Add HTTP client examples

Examples to demonstrate HTTP, HTTPS and TLS validation
Uses the lwip HTTP client

Fixes #318

Author: peterharperuk

pico_w/wifi/CMakeLists.txt

@@ -16,6 +16,7 @@ else()
     add_subdirectory(tcp_server)
     add_subdirectory(freertos)
     add_subdirectory(udp_beacon)
+    add_subdirectory(http_client)
 
     if (NOT PICO_MBEDTLS_PATH)
         message("Skipping tls examples as PICO_MBEDTLS_PATH is not defined")

pico_w/wifi/http_client/CMakeLists.txt

@@ -0,0 +1,51 @@
+add_executable(picow_http_client
+        picow_http_client.c
+        http_client.c
+        )
+target_compile_definitions(picow_http_client PRIVATE
+        WIFI_SSID=\"${WIFI_SSID}\"
+        WIFI_PASSWORD=\"${WIFI_PASSWORD}\"
+        )
+target_include_directories(picow_http_client PRIVATE
+        ${CMAKE_CURRENT_LIST_DIR}
+        ${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts
+        )
+target_link_libraries(picow_http_client
+        pico_cyw43_arch_lwip_threadsafe_background
+        pico_lwip_http
+        pico_stdlib
+        pico_lwip_mbedtls
+        pico_mbedtls
+        )
+pico_add_extra_outputs(picow_http_client)
+
+add_executable(picow_http_client_verify
+        picow_http_verify.c
+        http_client.c
+        )
+target_compile_definitions(picow_http_client_verify PRIVATE
+        WIFI_SSID=\"${WIFI_SSID}\"
+        WIFI_PASSWORD=\"${WIFI_PASSWORD}\"
+        # By default verification is optional (MBEDTLS_SSL_VERIFY_OPTIONAL)
+        # Make it required for this test
+        ALTCP_MBEDTLS_AUTHMODE=MBEDTLS_SSL_VERIFY_REQUIRED
+        )
+target_include_directories(picow_http_client_verify PRIVATE
+        ${CMAKE_CURRENT_LIST_DIR}
+        ${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts
+        )
+target_link_libraries(picow_http_client_verify
+        pico_cyw43_arch_lwip_threadsafe_background
+        pico_lwip_http
+        pico_stdlib
+        pico_lwip_mbedtls
+        pico_mbedtls
+        )
+pico_add_extra_outputs(picow_http_client_verify)
+
+# Ignore warnings from lwip code
+set_source_files_properties(
+        ${PICO_LWIP_PATH}/src/apps/altcp_tls/altcp_tls_mbedtls.c
+        PROPERTIES
+        COMPILE_OPTIONS "-Wno-unused-result"
+        )

