1
|
1 /**
|
|
2 * Orthanc - A Lightweight, RESTful DICOM Store
|
|
3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
|
|
4 * Department, University Hospital of Liege, Belgium
|
|
5 *
|
|
6 * This program is free software: you can redistribute it and/or
|
|
7 * modify it under the terms of the GNU General Public License as
|
|
8 * published by the Free Software Foundation, either version 3 of the
|
|
9 * License, or (at your option) any later version.
|
|
10 *
|
|
11 * In addition, as a special exception, the copyright holders of this
|
|
12 * program give permission to link the code of its release with the
|
|
13 * OpenSSL project's "OpenSSL" library (or with modified versions of it
|
|
14 * that use the same license as the "OpenSSL" library), and distribute
|
|
15 * the linked executables. You must obey the GNU General Public License
|
|
16 * in all respects for all of the code used other than "OpenSSL". If you
|
|
17 * modify file(s) with this exception, you may extend this exception to
|
|
18 * your version of the file(s), but you are not obligated to do so. If
|
|
19 * you do not wish to do so, delete this exception statement from your
|
|
20 * version. If you delete this exception statement from all source files
|
|
21 * in the program, then also delete it here.
|
|
22 *
|
|
23 * This program is distributed in the hope that it will be useful, but
|
|
24 * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
25 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
26 * General Public License for more details.
|
|
27 *
|
|
28 * You should have received a copy of the GNU General Public License
|
|
29 * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
30 **/
|
|
31
|
|
32
|
|
33 #include "PrecompiledHeaders.h"
|
|
34 #include "HttpClient.h"
|
|
35
|
|
36 #include "Toolbox.h"
|
|
37 #include "OrthancException.h"
|
|
38 #include "Logging.h"
|
|
39 #include "ChunkedBuffer.h"
|
|
40
|
|
41 #include <string.h>
|
|
42 #include <curl/curl.h>
|
|
43 #include <boost/algorithm/string/predicate.hpp>
|
|
44 #include <boost/thread/mutex.hpp>
|
|
45
|
|
46
|
12
|
47 #if ORTHANC_ENABLE_SSL == 1
|
1
|
48 // For OpenSSL initialization and finalization
|
|
49 # include <openssl/conf.h>
|
|
50 # include <openssl/engine.h>
|
|
51 # include <openssl/err.h>
|
|
52 # include <openssl/evp.h>
|
|
53 # include <openssl/ssl.h>
|
|
54 #endif
|
|
55
|
|
56
|
12
|
57 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
58 # include "Pkcs11.h"
|
|
59 #endif
|
|
60
|
|
61
|
|
62 extern "C"
|
|
63 {
|
|
64 static CURLcode GetHttpStatus(CURLcode code, CURL* curl, long* status)
|
|
65 {
|
|
66 if (code == CURLE_OK)
|
|
67 {
|
|
68 code = curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, status);
|
|
69 return code;
|
|
70 }
|
|
71 else
|
|
72 {
|
|
73 *status = 0;
|
|
74 return code;
|
|
75 }
|
|
76 }
|
|
77
|
|
78 // This is a dummy wrapper function to suppress any OpenSSL-related
|
|
79 // problem in valgrind. Inlining is prevented.
