1
|
1 /**
|
|
2 * Orthanc - A Lightweight, RESTful DICOM Store
|
|
3 * Copyright (C) 2012-2016 Sebastien Jodogne, Medical Physics
|
|
4 * Department, University Hospital of Liege, Belgium
|
116
|
5 * Copyright (C) 2017-2018 Osimis S.A., Belgium
|
1
|
6 *
|
|
7 * This program is free software: you can redistribute it and/or
|
|
8 * modify it under the terms of the GNU General Public License as
|
|
9 * published by the Free Software Foundation, either version 3 of the
|
|
10 * License, or (at your option) any later version.
|
|
11 *
|
|
12 * In addition, as a special exception, the copyright holders of this
|
|
13 * program give permission to link the code of its release with the
|
|
14 * OpenSSL project's "OpenSSL" library (or with modified versions of it
|
|
15 * that use the same license as the "OpenSSL" library), and distribute
|
|
16 * the linked executables. You must obey the GNU General Public License
|
|
17 * in all respects for all of the code used other than "OpenSSL". If you
|
|
18 * modify file(s) with this exception, you may extend this exception to
|
|
19 * your version of the file(s), but you are not obligated to do so. If
|
|
20 * you do not wish to do so, delete this exception statement from your
|
|
21 * version. If you delete this exception statement from all source files
|
|
22 * in the program, then also delete it here.
|
|
23 *
|
|
24 * This program is distributed in the hope that it will be useful, but
|
|
25 * WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
26 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
27 * General Public License for more details.
|
|
28 *
|
|
29 * You should have received a copy of the GNU General Public License
|
|
30 * along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
31 **/
|
|
32
|
|
33
|
|
34 #include "PrecompiledHeaders.h"
|
|
35 #include "HttpClient.h"
|
|
36
|
|
37 #include "Toolbox.h"
|
|
38 #include "OrthancException.h"
|
|
39 #include "Logging.h"
|
|
40 #include "ChunkedBuffer.h"
|
43
|
41 #include "SystemToolbox.h"
|
1
|
42
|
|
43 #include <string.h>
|
|
44 #include <curl/curl.h>
|
|
45 #include <boost/algorithm/string/predicate.hpp>
|
|
46 #include <boost/thread/mutex.hpp>
|
|
47
|
|
48
|
39
|
49 #if ORTHANC_ENABLE_SSL == 1
|
1
|
50 // For OpenSSL initialization and finalization
|
|
51 # include <openssl/conf.h>
|
|
52 # include <openssl/engine.h>
|
|
53 # include <openssl/err.h>
|
|
54 # include <openssl/evp.h>
|
|
55 # include <openssl/ssl.h>
|
|
56 #endif
|
|
57
|
|
58
|
39
|
59 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
60 # include "Pkcs11.h"
|
|
61 #endif
|
|
62
|
|
63
|
|
64 extern "C"
|
|
65 {
|
|
66 static CURLcode GetHttpStatus(CURLcode code, CURL* curl, long* status)
|
|
67 {
|
|
68 if (code == CURLE_OK)
|
|
69 {
|
|
70 code = curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, status);
|
|
71 return code;
|
|
72 }
|
|
73 else
|
|
74 {
|
|
75 *status = 0;
|
|
76 return code;
|
|
77 }
|
|
78 }
|
|
79
|
|
80 // This is a dummy wrapper function to suppress any OpenSSL-related
|
|
81 // problem in valgrind. Inlining is prevented.
