+++ /dev/null
-/*
- * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
- *
- * The contents of this file constitute Original Code as defined in and are
- * subject to the Apple Public Source License Version 1.2 (the 'License').
- * You may not use this file except in compliance with the License. Please obtain
- * a copy of the License at http://www.apple.com/publicsource and read it before
- * using this file.
- *
- * This Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
- * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
- * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
- * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
- * specific language governing rights and limitations under the License.
- */
-
-
-//
-// http-protocol - HTTP protocol objects
-//
-// HTTP Transfers succeed (state() == finished) if the HTTP protocol was successfully
-// observed. This means that even 300/400/500 type results are "successful" as far
-// as state() is concerned. ResultClass() will attempt to classify both successful and
-// unsuccessful outcomes, and errorDescription() is the primary HTTP response line
-// (HTTP/1.n ccc some-string). HTTP Transfers fail (state() == failed) only if they can't
-// talk to the server, or a protocol violation (or unimplemented feature) is detected.
-// Deal with it.
-//
-// Note that the protected flag deferSendRequest allows the state sequencer to be
-// interrupted at the idle stage (before an HTTP request is sent over the virtual wire).
-// This is used by the https protocol driver to "wedge in" the SSL negotiation. Not very
-// elegant, but it works.
-//
-// This implementation of the http protocol includes http proxy operation. As a result,
-// it is very important to distinguish the various HostTargets and Targets involved:
-// Connection::hostTarget is the host we're talking to - it could be a proxy.
-// Transfer::target.host is the host we're trying to reach.
-// From the HTTPConnection's point of view:
-// hostTarget may be a proxy or the destination
-// target().host is always the host we're trying to reach
-// If we're not in proxy mode, these two are usually the same (caveat tester).
-//
-#include "http-protocol.h"
-#include "netparameters.h"
-
-
-namespace Security {
-namespace Network {
-
-
-//
-// Construct the protocol object
-//
-HTTPProtocol::HTTPProtocol(Manager &mgr, const char *scheme) : Protocol(mgr, scheme)
-{
-}
-
-
-//
-// Create a Transfer object for our protocol
-//
-HTTPProtocol::HTTPTransfer *HTTPProtocol::makeTransfer(const Target &target, Operation operation)
-{
- return new HTTPTransfer(*this, target, operation, defaultHttpPort);
-}
-
-
-//
-// Construct an HTTPConnection object
-//
-HTTPProtocol::HTTPConnection::HTTPConnection(Protocol &proto,
- const HostTarget &hostTarget)
- : TCPConnection(proto, hostTarget),
- subVersion(defaultSubVersion),
- state(errorState), deferSendRequest(false)
-{
- const HostTarget &host = proxyHostTarget();
- connect(host.host(), host.port());
- state = connecting;
-}
-
-
-//
-// Start a request/response transaction on this Connection. This puts out all the
-// HTTP request headers in one fell swoop (but not any request body).
-// The Connection must be in idle state.
-//
-void HTTPProtocol::HTTPConnection::request(const char *operation)
-{
- mOperation = operation;
- if (state == idle) // already waiting for request
- sendRequest();
-}
-
-void HTTPProtocol::HTTPConnection::sendRequest()
-{
- assert(state == idle);
-
- // what version of HTTP/1 shall we use?