pico_w/wifi/http_client/http_client.c

@@ -0,0 +1,144 @@
+/**
+ * Copyright (c) 2023 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "http_client.h"
+#include "pico/async_context.h"
+#include "lwip/altcp_tls.h"
+
+#ifndef DEBUG_printf
+#define DEBUG_printf printf
+#endif
+
+#ifndef DEBUG_putchar
+#define DEBUG_putchar putchar
+#endif
+
+typedef struct HTTP_STATE {
+    bool complete;
+    httpc_result_t httpc_result;
+    struct altcp_tls_config *tls_config;
+    altcp_allocator_t tls_allocator;
+    httpc_connection_t settings;
+    const char *hostname;
+    altcp_recv_fn recv_fn;
+    bool use_https;
+    void *arg;
+} HTTP_STATE_T;
+static HTTP_STATE_T http_state = { 0 };
+
+// Print headers to stdout
+err_t headers_print_fn(httpc_state_t *connection, void *arg, struct pbuf *hdr, u16_t hdr_len, u32_t content_len) {
+    DEBUG_printf("\nheaders %u\n", hdr_len);
+    u16_t offset = 0;
+    while (offset < hdr->tot_len && offset < hdr_len) {
+        char c = (char)pbuf_get_at(hdr, offset++);
+        DEBUG_putchar(c);
+    }
+    return ERR_OK;
+}
+
+// Print body to stdout
+err_t receive_print_fn(void *arg, struct altcp_pcb *conn, struct pbuf *p, err_t err) {
+    DEBUG_printf("\ncontent err %d\n", err);
+    u16_t offset = 0;
+    while (offset < p->tot_len) {
+        char c = (char)pbuf_get_at(p, offset++);
+        DEBUG_putchar(c);
+    }
+    return ERR_OK;
+}
+
+static void result_fn(void *arg, httpc_result_t httpc_result, u32_t rx_content_len, u32_t srv_res, err_t err) {
+    DEBUG_printf("result %d len %u server_response %u err %d\n", httpc_result, rx_content_len, srv_res, err);
+    http_state.complete = true;
+    http_state.httpc_result = httpc_result;
+}
+
+// Override altcp_tls_alloc to set sni
+static struct altcp_pcb *altcp_tls_alloc_sni(void *arg, u8_t ip_type) {
+    struct altcp_pcb *pcb = altcp_tls_alloc(http_state.tls_config, ip_type);
+    if (!pcb) {
+        return NULL;
+    }
+    mbedtls_ssl_set_hostname(altcp_tls_context(pcb), http_state.hostname);
+    return pcb;
+}
+
+static void http_client_init_internal(const char *hostname, bool use_https, const uint8_t *cert, size_t cert_len, httpc_headers_done_fn headers_fn, altcp_recv_fn recv_fn, void *arg) {
+    assert(hostname && !http_state.hostname);
+    http_state.hostname = hostname;
+    http_state.settings.headers_done_fn = headers_fn; // can be null
+    http_state.settings.result_fn = result_fn;
+    http_state.recv_fn = recv_fn;
+    http_state.use_https = use_https;
+    http_state.arg = arg;
+    if (http_state.use_https) {
+        if (!cert || cert_len == 0) {
+            DEBUG_printf("Warning: https used without a certificate is insecure\n");
+        } else {
+#if ALTCP_MBEDTLS_AUTHMODE != MBEDTLS_SSL_VERIFY_REQUIRED
+            DEBUG_printf("Warning: https used without verificatation is insecure\n");
+#endif
+        }
+        http_state.tls_config = altcp_tls_create_config_client(cert, cert_len);
+        http_state.tls_allocator.alloc = altcp_tls_alloc_sni;
+        http_state.settings.altcp_allocator = &http_state.tls_allocator;
+    } else {
+        // Can't use a cert without https
+        assert(!cert && cert_len == 0);
+    }
+}
+
+void http_client_init_basic(const char *hostname, httpc_headers_done_fn headers_fn, altcp_recv_fn recv_fn, void *arg) {
+    http_client_init_internal(hostname, false, NULL, 0, headers_fn, recv_fn, arg);
+}
+
+void http_client_init_secure(const char *hostname, httpc_headers_done_fn headers_fn, altcp_recv_fn recv_fn, void *arg, const uint8_t *cert, size_t cert_len) {
+    http_client_init_internal(hostname, true, cert, cert_len, headers_fn, recv_fn, arg);
+}
+
+// Make a http request, complete when http_client_run_complete returns true
+bool http_client_run_async(const char *url) {
+    http_state.httpc_result = HTTPC_RESULT_ERR_UNKNOWN; // make sure we see real success
+    http_state.complete = false;
+    err_t ret = httpc_get_file_dns(http_state.hostname, http_state.use_https ? 443 : 80, url, &http_state.settings, http_state.recv_fn, &http_state, NULL);
+    if (ret != ERR_OK) {
+        DEBUG_printf("http request failed: %d", ret);
+        return false;
+    }
+    return true;
+}
+
+// Check if the http request is complete and return the result
+bool http_client_run_complete(httpc_result_t *result) {
+    if (http_state.complete) {
+        *result = http_state.httpc_result;
+        return true;
+    }
+    return false;
+}
+
+// Make a http request and only return when it has completed. Returns true on success
+bool http_client_run_sync(async_context_t *context, const char *url) {
+    if (!http_client_run_async(url)) {
+        return false;
+    }
+    while(!http_state.complete) {
+        async_context_poll(context);
+        async_context_wait_for_work_ms(context, 1000);
+    }
+    return http_state.httpc_result == HTTPC_RESULT_OK;
+}
+
+// Deinitialise the http client
+void http_client_deinit(void) {
+    if (http_state.tls_config) {
+        altcp_tls_free_config(http_state.tls_config);
+    }
+    memset(&http_state, 0, sizeof(http_state));
+}