|
|
82 #if defined(__GNUC__) || defined(__clang__)
|
|
83 __attribute__((noinline))
|
|
84 #endif
|
|
85 static CURLcode OrthancHttpClientPerformSSL(CURL* curl, long* status)
|
|
86 {
|
126
|
87 #if ORTHANC_ENABLE_SSL == 1
|
1
|
88 return GetHttpStatus(curl_easy_perform(curl), curl, status);
|
126
|
89 #else
|
|
90 LOG(ERROR) << "Orthanc was compiled without SSL support, cannot make HTTPS request";
|
|
91 throw OrthancException(ErrorCode_InternalError);
|
|
92 #endif
|
1
|
93 }
|
|
94 }
|
|
95
|
|
96
|
|
97
|
|
98 namespace Orthanc
|
|
99 {
|
|
100 class HttpClient::GlobalParameters
|
|
101 {
|
|
102 private:
|
|
103 boost::mutex mutex_;
|
|
104 bool httpsVerifyPeers_;
|
|
105 std::string httpsCACertificates_;
|
|
106 std::string proxy_;
|
|
107 long timeout_;
|
|
108
|
|
109 GlobalParameters() :
|
|
110 httpsVerifyPeers_(true),
|
|
111 timeout_(0)
|
|
112 {
|
|
113 }
|
|
114
|
|
115 public:
|
|
116 // Singleton pattern
|
|
117 static GlobalParameters& GetInstance()
|
|
118 {
|
|
119 static GlobalParameters parameters;
|
|
120 return parameters;
|
|
121 }
|
|
122
|
|
123 void ConfigureSsl(bool httpsVerifyPeers,
|
|
124 const std::string& httpsCACertificates)
|
|
125 {
|
|
126 boost::mutex::scoped_lock lock(mutex_);
|
|
127 httpsVerifyPeers_ = httpsVerifyPeers;
|
|
128 httpsCACertificates_ = httpsCACertificates;
|
|
129 }
|
|
130
|
|
131 void GetSslConfiguration(bool& httpsVerifyPeers,
|
|
132 std::string& httpsCACertificates)
|
|
133 {
|
|
134 boost::mutex::scoped_lock lock(mutex_);
|
|
135 httpsVerifyPeers = httpsVerifyPeers_;
|
|
136 httpsCACertificates = httpsCACertificates_;
|
|
137 }
|
|
138
|
|
139 void SetDefaultProxy(const std::string& proxy)
|
|
140 {
|
|
141 LOG(INFO) << "Setting the default proxy for HTTP client connections: " << proxy;
|
|
142
|
|
143 {
|
|
144 boost::mutex::scoped_lock lock(mutex_);
|
|
145 proxy_ = proxy;
|
|
146 }
|
|
147 }
|
|
148
|
|
149 void GetDefaultProxy(std::string& target)
|
|
150 {
|
|
151 boost::mutex::scoped_lock lock(mutex_);
|
|
152 target = proxy_;
|
|
153 }
|
|
154
|
|
155 void SetDefaultTimeout(long seconds)
|
|
156 {
|
|
157 LOG(INFO) << "Setting the default timeout for HTTP client connections: " << seconds << " seconds";
|
|
158
|
|
159 {
|
|
160 boost::mutex::scoped_lock lock(mutex_);
|
|
161 timeout_ = seconds;
|
|
162 }
|
|
163 }
|
|
164
|
|
165 long GetDefaultTimeout()
|
|
166 {
|
|
167 boost::mutex::scoped_lock lock(mutex_);
|
|
168 return timeout_;
|
|
169 }
|
|
170
|
39
|
171 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
172 bool IsPkcs11Initialized()
|
|
173 {
|
|
174 boost::mutex::scoped_lock lock(mutex_);
|
|
175 return Pkcs11::IsInitialized();
|
|
176 }
|
|
177
|
|
178 void InitializePkcs11(const std::string& module,
|
|
179 const std::string& pin,
|
|
180 bool verbose)
|
|
181 {
|
|
182 boost::mutex::scoped_lock lock(mutex_);
|
|
183 Pkcs11::Initialize(module, pin, verbose);
|
|
184 }
|
|
185 #endif
|
|
186 };
|
|
187
|
|
188
|
|
189 struct HttpClient::PImpl
|
|
190 {
|
|
191 CURL* curl_;
|
|
192 struct curl_slist *defaultPostHeaders_;
|
|
193 struct curl_slist *userHeaders_;
|
|
194 };
|
|
195
|
|
196
|
|
197 static void ThrowException(HttpStatus status)
|
|
198 {
|
|
199 switch (status)
|
|
200 {
|
|
201 case HttpStatus_400_BadRequest:
|
|
202 throw OrthancException(ErrorCode_BadRequest);
|
|
203
|
|
204 case HttpStatus_401_Unauthorized:
|
|
205 case HttpStatus_403_Forbidden:
