http.js 38 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346
  1. /**
  2. * HTTP client-side implementation that uses forge.net sockets.
  3. *
  4. * @author Dave Longley
  5. *
  6. * Copyright (c) 2010-2014 Digital Bazaar, Inc. All rights reserved.
  7. */
  8. var forge = require('./forge');
  9. require('./tls');
  10. require('./util');
  11. // define http namespace
  12. var http = module.exports = forge.http = forge.http || {};
  13. // logging category
  14. var cat = 'forge.http';
  15. // normalizes an http header field name
  16. var _normalize = function(name) {
  17. return name.toLowerCase().replace(/(^.)|(-.)/g,
  18. function(a) {return a.toUpperCase();});
  19. };
  20. /**
  21. * Gets the local storage ID for the given client.
  22. *
  23. * @param client the client to get the local storage ID for.
  24. *
  25. * @return the local storage ID to use.
  26. */
  27. var _getStorageId = function(client) {
  28. // TODO: include browser in ID to avoid sharing cookies between
  29. // browsers (if this is undesirable)
  30. // navigator.userAgent
  31. return 'forge.http.' +
  32. client.url.protocol.slice(0, -1) + '.' +
  33. client.url.hostname + '.' +
  34. client.url.port;
  35. };
  36. /**
  37. * Loads persistent cookies from disk for the given client.
  38. *
  39. * @param client the client.
  40. */
  41. var _loadCookies = function(client) {
  42. if(client.persistCookies) {
  43. try {
  44. var cookies = forge.util.getItem(
  45. client.socketPool.flashApi,
  46. _getStorageId(client), 'cookies');
  47. client.cookies = cookies || {};
  48. } catch(ex) {
  49. // no flash storage available, just silently fail
  50. // TODO: i assume we want this logged somewhere or
  51. // should it actually generate an error
  52. //forge.log.error(cat, ex);
  53. }
  54. }
  55. };
  56. /**
  57. * Saves persistent cookies on disk for the given client.
  58. *
  59. * @param client the client.
  60. */
  61. var _saveCookies = function(client) {
  62. if(client.persistCookies) {
  63. try {
  64. forge.util.setItem(
  65. client.socketPool.flashApi,
  66. _getStorageId(client), 'cookies', client.cookies);
  67. } catch(ex) {
  68. // no flash storage available, just silently fail
  69. // TODO: i assume we want this logged somewhere or
  70. // should it actually generate an error
  71. //forge.log.error(cat, ex);
  72. }
  73. }
  74. // FIXME: remove me
  75. _loadCookies(client);
  76. };
  77. /**
  78. * Clears persistent cookies on disk for the given client.
  79. *
  80. * @param client the client.
  81. */
  82. var _clearCookies = function(client) {
  83. if(client.persistCookies) {
  84. try {
  85. // only thing stored is 'cookies', so clear whole storage
  86. forge.util.clearItems(
  87. client.socketPool.flashApi,
  88. _getStorageId(client));
  89. } catch(ex) {
  90. // no flash storage available, just silently fail
  91. // TODO: i assume we want this logged somewhere or
  92. // should it actually generate an error
  93. //forge.log.error(cat, ex);
  94. }
  95. }
  96. };
  97. /**
  98. * Connects and sends a request.
  99. *
  100. * @param client the http client.
  101. * @param socket the socket to use.
  102. */
  103. var _doRequest = function(client, socket) {
  104. if(socket.isConnected()) {
  105. // already connected
  106. socket.options.request.connectTime = +new Date();
  107. socket.connected({
  108. type: 'connect',
  109. id: socket.id
  110. });
  111. } else {
  112. // connect
  113. socket.options.request.connectTime = +new Date();
  114. socket.connect({
  115. host: client.url.hostname,
  116. port: client.url.port,
  117. policyPort: client.policyPort,
  118. policyUrl: client.policyUrl
  119. });
  120. }
  121. };
  122. /**
  123. * Handles the next request or marks a socket as idle.
  124. *
  125. * @param client the http client.
  126. * @param socket the socket.
  127. */
  128. var _handleNextRequest = function(client, socket) {
  129. // clear buffer
  130. socket.buffer.clear();
  131. // get pending request
  132. var pending = null;
  133. while(pending === null && client.requests.length > 0) {
  134. pending = client.requests.shift();
  135. if(pending.request.aborted) {
  136. pending = null;
  137. }
  138. }
  139. // mark socket idle if no pending requests
  140. if(pending === null) {
  141. if(socket.options !== null) {
  142. socket.options = null;
  143. }
  144. client.idle.push(socket);
  145. } else {
  146. // handle pending request, allow 1 retry
  147. socket.retries = 1;
  148. socket.options = pending;
  149. _doRequest(client, socket);
  150. }
  151. };
  152. /**
  153. * Sets up a socket for use with an http client.
  154. *
  155. * @param client the parent http client.
  156. * @param socket the socket to set up.
  157. * @param tlsOptions if the socket must use TLS, the TLS options.
