Matthew Else
Fork of mbed-http
source/https_request.h
- Committer:
- Jan Jongboom
- Date:
- 2017-02-16
- Revision:
- 0:910f5949759f
- Child:
- 6:112d72c60e07
File content as of revision 0:910f5949759f:
/*
* PackageLicenseDeclared: Apache-2.0
* Copyright (c) 2017 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _MBED_HTTPS_REQUEST_H_
#define _MBED_HTTPS_REQUEST_H_
/* Change to a number between 1 and 4 to debug the TLS connection */
#define DEBUG_LEVEL 0
#include <string>
#include <vector>
#include <map>
#include "http_parser.h"
#include "http_response.h"
#include "http_request_builder.h"
#include "http_response_parser.h"
#include "http_parsed_url.h"
#include "mbedtls/platform.h"
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#if DEBUG_LEVEL > 0
#include "mbedtls/debug.h"
#endif
/**
* \brief HttpsRequest implements the logic for interacting with HTTPS servers.
*/
class HttpsRequest {
public:
/**
* HttpsRequest Constructor
* Initializes the TCP socket, sets up event handlers and flags.
*
* @param[in] net_iface The network interface
* @param[in] ssl_ca_pem String containing the trusted CAs
* @param[in] method HTTP method to use
* @param[in] url URL to the resource
* @param[in] body_callback Callback on which to retrieve chunks of the response body.
If not set, the complete body will be allocated on the HttpResponse object,
which might use lots of memory.
*/
HttpsRequest(NetworkInterface* net_iface,
const char* ssl_ca_pem,
http_method method,
const char* url,
Callback<void(const char *at, size_t length)> body_callback = 0)
{
_parsed_url = new ParsedUrl(url);
_body_callback = body_callback;
_tcpsocket = new TCPSocket(net_iface);
_request_builder = new HttpRequestBuilder(method, _parsed_url);
_response = NULL;
_debug = false;
_ssl_ca_pem = ssl_ca_pem;
DRBG_PERS = "mbed TLS helloword client";
mbedtls_entropy_init(&_entropy);
mbedtls_ctr_drbg_init(&_ctr_drbg);
mbedtls_x509_crt_init(&_cacert);
mbedtls_ssl_init(&_ssl);
mbedtls_ssl_config_init(&_ssl_conf);
}
/**
* HttpsRequest Destructor
*/
~HttpsRequest() {
mbedtls_entropy_free(&_entropy);
mbedtls_ctr_drbg_free(&_ctr_drbg);
mbedtls_x509_crt_free(&_cacert);
mbedtls_ssl_free(&_ssl);
mbedtls_ssl_config_free(&_ssl_conf);
if (_request_builder) {
delete _request_builder;
}
if (_tcpsocket) {
delete _tcpsocket;
}
if (_parsed_url) {
delete _parsed_url;
}
if (_response) {
delete _response;
}
// @todo: free DRBG_PERS ?
}
/**
* Execute the HTTPS request.
*
* @param[in] body Pointer to the request body
* @param[in] body_size Size of the request body
* @return An HttpResponse pointer on success, or NULL on failure.
* See get_error() for the error code.
*/
HttpResponse* send(const void* body = NULL, nsapi_size_t body_size = 0) {
/* Initialize the flags */
/*
* Initialize TLS-related stuf.
*/
int ret;
if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
(const unsigned char *) DRBG_PERS,
sizeof (DRBG_PERS))) != 0) {
print_mbedtls_error("mbedtls_crt_drbg_init", ret);
_error = ret;
return NULL;
}
if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)_ssl_ca_pem,
strlen(_ssl_ca_pem) + 1)) != 0) {
print_mbedtls_error("mbedtls_x509_crt_parse", ret);
_error = ret;
return NULL;
}
if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
_error = ret;
return NULL;
}
mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
/* It is possible to disable authentication by passing
* MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
*/
mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
#if DEBUG_LEVEL > 0
mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL);
mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL);
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
print_mbedtls_error("mbedtls_ssl_setup", ret);
_error = ret;
return NULL;
}
mbedtls_ssl_set_hostname(&_ssl, _parsed_url->host());
mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket),
ssl_send, ssl_recv, NULL );
/* Connect to the server */
if (_debug) mbedtls_printf("Connecting to %s:%d\r\n", _parsed_url->host(), _parsed_url->port());
ret = _tcpsocket->connect(_parsed_url->host(), _parsed_url->port());
if (ret != NSAPI_ERROR_OK) {
if (_debug) mbedtls_printf("Failed to connect\r\n");
onError(_tcpsocket, -1);
return NULL;
}
/* Start the handshake, the rest will be done in onReceive() */
if (_debug) mbedtls_printf("Starting the TLS handshake...\r\n");
ret = mbedtls_ssl_handshake(&_ssl);
if (ret < 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
print_mbedtls_error("mbedtls_ssl_handshake", ret);
onError(_tcpsocket, -1);
}
else {
_error = ret;
}
return NULL;
}
char* request = _request_builder->build(body, body_size);
size_t request_size = strlen(request);
ret = mbedtls_ssl_write(&_ssl, (const unsigned char *) request, request_size);
free(request);
if (ret < 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
print_mbedtls_error("mbedtls_ssl_write", ret);
onError(_tcpsocket, -1 );
}
else {
_error = ret;
}
return NULL;
}
/* It also means the handshake is done, time to print info */
if (_debug) mbedtls_printf("TLS connection to %s:%d established\r\n", _parsed_url->host(), _parsed_url->port());
const uint32_t buf_size = 1024;
char *buf = new char[buf_size];
mbedtls_x509_crt_info(buf, buf_size, "\r ",
mbedtls_ssl_get_peer_cert(&_ssl));
if (_debug) mbedtls_printf("Server certificate:\r\n%s\r", buf);
uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
if( flags != 0 )
{
mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags);
if (_debug) mbedtls_printf("Certificate verification failed:\r\n%s\r\r\n", buf);
}
else {
if (_debug) mbedtls_printf("Certificate verification passed\r\n\r\n");
}
// Create a response object
_response = new HttpResponse();
// And a response parser
HttpResponseParser parser(_response, _body_callback);
// Set up a receive buffer (on the heap)
uint8_t* recv_buffer = (uint8_t*)malloc(HTTP_RECEIVE_BUFFER_SIZE);
/* Read data out of the socket */
while ((ret = mbedtls_ssl_read(&_ssl, (unsigned char *) recv_buffer, HTTP_RECEIVE_BUFFER_SIZE)) > 0) {
// Don't know if this is actually needed, but OK
size_t _bpos = static_cast<size_t>(ret);
recv_buffer[_bpos] = 0;
size_t nparsed = parser.execute((const char*)recv_buffer, _bpos);
if (nparsed != _bpos) {
print_mbedtls_error("parser_error", nparsed);
// parser error...
