Fork of mbed-http

Fork of mbed-http by sandbox

Revision:
0:910f5949759f
Child:
6:112d72c60e07
diff -r 000000000000 -r 910f5949759f source/https_request.h
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/source/https_request.h	Thu Feb 16 11:35:56 2017 +0100
@@ -0,0 +1,445 @@
+/*
+ * PackageLicenseDeclared: Apache-2.0
+ * Copyright (c) 2017 ARM Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _MBED_HTTPS_REQUEST_H_
+#define _MBED_HTTPS_REQUEST_H_
+
+/* Change to a number between 1 and 4 to debug the TLS connection */
+#define DEBUG_LEVEL 0
+
+#include <string>
+#include <vector>
+#include <map>
+#include "http_parser.h"
+#include "http_response.h"
+#include "http_request_builder.h"
+#include "http_response_parser.h"
+#include "http_parsed_url.h"
+
+#include "mbedtls/platform.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+
+#if DEBUG_LEVEL > 0
+#include "mbedtls/debug.h"
+#endif
+
+/**
+ * \brief HttpsRequest implements the logic for interacting with HTTPS servers.
+ */
+class HttpsRequest {
+public:
+    /**
+     * HttpsRequest Constructor
+     * Initializes the TCP socket, sets up event handlers and flags.
+     *
+     * @param[in] net_iface The network interface
+     * @param[in] ssl_ca_pem String containing the trusted CAs
+     * @param[in] method HTTP method to use
+     * @param[in] url URL to the resource
+     * @param[in] body_callback Callback on which to retrieve chunks of the response body.
+                                If not set, the complete body will be allocated on the HttpResponse object,
+                                which might use lots of memory.
+     */
+    HttpsRequest(NetworkInterface* net_iface,
+                 const char* ssl_ca_pem,
+                 http_method method,
+                 const char* url,
+                 Callback<void(const char *at, size_t length)> body_callback = 0)
+    {
+        _parsed_url = new ParsedUrl(url);
+        _body_callback = body_callback;
+        _tcpsocket = new TCPSocket(net_iface);
+        _request_builder = new HttpRequestBuilder(method, _parsed_url);
+        _response = NULL;
+        _debug = false;
+        _ssl_ca_pem = ssl_ca_pem;
+
+        DRBG_PERS = "mbed TLS helloword client";
+
+        mbedtls_entropy_init(&_entropy);
+        mbedtls_ctr_drbg_init(&_ctr_drbg);
+        mbedtls_x509_crt_init(&_cacert);
+        mbedtls_ssl_init(&_ssl);
+        mbedtls_ssl_config_init(&_ssl_conf);
+    }
+
+    /**
+     * HttpsRequest Destructor
+     */
+    ~HttpsRequest() {
+        mbedtls_entropy_free(&_entropy);
+        mbedtls_ctr_drbg_free(&_ctr_drbg);
+        mbedtls_x509_crt_free(&_cacert);
+        mbedtls_ssl_free(&_ssl);
+        mbedtls_ssl_config_free(&_ssl_conf);
+
+        if (_request_builder) {
+            delete _request_builder;
+        }
+
+        if (_tcpsocket) {
+            delete _tcpsocket;
+        }
+
+        if (_parsed_url) {
+            delete _parsed_url;
+        }
+
+        if (_response) {
+            delete _response;
+        }
+
+        // @todo: free DRBG_PERS ?
+    }
+
+    /**
+     * Execute the HTTPS request.
+     *
+     * @param[in] body Pointer to the request body
+     * @param[in] body_size Size of the request body
+     * @return An HttpResponse pointer on success, or NULL on failure.
+     *         See get_error() for the error code.
+     */
+    HttpResponse* send(const void* body = NULL, nsapi_size_t body_size = 0) {
+        /* Initialize the flags */
+        /*
+         * Initialize TLS-related stuf.
