Fork of mbed-http

Fork of mbed-http by sandbox

Revision:
11:96e4dcb9c0c2
Parent:
10:b017c7d2cf23
--- a/source/https_request.h	Tue Mar 28 13:33:14 2017 +0200
+++ b/source/https_request.h	Tue Mar 28 14:44:39 2017 +0200
@@ -18,9 +18,6 @@
 #ifndef _MBED_HTTPS_REQUEST_H_
 #define _MBED_HTTPS_REQUEST_H_
 
-/* Change to a number between 1 and 4 to debug the TLS connection */
-#define DEBUG_LEVEL 0
-
 #include <string>
 #include <vector>
 #include <map>
@@ -29,16 +26,7 @@
 #include "http_request_builder.h"
 #include "http_response_parser.h"
 #include "http_parsed_url.h"
-
-#include "mbedtls/platform.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/error.h"
-
-#if DEBUG_LEVEL > 0
-#include "mbedtls/debug.h"
-#endif
+#include "tls_socket.h"
 
 /**
  * \brief HttpsRequest implements the logic for interacting with HTTPS servers.
@@ -65,37 +53,50 @@
     {
         _parsed_url = new ParsedUrl(url);
         _body_callback = body_callback;
-        _tcpsocket = new TCPSocket(net_iface);
         _request_builder = new HttpRequestBuilder(method, _parsed_url);
         _response = NULL;
         _debug = false;
-        _ssl_ca_pem = ssl_ca_pem;
 
-        DRBG_PERS = "mbed TLS helloword client";
+        _tlssocket = new TLSSocket(net_iface, _parsed_url->host(), _parsed_url->port(), ssl_ca_pem);
+        _we_created_the_socket = true;
+    }
 
-        mbedtls_entropy_init(&_entropy);
-        mbedtls_ctr_drbg_init(&_ctr_drbg);
-        mbedtls_x509_crt_init(&_cacert);
-        mbedtls_ssl_init(&_ssl);
-        mbedtls_ssl_config_init(&_ssl_conf);
+    /**
+     * HttpsRequest Constructor
+     * Sets up event handlers and flags.
+     *
+     * @param[in] socket A connected TLSSocket
+     * @param[in] method HTTP method to use
+     * @param[in] url URL to the resource
+     * @param[in] body_callback Callback on which to retrieve chunks of the response body.
+                                If not set, the complete body will be allocated on the HttpResponse object,
+                                which might use lots of memory.
+     */
+    HttpsRequest(TLSSocket* socket,
+                 http_method method,
+                 const char* url,
+                 Callback<void(const char *at, size_t length)> body_callback = 0)
+    {
+        _parsed_url = new ParsedUrl(url);
+        _body_callback = body_callback;
+        _request_builder = new HttpRequestBuilder(method, _parsed_url);
+        _response = NULL;
+        _debug = false;
+
+        _tlssocket = socket;
+        _we_created_the_socket = false;
     }
 
     /**
      * HttpsRequest Destructor
      */
     ~HttpsRequest() {
-        mbedtls_entropy_free(&_entropy);
-        mbedtls_ctr_drbg_free(&_ctr_drbg);
-        mbedtls_x509_crt_free(&_cacert);
-        mbedtls_ssl_free(&_ssl);
-        mbedtls_ssl_config_free(&_ssl_conf);
-
         if (_request_builder) {
             delete _request_builder;
         }
 
-        if (_tcpsocket) {
-            delete _tcpsocket;
+        if (_tlssocket && _we_created_the_socket) {
+            delete _tlssocket;
         }
 
         if (_parsed_url) {
@@ -105,8 +106,6 @@
         if (_response) {
             delete _response;
         }
-
-        // @todo: free DRBG_PERS ?
     }
 
     /**
@@ -118,88 +117,28 @@
      *         See get_error() for the error code.
      */
     HttpResponse* send(const void* body = NULL, nsapi_size_t body_size = 0) {
-        /* Initialize the flags */
-        /*
-         * Initialize TLS-related stuf.
-         */
-        int ret;
-        if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
-                          (const unsigned char *) DRBG_PERS,
-                          sizeof (DRBG_PERS))) != 0) {
-            print_mbedtls_error("mbedtls_crt_drbg_init", ret);
-            _error = ret;
-            return NULL;
-        }
-
-        if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)_ssl_ca_pem,
-                           strlen(_ssl_ca_pem) + 1)) != 0) {
-            print_mbedtls_error("mbedtls_x509_crt_parse", ret);
-            _error = ret;
-            return NULL;
-        }
-
-        if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
-                        MBEDTLS_SSL_IS_CLIENT,
-                        MBEDTLS_SSL_TRANSPORT_STREAM,
-                        MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
-            print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
-            _error = ret;
+        // not tried to connect before?
+        if (_tlssocket->error() != 0) {
+            _error = _tlssocket->error();
             return NULL;
         }
 