|
|
206 throw OrthancException(ErrorCode_Unauthorized);
|
|
207
|
|
208 case HttpStatus_404_NotFound:
|
|
209 throw OrthancException(ErrorCode_UnknownResource);
|
|
210
|
|
211 default:
|
|
212 throw OrthancException(ErrorCode_NetworkProtocol);
|
|
213 }
|
|
214 }
|
|
215
|
|
216
|
|
217 static CURLcode CheckCode(CURLcode code)
|
|
218 {
|
|
219 if (code == CURLE_NOT_BUILT_IN)
|
|
220 {
|
|
221 LOG(ERROR) << "Your libcurl does not contain a required feature, "
|
|
222 << "please recompile Orthanc with -DUSE_SYSTEM_CURL=OFF";
|
|
223 throw OrthancException(ErrorCode_InternalError);
|
|
224 }
|
|
225
|
|
226 if (code != CURLE_OK)
|
|
227 {
|
|
228 LOG(ERROR) << "libCURL error: " + std::string(curl_easy_strerror(code));
|
|
229 throw OrthancException(ErrorCode_NetworkProtocol);
|
|
230 }
|
|
231
|
|
232 return code;
|
|
233 }
|
|
234
|
|
235
|
|
236 static size_t CurlBodyCallback(void *buffer, size_t size, size_t nmemb, void *payload)
|
|
237 {
|
|
238 ChunkedBuffer& target = *(static_cast<ChunkedBuffer*>(payload));
|
|
239
|
|
240 size_t length = size * nmemb;
|
|
241 if (length == 0)
|
|
242 {
|
|
243 return 0;
|
|
244 }
|
|
245 else
|
|
246 {
|
|
247 target.AddChunk(buffer, length);
|
|
248 return length;
|
|
249 }
|
|
250 }
|
|
251
|
|
252
|
|
253 struct CurlHeaderParameters
|
|
254 {
|
|
255 bool lowerCase_;
|
|
256 HttpClient::HttpHeaders* headers_;
|
|
257 };
|
|
258
|
|
259
|
|
260 static size_t CurlHeaderCallback(void *buffer, size_t size, size_t nmemb, void *payload)
|
|
261 {
|
|
262 CurlHeaderParameters& parameters = *(static_cast<CurlHeaderParameters*>(payload));
|
|
263 assert(parameters.headers_ != NULL);
|
|
264
|
|
265 size_t length = size * nmemb;
|
|
266 if (length == 0)
|
|
267 {
|
|
268 return 0;
|
|
269 }
|
|
270 else
|
|
271 {
|
|
272 std::string s(reinterpret_cast<const char*>(buffer), length);
|
|
273 std::size_t colon = s.find(':');
|
|
274 std::size_t eol = s.find("\r\n");
|
|
275 if (colon != std::string::npos &&
|
|
276 eol != std::string::npos)
|
|
277 {
|
|
278 std::string tmp(s.substr(0, colon));
|
|
279
|
|
280 if (parameters.lowerCase_)
|
|
281 {
|
|
282 Toolbox::ToLowerCase(tmp);
|
|
283 }
|
|
284
|
|
285 std::string key = Toolbox::StripSpaces(tmp);
|
|
286
|
|
287 if (!key.empty())
|
|
288 {
|
|
289 std::string value = Toolbox::StripSpaces(s.substr(colon + 1, eol));
|
|
290 (*parameters.headers_) [key] = value;
|
|
291 }
|
|
292 }
|
|
293
|
|
294 return length;
|
|
295 }
|
|
296 }
|
|
297
|
|
298
|
|
299 void HttpClient::Setup()
|
|
300 {
|
|
301 pimpl_->userHeaders_ = NULL;
|
|
302 pimpl_->defaultPostHeaders_ = NULL;
|
|
303 if ((pimpl_->defaultPostHeaders_ = curl_slist_append(pimpl_->defaultPostHeaders_, "Expect:")) == NULL)
|
|
304 {
|
|
305 throw OrthancException(ErrorCode_NotEnoughMemory);
|
|
306 }
|
|
307
|
|
308 pimpl_->curl_ = curl_easy_init();
|
|
309 if (!pimpl_->curl_)
|
|
310 {
|
|
311 curl_slist_free_all(pimpl_->defaultPostHeaders_);
|
|
312 throw OrthancException(ErrorCode_NotEnoughMemory);
|
|
313 }
|
|
314
|
|
315 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_WRITEFUNCTION, &CurlBodyCallback));
|
|
316 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADER, 0));
|
|
317 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_FOLLOWLOCATION, 1));
|
|
318
|
|
319 // This fixes the "longjmp causes uninitialized stack frame" crash
|
|
320 // that happens on modern Linux versions.