|
|
80 #if defined(__GNUC__) || defined(__clang__)
|
|
81 __attribute__((noinline))
|
|
82 #endif
|
|
83 static CURLcode OrthancHttpClientPerformSSL(CURL* curl, long* status)
|
|
84 {
|
|
85 return GetHttpStatus(curl_easy_perform(curl), curl, status);
|
|
86 }
|
|
87 }
|
|
88
|
|
89
|
|
90
|
|
91 namespace Orthanc
|
|
92 {
|
|
93 class HttpClient::GlobalParameters
|
|
94 {
|
|
95 private:
|
|
96 boost::mutex mutex_;
|
|
97 bool httpsVerifyPeers_;
|
|
98 std::string httpsCACertificates_;
|
|
99 std::string proxy_;
|
|
100 long timeout_;
|
|
101
|
|
102 GlobalParameters() :
|
|
103 httpsVerifyPeers_(true),
|
|
104 timeout_(0)
|
|
105 {
|
|
106 }
|
|
107
|
|
108 public:
|
|
109 // Singleton pattern
|
|
110 static GlobalParameters& GetInstance()
|
|
111 {
|
|
112 static GlobalParameters parameters;
|
|
113 return parameters;
|
|
114 }
|
|
115
|
|
116 void ConfigureSsl(bool httpsVerifyPeers,
|
|
117 const std::string& httpsCACertificates)
|
|
118 {
|
|
119 boost::mutex::scoped_lock lock(mutex_);
|
|
120 httpsVerifyPeers_ = httpsVerifyPeers;
|
|
121 httpsCACertificates_ = httpsCACertificates;
|
|
122 }
|
|
123
|
|
124 void GetSslConfiguration(bool& httpsVerifyPeers,
|
|
125 std::string& httpsCACertificates)
|
|
126 {
|
|
127 boost::mutex::scoped_lock lock(mutex_);
|
|
128 httpsVerifyPeers = httpsVerifyPeers_;
|
|
129 httpsCACertificates = httpsCACertificates_;
|
|
130 }
|
|
131
|
|
132 void SetDefaultProxy(const std::string& proxy)
|
|
133 {
|
|
134 LOG(INFO) << "Setting the default proxy for HTTP client connections: " << proxy;
|
|
135
|
|
136 {
|
|
137 boost::mutex::scoped_lock lock(mutex_);
|
|
138 proxy_ = proxy;
|
|
139 }
|
|
140 }
|
|
141
|
|
142 void GetDefaultProxy(std::string& target)
|
|
143 {
|
|
144 boost::mutex::scoped_lock lock(mutex_);
|
|
145 target = proxy_;
|
|
146 }
|
|
147
|
|
148 void SetDefaultTimeout(long seconds)
|
|
149 {
|
|
150 LOG(INFO) << "Setting the default timeout for HTTP client connections: " << seconds << " seconds";
|
|
151
|
|
152 {
|
|
153 boost::mutex::scoped_lock lock(mutex_);
|
|
154 timeout_ = seconds;
|
|
155 }
|
|
156 }
|
|
157
|
|
158 long GetDefaultTimeout()
|
|
159 {
|
|
160 boost::mutex::scoped_lock lock(mutex_);
|
|
161 return timeout_;
|
|
162 }
|
|
163
|
12
|
164 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
165 bool IsPkcs11Initialized()
|
|
166 {
|
|
167 boost::mutex::scoped_lock lock(mutex_);
|
|
168 return Pkcs11::IsInitialized();
|
|
169 }
|
|
170
|
|
171 void InitializePkcs11(const std::string& module,
|
|
172 const std::string& pin,
|
|
173 bool verbose)
|
|
174 {
|
|
175 boost::mutex::scoped_lock lock(mutex_);
|
|
176 Pkcs11::Initialize(module, pin, verbose);
|
|
177 }
|
|
178 #endif
|
|
179 };
|
|
180
|
|
181
|
|
182 struct HttpClient::PImpl
|
|
183 {
|
|
184 CURL* curl_;
|
|
185 struct curl_slist *defaultPostHeaders_;
|
|
186 struct curl_slist *userHeaders_;
|
|
187 };
|
|
188
|
|
189
|
|
190 static void ThrowException(HttpStatus status)
|
|
191 {
|
|
192 switch (status)
|
|
193 {
|
|
194 case HttpStatus_400_BadRequest:
|
|
195 throw OrthancException(ErrorCode_BadRequest);
|
|
196
|
|
197 case HttpStatus_401_Unauthorized:
|
|
198 case HttpStatus_403_Forbidden:
|
|
199 throw OrthancException(ErrorCode_Unauthorized);
|
|
200
|
|
201 case HttpStatus_404_NotFound:
|
|