  158. */
  159. var _initSocket = function(client, socket, tlsOptions) {
  160. // no socket options yet
  161. socket.options = null;
  162. // set up handlers
  163. socket.connected = function(e) {
  164. // socket primed by caching TLS session, handle next request
  165. if(socket.options === null) {
  166. _handleNextRequest(client, socket);
  167. } else {
  168. // socket in use
  169. var request = socket.options.request;
  170. request.connectTime = +new Date() - request.connectTime;
  171. e.socket = socket;
  172. socket.options.connected(e);
  173. if(request.aborted) {
  174. socket.close();
  175. } else {
  176. var out = request.toString();
  177. if(request.body) {
  178. out += request.body;
  179. }
  180. request.time = +new Date();
  181. socket.send(out);
  182. request.time = +new Date() - request.time;
  183. socket.options.response.time = +new Date();
  184. socket.sending = true;
  185. }
  186. }
  187. };
  188. socket.closed = function(e) {
  189. if(socket.sending) {
  190. socket.sending = false;
  191. if(socket.retries > 0) {
  192. --socket.retries;
  193. _doRequest(client, socket);
  194. } else {
  195. // error, closed during send
  196. socket.error({
  197. id: socket.id,
  198. type: 'ioError',
  199. message: 'Connection closed during send. Broken pipe.',
  200. bytesAvailable: 0
  201. });
  202. }
  203. } else {
  204. // handle unspecified content-length transfer
  205. var response = socket.options.response;
  206. if(response.readBodyUntilClose) {
  207. response.time = +new Date() - response.time;
  208. response.bodyReceived = true;
  209. socket.options.bodyReady({
  210. request: socket.options.request,
  211. response: response,
  212. socket: socket
  213. });
  214. }
  215. socket.options.closed(e);
  216. _handleNextRequest(client, socket);
  217. }
  218. };
  219. socket.data = function(e) {
  220. socket.sending = false;
  221. var request = socket.options.request;
  222. if(request.aborted) {
  223. socket.close();
  224. } else {
  225. // receive all bytes available
  226. var response = socket.options.response;
  227. var bytes = socket.receive(e.bytesAvailable);
  228. if(bytes !== null) {
  229. // receive header and then body
  230. socket.buffer.putBytes(bytes);
  231. if(!response.headerReceived) {
  232. response.readHeader(socket.buffer);
  233. if(response.headerReceived) {
  234. socket.options.headerReady({
  235. request: socket.options.request,
  236. response: response,
  237. socket: socket
  238. });
  239. }
  240. }
  241. if(response.headerReceived && !response.bodyReceived) {
  242. response.readBody(socket.buffer);
  243. }
  244. if(response.bodyReceived) {
  245. socket.options.bodyReady({
  246. request: socket.options.request,
  247. response: response,
  248. socket: socket
  249. });
  250. // close connection if requested or by default on http/1.0
  251. var value = response.getField('Connection') || '';
  252. if(value.indexOf('close') != -1 ||
  253. (response.version === 'HTTP/1.0' &&
  254. response.getField('Keep-Alive') === null)) {
  255. socket.close();
  256. } else {
  257. _handleNextRequest(client, socket);
  258. }
  259. }
  260. }
  261. }
  262. };
  263. socket.error = function(e) {
  264. // do error callback, include request
  265. socket.options.error({
  266. type: e.type,
  267. message: e.message,
  268. request: socket.options.request,
  269. response: socket.options.response,
  270. socket: socket
  271. });
  272. socket.close();
  273. };
  274. // wrap socket for TLS
  275. if(tlsOptions) {
  276. socket = forge.tls.wrapSocket({
  277. sessionId: null,
  278. sessionCache: {},
  279. caStore: tlsOptions.caStore,
  280. cipherSuites: tlsOptions.cipherSuites,
  281. socket: socket,
  282. virtualHost: tlsOptions.virtualHost,
  283. verify: tlsOptions.verify,
  284. getCertificate: tlsOptions.getCertificate,
  285. getPrivateKey: tlsOptions.getPrivateKey,
  286. getSignature: tlsOptions.getSignature,
  287. deflate: tlsOptions.deflate || null,
  288. inflate: tlsOptions.inflate || null
  289. });
  290. socket.options = null;
  291. socket.buffer = forge.util.createBuffer();
  292. client.sockets.push(socket);
  293. if(tlsOptions.prime) {
  294. // prime socket by connecting and caching TLS session, will do
  295. // next request from there
  296. socket.connect({
  297. host: client.url.hostname,
  298. port: client.url.port,
  299. policyPort: client.policyPort,
  300. policyUrl: client.policyUrl
  301. });
  302. } else {
  303. // do not prime socket, just add as idle
  304. client.idle.push(socket);
  305. }
  306. } else {
  307. // no need to prime non-TLS sockets
  308. socket.buffer = forge.util.createBuffer();
  309. client.sockets.push(socket);
  310. client.idle.push(socket);
  311. }
  312. };
  313. /**
  314. * Checks to see if the given cookie has expired. If the cookie's max-age
  315. * plus its created time is less than the time now, it has expired, unless
  316. * its max-age is set to -1 which indicates it will never expire.
  317. *
  318. * @param cookie the cookie to check.
  319. *
  320. * @return true if it has expired, false if not.
  321. */
  322. var _hasCookieExpired = function(cookie) {
  323. var rval = false;
  324. if(cookie.maxAge !== -1) {
  325. var now = _getUtcTime(new Date());
  326. var expires = cookie.created + cookie.maxAge;
  327. if(expires <= now) {
  328. rval = true;
  329. }
  330. }
  331. return rval;
  332. };
  333. /**
  334. * Adds cookies in the given client to the given request.