-        mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
-        mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
-
-        /* It is possible to disable authentication by passing
-         * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
-         */
-        mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+        bool socket_was_open = _tlssocket->connected();
 
-#if DEBUG_LEVEL > 0
-        mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL);
-        mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL);
-        mbedtls_debug_set_threshold(DEBUG_LEVEL);
-#endif
-
-        if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
-            print_mbedtls_error("mbedtls_ssl_setup", ret);
-            _error = ret;
-            return NULL;
+        if (!socket_was_open) {
+            nsapi_error_t r = _tlssocket->connect();
+            if (r != 0) {
+                _error = r;
+                return NULL;
+            }
         }
 
-        mbedtls_ssl_set_hostname(&_ssl, _parsed_url->host());
-
-        mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket),
-                                   ssl_send, ssl_recv, NULL );
-
-        /* Connect to the server */
-        if (_debug) mbedtls_printf("Connecting to %s:%d\r\n", _parsed_url->host(), _parsed_url->port());
-        ret = _tcpsocket->connect(_parsed_url->host(), _parsed_url->port());
-        if (ret != NSAPI_ERROR_OK) {
-            if (_debug) mbedtls_printf("Failed to connect\r\n");
-            onError(_tcpsocket, -1);
-            return NULL;
-        }
-
-       /* Start the handshake, the rest will be done in onReceive() */
-        if (_debug) mbedtls_printf("Starting the TLS handshake...\r\n");
-        ret = mbedtls_ssl_handshake(&_ssl);
-        if (ret < 0) {
-            if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
-                ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
-                print_mbedtls_error("mbedtls_ssl_handshake", ret);
-                onError(_tcpsocket, -1);
-            }
-            else {
-                _error = ret;
-            }
-            return NULL;
-        }
+        int ret;
 
         size_t request_size = 0;
         char* request = _request_builder->build(body, body_size, request_size);
 
-        ret = mbedtls_ssl_write(&_ssl, (const unsigned char *) request, request_size);
+        ret = mbedtls_ssl_write(_tlssocket->get_ssl_context(), (const unsigned char *) request, request_size);
 
         free(request);
 
@@ -207,7 +146,7 @@
             if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
                 ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
                 print_mbedtls_error("mbedtls_ssl_write", ret);
-                onError(_tcpsocket, -1 );
+                onError(_tlssocket->get_tcp_socket(), -1 );
             }
             else {
                 _error = ret;
@@ -215,25 +154,6 @@
             return NULL;
         }
 
-        /* It also means the handshake is done, time to print info */
-        if (_debug) mbedtls_printf("TLS connection to %s:%d established\r\n", _parsed_url->host(), _parsed_url->port());
-
-        const uint32_t buf_size = 1024;
-        char *buf = new char[buf_size];
-        mbedtls_x509_crt_info(buf, buf_size, "\r    ",
-                        mbedtls_ssl_get_peer_cert(&_ssl));
-        if (_debug) mbedtls_printf("Server certificate:\r\n%s\r", buf);
-
-        uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
-        if( flags != 0 )
-        {
-            mbedtls_x509_crt_verify_info(buf, buf_size, "\r  ! ", flags);
-            if (_debug) mbedtls_printf("Certificate verification failed:\r\n%s\r\r\n", buf);
-        }
-        else {
-            if (_debug) mbedtls_printf("Certificate verification passed\r\n\r\n");
-        }
-
         // Create a response object
         _response = new HttpResponse();
         // And a response parser
@@ -243,7 +163,7 @@
         uint8_t* recv_buffer = (uint8_t*)malloc(HTTP_RECEIVE_BUFFER_SIZE);
 
         /* Read data out of the socket */
-        while ((ret = mbedtls_ssl_read(&_ssl, (unsigned char *) recv_buffer, HTTP_RECEIVE_BUFFER_SIZE)) > 0) {
+        while ((ret = mbedtls_ssl_read(_tlssocket->get_ssl_context(), (unsigned char *) recv_buffer, HTTP_RECEIVE_BUFFER_SIZE)) > 0) {
             // Don't know if this is actually needed, but OK
             size_t _bpos = static_cast<size_t>(ret);
             recv_buffer[_bpos] = 0;
@@ -264,7 +184,7 @@
         if (ret < 0) {
             if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
                 print_mbedtls_error("mbedtls_ssl_read", ret);
-                onError(_tcpsocket, -1 );
+                onError(_tlssocket->get_tcp_socket(), -1 );
             }
             else {
                 _error = ret;
@@ -275,17 +195,20 @@
 
         parser.finish();
 