+         */
+        int ret;
+        if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
+                          (const unsigned char *) DRBG_PERS,
+                          sizeof (DRBG_PERS))) != 0) {
+            print_mbedtls_error("mbedtls_crt_drbg_init", ret);
+            _error = ret;
+            return NULL;
+        }
+
+        if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *)_ssl_ca_pem,
+                           strlen(_ssl_ca_pem) + 1)) != 0) {
+            print_mbedtls_error("mbedtls_x509_crt_parse", ret);
+            _error = ret;
+            return NULL;
+        }
+
+        if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
+                        MBEDTLS_SSL_IS_CLIENT,
+                        MBEDTLS_SSL_TRANSPORT_STREAM,
+                        MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+            print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
+            _error = ret;
+            return NULL;
+        }
+
+        mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
+        mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
+
+        /* It is possible to disable authentication by passing
+         * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
+         */
+        mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+
+#if DEBUG_LEVEL > 0
+        mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL);
+        mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL);
+        mbedtls_debug_set_threshold(DEBUG_LEVEL);
+#endif
+
+        if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
+            print_mbedtls_error("mbedtls_ssl_setup", ret);
+            _error = ret;
+            return NULL;
+        }
+
+        mbedtls_ssl_set_hostname(&_ssl, _parsed_url->host());
+
+        mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket),
+                                   ssl_send, ssl_recv, NULL );
+
+        /* Connect to the server */
+        if (_debug) mbedtls_printf("Connecting to %s:%d\r\n", _parsed_url->host(), _parsed_url->port());
+        ret = _tcpsocket->connect(_parsed_url->host(), _parsed_url->port());
+        if (ret != NSAPI_ERROR_OK) {
+            if (_debug) mbedtls_printf("Failed to connect\r\n");
+            onError(_tcpsocket, -1);
+            return NULL;
+        }
+
+       /* Start the handshake, the rest will be done in onReceive() */
+        if (_debug) mbedtls_printf("Starting the TLS handshake...\r\n");
+        ret = mbedtls_ssl_handshake(&_ssl);
+        if (ret < 0) {
+            if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+                ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+                print_mbedtls_error("mbedtls_ssl_handshake", ret);
+                onError(_tcpsocket, -1);
+            }
+            else {
+                _error = ret;
+            }
+            return NULL;
+        }
+
+        char* request = _request_builder->build(body, body_size);
+        size_t request_size = strlen(request);
+
+        ret = mbedtls_ssl_write(&_ssl, (const unsigned char *) request, request_size);
+
+        free(request);
+
+        if (ret < 0) {
+            if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+                ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+                print_mbedtls_error("mbedtls_ssl_write", ret);
+                onError(_tcpsocket, -1 );
+            }
+            else {
+                _error = ret;
+            }
+            return NULL;
+        }
+
+        /* It also means the handshake is done, time to print info */
+        if (_debug) mbedtls_printf("TLS connection to %s:%d established\r\n", _parsed_url->host(), _parsed_url->port());
+
+        const uint32_t buf_size = 1024;
+        char *buf = new char[buf_size];
+        mbedtls_x509_crt_info(buf, buf_size, "\r    ",
+                        mbedtls_ssl_get_peer_cert(&_ssl));
+        if (_debug) mbedtls_printf("Server certificate:\r\n%s\r", buf);
+
+        uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
+        if( flags != 0 )
+        {
+            mbedtls_x509_crt_verify_info(buf, buf_size, "\r  ! ", flags);
+            if (_debug) mbedtls_printf("Certificate verification failed:\r\n%s\r\r\n", buf);
+        }
+        else {
+            if (_debug) mbedtls_printf("Certificate verification passed\r\n\r\n");
+        }
+
+        // Create a response object
+        _response = new HttpResponse();
+        // And a response parser
+        HttpResponseParser parser(_response, _body_callback);
+
+        // Set up a receive buffer (on the heap)
+        uint8_t* recv_buffer = (uint8_t*)malloc(HTTP_RECEIVE_BUFFER_SIZE);
+
+        /* Read data out of the socket */
+        while ((ret = mbedtls_ssl_read(&_ssl, (unsigned char *) recv_buffer, HTTP_RECEIVE_BUFFER_SIZE)) > 0) {
+            // Don't know if this is actually needed, but OK
+            size_t _bpos = static_cast<size_t>(ret);
+            recv_buffer[_bpos] = 0;
+
+            size_t nparsed = parser.execute((const char*)recv_buffer, _bpos);
+            if (nparsed != _bpos) {
+                print_mbedtls_error("parser_error", nparsed);
+                // parser error...
+                _error = -2101;
+                free(recv_buffer);
+                return NULL;
+            }
+            // No more chunks? break out of this loop
+            if (_bpos < HTTP_RECEIVE_BUFFER_SIZE) {
+                break;
+            }
+        }
+        if (ret < 0) {
+            if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+                print_mbedtls_error("mbedtls_ssl_read", ret);
+                onError(_tcpsocket, -1 );
+            }
+            else {
+                _error = ret;
+            }
+            free(recv_buffer);
+            return NULL;
+        }
+
+        parser.finish();
+
+        _tcpsocket->close();
+        free(recv_buffer);
+
+        return _response;
+    }
+
+    /**
+     * Closes the TCP socket
+     */
+    void close() {
+        _tcpsocket->close();
+    }
+
+    /**
+     * Set a header for the request.
