1 /* ks-engine-http.c - HTTP OpenPGP key access
2 * Copyright (C) 2011 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <https://www.gnu.org/licenses/>.
29 #include "ks-engine.h"
31 /* How many redirections do we allow. */
32 #define MAX_REDIRECTS 2
34 /* Print a help output for the schemata supported by this module. */
36 ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
39 "Handler for HTTP URLs:\n"
41 #if HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
44 "Supported methods: fetch\n";
47 #if HTTP_USE_GNUTLS || HTTP_USE_NTBTLS
48 const char data2[] = " http\n https";
50 const char data2[] = " http";
54 err = ks_print_help (ctrl, data2);
55 else if (uri->is_http && strcmp (uri->scheme, "hkp"))
56 err = ks_print_help (ctrl, data);
64 /* Get the key from URL which is expected to specify a http style
65 scheme. On success R_FP has an open stream to read the data. */
67 ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
70 http_session_t session = NULL;
72 int redirects_left = MAX_REDIRECTS;
74 char *request_buffer = NULL;
75 parsed_uri_t uri = NULL;
78 err = http_parse_uri (&uri, url, 0);
81 is_onion = uri->onion;
84 /* Note that we only use the system provided certificates with the
86 err = http_session_new (&session, NULL,
87 ((ctrl->http_no_crl? HTTP_FLAG_NO_CRL : 0)
88 | HTTP_FLAG_TRUST_SYS),
89 gnupg_http_tls_verify_cb, ctrl);
92 http_session_set_log_cb (session, cert_log_cb);
93 http_session_set_timeout (session, ctrl->timeout);
96 err = http_open (&http,
100 /* fixme: AUTH */ NULL,
101 ((opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY:0)
102 | (dirmngr_use_tor ()? HTTP_FLAG_FORCE_TOR:0)
103 | (opt.disable_ipv4? HTTP_FLAG_IGNORE_IPv4 : 0)
104 | (opt.disable_ipv6? HTTP_FLAG_IGNORE_IPv6 : 0)),
108 /*FIXME curl->srvtag*/NULL);
111 fp = http_get_write_ptr (http);
112 /* Avoid caches to get the most recent copy of the key. We set
113 both the Pragma and Cache-Control versions of the header, so
114 we're good with both HTTP 1.0 and 1.1. */
115 es_fputs ("Pragma: no-cache\r\n"
116 "Cache-Control: no-cache\r\n", fp);
117 http_start_data (http);
119 err = gpg_error_from_syserror ();
123 /* Fixme: After a redirection we show the old host name. */
124 log_error (_("error connecting to '%s': %s\n"),
125 url, gpg_strerror (err));
129 /* Wait for the response. */
131 err = http_wait_response (http);
134 log_error (_("error reading HTTP response for '%s': %s\n"),
135 url, gpg_strerror (err));
139 switch (http_get_status_code (http))
143 break; /* Success. */
149 const char *s = http_get_header (http, "Location");
151 log_info (_("URL '%s' redirected to '%s' (%u)\n"),
152 url, s?s:"[none]", http_get_status_code (http));
153 if (s && *s && redirects_left-- )
157 /* Make sure that an onion address only redirects to
158 * another onion address. */
159 http_release_parsed_uri (uri);
161 err = http_parse_uri (&uri, s, 0);
167 err = gpg_error (GPG_ERR_FORBIDDEN);
172 xfree (request_buffer);
173 request_buffer = xtrystrdup (s);
176 url = request_buffer;
177 http_close (http, 0);
179 http_session_release (session);
182 err = gpg_error_from_syserror ();
185 err = gpg_error (GPG_ERR_NO_DATA);
186 log_error (_("too many redirections\n"));
191 log_error (_("error accessing '%s': http status %u\n"),
192 url, http_get_status_code (http));
193 err = gpg_error (GPG_ERR_NO_DATA);
197 fp = http_get_read_ptr (http);
200 err = gpg_error (GPG_ERR_BUG);
204 /* Return the read stream and close the HTTP context. */
206 http_close (http, 1);
210 http_close (http, 0);
211 http_session_release (session);
212 xfree (request_buffer);
213 http_release_parsed_uri (uri);