|
|
321 // http://stackoverflow.com/questions/9191668/error-longjmp-causes-uninitialized-stack-frame
|
|
322 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_NOSIGNAL, 1));
|
|
323
|
|
324 url_ = "";
|
|
325 method_ = HttpMethod_Get;
|
|
326 lastStatus_ = HttpStatus_200_Ok;
|
82
|
327 SetVerbose(false);
|
1
|
328 timeout_ = GlobalParameters::GetInstance().GetDefaultTimeout();
|
|
329 GlobalParameters::GetInstance().GetDefaultProxy(proxy_);
|
82
|
330 GlobalParameters::GetInstance().GetSslConfiguration(verifyPeers_, caCertificates_);
|
1
|
331 }
|
|
332
|
|
333
|
|
334 HttpClient::HttpClient() :
|
|
335 pimpl_(new PImpl),
|
|
336 verifyPeers_(true),
|
|
337 pkcs11Enabled_(false),
|
|
338 headersToLowerCase_(true),
|
|
339 redirectionFollowed_(true)
|
|
340 {
|
|
341 Setup();
|
|
342 }
|
|
343
|
|
344
|
|
345 HttpClient::HttpClient(const WebServiceParameters& service,
|
|
346 const std::string& uri) :
|
|
347 pimpl_(new PImpl),
|
|
348 verifyPeers_(true),
|
|
349 headersToLowerCase_(true),
|
|
350 redirectionFollowed_(true)
|
|
351 {
|
|
352 Setup();
|
|
353
|
|
354 if (service.GetUsername().size() != 0 &&
|
|
355 service.GetPassword().size() != 0)
|
|
356 {
|
|
357 SetCredentials(service.GetUsername().c_str(),
|
|
358 service.GetPassword().c_str());
|
|
359 }
|
|
360
|
|
361 if (!service.GetCertificateFile().empty())
|
|
362 {
|
|
363 SetClientCertificate(service.GetCertificateFile(),
|
|
364 service.GetCertificateKeyFile(),
|
|
365 service.GetCertificateKeyPassword());
|
|
366 }
|
|
367
|
|
368 SetPkcs11Enabled(service.IsPkcs11Enabled());
|
|
369
|
|
370 SetUrl(service.GetUrl() + uri);
|
|
371 }
|
|
372
|
|
373
|
|
374 HttpClient::~HttpClient()
|
|
375 {
|
|
376 curl_easy_cleanup(pimpl_->curl_);
|
|
377 curl_slist_free_all(pimpl_->defaultPostHeaders_);
|
|
378 ClearHeaders();
|
|
379 }
|
|
380
|
|
381
|
|
382 void HttpClient::SetVerbose(bool isVerbose)
|
|
383 {
|
|
384 isVerbose_ = isVerbose;
|
|
385
|
|
386 if (isVerbose_)
|
|
387 {
|
|
388 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_VERBOSE, 1));
|
|
389 }
|
|
390 else
|
|
391 {
|
|
392 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_VERBOSE, 0));
|
|
393 }
|
|
394 }
|
|
395
|
|
396
|
|
397 void HttpClient::AddHeader(const std::string& key,
|
|
398 const std::string& value)
|
|
399 {
|
|
400 if (key.empty())
|
|
401 {
|
|
402 throw OrthancException(ErrorCode_ParameterOutOfRange);
|
|
403 }
|
|
404
|
|
405 std::string s = key + ": " + value;
|
|
406
|
|
407 if ((pimpl_->userHeaders_ = curl_slist_append(pimpl_->userHeaders_, s.c_str())) == NULL)
|
|
408 {
|
|
409 throw OrthancException(ErrorCode_NotEnoughMemory);
|
|
410 }
|
|
411 }
|
|
412
|
|
413
|
|
414 void HttpClient::ClearHeaders()
|
|
415 {
|
|
416 if (pimpl_->userHeaders_ != NULL)
|
|
417 {
|
|
418 curl_slist_free_all(pimpl_->userHeaders_);
|
|
419 pimpl_->userHeaders_ = NULL;
|
|
420 }
|
|
421 }
|
|
422
|
|
423
|
|
424 bool HttpClient::ApplyInternal(std::string& answerBody,
|
|
425 HttpHeaders* answerHeaders)
|
|
426 {
|
|
427 answerBody.clear();
|
|
428 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_URL, url_.c_str()));
|
|
429
|
|
430 CurlHeaderParameters headerParameters;
|
|
431
|
|
432 if (answerHeaders == NULL)
|
|
433 {
|
|
434 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADERFUNCTION, NULL));
|
|
435 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADERDATA, NULL));