+     *
+     * The 'Host' and 'Content-Length' headers are set automatically.
+     * Setting the same header twice will overwrite the previous entry.
+     *
+     * @param[in] key Header key
+     * @param[in] value Header value
+     */
+    void set_header(string key, string value) {
+        _request_builder->set_header(key, value);
+    }
+
+    /**
+     * Get the error code.
+     *
+     * When send() fails, this error is set.
+     */
+    nsapi_error_t get_error() {
+        return _error;
+    }
+
+    /**
+     * Set the debug flag.
+     *
+     * If this flag is set, debug information from mbed TLS will be logged to stdout.
+     */
+    void set_debug(bool debug) {
+        _debug = debug;
+    }
+
+protected:
+    /**
+     * Helper for pretty-printing mbed TLS error codes
+     */
+    static void print_mbedtls_error(const char *name, int err) {
+        char buf[128];
+        mbedtls_strerror(err, buf, sizeof (buf));
+        mbedtls_printf("%s() failed: -0x%04x (%d): %s\r\n", name, -err, err, buf);
+    }
+
+#if DEBUG_LEVEL > 0
+    /**
+     * Debug callback for mbed TLS
+     * Just prints on the USB serial port
+     */
+    static void my_debug(void *ctx, int level, const char *file, int line,
+                         const char *str)
+    {
+        const char *p, *basename;
+        (void) ctx;
+
+        /* Extract basename from file */
+        for(p = basename = file; *p != '\0'; p++) {
+            if(*p == '/' || *p == '\\') {
+                basename = p + 1;
+            }
+        }
+
+        if (_debug) {
+            mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
+        }
+    }
+
+    /**
+     * Certificate verification callback for mbed TLS
+     * Here we only use it to display information on each cert in the chain
+     */
+    static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
+    {
+        const uint32_t buf_size = 1024;
+        char *buf = new char[buf_size];
+        (void) data;
+
+        if (_debug) mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
+        mbedtls_x509_crt_info(buf, buf_size - 1, "  ", crt);
+        if (_debug) mbedtls_printf("%s", buf);
+
+        if (*flags == 0)
+            if (_debug) mbedtls_printf("No verification issue for this certificate\n");
+        else
+        {
+            mbedtls_x509_crt_verify_info(buf, buf_size, "  ! ", *flags);
+            if (_debug) mbedtls_printf("%s\n", buf);
+        }
+
+        delete[] buf;
+        return 0;
+    }
+#endif
+
+    /**
+     * Receive callback for mbed TLS
+     */
+    static int ssl_recv(void *ctx, unsigned char *buf, size_t len) {
+        int recv = -1;
+        TCPSocket *socket = static_cast<TCPSocket *>(ctx);
+        recv = socket->recv(buf, len);
+
+        if (NSAPI_ERROR_WOULD_BLOCK == recv) {
+            return MBEDTLS_ERR_SSL_WANT_READ;
+        }
+        else if (recv < 0) {
+            return -1;
+        }
+        else {
+            return recv;
+        }
+   }
+
+    /**
+     * Send callback for mbed TLS
+     */
+    static int ssl_send(void *ctx, const unsigned char *buf, size_t len) {
+       int size = -1;
+        TCPSocket *socket = static_cast<TCPSocket *>(ctx);
+        size = socket->send(buf, len);
+
+        if(NSAPI_ERROR_WOULD_BLOCK == size) {
+            return len;
+        }
+        else if (size < 0){
+            return -1;
+        }
+        else {
+            return size;
+        }
+    }
+
+    void onError(TCPSocket *s, int error) {
+        s->close();
+        _error = error;
+    }
+
+protected:
+    TCPSocket* _tcpsocket;
+
+    Callback<void(const char *at, size_t length)> _body_callback;
+    ParsedUrl* _parsed_url;
+    HttpRequestBuilder* _request_builder;
+    HttpResponse* _response;
+    const char *DRBG_PERS;
+    const char *_ssl_ca_pem;
+
+    nsapi_error_t _error;
+    bool _debug;
+
+    mbedtls_entropy_context _entropy;
+    mbedtls_ctr_drbg_context _ctr_drbg;
+    mbedtls_x509_crt _cacert;
+    mbedtls_ssl_context _ssl;
+    mbedtls_ssl_config _ssl_conf;
+};
+
+#endif // _MBED_HTTPS_REQUEST_H_