- subVersion = getv<int>(kNetworkHttpUseVersion, defaultSubVersion);
-
- flushOutput(false); // hold output until we're done
- const Target &target = this->target();
- if (transfer().useProxyHeaders()) {
- printfe("%s %s HTTP/1.%d", mOperation.c_str(), target.urlForm().c_str(), subVersion);
- authorizationHeader("Proxy-Authorization", hostTarget,
- kNetworkGenericProxyUsername, kNetworkGenericProxyPassword);
- } else {
- printfe("%s %s HTTP/1.%d", mOperation.c_str(), target.path.c_str(), subVersion);
- }
- hostHeader();
- authorizationHeader("Authorization", target,
- kNetworkGenericUsername, kNetworkGenericPassword);
- printfe("User-Agent: %s",
- getv<string>(kNetworkHttpUserAgent, "MacNetwork/1.0 (Macintosh)").c_str());
-
- // if restarting, add a Range header
- if (int restartOffset = getv<int>(kNetworkRestartPosition, 0)) {
- printfe("Range: bytes=%d-", restartOffset);
- }
-
- // add other headers set by caller, if any
- {
- string otherHeaders;
- if (get(kNetworkHttpMoreHeaders, otherHeaders)) {
- // launder and rinse - don't let the caller screw up the HTTP header structure
- static const char lineEndings[] = "\r\n";
- const char *p = otherHeaders.c_str();
- while (const char *q = strpbrk(p, lineEndings)) {
- if (q > p)
- printfe("%.*s", q - p, p);
- p = q + strspn(q, lineEndings);
- }
- // now send any last (unterminated) line
- if (*p)
- printfe("%s", p);
- }
- }
-
- // add fields used for upstream transfer, if any, and initiate
- if (transfer().hasSource()) {
- Source &source = transfer().source();
- size_t size = source.getSize();
- if (size == Source::unknownSize) {
- //@@@ try to use Transfer-encoding: chunked -- for now, just use EOF delimiting
- } else {
- printfe("Content-length: %ld", size);
- }
- printfe("Content-Type: %s", getv<string>(kNetworkHttpPostContentType, "text/plain").c_str());
- printfe(""); // end of headers
- mode(source); // initiate autoWrite mode
- } else {
- printfe(""); // end of headers, no data
- }
-
- flushOutput(); // release pent-up output
- mode(lineInput); // line input mode
- state = primaryResponse; // prime the state machine
-}
-
-void HTTPProtocol::HTTPConnection::hostHeader()
-{
- const HostTarget &host = target().host;
- if (host.port())
- printfe("Host: %s:%d", host.host().name().c_str(), host.port());
- else
- printfe("Host: %s", host.host().name().c_str());
-}
-
-void HTTPProtocol::HTTPConnection::authorizationHeader(const char *headerName,
- const HostTarget &host,
- ParameterSource::Key userKey, ParameterSource::Key passKey)
-{
- string username = host.haveUserPass() ? host.username() : getv<string>(userKey);
- string password = host.haveUserPass() ? host.password() : getv<string>(passKey);
- //@@@ only "Basic" authentication supported for now
- if (!username.empty()) {
- //@@@ ad-hoc Base64 encoding. Replace with suitable stream encoder when available
- static const char alphabet[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
- string token = username + ":" + password;
- char *buffer = new char[4 * token.length() / 3 + 2]; // just enough
- const char *src = token.c_str(), *end = src + token.length();
- char *outp = buffer;
- while (src < end) {
- uint32 binary = src[0] << 16;
- if (src+1 < end)
- binary |= src[1] << 8 | src[2];
- *outp++ = alphabet[(binary >> 18) & 0x3F];
- *outp++ = alphabet[(binary >> 12) & 0x3F];
- *outp++ = (src+1 < end) ? alphabet[(binary >> 6) & 0x3F] : '=';
- *outp++ = (src+2 < end) ? alphabet[binary & 0x3F] : '=';
- src += 3;
- }
- *outp = '\0';
- printfe("%s: Basic %s", headerName, buffer);
- delete[] buffer;
- }
-}
-
-
-//
-// This is the master state transit machine for HTTP.
-//
-void HTTPProtocol::HTTPConnection::transit(Event event, char *input, size_t length)
-{
- switch (event) {
- case autoWriteDone: // ingore: it's asynchronous to our state machine
- return;
- case endOfInput: // most of the time, this is a protocol error, so filter it out now
- switch (state) {
- case idle:
- case readWholeBody: // expected
- break;
- case primaryResponse: // Connection failed; restart it
- return restart();
- default: // unexpected; fail
- UnixError::throwMe(ECONNRESET); // @@@ diagnostic?