  335. *
  336. * @param client the client.
  337. * @param request the request.
  338. */
  339. var _writeCookies = function(client, request) {
  340. var expired = [];
  341. var url = client.url;
  342. var cookies = client.cookies;
  343. for(var name in cookies) {
  344. // get cookie paths
  345. var paths = cookies[name];
  346. for(var p in paths) {
  347. var cookie = paths[p];
  348. if(_hasCookieExpired(cookie)) {
  349. // store for clean up
  350. expired.push(cookie);
  351. } else if(request.path.indexOf(cookie.path) === 0) {
  352. // path or path's ancestor must match cookie.path
  353. request.addCookie(cookie);
  354. }
  355. }
  356. }
  357. // clean up expired cookies
  358. for(var i = 0; i < expired.length; ++i) {
  359. var cookie = expired[i];
  360. client.removeCookie(cookie.name, cookie.path);
  361. }
  362. };
  363. /**
  364. * Gets cookies from the given response and adds the to the given client.
  365. *
  366. * @param client the client.
  367. * @param response the response.
  368. */
  369. var _readCookies = function(client, response) {
  370. var cookies = response.getCookies();
  371. for(var i = 0; i < cookies.length; ++i) {
  372. try {
  373. client.setCookie(cookies[i]);
  374. } catch(ex) {
  375. // ignore failure to add other-domain, etc. cookies
  376. }
  377. }
  378. };
  379. /**
  380. * Creates an http client that uses forge.net sockets as a backend and
  381. * forge.tls for security.
  382. *
  383. * @param options:
  384. * url: the url to connect to (scheme://host:port).
  385. * socketPool: the flash socket pool to use.
  386. * policyPort: the flash policy port to use (if other than the
  387. * socket pool default), use 0 for flash default.
  388. * policyUrl: the flash policy file URL to use (if provided will
  389. * be used instead of a policy port).
  390. * connections: number of connections to use to handle requests.
  391. * caCerts: an array of certificates to trust for TLS, certs may
  392. * be PEM-formatted or cert objects produced via forge.pki.
  393. * cipherSuites: an optional array of cipher suites to use,
  394. * see forge.tls.CipherSuites.
  395. * virtualHost: the virtual server name to use in a TLS SNI
  396. * extension, if not provided the url host will be used.
  397. * verify: a custom TLS certificate verify callback to use.
  398. * getCertificate: an optional callback used to get a client-side
  399. * certificate (see forge.tls for details).
  400. * getPrivateKey: an optional callback used to get a client-side
  401. * private key (see forge.tls for details).
  402. * getSignature: an optional callback used to get a client-side
  403. * signature (see forge.tls for details).
  404. * persistCookies: true to use persistent cookies via flash local
  405. * storage, false to only keep cookies in javascript.
  406. * primeTlsSockets: true to immediately connect TLS sockets on
  407. * their creation so that they will cache TLS sessions for reuse.
  408. *
  409. * @return the client.
  410. */
  411. http.createClient = function(options) {
  412. // create CA store to share with all TLS connections
  413. var caStore = null;
  414. if(options.caCerts) {
  415. caStore = forge.pki.createCaStore(options.caCerts);
  416. }
  417. // get scheme, host, and port from url
  418. options.url = (options.url ||
  419. window.location.protocol + '//' + window.location.host);
  420. var url;
  421. try {
  422. url = new URL(options.url);
  423. } catch(e) {
  424. var error = new Error('Invalid url.');
  425. error.details = {url: options.url};
  426. throw error;
  427. }
  428. // default to 1 connection
  429. options.connections = options.connections || 1;
  430. // create client
  431. var sp = options.socketPool;
  432. var client = {
  433. // url
  434. url: url,
  435. // socket pool
  436. socketPool: sp,
  437. // the policy port to use
  438. policyPort: options.policyPort,
  439. // policy url to use
  440. policyUrl: options.policyUrl,
  441. // queue of requests to service
  442. requests: [],
  443. // all sockets
  444. sockets: [],
  445. // idle sockets
  446. idle: [],
  447. // whether or not the connections are secure
  448. secure: (url.protocol === 'https:'),
  449. // cookie jar (key'd off of name and then path, there is only 1 domain
  450. // and one setting for secure per client so name+path is unique)
  451. cookies: {},
  452. // default to flash storage of cookies
  453. persistCookies: (typeof(options.persistCookies) === 'undefined') ?
  454. true : options.persistCookies
  455. };
  456. // load cookies from disk
  457. _loadCookies(client);
  458. /**
  459. * A default certificate verify function that checks a certificate common
  460. * name against the client's URL host.
  461. *
  462. * @param c the TLS connection.
  463. * @param verified true if cert is verified, otherwise alert number.
  464. * @param depth the chain depth.
  465. * @param certs the cert chain.
  466. *
  467. * @return true if verified and the common name matches the host, error
  468. * otherwise.
  469. */
  470. var _defaultCertificateVerify = function(c, verified, depth, certs) {
  471. if(depth === 0 && verified === true) {
  472. // compare common name to url host
  473. var cn = certs[depth].subject.getField('CN');
  474. if(cn === null || client.url.hostname !== cn.value) {
  475. verified = {
  476. message: 'Certificate common name does not match url host.'