202 throw OrthancException(ErrorCode_UnknownResource);
|
|
203
|
|
204 default:
|
|
205 throw OrthancException(ErrorCode_NetworkProtocol);
|
|
206 }
|
|
207 }
|
|
208
|
|
209
|
|
210 static CURLcode CheckCode(CURLcode code)
|
|
211 {
|
|
212 if (code == CURLE_NOT_BUILT_IN)
|
|
213 {
|
|
214 LOG(ERROR) << "Your libcurl does not contain a required feature, "
|
|
215 << "please recompile Orthanc with -DUSE_SYSTEM_CURL=OFF";
|
|
216 throw OrthancException(ErrorCode_InternalError);
|
|
217 }
|
|
218
|
|
219 if (code != CURLE_OK)
|
|
220 {
|
|
221 LOG(ERROR) << "libCURL error: " + std::string(curl_easy_strerror(code));
|
|
222 throw OrthancException(ErrorCode_NetworkProtocol);
|
|
223 }
|
|
224
|
|
225 return code;
|
|
226 }
|
|
227
|
|
228
|
|
229 static size_t CurlBodyCallback(void *buffer, size_t size, size_t nmemb, void *payload)
|
|
230 {
|
|
231 ChunkedBuffer& target = *(static_cast<ChunkedBuffer*>(payload));
|
|
232
|
|
233 size_t length = size * nmemb;
|
|
234 if (length == 0)
|
|
235 {
|
|
236 return 0;
|
|
237 }
|
|
238 else
|
|
239 {
|
|
240 target.AddChunk(buffer, length);
|
|
241 return length;
|
|
242 }
|
|
243 }
|
|
244
|
|
245
|
|
246 struct CurlHeaderParameters
|
|
247 {
|
|
248 bool lowerCase_;
|
|
249 HttpClient::HttpHeaders* headers_;
|
|
250 };
|
|
251
|
|
252
|
|
253 static size_t CurlHeaderCallback(void *buffer, size_t size, size_t nmemb, void *payload)
|
|
254 {
|
|
255 CurlHeaderParameters& parameters = *(static_cast<CurlHeaderParameters*>(payload));
|
|
256 assert(parameters.headers_ != NULL);
|
|
257
|
|
258 size_t length = size * nmemb;
|
|
259 if (length == 0)
|
|
260 {
|
|
261 return 0;
|
|
262 }
|
|
263 else
|
|
264 {
|
|
265 std::string s(reinterpret_cast<const char*>(buffer), length);
|
|
266 std::size_t colon = s.find(':');
|
|
267 std::size_t eol = s.find("\r\n");
|
|
268 if (colon != std::string::npos &&
|
|
269 eol != std::string::npos)
|
|
270 {
|
|
271 std::string tmp(s.substr(0, colon));
|
|
272
|
|
273 if (parameters.lowerCase_)
|
|
274 {
|
|
275 Toolbox::ToLowerCase(tmp);
|
|
276 }
|
|
277
|
|
278 std::string key = Toolbox::StripSpaces(tmp);
|
|
279
|
|
280 if (!key.empty())
|
|
281 {
|
|
282 std::string value = Toolbox::StripSpaces(s.substr(colon + 1, eol));
|
|
283 (*parameters.headers_) [key] = value;
|
|
284 }
|
|
285 }
|
|
286
|
|
287 return length;
|
|
288 }
|
|
289 }
|
|
290
|
|
291
|
|
292 void HttpClient::Setup()
|
|
293 {
|
|
294 pimpl_->userHeaders_ = NULL;
|
|
295 pimpl_->defaultPostHeaders_ = NULL;
|
|
296 if ((pimpl_->defaultPostHeaders_ = curl_slist_append(pimpl_->defaultPostHeaders_, "Expect:")) == NULL)
|
|
297 {
|
|
298 throw OrthancException(ErrorCode_NotEnoughMemory);
|
|
299 }
|
|
300
|
|
301 pimpl_->curl_ = curl_easy_init();
|
|
302 if (!pimpl_->curl_)
|
|
303 {
|
|
304 curl_slist_free_all(pimpl_->defaultPostHeaders_);
|
|
305 throw OrthancException(ErrorCode_NotEnoughMemory);
|
|
306 }
|
|
307
|
|
308 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_WRITEFUNCTION, &CurlBodyCallback));
|
|
309 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADER, 0));
|
|
310 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_FOLLOWLOCATION, 1));
|
|
311
|
|
312 // This fixes the "longjmp causes uninitialized stack frame" crash
|
|
313 // that happens on modern Linux versions.