|
|
436 }
|
|
437 else
|
|
438 {
|
|
439 headerParameters.lowerCase_ = headersToLowerCase_;
|
|
440 headerParameters.headers_ = answerHeaders;
|
|
441 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADERFUNCTION, &CurlHeaderCallback));
|
|
442 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HEADERDATA, &headerParameters));
|
|
443 }
|
|
444
|
39
|
445 #if ORTHANC_ENABLE_SSL == 1
|
1
|
446 // Setup HTTPS-related options
|
|
447
|
|
448 if (verifyPeers_)
|
|
449 {
|
|
450 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CAINFO, caCertificates_.c_str()));
|
|
451 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYHOST, 2)); // libcurl default is strict verifyhost
|
|
452 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 1));
|
|
453 }
|
|
454 else
|
|
455 {
|
|
456 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYHOST, 0));
|
|
457 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSL_VERIFYPEER, 0));
|
|
458 }
|
|
459 #endif
|
|
460
|
|
461 // Setup the HTTPS client certificate
|
|
462 if (!clientCertificateFile_.empty() &&
|
|
463 pkcs11Enabled_)
|
|
464 {
|
|
465 LOG(ERROR) << "Cannot enable both client certificates and PKCS#11 authentication";
|
|
466 throw OrthancException(ErrorCode_ParameterOutOfRange);
|
|
467 }
|
|
468
|
|
469 if (pkcs11Enabled_)
|
|
470 {
|
39
|
471 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
472 if (GlobalParameters::GetInstance().IsPkcs11Initialized())
|
|
473 {
|
|
474 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLENGINE, Pkcs11::GetEngineIdentifier()));
|
|
475 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEYTYPE, "ENG"));
|
|
476 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERTTYPE, "ENG"));
|
|
477 }
|
|
478 else
|
|
479 {
|
|
480 LOG(ERROR) << "Cannot use PKCS#11 for a HTTPS request, because it has not been initialized";
|
|
481 throw OrthancException(ErrorCode_BadSequenceOfCalls);
|
|
482 }
|
|
483 #else
|
|
484 LOG(ERROR) << "This version of Orthanc is compiled without support for PKCS#11";
|
|
485 throw OrthancException(ErrorCode_InternalError);
|
|
486 #endif
|
|
487 }
|
|
488 else if (!clientCertificateFile_.empty())
|
|
489 {
|
39
|
490 #if ORTHANC_ENABLE_SSL == 1
|
1
|
491 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERTTYPE, "PEM"));
|
|
492 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLCERT, clientCertificateFile_.c_str()));
|
|
493
|
|
494 if (!clientCertificateKeyPassword_.empty())
|
|
495 {
|
|
496 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_KEYPASSWD, clientCertificateKeyPassword_.c_str()));
|
|
497 }
|
|
498
|
|
499 // NB: If no "clientKeyFile_" is provided, the key must be
|
|
500 // prepended to the certificate file
|
|
501 if (!clientCertificateKeyFile_.empty())
|
|
502 {
|
|
503 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEYTYPE, "PEM"));
|
|
504 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_SSLKEY, clientCertificateKeyFile_.c_str()));
|
|
505 }
|
|
506 #else
|
|
507 LOG(ERROR) << "This version of Orthanc is compiled without OpenSSL support, cannot use HTTPS client authentication";
|
|
508 throw OrthancException(ErrorCode_InternalError);
|
|
509 #endif
|
|
510 }
|
|
511
|
|
512 // Reset the parameters from previous calls to Apply()
|
|
513 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPHEADER, pimpl_->userHeaders_));
|
|
