/**
* Send a SCEP request via HTTP and wait for a response
*/
bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op,
bool http_get_request, chunk_t *response)
{
int len;
status_t status;
char *complete_url = NULL;
/* initialize response */
*response = chunk_empty;
DBG(DBG_CONTROL,
DBG_log("sending scep request to '%s'", url)
)
if (op == SCEP_PKI_OPERATION)
{
const char operation[] = "PKIOperation";
if (http_get_request)
{
char *escaped_req = escape_http_request(pkcs7);
/* form complete url */
len = strlen(url) + 20 + strlen(operation) + strlen(escaped_req) + 1;
complete_url = malloc(len);
snprintf(complete_url, len, "%s?operation=%s&message=%s"
, url, operation, escaped_req);
free(escaped_req);
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_HTTP_VERSION_1_0,
FETCH_REQUEST_HEADER, "Pragma:",
FETCH_REQUEST_HEADER, "Host:",
FETCH_REQUEST_HEADER, "Accept:",
FETCH_END);
}
else /* HTTP_POST */
{
/* form complete url */
len = strlen(url) + 11 + strlen(operation) + 1;
complete_url = malloc(len);
snprintf(complete_url, len, "%s?operation=%s", url, operation);
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_REQUEST_DATA, pkcs7,
FETCH_REQUEST_TYPE, "",
FETCH_REQUEST_HEADER, "Expect:",
FETCH_END);
}
}
else /* SCEP_GET_CA_CERT */
{
const char operation[] = "GetCACert";
/* form complete url */
len = strlen(url) + 32 + strlen(operation) + 1;
complete_url = malloc(len);
snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier"
, url, operation);
status = lib->fetcher->fetch(lib->fetcher, complete_url, response,
FETCH_END);
}
free(complete_url);
return (status == SUCCESS);
}
/*
* send a SCEP request via HTTP and wait for a response
*/
bool
scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op
, fetch_request_t req_type, chunk_t *response)
{
#ifdef LIBCURL
char errorbuffer[CURL_ERROR_SIZE] = "";
char *complete_url = NULL;
struct curl_slist *headers = NULL;
CURL *curl;
CURLcode res;
/* initialize response */
*response = empty_chunk;
/* initialize curl context */
curl = curl_easy_init();
if (curl == NULL)
{
plog("could not initialize curl context");
return FALSE;
}
if (op == SCEP_PKI_OPERATION)
{
const char operation[] = "PKIOperation";
if (req_type == FETCH_GET)
{
char *escaped_req = escape_http_request(pkcs7);
/* form complete url */
int len = strlen(url) + 20 + strlen(operation) + strlen(escaped_req) + 1;
complete_url = alloc_bytes(len, "complete url");
snprintf(complete_url, len, "%s?operation=%s&message=%s"
, url, operation, escaped_req);
pfreeany(escaped_req);
curl_easy_setopt(curl, CURLOPT_HTTPGET, TRUE);
headers = curl_slist_append(headers, "Pragma:");
headers = curl_slist_append(headers, "Host:");
headers = curl_slist_append(headers, "Accept:");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0);
}
else /* HTTP_POST */
{
/* form complete url */
int len = strlen(url) + 11 + strlen(operation) + 1;
complete_url = alloc_bytes(len, "complete url");
snprintf(complete_url, len, "%s?operation=%s", url, operation);
curl_easy_setopt(curl, CURLOPT_HTTPGET, FALSE);
headers = curl_slist_append(headers, "Content-Type:");
headers = curl_slist_append(headers, "Expect:");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, pkcs7.ptr);
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, pkcs7.len);
}
}
else /* SCEP_GET_CA_CERT */
{
const char operation[] = "GetCACert";
/* form complete url */
int len = strlen(url) + 32 + strlen(operation) + 1;
complete_url = alloc_bytes(len, "complete url");
snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier"
, url, operation);
curl_easy_setopt(curl, CURLOPT_HTTPGET, TRUE);
}
curl_easy_setopt(curl, CURLOPT_URL, complete_url);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)response);
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer);
curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT);
DBG(DBG_CONTROL,
DBG_log("sending scep request to '%s'", url)
)
res = curl_easy_perform(curl);
if (res == CURLE_OK)
{
DBG(DBG_CONTROL,
DBG_log("received scep response")
)
DBG(DBG_RAW,
DBG_dump_chunk("SCEP response:\n", *response)
)
}
else
{
plog("failed to fetch scep response from '%s': %s", url, errorbuffer);
}
curl_slist_free_all(headers);
curl_easy_cleanup(curl);
pfreeany(complete_url);
return (res == CURLE_OK);
#else /* !LIBCURL */
plog("scep error: pluto wasn't compiled with libcurl support");
return FALSE;
#endif /* !LIBCURL */
}