  477. };
  478. }
  479. }
  480. return verified;
  481. };
  482. // determine if TLS is used
  483. var tlsOptions = null;
  484. if(client.secure) {
  485. tlsOptions = {
  486. caStore: caStore,
  487. cipherSuites: options.cipherSuites || null,
  488. virtualHost: options.virtualHost || url.hostname,
  489. verify: options.verify || _defaultCertificateVerify,
  490. getCertificate: options.getCertificate || null,
  491. getPrivateKey: options.getPrivateKey || null,
  492. getSignature: options.getSignature || null,
  493. prime: options.primeTlsSockets || false
  494. };
  495. // if socket pool uses a flash api, then add deflate support to TLS
  496. if(sp.flashApi !== null) {
  497. tlsOptions.deflate = function(bytes) {
  498. // strip 2 byte zlib header and 4 byte trailer
  499. return forge.util.deflate(sp.flashApi, bytes, true);
  500. };
  501. tlsOptions.inflate = function(bytes) {
  502. return forge.util.inflate(sp.flashApi, bytes, true);
  503. };
  504. }
  505. }
  506. // create and initialize sockets
  507. for(var i = 0; i < options.connections; ++i) {
  508. _initSocket(client, sp.createSocket(), tlsOptions);
  509. }
  510. /**
  511. * Sends a request. A method 'abort' will be set on the request that
  512. * can be called to attempt to abort the request.
  513. *
  514. * @param options:
  515. * request: the request to send.
  516. * connected: a callback for when the connection is open.
  517. * closed: a callback for when the connection is closed.
  518. * headerReady: a callback for when the response header arrives.
  519. * bodyReady: a callback for when the response body arrives.
  520. * error: a callback for if an error occurs.
  521. */
  522. client.send = function(options) {
  523. // add host header if not set
  524. if(options.request.getField('Host') === null) {
  525. options.request.setField('Host', client.url.origin);
  526. }
  527. // set default dummy handlers
  528. var opts = {};
  529. opts.request = options.request;
  530. opts.connected = options.connected || function() {};
  531. opts.closed = options.close || function() {};
  532. opts.headerReady = function(e) {
  533. // read cookies
  534. _readCookies(client, e.response);
  535. if(options.headerReady) {
  536. options.headerReady(e);
  537. }
  538. };
  539. opts.bodyReady = options.bodyReady || function() {};
  540. opts.error = options.error || function() {};
  541. // create response
  542. opts.response = http.createResponse();
  543. opts.response.time = 0;
  544. opts.response.flashApi = client.socketPool.flashApi;
  545. opts.request.flashApi = client.socketPool.flashApi;
  546. // create abort function
  547. opts.request.abort = function() {
  548. // set aborted, clear handlers
  549. opts.request.aborted = true;
  550. opts.connected = function() {};
  551. opts.closed = function() {};
  552. opts.headerReady = function() {};
  553. opts.bodyReady = function() {};
  554. opts.error = function() {};
  555. };
  556. // add cookies to request
  557. _writeCookies(client, opts.request);
  558. // queue request options if there are no idle sockets
  559. if(client.idle.length === 0) {
  560. client.requests.push(opts);
  561. } else {
  562. // use an idle socket, prefer an idle *connected* socket first
  563. var socket = null;
  564. var len = client.idle.length;
  565. for(var i = 0; socket === null && i < len; ++i) {
  566. socket = client.idle[i];
  567. if(socket.isConnected()) {
  568. client.idle.splice(i, 1);
  569. } else {
  570. socket = null;
  571. }
  572. }
  573. // no connected socket available, get unconnected socket
  574. if(socket === null) {
  575. socket = client.idle.pop();
  576. }
  577. socket.options = opts;
  578. _doRequest(client, socket);
  579. }
  580. };
  581. /**
  582. * Destroys this client.
  583. */
  584. client.destroy = function() {
  585. // clear pending requests, close and destroy sockets
  586. client.requests = [];
  587. for(var i = 0; i < client.sockets.length; ++i) {
  588. client.sockets[i].close();
  589. client.sockets[i].destroy();
  590. }
  591. client.socketPool = null;
  592. client.sockets = [];
  593. client.idle = [];
  594. };
  595. /**
  596. * Sets a cookie for use with all connections made by this client. Any
  597. * cookie with the same name will be replaced. If the cookie's value
  598. * is undefined, null, or the blank string, the cookie will be removed.
  599. *
  600. * If the cookie's domain doesn't match this client's url host or the
  601. * cookie's secure flag doesn't match this client's url scheme, then
  602. * setting the cookie will fail with an exception.
  603. *
  604. * @param cookie the cookie with parameters:
  605. * name: the name of the cookie.
  606. * value: the value of the cookie.
  607. * comment: an optional comment string.
  608. * maxAge: the age of the cookie in seconds relative to created time.
  609. * secure: true if the cookie must be sent over a secure protocol.
  610. * httpOnly: true to restrict access to the cookie from javascript
  611. * (inaffective since the cookies are stored in javascript).
  612. * path: the path for the cookie.
  613. * domain: optional domain the cookie belongs to (must start with dot).
  614. * version: optional version of the cookie.
  615. * created: creation time, in UTC seconds, of the cookie.