|
|
314 // http://stackoverflow.com/questions/9191668/error-longjmp-causes-uninitialized-stack-frame
|
|
315 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_NOSIGNAL, 1));
|
|
316
|
|
317 url_ = "";
|
|
318 method_ = HttpMethod_Get;
|
|
319 lastStatus_ = HttpStatus_200_Ok;
|
|
320 isVerbose_ = false;
|
|
321 timeout_ = GlobalParameters::GetInstance().GetDefaultTimeout();
|
|
322 GlobalParameters::GetInstance().GetDefaultProxy(proxy_);
|
|
323 GlobalParameters::GetInstance().GetSslConfiguration(verifyPeers_, caCertificates_);
|
|
324 }
|
|
325
|
|
326
|
|
327 HttpClient::HttpClient() :
|
|
328 pimpl_(new PImpl),
|
|
329 verifyPeers_(true),
|
|
330 pkcs11Enabled_(false),
|
11
|
331 headersToLowerCase_(true),
|
|
332 redirectionFollowed_(true)
|
1
|
333 {
|
|
334 Setup();
|
|
335 }
|
|
336
|
|
337
|
|
338 HttpClient::HttpClient(const WebServiceParameters& service,
|
|
339 const std::string& uri) :
|
|
340 pimpl_(new PImpl),
|
|
341 verifyPeers_(true),
|
11
|
342 headersToLowerCase_(true),
|
|
343 redirectionFollowed_(true)
|
1
|
344 {
|
|
345 Setup();
|
|
346
|
|
347 if (service.GetUsername().size() != 0 &&
|
|
348 service.GetPassword().size() != 0)
|
|
349 {
|
|
350 SetCredentials(service.GetUsername().c_str(),
|
|
351 service.GetPassword().c_str());
|
|
352 }
|
|
353
|
|
354 if (!service.GetCertificateFile().empty())
|
|
355 {
|
|
356 SetClientCertificate(service.GetCertificateFile(),
|
|
357 service.GetCertificateKeyFile(),
|
|
358 service.GetCertificateKeyPassword());
|
|
359 }
|
|
360
|
|
361 SetPkcs11Enabled(service.IsPkcs11Enabled());
|
|
362
|
|
363 SetUrl(service.GetUrl() + uri);
|
|
364 }
|
|
365
|
|
366
|
|
367 HttpClient::~HttpClient()
|
|
368 {
|
|
369 curl_easy_cleanup(pimpl_->curl_);
|
|
370 curl_slist_free_all(pimpl_->defaultPostHeaders_);
|
|
371 ClearHeaders();
|
|
372 }
|
|
373
|
|
374
|
|
375 void HttpClient::SetVerbose(bool isVerbose)
|
|
376 {
|
|
377 isVerbose_ = isVerbose;
|
|
378
|
|
379 if (isVerbose_)
|
|
380 {
|
|
381 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_VERBOSE, 1));
|
|
382 }
|
|
383 else
|
|
384 {
|
|
385 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_VERBOSE, 0));
|
|
386 }
|
|
387 }
|
|
388
|
|
389
|
|
390 void HttpClient::AddHeader(const std::string& key,
|
|
391 const std::string& value)
|
|
392 {
|
|
393 if (key.empty())
|
|
394 {
|
|
395 throw OrthancException(ErrorCode_ParameterOutOfRange);
|
|
396 }
|
|
397
|
|
398 std::string s = key + ": " + value;
|
|
399
|
|
400 if ((pimpl_->userHeaders_ = curl_slist_append(pimpl_->userHeaders_, s.c_str())) == NULL)
|
|
401 {
|
|
402 throw OrthancException(ErrorCode_NotEnoughMemory);
|
|
403 }
|
|
404 }
|
|
405
|
|
406
|
|
407 void HttpClient::ClearHeaders()
|
|
408 {
|
|
409 if (pimpl_->userHeaders_ != NULL)
|
|
410 {
|
|
411 curl_slist_free_all(pimpl_->userHeaders_);
|
|
412 pimpl_->userHeaders_ = NULL;
|
|
413 }
|
|
414 }
|
|
415
|
|
416
|
|
417 bool HttpClient::ApplyInternal(std::string& answerBody,
|
|
418 HttpHeaders* answerHeaders)
|
|
419 {
|
|
420 answerBody.clear();
|
|
421 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_URL, url_.c_str()));
|
|
422
|
|
423 CurlHeaderParameters headerParameters;
|
|
424
|
|
425 if (answerHeaders == NULL)
|
|
426 {
|
|
427 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADERFUNCTION, NULL));
|
|
428 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADERDATA, NULL));
