Network/https-proxy-protocol.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // https-proxy - CONNECT style transparent proxy connection to SSL host.
  21 //
  22 // This is the CONNECT method of an ordinary (proxying) HTTP server.
  23 // Once it switches a connection to transparent proxying, there's no way to get out
  24 // again. Hence, our Connection objects belong to the remote host, not the proxy.
  25 //
  26 #include "https-proxy-protocol.h"
  27 #include "netparameters.h"
  28
  29
  30 namespace Security {
  31 namespace Network {
  32
  33
  34 //
  35 // Construct the protocol object
  36 //
  37 ConnectHTTPProtocol::ConnectHTTPProtocol(Manager &mgr, const HostTarget &proxy)
  38     : SecureHTTPProtocol(mgr), host(proxy.defaultPort(defaultHttpPort))
  39 {
  40 }
  41
  42
  43 //
  44 // Create a Transfer object for our protocol
  45 //
  46 ConnectHTTPProtocol::ConnectHTTPTransfer *ConnectHTTPProtocol::makeTransfer(const Target &target,
  47     Operation operation)
  48 {
  49     return new ConnectHTTPTransfer(*this, target, operation, defaultHttpsPort);
  50 }
  51
  52
  53 //
  54 // Construct an HTTPConnection object
  55 //
  56 ConnectHTTPProtocol::ConnectHTTPConnection::ConnectHTTPConnection(Protocol &proto,
  57     const HostTarget &hostTarget)
  58     : SecureHTTPConnection(proto, hostTarget)
  59
  60 {
  61     // SecureHTTPConnection already set up everything for talking to the server
  62     connectState = connectConnecting;
  63     deferStartSSL = true;       // tell parent protocol to break on connect-complete
  64 }
  65
  66 ConnectHTTPProtocol::ConnectHTTPConnection::~ConnectHTTPConnection()
  67 {
  68 }
  69
  70
  71 //
  72 // Start a connection request
  73 //
  74 void ConnectHTTPProtocol::ConnectHTTPConnection::connectRequest()
  75 {
  76     switch (connectState) {
  77     case connectConnecting:
  78         return;         // still waiting for TCP
  79     case connectStartup:
  80         {
  81             const HostTarget &host = target().host;
  82             flushOutput(false); // hold output
  83             printfe("CONNECT %s:%d HTTP/1.1",
  84                 host.host().name().c_str(), target().host.port());
  85             hostHeader();
  86             authorizationHeader("Proxy-Authorization", hostTarget,
  87                 kNetworkGenericProxyUsername, kNetworkGenericProxyPassword);
  88             printfe("");                // end of headers
  89             flushOutput();              // flush accumulated output
  90             mode(lineInput);
  91             connectState = connectPrimaryResponse;
  92         }
  93         break;
  94     case connectReady:                  // already set; go ahead next layer (https)
  95         sslRequest();
  96         break;
  97     default:
  98         assert(false);                  // huh?
  99     }
 100 }
 101
 102
 103 //
 104 // Our state transit method controls only the initial SSL handshake.
 105 // Think of it as a "prefix" to the HTTP protocol state engine. Once the handshake
 106 // is complete, we hand off further state management to the HTTP machine.
 107 //
 108 void ConnectHTTPProtocol::ConnectHTTPConnection::transit(Event event,
 109     char *input, size_t inputLength)
 110 {
 111     if (event == endOfInput && connectState != connectReady)
 112         UnixError::throwMe(ECONNRESET); // @@@ diagnostic?
 113
 114     switch (connectState) {
 115     case connectConnecting:
 116         SecureHTTPConnection::transit(event, input, inputLength);
 117         if (SecureHTTPConnection::sslState == sslStartup) { // transport level ready
 118             connectState = connectStartup;
 119             connectRequest();
 120         }
 121         return;
 122     case connectPrimaryResponse:
 123         {
 124             // sketchily read proxy's primary response
 125             int major, minor, code;
 126             if (sscanf(input, "HTTP/%d.%d %u", &major, &minor, &code) != 3) {
 127                 fail(input);    // malformed response header
 128             }
 129             if (major != 1 || minor < 0 || minor > 1)
 130                 fail(input);
 131             switch (code) {
 132             case 200:           // okay, proceed
 133                 connectState = connectReadHeaders;
 134                 break;
 135             default:            // this didn't work
 136                 transfer().httpResponse() = input;      // won't have a better one
 137                 fail(input);
 138             }
 139         }
 140         break;
 141     case connectReadHeaders:
 142         {
 143             if (inputLength) {
 144                 headers().add(input);
 145             } else {
 146                 // end of proxy headers: start SSL now
 147                 connectState = connectReady;
 148                 try {
 149                     startSSL();
 150                 } catch (const CssmCommonError &err) {
 151                     setError("SSL failed", err.osStatus());
 152                     throw;
 153                 } catch (...) {
 154                     setError("SSL failed");
 155                     throw;
 156                 }
 157             }
 158         }
 159         break;
 160     case connectReady:
 161         return SecureHTTPConnection::transit(event, input, inputLength);
 162     default:
 163         assert(false);                                          // huh?
 164     }
 165 }
 166
 167
 168 //
 169 // HTTPS Transfer objects.
 170 //
 171 ConnectHTTPProtocol::ConnectHTTPTransfer::ConnectHTTPTransfer(Protocol &proto,
 172     const Target &tgt, Operation operation, IPPort defPort)
 173     : SecureHTTPTransfer(proto, tgt, operation, defPort)
 174 {
 175 }
 176
 177 void ConnectHTTPProtocol::ConnectHTTPTransfer::start()
 178 {
 179     ConnectHTTPConnection *connection =
 180         protocol.manager.findConnection<ConnectHTTPConnection>(target);
 181     if (connection == NULL)
 182         connection = new ConnectHTTPConnection(protocol, target);
 183     connection->dock(this);
 184     connection->connectRequest();
 185 }
 186
 187
 188 //
 189 // Even though this is formally a proxy protocol, we should not use
 190 // proxy headers, since the proxy is transparent and the remote system
 191 // expects a direct request.
 192 //
 193 bool ConnectHTTPProtocol::ConnectHTTPTransfer::useProxyHeaders() const
 194 {
 195     return false;
 196 }
 197
 198
 199 //
 200 // We are a proxy protocol
 201 //
 202 bool ConnectHTTPProtocol::isProxy() const
 203 { return true; }
 204
 205 const HostTarget &ConnectHTTPProtocol::proxyHost() const
 206 { return host; }
 207
 208
 209 }       // end namespace Network
 210 }       // end namespace Security