514 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPGET, 0L));
|
|
515 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POST, 0L));
|
|
516 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_NOBODY, 0L));
|
|
517 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CUSTOMREQUEST, NULL));
|
|
518 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDS, NULL));
|
|
519 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDSIZE, 0L));
|
|
520 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_PROXY, NULL));
|
|
521
|
|
522 if (redirectionFollowed_)
|
|
523 {
|
|
524 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_FOLLOWLOCATION, 1L));
|
|
525 }
|
|
526 else
|
|
527 {
|
|
528 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_FOLLOWLOCATION, 0L));
|
|
529 }
|
|
530
|
|
531 // Set timeouts
|
|
532 if (timeout_ <= 0)
|
|
533 {
|
|
534 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_TIMEOUT, 10)); /* default: 10 seconds */
|
|
535 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CONNECTTIMEOUT, 10)); /* default: 10 seconds */
|
|
536 }
|
|
537 else
|
|
538 {
|
|
539 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_TIMEOUT, timeout_));
|
|
540 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CONNECTTIMEOUT, timeout_));
|
|
541 }
|
|
542
|
|
543 if (credentials_.size() != 0)
|
|
544 {
|
|
545 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_USERPWD, credentials_.c_str()));
|
|
546 }
|
|
547
|
|
548 if (proxy_.size() != 0)
|
|
549 {
|
|
550 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_PROXY, proxy_.c_str()));
|
|
551 }
|
|
552
|
|
553 switch (method_)
|
|
554 {
|
|
555 case HttpMethod_Get:
|
|
556 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPGET, 1L));
|
|
557 break;
|
|
558
|
|
559 case HttpMethod_Post:
|
|
560 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POST, 1L));
|
|
561
|
|
562 if (pimpl_->userHeaders_ == NULL)
|
|
563 {
|
|
564 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPHEADER, pimpl_->defaultPostHeaders_));
|
|
565 }
|
|
566
|
|
567 break;
|
|
568
|
|
569 case HttpMethod_Delete:
|
|
570 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_NOBODY, 1L));
|
|
571 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_CUSTOMREQUEST, "DELETE"));
|
|
572 break;
|
|
573
|
|
574 case HttpMethod_Put:
|
|
575 // http://stackoverflow.com/a/7570281/881731: Don't use
|
|
576 // CURLOPT_PUT if there is a body
|
|
577
|
|
578 // CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_PUT, 1L));
|
|
579
|
|
580 curl_easy_setopt(pimpl_->curl_, CURLOPT_CUSTOMREQUEST, "PUT"); /* !!! */
|
|
581
|
|
582 if (pimpl_->userHeaders_ == NULL)
|
|
583 {
|
|
584 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_HTTPHEADER, pimpl_->defaultPostHeaders_));
|
|
585 }
|
|
586
|
|
587 break;
|
|
588
|
|
589 default:
|
|
590 throw OrthancException(ErrorCode_InternalError);
|
|
591 }
|
|
592
|
|
593
|
|
594 if (method_ == HttpMethod_Post ||
|
|
595 method_ == HttpMethod_Put)
|
|
596 {
|
|
597 if (body_.size() > 0)
|
|
598 {
|
|
599 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDS, body_.c_str()));
|
|
600 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDSIZE, body_.size()));
|
|
601 }
|
|
602 else
|
|
603 {
|
|
604 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDS, NULL));
|
|
605 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_POSTFIELDSIZE, 0));
|
|
606 }
|
|
607 }