|
|
429 }
|
|
430 else
|
|
431 {
|
|
432 headerParameters.lowerCase_ = headersToLowerCase_;
|
|
433 headerParameters.headers_ = answerHeaders;
|
|
434 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADERFUNCTION, &CurlHeaderCallback));
|
|
435 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADERDATA, &headerParameters));
|
|
436 }
|
|
437
|
12
|
438 #if ORTHANC_ENABLE_SSL == 1
|
1
|
439 // Setup HTTPS-related options
|
|
440
|
|
441 if (verifyPeers_)
|
|
442 {
|
|
443 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CAINFO, caCertificates_.c_str()));
|
|
444 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYHOST, 2)); // libcurl default is strict verifyhost
|
|
445 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 1));
|
|
446 }
|
|
447 else
|
|
448 {
|
|
449 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYHOST, 0));
|
|
450 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 0));
|
|
451 }
|
|
452 #endif
|
|
453
|
|
454 // Setup the HTTPS client certificate
|
|
455 if (!clientCertificateFile_.empty() &&
|
|
456 pkcs11Enabled_)
|
|
457 {
|
|
458 LOG(ERROR) << "Cannot enable both client certificates and PKCS#11 authentication";
|
|
459 throw OrthancException(ErrorCode_ParameterOutOfRange);
|
|
460 }
|
|
461
|
|
462 if (pkcs11Enabled_)
|
|
463 {
|
12
|
464 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
465 if (GlobalParameters::GetInstance().IsPkcs11Initialized())
|
|
466 {
|
|
467 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLENGINE, Pkcs11::GetEngineIdentifier()));
|
|
468 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEYTYPE, "ENG"));
|
|
469 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERTTYPE, "ENG"));
|
|
470 }
|
|
471 else
|
|
472 {
|
|
473 LOG(ERROR) << "Cannot use PKCS#11 for a HTTPS request, because it has not been initialized";
|
|
474 throw OrthancException(ErrorCode_BadSequenceOfCalls);
|
|
475 }
|
|
476 #else
|
|
477 LOG(ERROR) << "This version of Orthanc is compiled without support for PKCS#11";
|
|
478 throw OrthancException(ErrorCode_InternalError);
|
|
479 #endif
|
|
480 }
|
|
481 else if (!clientCertificateFile_.empty())
|
|
482 {
|
12
|
483 #if ORTHANC_ENABLE_SSL == 1
|
1
|
484 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERTTYPE, "PEM"));
|
|
485 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERT, clientCertificateFile_.c_str()));
|
|
486
|
|
487 if (!clientCertificateKeyPassword_.empty())
|
|
488 {
|
|
489 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_KEYPASSWD, clientCertificateKeyPassword_.c_str()));
|
|
490 }
|
|
491
|
|
492 // NB: If no "clientKeyFile_" is provided, the key must be
|
|
493 // prepended to the certificate file
|
|
494 if (!clientCertificateKeyFile_.empty())
|
|
495 {
|
|
496 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEYTYPE, "PEM"));
|
|
497 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEY, clientCertificateKeyFile_.c_str()));
|
|
498 }
|
|
499 #else
|
|
500 LOG(ERROR) << "This version of Orthanc is compiled without OpenSSL support, cannot use HTTPS client authentication";
|
|
501 throw OrthancException(ErrorCode_InternalError);
|
|
502 #endif
|
|
503 }
|
|
504
|
|
505 // Reset the parameters from previous calls to Apply()
|
|
506 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPHEADER, pimpl_->userHeaders_));
|
|
