|
|
|
@ -12,10 +12,10 @@ mbedtls_ssl_config conf;
@@ -12,10 +12,10 @@ mbedtls_ssl_config conf;
|
|
|
|
|
mbedtls_x509_crt cacert; |
|
|
|
|
|
|
|
|
|
HTTPSRequest::HTTPSRequest(const std::shared_ptr<URL> u) { |
|
|
|
|
if (!initTLS()){ |
|
|
|
|
printf("failed to start TLS!"); |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
if (!initTLS()){ |
|
|
|
|
printf("failed to start TLS!"); |
|
|
|
|
return; |
|
|
|
|
} |
|
|
|
|
uri = u; |
|
|
|
|
version = Version::HTTP10; |
|
|
|
|
method = Method::GET; |
|
|
|
@ -24,71 +24,73 @@ HTTPSRequest::HTTPSRequest(const std::shared_ptr<URL> u) {
@@ -24,71 +24,73 @@ HTTPSRequest::HTTPSRequest(const std::shared_ptr<URL> u) {
|
|
|
|
|
|
|
|
|
|
bool HTTPSRequest::sendRequest(std::function<void(const HTTPResponse&)> responseCallback) const { |
|
|
|
|
std::string response; |
|
|
|
|
std::string document = uri->path; |
|
|
|
|
std::string host = uri->host; |
|
|
|
|
std::string port = std::to_string(uri->port); |
|
|
|
|
std::string document = uri->path; |
|
|
|
|
std::string host = uri->host; |
|
|
|
|
std::string port = std::to_string(uri->port); |
|
|
|
|
|
|
|
|
|
char buffer[512]; |
|
|
|
|
int ret; |
|
|
|
|
unsigned flags; |
|
|
|
|
|
|
|
|
|
if(mbedtls_net_connect(&server_fd, host.c_str(),port.c_str(), MBEDTLS_NET_PROTO_TCP) != 0 ){ |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (mbedtls_ssl_config_defaults(&conf,MBEDTLS_SSL_IS_CLIENT,MBEDTLS_SSL_TRANSPORT_STREAM,MBEDTLS_SSL_PRESET_DEFAULT) != 0){ |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); |
|
|
|
|
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); |
|
|
|
|
mbedtls_ssl_conf_ca_chain( &conf, &cacert, nullptr ); |
|
|
|
|
int ret; |
|
|
|
|
unsigned flags; |
|
|
|
|
|
|
|
|
|
if(mbedtls_net_connect(&server_fd, host.c_str(),port.c_str(), MBEDTLS_NET_PROTO_TCP) != 0 ){ |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if (mbedtls_ssl_config_defaults(&conf,MBEDTLS_SSL_IS_CLIENT,MBEDTLS_SSL_TRANSPORT_STREAM,MBEDTLS_SSL_PRESET_DEFAULT) != 0){ |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); |
|
|
|
|
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); |
|
|
|
|
mbedtls_ssl_conf_ca_chain( &conf, &cacert, nullptr ); |
|
|
|
|
|
|
|
|
|
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ){ |
|
|
|
|
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ){ |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
if(mbedtls_ssl_set_hostname( &ssl, uri->host.c_str() ) != 0 ){ |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
if(mbedtls_ssl_set_hostname( &ssl, uri->host.c_str() ) != 0 ){ |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, nullptr ); |
|
|
|
|
|
|
|
|
|
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, nullptr ); |
|
|
|
|
int state = mbedtls_ssl_handshake( &ssl ); |
|
|
|
|
|
|
|
|
|
int state = mbedtls_ssl_handshake( &ssl ); |
|
|
|
|
while(state != 0){ |
|
|
|
|
if( state != MBEDTLS_ERR_SSL_WANT_READ && state != MBEDTLS_ERR_SSL_WANT_WRITE ){ |
|
|
|
|
printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", -state ); |
|
|
|
|
return false; |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ){ |
|
|
|
|
printf("Invalid server cert!"); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ){ |
|
|
|
|
printf("Invalid server cert!"); |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