  616. */
  617. client.setCookie = function(cookie) {
  618. var rval;
  619. if(typeof(cookie.name) !== 'undefined') {
  620. if(cookie.value === null || typeof(cookie.value) === 'undefined' ||
  621. cookie.value === '') {
  622. // remove cookie
  623. rval = client.removeCookie(cookie.name, cookie.path);
  624. } else {
  625. // set cookie defaults
  626. cookie.comment = cookie.comment || '';
  627. cookie.maxAge = cookie.maxAge || 0;
  628. cookie.secure = (typeof(cookie.secure) === 'undefined') ?
  629. true : cookie.secure;
  630. cookie.httpOnly = cookie.httpOnly || true;
  631. cookie.path = cookie.path || '/';
  632. cookie.domain = cookie.domain || null;
  633. cookie.version = cookie.version || null;
  634. cookie.created = _getUtcTime(new Date());
  635. // do secure check
  636. if(cookie.secure !== client.secure) {
  637. var error = new Error('Http client url scheme is incompatible ' +
  638. 'with cookie secure flag.');
  639. error.url = client.url;
  640. error.cookie = cookie;
  641. throw error;
  642. }
  643. // make sure url host is within cookie.domain
  644. if(!http.withinCookieDomain(client.url, cookie)) {
  645. var error = new Error('Http client url scheme is incompatible ' +
  646. 'with cookie secure flag.');
  647. error.url = client.url;
  648. error.cookie = cookie;
  649. throw error;
  650. }
  651. // add new cookie
  652. if(!(cookie.name in client.cookies)) {
  653. client.cookies[cookie.name] = {};
  654. }
  655. client.cookies[cookie.name][cookie.path] = cookie;
  656. rval = true;
  657. // save cookies
  658. _saveCookies(client);
  659. }
  660. }
  661. return rval;
  662. };
  663. /**
  664. * Gets a cookie by its name.
  665. *
  666. * @param name the name of the cookie to retrieve.
  667. * @param path an optional path for the cookie (if there are multiple
  668. * cookies with the same name but different paths).
  669. *
  670. * @return the cookie or null if not found.
  671. */
  672. client.getCookie = function(name, path) {
  673. var rval = null;
  674. if(name in client.cookies) {
  675. var paths = client.cookies[name];
  676. // get path-specific cookie
  677. if(path) {
  678. if(path in paths) {
  679. rval = paths[path];
  680. }
  681. } else {
  682. // get first cookie
  683. for(var p in paths) {
  684. rval = paths[p];
  685. break;
  686. }
  687. }
  688. }
  689. return rval;
  690. };
  691. /**
  692. * Removes a cookie.
  693. *
  694. * @param name the name of the cookie to remove.
  695. * @param path an optional path for the cookie (if there are multiple
  696. * cookies with the same name but different paths).
  697. *
  698. * @return true if a cookie was removed, false if not.
  699. */
  700. client.removeCookie = function(name, path) {
  701. var rval = false;
  702. if(name in client.cookies) {
  703. // delete the specific path
  704. if(path) {
  705. var paths = client.cookies[name];
  706. if(path in paths) {
  707. rval = true;
  708. delete client.cookies[name][path];
  709. // clean up entry if empty
  710. var empty = true;
  711. for(var i in client.cookies[name]) {
  712. empty = false;
  713. break;
  714. }
  715. if(empty) {
  716. delete client.cookies[name];
  717. }
  718. }
  719. } else {
  720. // delete all cookies with the given name
  721. rval = true;
  722. delete client.cookies[name];
  723. }
  724. }
  725. if(rval) {
  726. // save cookies
  727. _saveCookies(client);
  728. }
  729. return rval;
  730. };
  731. /**
  732. * Clears all cookies stored in this client.
  733. */
  734. client.clearCookies = function() {
  735. client.cookies = {};
  736. _clearCookies(client);
  737. };
  738. if(forge.log) {
  739. forge.log.debug('forge.http', 'created client', options);
  740. }
  741. return client;
  742. };
  743. /**
  744. * Trims the whitespace off of the beginning and end of a string.
  745. *
  746. * @param str the string to trim.
  747. *
  748. * @return the trimmed string.
  749. */
  750. var _trimString = function(str) {
  751. return str.replace(/^\s*/, '').replace(/\s*$/, '');
  752. };
  753. /**
  754. * Creates an http header object.
  755. *
  756. * @return the http header object.
  757. */
  758. var _createHeader = function() {
  759. var header = {
  760. fields: {},
  761. setField: function(name, value) {
  762. // normalize field name, trim value
  763. header.fields[_normalize(name)] = [_trimString('' + value)];
  764. },
  765. appendField: function(name, value) {
  766. name = _normalize(name);
  767. if(!(name in header.fields)) {
  768. header.fields[name] = [];
  769. }
  770. header.fields[name].push(_trimString('' + value));
  771. },
  772. getField: function(name, index) {
  773. var rval = null;
  774. name = _normalize(name);
  775. if(name in header.fields) {
  776. index = index || 0;
  777. rval = header.fields[name][index];
  778. }
  779. return rval;
  780. }
  781. };
  782. return header;
  783. };
  784. /**
  785. * Gets the time in utc seconds given a date.
  786. *
  787. * @param d the date to use.
  788. *
  789. * @return the time in utc seconds.
  790. */
  791. var _getUtcTime = function(d) {
  792. var utc = +d + d.getTimezoneOffset() * 60000;
  793. return Math.floor(+new Date() / 1000);
  794. };
  795. /**
  796. * Creates an http request.