507 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPGET, 0L));
|
|
508 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POST, 0L));
|
|
509 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_NOBODY, 0L));
|
|
510 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CUSTOMREQUEST, NULL));
|
|
511 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDS, NULL));
|
|
512 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDSIZE, 0L));
|
|
513 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_PROXY, NULL));
|
|
514
|
|
515 if (redirectionFollowed_)
|
|
516 {
|
|
517 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_FOLLOWLOCATION, 1L));
|
|
518 }
|
|
519 else
|
|
520 {
|
|
521 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_FOLLOWLOCATION, 0L));
|
|
522 }
|
|
523
|
|
524 // Set timeouts
|
|
525 if (timeout_ <= 0)
|
|
526 {
|
|
527 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_TIMEOUT, 10)); /* default: 10 seconds */
|
|
528 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CONNECTTIMEOUT, 10)); /* default: 10 seconds */
|
|
529 }
|
|
530 else
|
|
531 {
|
|
532 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_TIMEOUT, timeout_));
|
|
533 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CONNECTTIMEOUT, timeout_));
|
|
534 }
|
|
535
|
|
536 if (credentials_.size() != 0)
|
|
537 {
|
|
538 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_USERPWD, credentials_.c_str()));
|
|
539 }
|
|
540
|
|
541 if (proxy_.size() != 0)
|
|
542 {
|
|
543 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_PROXY, proxy_.c_str()));
|
|
544 }
|
|
545
|
|
546 switch (method_)
|
|
547 {
|
|
548 case HttpMethod_Get:
|
|
549 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPGET, 1L));
|
|
550 break;
|
|
551
|
|
552 case HttpMethod_Post:
|
|
553 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POST, 1L));
|
|
554
|
|
555 if (pimpl_->userHeaders_ == NULL)
|
|
556 {
|
|
557 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPHEADER, pimpl_->defaultPostHeaders_));
|
|
558 }
|
|
559
|
|
560 break;
|
|
561
|
|
562 case HttpMethod_Delete:
|
|
563 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_NOBODY, 1L));
|
|
564 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CUSTOMREQUEST, "DELETE"));
|
|
565 break;
|
|
566
|
|
567 case HttpMethod_Put:
|
|
568 // http://stackoverflow.com/a/7570281/881731: Don't use
|
|
569 // CURLOPT_PUT if there is a body
|
|
570
|
|
571 // CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_PUT, 1L));
|
|
572
|
|
573 curl_easy_setopt(pimpl_->curl_, CURLOPT_CUSTOMREQUEST, "PUT"); /* !!! */
|
|
574
|
|
575 if (pimpl_->userHeaders_ == NULL)
|
|
576 {
|
|
577 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPHEADER, pimpl_->defaultPostHeaders_));
|
|
578 }
|
|
579
|
|
580 break;
|
|
581
|
|
582 default:
|
|
583 throw OrthancException(ErrorCode_InternalError);
|
|
584 }
|
|
585
|
|
586
|
|
587 if (method_ == HttpMethod_Post ||
|
|
588 method_ == HttpMethod_Put)
|
|
589 {
|
|
590 if (body_.size() > 0)
|
|
591 {
|
|
592 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDS, body_.c_str()));
|
|
593 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDSIZE, body_.size()));
|
|
594 }
|
|
595 else
|
|
596 {
|
|
597 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDS, NULL));
|
|
598 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDSIZE, 0));
