int PKI_HTTP_get_url (const URL * url,
const char * data,
size_t data_size,
const char * content_type,
int method,
int timeout,
size_t max_size,
PKI_MEM_STACK ** sk,
PKI_SSL * ssl) {
PKI_SOCKET *sock = NULL;
int ret = 0;
if (!url) return PKI_ERR;
sock = PKI_SOCKET_new();
if (ssl) PKI_SOCKET_set_ssl(sock, ssl);
if (PKI_SOCKET_open_url(sock, url, timeout) == PKI_ERR)
{
PKI_SOCKET_free ( sock );
return PKI_ERR;
}
ret = PKI_HTTP_get_socket ( sock, data, data_size, content_type,
method, timeout, max_size, sk );
PKI_SOCKET_close ( sock );
PKI_SOCKET_free ( sock );
return ret;
}
int main (int argc, char *argv[]) {
PKI_MEM_STACK *sk = NULL;
PKI_MEM *obj = NULL;
PKI_SSL *ssl = NULL;
// PKI_TOKEN *tk = NULL;
PKI_SOCKET *sock = NULL;
URL * url = NULL;
char *url_s = NULL;
char *outurl_s = "fd://1";
char *trusted_certs = NULL;
char *dump_cert = NULL;
char *dump_chain = NULL;
int debug = 0;
int verify_chain = 1;
int i = 0;
int timeout = 0;
int get_via_socket = 0;
PKI_init_all();
if( !argv[1] ) {
usage();
return(1);
}
for( i = 1; i <= argc; i++ ) {
if( strcmp_nocase( argv[i], "-out" ) == 0 ) {
outurl_s = argv[++i];
} else if ( strcmp_nocase ( argv[i], "-trusted" ) == 0 ) {
trusted_certs = argv[++i];
} else if ( strcmp_nocase ( argv[i], "-dumpcert" ) == 0 ) {
if((dump_cert = argv[++i]) == NULL ) {
fprintf(stderr, "\nERROR: -dumpcert needs a file url!\n\n");
exit(1);
}
} else if ( strcmp_nocase ( argv[i], "-dumpchain" ) == 0 ) {
if((dump_chain = argv[++i]) == NULL ) {
fprintf(stderr, "\nERROR: -dumpchain needs a file url!\n\n");
exit(1);
}
} else if ( strcmp_nocase ( argv[i], "-timeout" ) == 0 ) {
timeout = atoi( argv[++i] );
if ( timeout < 0 ) timeout = 0;
} else if ( strcmp_nocase ( argv[i], "-no_verify" ) == 0 ) {
verify_chain = 0;
} else if ( strcmp_nocase( argv[i], "-debug" ) == 0 ) {
debug = 1;
} else {
url_s = argv[i];
if ( i < argc - 1 ) {
fprintf( stderr, "Args after URL ignored!(%s %d/%d)\n",
url_s, i, argc );
}
break;
}
}
if((url = URL_new( url_s )) == NULL ) {
printf("\nERROR, %s is not a valid URL!\n\n", url_s );
usage();
return (1);
}
if( debug ) {
if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL,
PKI_LOG_FLAGS_ENABLE_DEBUG, NULL )) == PKI_ERR) {
exit(1);
}
} else {
if(( PKI_log_init (PKI_LOG_TYPE_STDERR, PKI_LOG_INFO, NULL,
0, NULL )) == PKI_ERR) {
exit(1);
}
}
// Check if we should use the socket approach or the simple URL
// retrieval facility
switch (url->proto) {
case URI_PROTO_FD:
case URI_PROTO_FILE:
case URI_PROTO_HTTP:
case URI_PROTO_HTTPS:
case URI_PROTO_LDAP:
get_via_socket = 1;
break;
default:
get_via_socket = 0;
}
//
// -------------------------- Setup the SSL Options ------------------------
//
if(( ssl = PKI_SSL_new( NULL )) == NULL ) {
fprintf(stderr, "ERROR: Memory allocation error (PKI_SSL_new)\n");
return ( 1 );
}
if ( trusted_certs ) {
PKI_X509_CERT_STACK *sk = NULL;
if(( sk = PKI_X509_CERT_STACK_get ( trusted_certs, NULL, NULL))
== NULL ) {
PKI_log_err ("Can't load Trusted Certs from %s",
trusted_certs );
return 1;
}
PKI_SSL_set_trusted ( ssl, sk );
if ( verify_chain ) {
PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER_REQUIRE);
} else {
PKI_SSL_set_verify(ssl, PKI_SSL_VERIFY_PEER);
}
}
if ( verify_chain == 0 ) {
PKI_SSL_set_verify ( ssl, PKI_SSL_VERIFY_NONE );
fprintf(stderr, "WARNING: no verify set!\n");
}
if(( sock = PKI_SOCKET_new ()) == NULL ) {
fprintf(stderr, "ERROR, can not create a new Socket!\n\n");
exit(1);
}
PKI_SOCKET_set_ssl ( sock, ssl );
//
// ------------------------------ Retrieve Data -----------------------------
//
if (get_via_socket) {
if( PKI_SOCKET_open( sock, url_s, timeout ) == PKI_ERR ) {
fprintf(stderr, "ERROR, can not connect to %s!\n\n", url_s);
exit(1);
}
ssl = PKI_SOCKET_get_ssl (sock);
if (dump_cert) {
PKI_X509_CERT *x = NULL;
if ( !ssl ) {
fprintf( stderr,
"ERROR: Can not dump cert (no SSL)\n");
}
if((x = PKI_SSL_get_peer_cert ( ssl )) == NULL ) {
fprintf( stderr,
"ERROR: No Peer certificate is available\n");
}
if( PKI_X509_CERT_put ( x, PKI_DATA_FORMAT_PEM,
dump_cert, NULL, NULL, NULL ) == PKI_ERR){
fprintf(stderr, "ERROR: can not write Peer cert to "
"%s\n", dump_cert );
}
}
if (dump_chain) {
PKI_X509_CERT_STACK *x_sk = NULL;
if ( !ssl ) {
fprintf( stderr,
"ERROR: Can not dump cert (no SSL)\n");
}
if((x_sk = PKI_SSL_get_peer_chain ( ssl )) == NULL ) {
fprintf( stderr,
"ERROR: No certificate chain is available\n");
}
if( PKI_X509_CERT_STACK_put ( x_sk, PKI_DATA_FORMAT_PEM,
dump_chain, NULL, NULL, NULL ) == PKI_ERR){
fprintf(stderr, "ERROR: can not write Peer cert to "
"%s\n", dump_cert );
}
}
if((sk = URL_get_data_socket ( sock, timeout, 0 )) == NULL ) {
fprintf(stderr, "ERROR, can not retrieve data!\n\n");
return(-1);
}
PKI_SOCKET_close ( sock );
PKI_SOCKET_free ( sock );
}
else // Get Data via the usual URL socket-less approach
{
sk = URL_get_data_url (url, timeout, 0, ssl);
}
PKI_log_debug("URL: Number of retrieved entries is %d",
PKI_STACK_MEM_elements(sk));
while( (obj = PKI_STACK_MEM_pop ( sk )) != NULL ) {
URL_put_data ( outurl_s, obj, NULL, NULL, 0, 0, NULL );
}
return 0;
}