  797. *
  798. * @param options:
  799. * version: the version.
  800. * method: the method.
  801. * path: the path.
  802. * body: the body.
  803. * headers: custom header fields to add,
  804. * eg: [{'Content-Length': 0}].
  805. *
  806. * @return the http request.
  807. */
  808. http.createRequest = function(options) {
  809. options = options || {};
  810. var request = _createHeader();
  811. request.version = options.version || 'HTTP/1.1';
  812. request.method = options.method || null;
  813. request.path = options.path || null;
  814. request.body = options.body || null;
  815. request.bodyDeflated = false;
  816. request.flashApi = null;
  817. // add custom headers
  818. var headers = options.headers || [];
  819. if(!forge.util.isArray(headers)) {
  820. headers = [headers];
  821. }
  822. for(var i = 0; i < headers.length; ++i) {
  823. for(var name in headers[i]) {
  824. request.appendField(name, headers[i][name]);
  825. }
  826. }
  827. /**
  828. * Adds a cookie to the request 'Cookie' header.
  829. *
  830. * @param cookie a cookie to add.
  831. */
  832. request.addCookie = function(cookie) {
  833. var value = '';
  834. var field = request.getField('Cookie');
  835. if(field !== null) {
  836. // separate cookies by semi-colons
  837. value = field + '; ';
  838. }
  839. // get current time in utc seconds
  840. var now = _getUtcTime(new Date());
  841. // output cookie name and value
  842. value += cookie.name + '=' + cookie.value;
  843. request.setField('Cookie', value);
  844. };
  845. /**
  846. * Converts an http request into a string that can be sent as an
  847. * HTTP request. Does not include any data.
  848. *
  849. * @return the string representation of the request.
  850. */
  851. request.toString = function() {
  852. /* Sample request header:
  853. GET /some/path/?query HTTP/1.1
  854. Host: www.someurl.com
  855. Connection: close
  856. Accept-Encoding: deflate
  857. Accept: image/gif, text/html
  858. User-Agent: Mozilla 4.0
  859. */
  860. // set default headers
  861. if(request.getField('User-Agent') === null) {
  862. request.setField('User-Agent', 'forge.http 1.0');
  863. }
  864. if(request.getField('Accept') === null) {
  865. request.setField('Accept', '*/*');
  866. }
  867. if(request.getField('Connection') === null) {
  868. request.setField('Connection', 'keep-alive');
  869. request.setField('Keep-Alive', '115');
  870. }
  871. // add Accept-Encoding if not specified
  872. if(request.flashApi !== null &&
  873. request.getField('Accept-Encoding') === null) {
  874. request.setField('Accept-Encoding', 'deflate');
  875. }
  876. // if the body isn't null, deflate it if its larger than 100 bytes
  877. if(request.flashApi !== null && request.body !== null &&
  878. request.getField('Content-Encoding') === null &&
  879. !request.bodyDeflated && request.body.length > 100) {
  880. // use flash to compress data
  881. request.body = forge.util.deflate(request.flashApi, request.body);
  882. request.bodyDeflated = true;
  883. request.setField('Content-Encoding', 'deflate');
  884. request.setField('Content-Length', request.body.length);
  885. } else if(request.body !== null) {
  886. // set content length for body
  887. request.setField('Content-Length', request.body.length);
  888. }
  889. // build start line
  890. var rval =
  891. request.method.toUpperCase() + ' ' + request.path + ' ' +
  892. request.version + '\r\n';
  893. // add each header
  894. for(var name in request.fields) {
  895. var fields = request.fields[name];
  896. for(var i = 0; i < fields.length; ++i) {
  897. rval += name + ': ' + fields[i] + '\r\n';
  898. }
  899. }
  900. // final terminating CRLF
  901. rval += '\r\n';
  902. return rval;
  903. };
  904. return request;
  905. };
  906. /**
  907. * Creates an empty http response header.
  908. *
  909. * @return the empty http response header.
  910. */
  911. http.createResponse = function() {
  912. // private vars
  913. var _first = true;
  914. var _chunkSize = 0;
  915. var _chunksFinished = false;
  916. // create response
  917. var response = _createHeader();
  918. response.version = null;
  919. response.code = 0;
  920. response.message = null;
  921. response.body = null;
  922. response.headerReceived = false;
  923. response.bodyReceived = false;
  924. response.flashApi = null;
  925. /**
  926. * Reads a line that ends in CRLF from a byte buffer.
  927. *
  928. * @param b the byte buffer.
  929. *
  930. * @return the line or null if none was found.
  931. */
  932. var _readCrlf = function(b) {
  933. var line = null;
  934. var i = b.data.indexOf('\r\n', b.read);
  935. if(i != -1) {
  936. // read line, skip CRLF
  937. line = b.getBytes(i - b.read);
  938. b.getBytes(2);
  939. }
  940. return line;
  941. };
  942. /**
  943. * Parses a header field and appends it to the response.
  944. *
  945. * @param line the header field line.
  946. */
  947. var _parseHeader = function(line) {
  948. var tmp = line.indexOf(':');
  949. var name = line.substring(0, tmp++);
  950. response.appendField(
  951. name, (tmp < line.length) ? line.substring(tmp) : '');
  952. };
  953. /**
  954. * Reads an http response header from a buffer of bytes.
  955. *
  956. * @param b the byte buffer to parse the header from.
