/** * Send a SCEP request via HTTP and wait for a response */ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op, bool http_get_request, chunk_t *response) { int len; status_t status; char *complete_url = NULL; /* initialize response */ *response = chunk_empty; DBG(DBG_CONTROL, DBG_log("sending scep request to '%s'", url) ) if (op == SCEP_PKI_OPERATION) { const char operation[] = "PKIOperation"; if (http_get_request) { char *escaped_req = escape_http_request(pkcs7); /* form complete url */ len = strlen(url) + 20 + strlen(operation) + strlen(escaped_req) + 1; complete_url = malloc(len); snprintf(complete_url, len, "%s?operation=%s&message=%s" , url, operation, escaped_req); free(escaped_req); status = lib->fetcher->fetch(lib->fetcher, complete_url, response, FETCH_HTTP_VERSION_1_0, FETCH_REQUEST_HEADER, "Pragma:", FETCH_REQUEST_HEADER, "Host:", FETCH_REQUEST_HEADER, "Accept:", FETCH_END); } else /* HTTP_POST */ { /* form complete url */ len = strlen(url) + 11 + strlen(operation) + 1; complete_url = malloc(len); snprintf(complete_url, len, "%s?operation=%s", url, operation); status = lib->fetcher->fetch(lib->fetcher, complete_url, response, FETCH_REQUEST_DATA, pkcs7, FETCH_REQUEST_TYPE, "", FETCH_REQUEST_HEADER, "Expect:", FETCH_END); } } else /* SCEP_GET_CA_CERT */ { const char operation[] = "GetCACert"; /* form complete url */ len = strlen(url) + 32 + strlen(operation) + 1; complete_url = malloc(len); snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier" , url, operation); status = lib->fetcher->fetch(lib->fetcher, complete_url, response, FETCH_END); } free(complete_url); return (status == SUCCESS); }
/* * send a SCEP request via HTTP and wait for a response */ bool scep_http_request(const char *url, chunk_t pkcs7, scep_op_t op , fetch_request_t req_type, chunk_t *response) { #ifdef LIBCURL char errorbuffer[CURL_ERROR_SIZE] = ""; char *complete_url = NULL; struct curl_slist *headers = NULL; CURL *curl; CURLcode res; /* initialize response */ *response = empty_chunk; /* initialize curl context */ curl = curl_easy_init(); if (curl == NULL) { plog("could not initialize curl context"); return FALSE; } if (op == SCEP_PKI_OPERATION) { const char operation[] = "PKIOperation"; if (req_type == FETCH_GET) { char *escaped_req = escape_http_request(pkcs7); /* form complete url */ int len = strlen(url) + 20 + strlen(operation) + strlen(escaped_req) + 1; complete_url = alloc_bytes(len, "complete url"); snprintf(complete_url, len, "%s?operation=%s&message=%s" , url, operation, escaped_req); pfreeany(escaped_req); curl_easy_setopt(curl, CURLOPT_HTTPGET, TRUE); headers = curl_slist_append(headers, "Pragma:"); headers = curl_slist_append(headers, "Host:"); headers = curl_slist_append(headers, "Accept:"); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); } else /* HTTP_POST */ { /* form complete url */ int len = strlen(url) + 11 + strlen(operation) + 1; complete_url = alloc_bytes(len, "complete url"); snprintf(complete_url, len, "%s?operation=%s", url, operation); curl_easy_setopt(curl, CURLOPT_HTTPGET, FALSE); headers = curl_slist_append(headers, "Content-Type:"); headers = curl_slist_append(headers, "Expect:"); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(curl, CURLOPT_POSTFIELDS, pkcs7.ptr); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, pkcs7.len); } } else /* SCEP_GET_CA_CERT */ { const char operation[] = "GetCACert"; /* form complete url */ int len = strlen(url) + 32 + strlen(operation) + 1; complete_url = alloc_bytes(len, "complete url"); snprintf(complete_url, len, "%s?operation=%s&message=CAIdentifier" , url, operation); curl_easy_setopt(curl, CURLOPT_HTTPGET, TRUE); } curl_easy_setopt(curl, CURLOPT_URL, complete_url); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_buffer); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)response); curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errorbuffer); curl_easy_setopt(curl, CURLOPT_FAILONERROR, TRUE); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, FETCH_CMD_TIMEOUT); DBG(DBG_CONTROL, DBG_log("sending scep request to '%s'", url) ) res = curl_easy_perform(curl); if (res == CURLE_OK) { DBG(DBG_CONTROL, DBG_log("received scep response") ) DBG(DBG_RAW, DBG_dump_chunk("SCEP response:\n", *response) ) } else { plog("failed to fetch scep response from '%s': %s", url, errorbuffer); } curl_slist_free_all(headers); curl_easy_cleanup(curl); pfreeany(complete_url); return (res == CURLE_OK); #else /* !LIBCURL */ plog("scep error: pluto wasn't compiled with libcurl support"); return FALSE; #endif /* !LIBCURL */ }