- }
- break;
- case connectionDone: // TCP connection complete or failed
- {
- assert(state == connecting);
- int error = length;
- observe(Observer::connectEvent, &error);
- if (error) { // retry
- connect();
- } else { // connection good
- state = idle;
- if (!deferSendRequest) { // (subclass wants to wedge in)
- mode(lineInput);
- sendRequest();
- }
- }
- }
- return;
- default:
- break;
- }
-
- switch (state) {
- case primaryResponse:
- {
- assert(mode() == lineInput);
- observe(Observer::protocolReceive, input);
- transfer().httpResponse() = input; // remember response for caller
- // --> HTTP/major.minor status reason-phrase
- int reasonPos;
- if (sscanf(input, "HTTP/%d.%d %u %n",
- &httpVersionMajor, &httpVersionMinor,
- &transfer().httpResponseCode(), &reasonPos) != 3) {
- // malformed response header
- fail(Transfer::remoteFailure);
- }
-
- if (httpVersionMajor != 1) // wrong major protocol Version
- fail(Transfer::remoteFailure);
- if (httpVersionMinor < 0 || httpVersionMinor > 1)
- fail(Transfer::remoteFailure);
-
- // notify the URLAccess emulation that we have the result code
- observe (Observer::resultCodeReady);
-
- // okay, we grok the version. We'll proceed for now reading headers etc.
- state = readHeaders;
-
- // we got input from the server, so this Connection is now confirmed good
- restarting(false);
- break;
- }
- case readHeaders:
- {
- assert(mode() == lineInput);
- if (length) { // another header
- headers().add(input);
- observe(Observer::protocolReceive, input);
- } else { // end of headers
- // we are now handling the transition from response headers to response body
- observe(Observer::protocolReceive, "** END OF HEADER **");
- observe(Observer::downloading, input);
-
- // Transfer-Encoding overrides Content-Length as per RFC2616 p.34
- if (const char *encoding = headers().find("Transfer-Encoding")) {
- if (!strcasecmp(encoding, "chunked")) {
- // eat input in chunks
- state = chunkHeader;
- // mode remains lineInput
- break;
- } else if (!strcasecmp(encoding, "identity")) {
- // allowed and ignored
- } else {
- // unrecognized transfer-encoding
- fail(Transfer::remoteFailure);
- }
- }
- // no transfer-encoding (or transfer-encoding: identity): big gulp mode
- state = readWholeBody;
- if (const char *lengthArg = headers().find("Content-Length")) {
- size_t length = strtol(lengthArg, NULL, 10);
- sink().setSize(length);
- if (length > 0)
- mode(sink(), length);
- else // null body, already done
- finish();
- } else { // read until EOI
- mode(sink());
- }
- }
- break;
- }
- case chunkHeader:
- {
- assert(mode() == lineInput);
- // line should be (just) a hex number, sans "0x" prefix or spaces. Be strict
- char *endOfMatch;
- size_t chunkLength = strtol(input, &endOfMatch, 0x10);
- if (length == 0 || endOfMatch == input) // no valid number
- fail(Transfer::remoteFailure);
- if (chunkLength) {
- secdebug("http", "reading chunk of %ld bytes", chunkLength);
- mode(sink(), chunkLength);
- state = chunkDownload;
- } else {
- secdebug("http", "final chunk marker");
- state = chunkTrailer;
- observe(Observer::protocolReceive, "** END OF DATA **");
- }
- break;
- }
- case chunkGap:
- {
- assert(mode() == lineInput);
- state = chunkHeader;
- break;
- }
- case chunkTrailer:
- {
- assert(mode() == lineInput);
- if (input[0] == '\0') { // end of trailer
- finish();
- } else {
- headers().add(input);
- observe(Observer::protocolReceive, input);
- }
- break;
- }
- case chunkDownload:
- {
- assert(event == autoReadDone);
- state = chunkGap;
- mode(lineInput);
- break;
- }
- case readWholeBody:
- {
- assert(event == autoReadDone || event == endOfInput);
- finish();
- break;
- }
- case idle:
- {
- // the only asynchronous event in idle mode is a connection drop
- secdebug("http",
- "%p event %d while idle; destroying connection", this, event);
- abort();
- state = dead;
- }
- break;
- default:
- assert(false);
- }
-}
-
-void HTTPProtocol::HTTPConnection::transitError(const CssmCommonError &error)
-{
- // note that fail(const char * [, OSStatus]) has already called setError
- fail(true); // fail transfer and throw out connection
-}
-
-
-void HTTPProtocol::HTTPConnection::finish()
-{
- flushInput(); // clear excess garbage input (resynchronize)
- chooseRetain(); // shall we keep the Connection?