-        _tcpsocket->close();
+        if (!socket_was_open) {
+            _tlssocket->get_tcp_socket()->close();
+        }
+
         free(recv_buffer);
 
         return _response;
     }
 
     /**
-     * Closes the TCP socket
+     * Closes the underlying TCP socket
      */
     void close() {
-        _tcpsocket->close();
+        _tlssocket->get_tcp_socket()->close();
     }
 
     /**
@@ -317,8 +240,11 @@
      */
     void set_debug(bool debug) {
         _debug = debug;
+
+        _tlssocket->set_debug(debug);
     }
 
+
 protected:
     /**
      * Helper for pretty-printing mbed TLS error codes
@@ -329,117 +255,23 @@
         mbedtls_printf("%s() failed: -0x%04x (%d): %s\r\n", name, -err, err, buf);
     }
 
-#if DEBUG_LEVEL > 0
-    /**
-     * Debug callback for mbed TLS
-     * Just prints on the USB serial port
-     */
-    static void my_debug(void *ctx, int level, const char *file, int line,
-                         const char *str)
-    {
-        const char *p, *basename;
-        (void) ctx;
-
-        /* Extract basename from file */
-        for(p = basename = file; *p != '\0'; p++) {
-            if(*p == '/' || *p == '\\') {
-                basename = p + 1;
-            }
-        }
-
-        if (_debug) {
-            mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
-        }
-    }
-
-    /**
-     * Certificate verification callback for mbed TLS
-     * Here we only use it to display information on each cert in the chain
-     */
-    static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
-    {
-        const uint32_t buf_size = 1024;
-        char *buf = new char[buf_size];
-        (void) data;
-
-        if (_debug) mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
-        mbedtls_x509_crt_info(buf, buf_size - 1, "  ", crt);
-        if (_debug) mbedtls_printf("%s", buf);
-
-        if (*flags == 0)
-            if (_debug) mbedtls_printf("No verification issue for this certificate\n");
-        else
-        {
-            mbedtls_x509_crt_verify_info(buf, buf_size, "  ! ", *flags);
-            if (_debug) mbedtls_printf("%s\n", buf);
-        }
-
-        delete[] buf;
-        return 0;
-    }
-#endif
-
-    /**
-     * Receive callback for mbed TLS
-     */
-    static int ssl_recv(void *ctx, unsigned char *buf, size_t len) {
-        int recv = -1;
-        TCPSocket *socket = static_cast<TCPSocket *>(ctx);
-        recv = socket->recv(buf, len);
-
-        if (NSAPI_ERROR_WOULD_BLOCK == recv) {
-            return MBEDTLS_ERR_SSL_WANT_READ;
-        }
-        else if (recv < 0) {
-            return -1;
-        }
-        else {
-            return recv;
-        }
-   }
-
-    /**
-     * Send callback for mbed TLS
-     */
-    static int ssl_send(void *ctx, const unsigned char *buf, size_t len) {
-       int size = -1;
-        TCPSocket *socket = static_cast<TCPSocket *>(ctx);
-        size = socket->send(buf, len);
-
-        if(NSAPI_ERROR_WOULD_BLOCK == size) {
-            return len;
-        }
-        else if (size < 0){
-            return -1;
-        }
-        else {
-            return size;
-        }
-    }
-
     void onError(TCPSocket *s, int error) {
         s->close();
         _error = error;
     }
 
 protected:
-    TCPSocket* _tcpsocket;
+    TLSSocket* _tlssocket;
+    bool _we_created_the_socket;
 
     Callback<void(const char *at, size_t length)> _body_callback;
     ParsedUrl* _parsed_url;
     HttpRequestBuilder* _request_builder;
     HttpResponse* _response;
-    const char *DRBG_PERS;
-    const char *_ssl_ca_pem;
 
     nsapi_error_t _error;
     bool _debug;
 
-    mbedtls_entropy_context _entropy;
-    mbedtls_ctr_drbg_context _ctr_drbg;
-    mbedtls_x509_crt _cacert;
-    mbedtls_ssl_context _ssl;
-    mbedtls_ssl_config _ssl_conf;
 };
 
 #endif // _MBED_HTTPS_REQUEST_H_