|
|
608
|
|
609
|
|
610 // Do the actual request
|
|
611 CURLcode code;
|
|
612 long status = 0;
|
|
613
|
|
614 ChunkedBuffer buffer;
|
|
615 CheckCode(curl_easy_setopt(pimpl_->curl_, CURLOPT_WRITEDATA, &buffer));
|
|
616
|
|
617 if (boost::starts_with(url_, "https://"))
|
|
618 {
|
|
619 code = OrthancHttpClientPerformSSL(pimpl_->curl_, &status);
|
|
620 }
|
|
621 else
|
|
622 {
|
|
623 code = GetHttpStatus(curl_easy_perform(pimpl_->curl_), pimpl_->curl_, &status);
|
|
624 }
|
|
625
|
|
626 CheckCode(code);
|
|
627
|
|
628 if (status == 0)
|
|
629 {
|
|
630 // This corresponds to a call to an inexistent host
|
|
631 lastStatus_ = HttpStatus_500_InternalServerError;
|
|
632 }
|
|
633 else
|
|
634 {
|
|
635 lastStatus_ = static_cast<HttpStatus>(status);
|
|
636 }
|
|
637
|
|
638 bool success = (status >= 200 && status < 300);
|
|
639
|
|
640 if (success)
|
|
641 {
|
|
642 buffer.Flatten(answerBody);
|
|
643 }
|
|
644 else
|
|
645 {
|
|
646 answerBody.clear();
|
|
647 LOG(INFO) << "Error in HTTP request, received HTTP status " << status
|
|
648 << " (" << EnumerationToString(lastStatus_) << ")";
|
|
649 }
|
|
650
|
|
651 return success;
|
|
652 }
|
|
653
|
|
654
|
|
655 bool HttpClient::ApplyInternal(Json::Value& answerBody,
|
|
656 HttpClient::HttpHeaders* answerHeaders)
|
|
657 {
|
|
658 std::string s;
|
|
659 if (ApplyInternal(s, answerHeaders))
|
|
660 {
|
|
661 Json::Reader reader;
|
|
662 return reader.parse(s, answerBody);
|
|
663 }
|
|
664 else
|
|
665 {
|
|
666 return false;
|
|
667 }
|
|
668 }
|
|
669
|
|
670
|
|
671 void HttpClient::SetCredentials(const char* username,
|
|
672 const char* password)
|
|
673 {
|
|
674 credentials_ = std::string(username) + ":" + std::string(password);
|
|
675 }
|
|
676
|
|
677
|
|
678 void HttpClient::ConfigureSsl(bool httpsVerifyPeers,
|
|
679 const std::string& httpsVerifyCertificates)
|
|
680 {
|
39
|
681 #if ORTHANC_ENABLE_SSL == 1
|
1
|
682 if (httpsVerifyPeers)
|
|
683 {
|
|
684 if (httpsVerifyCertificates.empty())
|
|
685 {
|
|
686 LOG(WARNING) << "No certificates are provided to validate peers, "
|
|
687 << "set \"HttpsCACertificates\" if you need to do HTTPS requests";
|
|
688 }
|
|
689 else
|
|
690 {
|
|
691 LOG(WARNING) << "HTTPS will use the CA certificates from this file: " << httpsVerifyCertificates;
|
|
692 }
|
|
693 }
|
|
694 else
|
|
695 {
|
|
696 LOG(WARNING) << "The verification of the peers in HTTPS requests is disabled";
|
|
697 }
|
|
698 #endif
|
|
699
|
|
700 GlobalParameters::GetInstance().ConfigureSsl(httpsVerifyPeers, httpsVerifyCertificates);
|
|
701 }
|
|
702
|
|
703
|
|
704 void HttpClient::GlobalInitialize()
|
|
705 {
|
39
|
706 #if ORTHANC_ENABLE_SSL == 1
|
1
|
707 CheckCode(curl_global_init(CURL_GLOBAL_ALL));
|
|
708 #else
|
|
709 CheckCode(curl_global_init(CURL_GLOBAL_ALL & ~CURL_GLOBAL_SSL));
|
|
710 #endif
|
|
711 }
|
|
712
|
|
713
|
|
714 void HttpClient::GlobalFinalize()
|
|
715 {
|
|
716 curl_global_cleanup();
|
|
717
|
39
|
718 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
719 Pkcs11::Finalize();
|
|
720 #endif
|
|
721 }
|
|
722
|
|
723
|
|
724 void HttpClient::SetDefaultProxy(const std::string& proxy)
|
|
725 {
|
|
726 GlobalParameters::GetInstance().SetDefaultProxy(proxy);
|
|
727 }
|
|
728
|
|
729
|
|
730 void HttpClient::SetDefaultTimeout(long timeout)
|
|
731 {
|
|
732 GlobalParameters::GetInstance().SetDefaultTimeout(timeout);