  957. *
  958. * @return true if the whole header was read, false if not.
  959. */
  960. response.readHeader = function(b) {
  961. // read header lines (each ends in CRLF)
  962. var line = '';
  963. while(!response.headerReceived && line !== null) {
  964. line = _readCrlf(b);
  965. if(line !== null) {
  966. // parse first line
  967. if(_first) {
  968. _first = false;
  969. var tmp = line.split(' ');
  970. if(tmp.length >= 3) {
  971. response.version = tmp[0];
  972. response.code = parseInt(tmp[1], 10);
  973. response.message = tmp.slice(2).join(' ');
  974. } else {
  975. // invalid header
  976. var error = new Error('Invalid http response header.');
  977. error.details = {'line': line};
  978. throw error;
  979. }
  980. } else if(line.length === 0) {
  981. // handle final line, end of header
  982. response.headerReceived = true;
  983. } else {
  984. _parseHeader(line);
  985. }
  986. }
  987. }
  988. return response.headerReceived;
  989. };
  990. /**
  991. * Reads some chunked http response entity-body from the given buffer of
  992. * bytes.
  993. *
  994. * @param b the byte buffer to read from.
  995. *
  996. * @return true if the whole body was read, false if not.
  997. */
  998. var _readChunkedBody = function(b) {
  999. /* Chunked transfer-encoding sends data in a series of chunks,
  1000. followed by a set of 0-N http trailers.
  1001. The format is as follows:
  1002. chunk-size (in hex) CRLF
  1003. chunk data (with "chunk-size" many bytes) CRLF
  1004. ... (N many chunks)
  1005. chunk-size (of 0 indicating the last chunk) CRLF
  1006. N many http trailers followed by CRLF
  1007. blank line + CRLF (terminates the trailers)
  1008. If there are no http trailers, then after the chunk-size of 0,
  1009. there is still a single CRLF (indicating the blank line + CRLF
  1010. that terminates the trailers). In other words, you always terminate
  1011. the trailers with blank line + CRLF, regardless of 0-N trailers. */
  1012. /* From RFC-2616, section 3.6.1, here is the pseudo-code for
  1013. implementing chunked transfer-encoding:
  1014. length := 0
  1015. read chunk-size, chunk-extension (if any) and CRLF
  1016. while (chunk-size > 0) {
  1017. read chunk-data and CRLF
  1018. append chunk-data to entity-body
  1019. length := length + chunk-size
  1020. read chunk-size and CRLF
  1021. }
  1022. read entity-header
  1023. while (entity-header not empty) {
  1024. append entity-header to existing header fields
  1025. read entity-header
  1026. }
  1027. Content-Length := length
  1028. Remove "chunked" from Transfer-Encoding
  1029. */
  1030. var line = '';
  1031. while(line !== null && b.length() > 0) {
  1032. // if in the process of reading a chunk
  1033. if(_chunkSize > 0) {
  1034. // if there are not enough bytes to read chunk and its
  1035. // trailing CRLF, we must wait for more data to be received
  1036. if(_chunkSize + 2 > b.length()) {
  1037. break;
  1038. }
  1039. // read chunk data, skip CRLF
  1040. response.body += b.getBytes(_chunkSize);
  1041. b.getBytes(2);
  1042. _chunkSize = 0;
  1043. } else if(!_chunksFinished) {
  1044. // more chunks, read next chunk-size line
  1045. line = _readCrlf(b);
  1046. if(line !== null) {
  1047. // parse chunk-size (ignore any chunk extension)
  1048. _chunkSize = parseInt(line.split(';', 1)[0], 16);
  1049. _chunksFinished = (_chunkSize === 0);
  1050. }
  1051. } else {
  1052. // chunks finished, read next trailer
  1053. line = _readCrlf(b);
  1054. while(line !== null) {
  1055. if(line.length > 0) {
  1056. // parse trailer
  1057. _parseHeader(line);
  1058. // read next trailer
  1059. line = _readCrlf(b);
  1060. } else {
  1061. // body received
  1062. response.bodyReceived = true;
  1063. line = null;
  1064. }
  1065. }
  1066. }
  1067. }
  1068. return response.bodyReceived;
  1069. };
  1070. /**
  1071. * Reads an http response body from a buffer of bytes.
  1072. *
  1073. * @param b the byte buffer to read from.
  1074. *
  1075. * @return true if the whole body was read, false if not.
