int get_canonic_origin(const char* o, char *co, int sz)
{
int ret = -1;
if(o && o[0] && co) {
co[0]=0;
struct evhttp_uri *uri = evhttp_uri_parse(o);
if(uri) {
const char *scheme = evhttp_uri_get_scheme(uri);
if(scheme && scheme[0]) {
size_t schlen = strlen(scheme);
if((schlen<(size_t)sz) && (schlen<STUN_MAX_ORIGIN_SIZE)) {
const char *host = evhttp_uri_get_host(uri);
if(host && host[0]) {
char otmp[STUN_MAX_ORIGIN_SIZE+STUN_MAX_ORIGIN_SIZE];
ns_bcopy(scheme,otmp,schlen);
otmp[schlen]=0;
{
unsigned char *s = (unsigned char*)otmp;
while(*s) {
*s = (unsigned char)tolower((int)*s);
++s;
}
}
int port = evhttp_uri_get_port(uri);
if(port<1) {
port = get_default_protocol_port(otmp, schlen);
}
if(port>0)
snprintf(otmp+schlen,sizeof(otmp)-schlen-1,"://%s:%d",host,port);
else
snprintf(otmp+schlen,sizeof(otmp)-schlen-1,"://%s",host);
{
unsigned char *s = (unsigned char*)otmp + schlen + 3;
while(*s) {
*s = (unsigned char)tolower((int)*s);
++s;
}
}
strncpy(co,otmp,sz);
co[sz]=0;
ret = 0;
}
}
}
evhttp_uri_free(uri);
}
}
if(ret<0) {
strncpy(co,o,sz);
co[sz]=0;
}
return ret;
}
/*
* Get request URI scheme
* @return [String] http or https
* @return [nil]
*/
static VALUE t_get_uri_scheme(VALUE self) {
Libevent_HttpRequest *http_request;
const struct evhttp_uri *ev_uri;
const char* scheme;
Data_Get_Struct(self, Libevent_HttpRequest, http_request);
ev_uri = evhttp_request_get_evhttp_uri(http_request->ev_request);
scheme = evhttp_uri_get_scheme(ev_uri);
return(scheme ? rb_str_new2(scheme) : Qnil);
}
static void parseRequest(RequestInfo& requestInfo) {
const struct evhttp_uri* uri = evhttp_request_get_evhttp_uri(requestInfo.req);
/*const*/ struct evhttp_connection* conn = evhttp_request_get_connection(requestInfo.req);
requestInfo.method = evhttp_request_get_command(requestInfo.req);
requestInfo.uriHost = evhttp_uri_get_host(uri);
requestInfo.uriPath = evhttp_uri_get_path(uri);
requestInfo.uriQuery = evhttp_uri_get_query(uri);
requestInfo.uriScheme = evhttp_uri_get_scheme(uri);
requestInfo.requestHeaders = evhttp_request_get_input_headers(requestInfo.req);
requestInfo.requestBody = evhttp_request_get_input_buffer(requestInfo.req);
evhttp_connection_get_peer(conn, &requestInfo.remoteAddress, (ev_uint16_t*) &requestInfo.remotePort);
}
gboolean uri_is_https (const struct evhttp_uri *uri)
{
const char *scheme;
if (!uri)
return FALSE;
scheme = evhttp_uri_get_scheme (uri);
if (!scheme)
return FALSE;
if (!strncasecmp ("https", scheme, 5))
return TRUE;
return FALSE;
}
int
main(int argc, char **argv)
{
int r;
struct evhttp_uri *http_uri = NULL;
const char *url = NULL, *data_file = NULL;
const char *crt = "/etc/ssl/certs/ca-certificates.crt";
const char *scheme, *host, *path, *query;
char uri[256];
int port;
int retries = 0;
int timeout = -1;
SSL_CTX *ssl_ctx = NULL;
SSL *ssl = NULL;
struct bufferevent *bev;
struct evhttp_connection *evcon = NULL;