const std::string request = methodToString(method) + std::string(" ") + document + std::string(" ") + versionToString(version) + std::string("\r\nHost: ") + host + std::string("\r\nUser-Agent: ") + userAgent + std::string("\r\n\r\n"); |
|
|
|
|
|
|
|
|
|
const std::string request = methodToString(method) + std::string(" ") + document + std::string(" ") + versionToString(version) + std::string("\r\nHost: ") + host + std::string("\r\nUser-Agent: ") + userAgent + std::string("\r\n\r\n"); |
|
|
|
|
|
|
|
|
|
while( ( state = mbedtls_ssl_write( &ssl, reinterpret_cast<const unsigned char*>(request.c_str()), request.length() ) ) <= 0 ){ |
|
|
|
|
if( state != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ){ |
|
|
|
|
printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", state ); |
|
|
|
|
return false; |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
do{ |
|
|
|
|
do{ |
|
|
|
|
ret = mbedtls_ssl_read( &ssl, reinterpret_cast<unsigned char *>(buffer), 512 ); |
|
|
|
|
if (ret <= 0){ |
|
|
|
|
break; |
|
|
|
|
} |
|
|
|
|
else{ |
|
|
|
|
response += std::string(buffer, static_cast<unsigned int>(ret)); |
|
|
|
|
} |
|
|
|
|
if (ret <= 0){ |
|
|
|
|
break; |
|
|
|
|
} |
|
|
|
|
else{ |
|
|
|
|
response += std::string(buffer, static_cast<unsigned int>(ret)); |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
while( ret != 0 ); |
|
|
|
|
|
|
|
|
|
// clean up after the request
|
|
|
|
|
mbedtls_ssl_close_notify( &ssl ); |
|
|
|
|
// clean up after the request
|
|
|
|
|
mbedtls_ssl_close_notify( &ssl ); |
|
|
|
|
responseCallback(HTTPResponse(response)); |
|
|
|
|
mbedtls_net_free( &server_fd ); |
|
|
|
|
mbedtls_net_free( &server_fd ); |
|
|
|
|
mbedtls_x509_crt_free( &cacert ); |
|
|
|
|
mbedtls_ssl_free( &ssl ); |
|
|
|
|
mbedtls_ssl_config_free( &conf ); |
|
|
|
@ -119,22 +121,22 @@ const std::string HTTPSRequest::methodToString(const Method meth) const {
@@ -119,22 +121,22 @@ const std::string HTTPSRequest::methodToString(const Method meth) const {
|
|
|
|
|
|
|
|
|
|
bool HTTPSRequest::initTLS() |
|
|
|
|
{ |
|
|
|
|
mbedtls_net_init( &server_fd ); |
|
|
|
|
mbedtls_ssl_init( &ssl ); |
|
|
|
|
mbedtls_ssl_config_init( &conf ); |
|
|
|
|
mbedtls_x509_crt_init( &cacert ); |
|
|
|
|
mbedtls_ctr_drbg_init( &ctr_drbg ); |
|
|
|
|
|
|
|
|
|
const char *seed = "!@netrunner_ssl_seed$%?rvx86_despair##^^%$#@"; |
|
|
|
|
mbedtls_entropy_init( &entropy ); |
|
|
|
|
if(mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, reinterpret_cast<const unsigned char*>(seed), strlen(seed) ) != 0 ){ |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
int ret = mbedtls_x509_crt_parse_file( &cacert, "ca-bundle.crt"); |
|
|
|
|
mbedtls_net_init( &server_fd ); |
|
|
|
|
mbedtls_ssl_init( &ssl ); |
|
|
|
|
mbedtls_ssl_config_init( &conf ); |
|
|
|
|
mbedtls_x509_crt_init( &cacert ); |
|
|
|
|
mbedtls_ctr_drbg_init( &ctr_drbg ); |
|
|
|
|
|
|
|
|
|
const char *seed = "!@netrunner_ssl_seed$%?rvx86_despair##^^%$#@"; |
|
|
|
|
mbedtls_entropy_init( &entropy ); |
|
|
|
|
if(mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, reinterpret_cast<const unsigned char*>(seed), strlen(seed) ) != 0 ){ |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
int ret = mbedtls_x509_crt_parse_file( &cacert, "ca-bundle.crt"); |
|
|
|
|
if( ret < 0 ){ |
|
|
|
|
printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret ); |
|
|
|
|
return false; |
|
|
|
|
return false; |
|
|
|
|
} |
|
|
|
|
return true; |
|
|
|
|
return true; |
|
|
|
|
} |
|
|
|
|