  1076. */
  1077. response.readBody = function(b) {
  1078. var contentLength = response.getField('Content-Length');
  1079. var transferEncoding = response.getField('Transfer-Encoding');
  1080. if(contentLength !== null) {
  1081. contentLength = parseInt(contentLength);
  1082. }
  1083. // read specified length
  1084. if(contentLength !== null && contentLength >= 0) {
  1085. response.body = response.body || '';
  1086. response.body += b.getBytes(contentLength);
  1087. response.bodyReceived = (response.body.length === contentLength);
  1088. } else if(transferEncoding !== null) {
  1089. // read chunked encoding
  1090. if(transferEncoding.indexOf('chunked') != -1) {
  1091. response.body = response.body || '';
  1092. _readChunkedBody(b);
  1093. } else {
  1094. var error = new Error('Unknown Transfer-Encoding.');
  1095. error.details = {'transferEncoding': transferEncoding};
  1096. throw error;
  1097. }
  1098. } else if((contentLength !== null && contentLength < 0) ||
  1099. (contentLength === null &&
  1100. response.getField('Content-Type') !== null)) {
  1101. // read all data in the buffer
  1102. response.body = response.body || '';
  1103. response.body += b.getBytes();
  1104. response.readBodyUntilClose = true;
  1105. } else {
  1106. // no body
  1107. response.body = null;
  1108. response.bodyReceived = true;
  1109. }
  1110. if(response.bodyReceived) {
  1111. response.time = +new Date() - response.time;
  1112. }
  1113. if(response.flashApi !== null &&
  1114. response.bodyReceived && response.body !== null &&
  1115. response.getField('Content-Encoding') === 'deflate') {
  1116. // inflate using flash api
  1117. response.body = forge.util.inflate(
  1118. response.flashApi, response.body);
  1119. }
  1120. return response.bodyReceived;
  1121. };
  1122. /**
  1123. * Parses an array of cookies from the 'Set-Cookie' field, if present.
  1124. *
  1125. * @return the array of cookies.
  1126. */
  1127. response.getCookies = function() {
  1128. var rval = [];
  1129. // get Set-Cookie field
  1130. if('Set-Cookie' in response.fields) {
  1131. var field = response.fields['Set-Cookie'];
  1132. // get current local time in seconds
  1133. var now = +new Date() / 1000;
  1134. // regex for parsing 'name1=value1; name2=value2; name3'
  1135. var regex = /\s*([^=]*)=?([^;]*)(;|$)/g;
  1136. // examples:
  1137. // Set-Cookie: cookie1_name=cookie1_value; max-age=0; path=/
  1138. // Set-Cookie: c2=v2; expires=Thu, 21-Aug-2008 23:47:25 GMT; path=/
  1139. for(var i = 0; i < field.length; ++i) {
  1140. var fv = field[i];
  1141. var m;
  1142. regex.lastIndex = 0;
  1143. var first = true;
  1144. var cookie = {};
  1145. do {
  1146. m = regex.exec(fv);
  1147. if(m !== null) {
  1148. var name = _trimString(m[1]);
  1149. var value = _trimString(m[2]);
  1150. // cookie_name=value
  1151. if(first) {
  1152. cookie.name = name;
  1153. cookie.value = value;
  1154. first = false;
  1155. } else {
  1156. // property_name=value
  1157. name = name.toLowerCase();
  1158. switch(name) {
  1159. case 'expires':
  1160. // replace hyphens w/spaces so date will parse
  1161. value = value.replace(/-/g, ' ');
  1162. var secs = Date.parse(value) / 1000;
  1163. cookie.maxAge = Math.max(0, secs - now);
  1164. break;
  1165. case 'max-age':
  1166. cookie.maxAge = parseInt(value, 10);
  1167. break;
  1168. case 'secure':
  1169. cookie.secure = true;
  1170. break;
  1171. case 'httponly':
  1172. cookie.httpOnly = true;
  1173. break;
  1174. default:
  1175. if(name !== '') {
  1176. cookie[name] = value;
  1177. }
  1178. }
  1179. }
  1180. }
  1181. } while(m !== null && m[0] !== '');
  1182. rval.push(cookie);
  1183. }
  1184. }
  1185. return rval;
  1186. };
  1187. /**
  1188. * Converts an http response into a string that can be sent as an
  1189. * HTTP response. Does not include any data.
  1190. *
  1191. * @return the string representation of the response.
  1192. */
  1193. response.toString = function() {
  1194. /* Sample response header:
  1195. HTTP/1.0 200 OK
  1196. Host: www.someurl.com
  1197. Connection: close
  1198. */
  1199. // build start line
  1200. var rval =
  1201. response.version + ' ' + response.code + ' ' + response.message + '\r\n';
  1202. // add each header
  1203. for(var name in response.fields) {
  1204. var fields = response.fields[name];
  1205. for(var i = 0; i < fields.length; ++i) {
  1206. rval += name + ': ' + fields[i] + '\r\n';
  1207. }
  1208. }
  1209. // final terminating CRLF
  1210. rval += '\r\n';
  1211. return rval;
  1212. };
  1213. return response;
  1214. };
  1215. /**
  1216. * Returns true if the given url is within the given cookie's domain.
  1217. *
  1218. * @param url the url to check.
  1219. * @param cookie the cookie or cookie domain to check.
  1220. */
  1221. http.withinCookieDomain = function(url, cookie) {
  1222. var rval = false;
  1223. // cookie may be null, a cookie object, or a domain string
  1224. var domain = (cookie === null || typeof cookie === 'string') ?
  1225. cookie : cookie.domain;
  1226. // any domain will do
  1227. if(domain === null) {
  1228. rval = true;
  1229. } else if(domain.charAt(0) === '.') {
  1230. // ensure domain starts with a '.'
  1231. // parse URL as necessary
  1232. if(typeof url === 'string') {
  1233. url = new URL(url);
  1234. }
  1235. // add '.' to front of URL hostname to match against domain
  1236. var host = '.' + url.hostname;
  1237. // if the host ends with domain then it falls within it
  1238. var idx = host.lastIndexOf(domain);
  1239. if(idx !== -1 && (idx + domain.length === host.length)) {
  1240. rval = true;
  1241. }
  1242. }
  1243. return rval;
  1244. };