struct evhttp_request *req;
struct evkeyvalq *output_headers;
struct evbuffer *output_buffer;
int i;
int ret = 0;
enum { HTTP, HTTPS } type = HTTP;
for (i = 1; i < argc; i++) {
if (!strcmp("-url", argv[i])) {
if (i < argc - 1) {
url = argv[i + 1];
} else {
syntax();
goto error;
}
} else if (!strcmp("-crt", argv[i])) {
if (i < argc - 1) {
crt = argv[i + 1];
} else {
syntax();
goto error;
}
} else if (!strcmp("-ignore-cert", argv[i])) {
ignore_cert = 1;
} else if (!strcmp("-data", argv[i])) {
if (i < argc - 1) {
data_file = argv[i + 1];
} else {
syntax();
goto error;
}
} else if (!strcmp("-retries", argv[i])) {
if (i < argc - 1) {
retries = atoi(argv[i + 1]);
} else {
syntax();
goto error;
}
} else if (!strcmp("-timeout", argv[i])) {
if (i < argc - 1) {
timeout = atoi(argv[i + 1]);
} else {
syntax();
goto error;
}
} else if (!strcmp("-help", argv[i])) {
syntax();
goto error;
}
}
if (!url) {
syntax();
goto error;
}
#ifdef _WIN32
{
WORD wVersionRequested;
WSADATA wsaData;
int err;
wVersionRequested = MAKEWORD(2, 2);
err = WSAStartup(wVersionRequested, &wsaData);
if (err != 0) {
printf("WSAStartup failed with error: %d\n", err);
goto error;
}
}
#endif // _WIN32
http_uri = evhttp_uri_parse(url);
if (http_uri == NULL) {
err("malformed url");
goto error;
}
scheme = evhttp_uri_get_scheme(http_uri);
if (scheme == NULL || (strcasecmp(scheme, "https") != 0 &&
strcasecmp(scheme, "http") != 0)) {
err("url must be http or https");
goto error;
}
host = evhttp_uri_get_host(http_uri);
if (host == NULL) {
err("url must have a host");
goto error;
}
port = evhttp_uri_get_port(http_uri);
if (port == -1) {
port = (strcasecmp(scheme, "http") == 0) ? 80 : 443;
}
path = evhttp_uri_get_path(http_uri);
if (strlen(path) == 0) {
path = "/";
}
query = evhttp_uri_get_query(http_uri);
if (query == NULL) {
snprintf(uri, sizeof(uri) - 1, "%s", path);
} else {
snprintf(uri, sizeof(uri) - 1, "%s?%s", path, query);
}
uri[sizeof(uri) - 1] = '\0';
#if OPENSSL_VERSION_NUMBER < 0x10100000L
// Initialize OpenSSL
SSL_library_init();
ERR_load_crypto_strings();
SSL_load_error_strings();
OpenSSL_add_all_algorithms();
#endif
/* This isn't strictly necessary... OpenSSL performs RAND_poll
* automatically on first use of random number generator. */
r = RAND_poll();
if (r == 0) {
err_openssl("RAND_poll");
goto error;
}
/* Create a new OpenSSL context */
ssl_ctx = SSL_CTX_new(SSLv23_method());
if (!ssl_ctx) {
err_openssl("SSL_CTX_new");
goto error;
}
#ifndef _WIN32
/* TODO: Add certificate loading on Windows as well */
/* Attempt to use the system's trusted root certificates.
* (This path is only valid for Debian-based systems.) */
if (1 != SSL_CTX_load_verify_locations(ssl_ctx, crt, NULL)) {
err_openssl("SSL_CTX_load_verify_locations");
goto error;
}
/* Ask OpenSSL to verify the server certificate. Note that this
* does NOT include verifying that the hostname is correct.