|
|
599 }
|
|
600 }
|
|
601
|
|
602
|
|
603 // Do the actual request
|
|
604 CURLcode code;
|
|
605 long status = 0;
|
|
606
|
|
607 ChunkedBuffer buffer;
|
|
608 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_WRITEDATA, &buffer));
|
|
609
|
|
610 if (boost::starts_with(url_, "https://"))
|
|
611 {
|
|
612 code = OrthancHttpClientPerformSSL(pimpl_->curl_, &status);
|
|
613 }
|
|
614 else
|
|
615 {
|
|
616 code = GetHttpStatus(curl_easy_perform(pimpl_->curl_), pimpl_->curl_, &status);
|
|
617 }
|
|
618
|
|
619 CheckCode(code);
|
|
620
|
|
621 if (status == 0)
|
|
622 {
|
|
623 // This corresponds to a call to an inexistent host
|
|
624 lastStatus_ = HttpStatus_500_InternalServerError;
|
|
625 }
|
|
626 else
|
|
627 {
|
|
628 lastStatus_ = static_cast<HttpStatus>(status);
|
|
629 }
|
|
630
|
|
631 bool success = (status >= 200 && status < 300);
|
|
632
|
|
633 if (success)
|
|
634 {
|
|
635 buffer.Flatten(answerBody);
|
|
636 }
|
|
637 else
|
|
638 {
|
|
639 answerBody.clear();
|
|
640 LOG(INFO) << "Error in HTTP request, received HTTP status " << status
|
|
641 << " (" << EnumerationToString(lastStatus_) << ")";
|
|
642 }
|
|
643
|
|
644 return success;
|
|
645 }
|
|
646
|
|
647
|
|
648 bool HttpClient::ApplyInternal(Json::Value& answerBody,
|
|
649 HttpClient::HttpHeaders* answerHeaders)
|
|
650 {
|
|
651 std::string s;
|
|
652 if (ApplyInternal(s, answerHeaders))
|
|
653 {
|
|
654 Json::Reader reader;
|
|
655 return reader.parse(s, answerBody);
|
|
656 }
|
|
657 else
|
|
658 {
|
|
659 return false;
|
|
660 }
|
|
661 }
|
|
662
|
|
663
|
|
664 void HttpClient::SetCredentials(const char* username,
|
|
665 const char* password)
|
|
666 {
|
|
667 credentials_ = std::string(username) + ":" + std::string(password);
|
|
668 }
|
|
669
|
|
670
|
|
671 void HttpClient::ConfigureSsl(bool httpsVerifyPeers,
|
|
672 const std::string& httpsVerifyCertificates)
|
|
673 {
|
12
|
674 #if ORTHANC_ENABLE_SSL == 1
|
1
|
675 if (httpsVerifyPeers)
|
|
676 {
|
|
677 if (httpsVerifyCertificates.empty())
|
|
678 {
|
|
679 LOG(WARNING) << "No certificates are provided to validate peers, "
|
|
680 << "set \"HttpsCACertificates\" if you need to do HTTPS requests";
|
|
681 }
|
|
682 else
|
|
683 {
|
|
684 LOG(WARNING) << "HTTPS will use the CA certificates from this file: " << httpsVerifyCertificates;
|
|
685 }
|
|
686 }
|
|
687 else
|
|
688 {
|
|
689 LOG(WARNING) << "The verification of the peers in HTTPS requests is disabled";
|
|
690 }
|
|
691 #endif
|
|
692
|
|
693 GlobalParameters::GetInstance().ConfigureSsl(httpsVerifyPeers, httpsVerifyCertificates);
|
|
694 }
|
|
695
|
|
696
|
|
697 void HttpClient::GlobalInitialize()
|
|
698 {
|
12
|
699 #if ORTHANC_ENABLE_SSL == 1
|
1
|
700 CheckCode(curl_global_init(CURL_GLOBAL_ALL));
|
|
701 #else
|
|
702 CheckCode(curl_global_init(CURL_GLOBAL_ALL & ~CURL_GLOBAL_SSL));
|
|
703 #endif
|
|
704 }
|
|
705
|
|
706
|
|
707 void HttpClient::GlobalFinalize()
|
|
708 {
|
|
709 curl_global_cleanup();
|
|
710
|
12
|
711 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
712 Pkcs11::Finalize();
|
|
713 #endif
|
|
714 }
|
|
715
|
|
716
|
|
717 void HttpClient::SetDefaultProxy(const std::string& proxy)
|
|
718 {
|
|
719 GlobalParameters::GetInstance().SetDefaultProxy(proxy);
|
|
720 }
|
|
721
|
|
722
|
|
723 void HttpClient::SetDefaultTimeout(long timeout)
|
|
724 {
|
|