|
|
733 }
|
|
734
|
|
735
|
|
736 void HttpClient::ApplyAndThrowException(std::string& answerBody)
|
|
737 {
|
|
738 if (!Apply(answerBody))
|
|
739 {
|
|
740 ThrowException(GetLastStatus());
|
|
741 }
|
|
742 }
|
|
743
|
|
744
|
|
745 void HttpClient::ApplyAndThrowException(Json::Value& answerBody)
|
|
746 {
|
|
747 if (!Apply(answerBody))
|
|
748 {
|
|
749 ThrowException(GetLastStatus());
|
|
750 }
|
|
751 }
|
|
752
|
|
753
|
|
754 void HttpClient::ApplyAndThrowException(std::string& answerBody,
|
|
755 HttpHeaders& answerHeaders)
|
|
756 {
|
|
757 if (!Apply(answerBody, answerHeaders))
|
|
758 {
|
|
759 ThrowException(GetLastStatus());
|
|
760 }
|
|
761 }
|
|
762
|
|
763
|
|
764 void HttpClient::ApplyAndThrowException(Json::Value& answerBody,
|
|
765 HttpHeaders& answerHeaders)
|
|
766 {
|
|
767 if (!Apply(answerBody, answerHeaders))
|
|
768 {
|
|
769 ThrowException(GetLastStatus());
|
|
770 }
|
|
771 }
|
|
772
|
|
773
|
|
774 void HttpClient::SetClientCertificate(const std::string& certificateFile,
|
|
775 const std::string& certificateKeyFile,
|
|
776 const std::string& certificateKeyPassword)
|
|
777 {
|
|
778 if (certificateFile.empty())
|
|
779 {
|
|
780 throw OrthancException(ErrorCode_ParameterOutOfRange);
|
|
781 }
|
|
782
|
43
|
783 if (!SystemToolbox::IsRegularFile(certificateFile))
|
1
|
784 {
|
|
785 LOG(ERROR) << "Cannot open certificate file: " << certificateFile;
|
|
786 throw OrthancException(ErrorCode_InexistentFile);
|
|
787 }
|
|
788
|
|
789 if (!certificateKeyFile.empty() &&
|
43
|
790 !SystemToolbox::IsRegularFile(certificateKeyFile))
|
1
|
791 {
|
|
792 LOG(ERROR) << "Cannot open key file: " << certificateKeyFile;
|
|
793 throw OrthancException(ErrorCode_InexistentFile);
|
|
794 }
|
|
795
|
|
796 clientCertificateFile_ = certificateFile;
|
|
797 clientCertificateKeyFile_ = certificateKeyFile;
|
|
798 clientCertificateKeyPassword_ = certificateKeyPassword;
|
|
799 }
|
|
800
|
|
801
|
|
802 void HttpClient::InitializePkcs11(const std::string& module,
|
|
803 const std::string& pin,
|
|
804 bool verbose)
|
|
805 {
|
39
|
806 #if ORTHANC_ENABLE_PKCS11 == 1
|
1
|
807 LOG(INFO) << "Initializing PKCS#11 using " << module
|
|
808 << (pin.empty() ? " (no PIN provided)" : " (PIN is provided)");
|
|
809 GlobalParameters::GetInstance().InitializePkcs11(module, pin, verbose);
|
|
810 #else
|
|
811 LOG(ERROR) << "This version of Orthanc is compiled without support for PKCS#11";
|
|
812 throw OrthancException(ErrorCode_InternalError);
|
|
813 #endif
|
|
814 }
|
|
815
|
|
816
|
|
817 void HttpClient::InitializeOpenSsl()
|
|
818 {
|
39
|
819 #if ORTHANC_ENABLE_SSL == 1
|
1
|
820 // https://wiki.openssl.org/index.php/Library_Initialization
|
|
821 SSL_library_init();
|
|
822 SSL_load_error_strings();
|
|
823 OpenSSL_add_all_algorithms();
|
|
824 ERR_load_crypto_strings();
|
|
825 #endif
|
|
826 }
|
|
827
|
|
828
|
|
829 void HttpClient::FinalizeOpenSsl()
|
|
830 {
|
107
|
831 #if ORTHANC_ENABLE_SSL == 1
|
1
|
832 // Finalize OpenSSL
|
|
833 // https://wiki.openssl.org/index.php/Library_Initialization#Cleanup
|
107
|
834 #ifdef FIPS_mode_set
|
1
|
835 FIPS_mode_set(0);
|
107
|
836 #endif
|
1
|
837 ENGINE_cleanup();
|
|
838 CONF_modules_unload(1);
|
|
839 EVP_cleanup();
|
|
840 CRYPTO_cleanup_all_ex_data();
|
|
841 ERR_remove_state(0);
|
|
842 ERR_free_strings();
|
|
843 #endif
|
|
844 }
|
|
845 }
|