* So, by itself, this means anyone with any legitimate
* CA-issued certificate for any website, can impersonate any
* other website in the world. This is not good. See "The
* Most Dangerous Code in the World" article at
* https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
*/
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL);
/* This is how we solve the problem mentioned in the previous
* comment. We "wrap" OpenSSL's validation routine in our
* own routine, which also validates the hostname by calling
* the code provided by iSECPartners. Note that even though
* the "Everything You've Always Wanted to Know About
* Certificate Validation With OpenSSL (But Were Afraid to
* Ask)" paper from iSECPartners says very explicitly not to
* call SSL_CTX_set_cert_verify_callback (at the bottom of
* page 2), what we're doing here is safe because our
* cert_verify_callback() calls X509_verify_cert(), which is
* OpenSSL's built-in routine which would have been called if
* we hadn't set the callback. Therefore, we're just
* "wrapping" OpenSSL's routine, not replacing it. */
SSL_CTX_set_cert_verify_callback(ssl_ctx, cert_verify_callback,
(void *) host);
#else // _WIN32
(void)crt;
#endif // _WIN32
// Create event base
base = event_base_new();
if (!base) {
perror("event_base_new()");
goto error;
}
// Create OpenSSL bufferevent and stack evhttp on top of it
ssl = SSL_new(ssl_ctx);
if (ssl == NULL) {
err_openssl("SSL_new()");
goto error;
}
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
// Set hostname for SNI extension
SSL_set_tlsext_host_name(ssl, host);
#endif
if (strcasecmp(scheme, "http") == 0) {
bev = bufferevent_socket_new(base, -1, BEV_OPT_CLOSE_ON_FREE);
} else {
type = HTTPS;
bev = bufferevent_openssl_socket_new(base, -1, ssl,
BUFFEREVENT_SSL_CONNECTING,
BEV_OPT_CLOSE_ON_FREE|BEV_OPT_DEFER_CALLBACKS);
}
if (bev == NULL) {
fprintf(stderr, "bufferevent_openssl_socket_new() failed\n");
goto error;
}
bufferevent_openssl_set_allow_dirty_shutdown(bev, 1);
// For simplicity, we let DNS resolution block. Everything else should be
// asynchronous though.
evcon = evhttp_connection_base_bufferevent_new(base, NULL, bev,
host, port);
if (evcon == NULL) {
fprintf(stderr, "evhttp_connection_base_bufferevent_new() failed\n");
goto error;
}
if (retries > 0) {
evhttp_connection_set_retries(evcon, retries);
}
if (timeout >= 0) {
evhttp_connection_set_timeout(evcon, timeout);
}
// Fire off the request
req = evhttp_request_new(http_request_done, bev);
if (req == NULL) {
fprintf(stderr, "evhttp_request_new() failed\n");
goto error;
}
output_headers = evhttp_request_get_output_headers(req);
evhttp_add_header(output_headers, "Host", host);
evhttp_add_header(output_headers, "Connection", "close");
if (data_file) {
/* NOTE: In production code, you'd probably want to use
* evbuffer_add_file() or evbuffer_add_file_segment(), to
* avoid needless copying. */
FILE * f = fopen(data_file, "rb");
char buf[1024];
size_t s;
size_t bytes = 0;
if (!f) {
syntax();
goto error;
}
output_buffer = evhttp_request_get_output_buffer(req);
while ((s = fread(buf, 1, sizeof(buf), f)) > 0) {
evbuffer_add(output_buffer, buf, s);
bytes += s;
}
evutil_snprintf(buf, sizeof(buf)-1, "%lu", (unsigned long)bytes);
evhttp_add_header(output_headers, "Content-Length", buf);
fclose(f);
}
r = evhttp_make_request(evcon, req, data_file ? EVHTTP_REQ_POST : EVHTTP_REQ_GET, uri);
if (r != 0) {
fprintf(stderr, "evhttp_make_request() failed\n");
goto error;
}
event_base_dispatch(base);
goto cleanup;
error:
ret = 1;
cleanup:
if (evcon)
evhttp_connection_free(evcon);
if (http_uri)
evhttp_uri_free(http_uri);
event_base_free(base);
if (ssl_ctx)
SSL_CTX_free(ssl_ctx);
if (type == HTTP && ssl)
SSL_free(ssl);
#if OPENSSL_VERSION_NUMBER < 0x10100000L
EVP_cleanup();
ERR_free_strings();
#ifdef EVENT__HAVE_ERR_REMOVE_THREAD_STATE
ERR_remove_thread_state(NULL);
#else
ERR_remove_state(0);
#endif
CRYPTO_cleanup_all_ex_data();
sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
#endif /*OPENSSL_VERSION_NUMBER < 0x10100000L */
#ifdef _WIN32
WSACleanup();
#endif
return ret;
}