725 GlobalParameters::GetInstance().SetDefaultTimeout(timeout);
|
|
726 }
|
|
727
|
|
728
|
|
729 void HttpClient::ApplyAndThrowException(std::string& answerBody)
|
|
730 {
|
|
731 if (!Apply(answerBody))
|
|
732 {
|
|
733 ThrowException(GetLastStatus());
|
|
734 }
|
|
735 }
|
|
736
|
|
737
|
|
738 void HttpClient::ApplyAndThrowException(Json::Value& answerBody)
|
|
739 {
|
|
740 if (!Apply(answerBody))
|
|
741 {
|
|
742 ThrowException(GetLastStatus());
|
|
743 }
|
|
744 }
|
|
745
|
|
746
|
|
747 void HttpClient::ApplyAndThrowException(std::string& answerBody,
|
|
748 HttpHeaders& answerHeaders)
|
|
749 {
|
|
750 if (!Apply(answerBody, answerHeaders))
|
|
751 {
|
|
752 ThrowException(GetLastStatus());
|
|
753 }
|
|
754 }
|
|
755
|
|
756
|
|
757 void HttpClient::ApplyAndThrowException(Json::Value& answerBody,
|
|
758 HttpHeaders& answerHeaders)
|
|
759 {
|
|
760 if (!Apply(answerBody, answerHeaders))
|
|
761 {
|
|
762 ThrowException(GetLastStatus());
|
|
763 }
|
|
764 }
|
|
765
|
|
766
|
|
767 void HttpClient::SetClientCertificate(const std::string& certificateFile,
|
|
768 const std::string& certificateKeyFile,
|
|
769 const std::string& certificateKeyPassword)
|
|
770 {
|
|
771 if (certificateFile.empty())
|
|
772 {
|
|
773 throw OrthancException(ErrorCode_ParameterOutOfRange);
|
|
774 }
|
|
775
|
|
776 if (!Toolbox::IsRegularFile(certificateFile))
|
|
777 {
|
|
778 LOG(ERROR) << "Cannot open certificate file: " << certificateFile;
|
|
779 throw OrthancException(ErrorCode_InexistentFile);
|
|
780 }
|
|
781
|
|
782 if (!certificateKeyFile.empty() &&
|
|
783 !Toolbox::IsRegularFile(certificateKeyFile))
|
|
784 {
|
|
785 LOG(ERROR) << "Cannot open key file: " << certificateKeyFile;
|
|
786 throw OrthancException(ErrorCode_InexistentFile);
|
|
787 }
|
|
788
|
|
789 clientCertificateFile_ = certificateFile;
|
|
790 clientCertificateKeyFile_ = certificateKeyFile;
|
|
791 clientCertificateKeyPassword_ = certificateKeyPassword;
|
|
792 }
|
|
793
|
|
794
|
|
795 void HttpClient::InitializePkcs11(const std::string& module,
|
|
796 const std::string& pin,
|
|
797 bool verbose)
|
|
798 {
|
12
|
799 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
800 LOG(INFO) << "Initializing PKCS#11 using " << module
|
|
801 << (pin.empty() ? " (no PIN provided)" : " (PIN is provided)");
|
|
802 GlobalParameters::GetInstance().InitializePkcs11(module, pin, verbose);
|
|
803 #else
|
|
804 LOG(ERROR) << "This version of Orthanc is compiled without support for PKCS#11";
|
|
805 throw OrthancException(ErrorCode_InternalError);
|
|
806 #endif
|
|
807 }
|
|
808
|
|
809
|
|
810 void HttpClient::InitializeOpenSsl()
|
|
811 {
|
12
|
812 #if ORTHANC_ENABLE_SSL == 1
|
1
|
813 // https://wiki.openssl.org/index.php/Library_Initialization
|
|
814 SSL_library_init();
|
|
815 SSL_load_error_strings();
|
|
816 OpenSSL_add_all_algorithms();
|
|
817 ERR_load_crypto_strings();
|
|
818 #endif
|
|
819 }
|
|
820
|
|
821
|
|
822 void HttpClient::FinalizeOpenSsl()
|
|
823 {
|
12
|
824 #if ORTHANC_ENABLE_SSL == 1
|
1
|
825 // Finalize OpenSSL
|
|
826 // https://wiki.openssl.org/index.php/Library_Initialization#Cleanup
|
|
827 FIPS_mode_set(0);
|
|
828 ENGINE_cleanup();
|
|
829 CONF_modules_unload(1);
|
|
830 EVP_cleanup();
|
|
831 CRYPTO_cleanup_all_ex_data();
|
|
832 ERR_remove_state(0);
|
|
833 ERR_free_strings();
|
|
834 #endif
|
|
835 }
|
|
836 }
|