_error = -2101;
free(recv_buffer);
return NULL;
}
// No more chunks? break out of this loop
if (_bpos < HTTP_RECEIVE_BUFFER_SIZE) {
break;
}
}
if (ret < 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
print_mbedtls_error("mbedtls_ssl_read", ret);
onError(_tcpsocket, -1 );
}
else {
_error = ret;
}
free(recv_buffer);
return NULL;
}
parser.finish();
_tcpsocket->close();
free(recv_buffer);
return _response;
}
/**
* Closes the TCP socket
*/
void close() {
_tcpsocket->close();
}
/**
* Set a header for the request.
*
* The 'Host' and 'Content-Length' headers are set automatically.
* Setting the same header twice will overwrite the previous entry.
*
* @param[in] key Header key
* @param[in] value Header value
*/
void set_header(string key, string value) {
_request_builder->set_header(key, value);
}
/**
* Get the error code.
*
* When send() fails, this error is set.
*/
nsapi_error_t get_error() {
return _error;
}
/**
* Set the debug flag.
*
* If this flag is set, debug information from mbed TLS will be logged to stdout.
*/
void set_debug(bool debug) {
_debug = debug;
}
protected:
/**
* Helper for pretty-printing mbed TLS error codes
*/
static void print_mbedtls_error(const char *name, int err) {
char buf[128];
mbedtls_strerror(err, buf, sizeof (buf));
mbedtls_printf("%s() failed: -0x%04x (%d): %s\r\n", name, -err, err, buf);
}
#if DEBUG_LEVEL > 0
/**
* Debug callback for mbed TLS
* Just prints on the USB serial port
*/
static void my_debug(void *ctx, int level, const char *file, int line,
const char *str)
{
const char *p, *basename;
(void) ctx;
/* Extract basename from file */
for(p = basename = file; *p != '\0'; p++) {
if(*p == '/' || *p == '\\') {
basename = p + 1;
}
}
if (_debug) {
mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
}
}
/**
* Certificate verification callback for mbed TLS
* Here we only use it to display information on each cert in the chain
*/
static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
{
const uint32_t buf_size = 1024;
char *buf = new char[buf_size];
(void) data;
if (_debug) mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
if (_debug) mbedtls_printf("%s", buf);
if (*flags == 0)
if (_debug) mbedtls_printf("No verification issue for this certificate\n");
else
{
mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
if (_debug) mbedtls_printf("%s\n", buf);
}
delete[] buf;
return 0;
}
#endif
/**
* Receive callback for mbed TLS
*/
static int ssl_recv(void *ctx, unsigned char *buf, size_t len) {
int recv = -1;
TCPSocket *socket = static_cast<TCPSocket *>(ctx);
recv = socket->recv(buf, len);
if (NSAPI_ERROR_WOULD_BLOCK == recv) {
return MBEDTLS_ERR_SSL_WANT_READ;
}
else if (recv < 0) {
return -1;
}
else {
return recv;
}
}
/**
* Send callback for mbed TLS
*/
static int ssl_send(void *ctx, const unsigned char *buf, size_t len) {
int size = -1;
TCPSocket *socket = static_cast<TCPSocket *>(ctx);
size = socket->send(buf, len);
if(NSAPI_ERROR_WOULD_BLOCK == size) {
return len;
}
else if (size < 0){
return -1;
}
else {
return size;
}
}
void onError(TCPSocket *s, int error) {
s->close();
_error = error;
}
protected:
TCPSocket* _tcpsocket;
Callback<void(const char *at, size_t length)> _body_callback;
ParsedUrl* _parsed_url;
HttpRequestBuilder* _request_builder;
HttpResponse* _response;
const char *DRBG_PERS;
const char *_ssl_ca_pem;
nsapi_error_t _error;
bool _debug;
mbedtls_entropy_context _entropy;
mbedtls_ctr_drbg_context _ctr_drbg;
mbedtls_x509_crt _cacert;
mbedtls_ssl_context _ssl;
mbedtls_ssl_config _ssl_conf;
};
#endif // _MBED_HTTPS_REQUEST_H_