- mode(lineInput); // ensure valid input mode
- state = idle; // idle state
- Connection::finish(); // finish this transfer
-}
-
-
-void HTTPProtocol::HTTPConnection::fail(bool forceDrop)
-{
- if (forceDrop)
- retain(false); // drop the Connection
- else
- chooseRetain(); // perhaps keep it
- Connection::fail(); // fail this transfer
-}
-
-
-bool HTTPProtocol::HTTPConnection::validate()
-{
- assert(state == idle);
- tickle(); // may change state
- return state == idle;
-}
-
-
-void HTTPProtocol::HTTPConnection::chooseRetain()
-{
- // figure out whether to stay alive
- retain(strcasecmp(headers().find("Connection", "Keep"), "Close"));
- //@@@ need to handle the HTTP/1.0 case
-}
-
-
-//
-// Transfer objects
-//
-HTTPProtocol::HTTPTransfer::HTTPTransfer(Protocol &proto,
- const Target &tgt, Operation operation, IPPort defaultPort)
- : Transfer(proto, tgt, operation, defaultPort),
- mResultClass(unclassifiedFailure)
-{
-}
-
-void HTTPProtocol::HTTPTransfer::start()
-{
- // HTTP servers can serve both proxy requests and direct requests,
- // and can be pooled based on that fact. Use proxy==target here.
- const HostTarget &host = proxyHostTarget();
- HTTPConnection *connection = protocol.manager.findConnection<HTTPConnection>(host);
- if (connection == NULL)
- connection = new HTTPConnection(protocol, host);
- connection->dock(this);
- startRequest();
-}
-
-void HTTPProtocol::HTTPTransfer::abort()
-{
- observe(Observer::aborting);
- setError("aborted");
- connectionAs<HTTPConnection>().abort();
-}
-
-void HTTPProtocol::HTTPConnection::abort()
-{
- close();
- fail(true);
-}
-
-
-//
-// This lower-level request startup function can be called directly by children.
-//
-void HTTPProtocol::HTTPTransfer::startRequest()
-{
- const char *defaultForm;
- switch (operation()) {
- case Protocol::upload: defaultForm = "PUT"; break;
- case Protocol::transaction: defaultForm = "POST"; break;
- default: defaultForm = "GET"; break;
- }
- connectionAs<HTTPConnection>().request(getv<string>(kNetworkHttpCommand, defaultForm).c_str());
-}
-
-
-//
-// Determine whether we should use the proxy form of HTTP headers.
-// By default, this is true iff we are used by a proxy Protocol.
-// However, children may override this determination.
-//
-bool HTTPProtocol::HTTPTransfer::useProxyHeaders() const
-{
- return protocol.isProxy();
-}
-
-Transfer::ResultClass HTTPProtocol::HTTPTransfer::resultClass() const
-{
- switch (state()) {
- case failed:
- return mResultClass;
- case finished:
- {
- if (mResultClass != unclassifiedFailure)
- return mResultClass; // preclassified
- unsigned int code = httpResponseCode();
- if (code == 401 || code == 407 || code == 305) // auth or proxy auth required
- return authorizationFailure;
- else if (code / 100 == 3) // redirect (interpreted as success)
- return success;
- else if (code / 100 == 2) // success codes
- return success;
- else // when in doubt, blame the remote end :-)
- return remoteFailure;
- }
- default:
- assert(false);
- return localFailure;
- }
-}
-
-
-void HTTPProtocol::HTTPTransfer::fail(ResultClass why, OSStatus how)
-{
- mResultClass = why;
- Error::throwMe(how);
-}
-
-
-//
-// Manage the HTTP version of a HeaderMap
-//
-void HTTPProtocol::HTTPHeaderMap::merge(string key, string &old, string newValue)
-{
- // duplicates must be CSV type; concatenate (RFC 2616; section 4.2)
- old = old + ", " + newValue;
-}
-
-
-} // end namespace Network
-} // end namespace Security
projects / apple / security.git / blobdiff