_REQUEST_H_