pico_w/wifi/http_client/http_client.h

@@ -0,0 +1,112 @@
+/**
+ * Copyright (c) 2023 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef PICO_HTTP_CLIENT_H
+#define PICO_HTTP_CLIENT_H
+
+#include "lwip/apps/http_client.h"
+
+/*! \brief A "header" callback that can be passed to http_client_init_basic or http_client_init_secure
+ *  \ingroup pico_http_client
+ *
+ * http client callback: called when the headers are received
+ *
+ * @param connection http client connection
+ * @param arg argument specified when initiating the request
+ * @param hdr header pbuf(s) (may contain data also)
+ * @param hdr_len length of the heders in 'hdr'
+ * @param content_len content length as received in the headers (-1 if not received)
+ * @return if != ERR_OK is returned, the connection is aborted
+ *
+ * \see httpc_headers_done_fn
+ */
+err_t headers_print_fn(httpc_state_t *connection, void *arg, struct pbuf *hdr, u16_t hdr_len, u32_t content_len);
+
+/*! \brief A "http body" callback that can be passed to http_client_init_basic or http_client_init_secure
+ *  \ingroup pico_http_client
+ *
+ * http body (not the headers) are passed to this callback
+ *
+ * @param arg argument specified when initiating the request
+ * @param conn http client connection
+ * @param p body pbuf(s)
+ * @param err Error code in the case of an error
+ * @return if != ERR_OK is returned, the connection is aborted
+ */
+err_t receive_print_fn(void *arg, struct altcp_pcb *conn, struct pbuf *p, err_t err);
+
+/*! \brief Initialise the http client to perform a basic (http) request
+ *  \ingroup pico_http_client
+ *
+ * Initialise the http client state to perform a basic http request
+ *
+ * @param hostname hostname for request
+ * @param headers_fn function to call with headers (can be null)
+ * @param altcp_recv_fn function to call with http body
+ * @param arg Argument to pass to callbacks
+ */
+void http_client_init_basic(const char *hostname, httpc_headers_done_fn headers_fn, altcp_recv_fn recv_fn, void *arg);
+
+/*! \brief Initialise the http client to perform a secure (https) request
+ *  \ingroup pico_http_client
+ *
+ * Initialise the http client state to perform a basic http request
+ *
+ * @param hostname hostname for request
+ * @param headers_fn function to call with headers (can be null)
+ * @param altcp_recv_fn function to call with http body
+ * @param arg Argument to pass to callbacks
+ * @param cert certificate to use for verification (can be null but this is insecure)
+ * @param cert_len The length of the certificate data
+ */
+void http_client_init_secure(const char *hostname, httpc_headers_done_fn headers_fn, altcp_recv_fn recv_fn, void *arg, const uint8_t *cert, size_t cert_len);
+
+/*! \brief Perform a http request asynchronously
+ *  \ingroup pico_http_client
+ *
+ * Initialise the http client state to perform a basic http request
+ *
+ * @param url url of request. Include initiial forward slash
+ * @return true when request has been made, @see http_client_run_complete
+ * 
+ * @see async_context
+ */
+bool http_client_run_async(const char *url);
+
+/*! \brief Check if http request is complete
+ *  \ingroup pico_http_client
+ *
+ * Returns true when the http request is complete
+ *
+ * @param result Returns the result of the request when complete
+ * @return true if http request complete and result is set
+ * 
+ * @see async_context
+ */
+bool http_client_run_complete(httpc_result_t *result);
+
+struct async_context;
+
+/*! \brief Perform a http request synchronously
+ *  \ingroup pico_http_client
+ *
+ * Initialise the http client state to perform a basic http request
+ *
+ * @param context async context
+ * @param url url of request. Include initiial forward slash
+ * 
+ * @see async_context
+ */
+bool http_client_run_sync(struct async_context *context, const char *url);
+
+/*! \brief Deinitialise the http client state
+ *  \ingroup pico_http_client
+ *
+ * Cleanup the http client state for new requests
+ */
+void http_client_deinit(void);
+
+#endif

pico_w/wifi/http_client/lwipopts.h

@@ -0,0 +1,27 @@
+#ifndef _LWIPOPTS_H
+#define _LWIPOPTS_H
+
+// Generally you would define your own explicit list of lwIP options
+// (see https://www.nongnu.org/lwip/2_1_x/group__lwip__opts.html)
+//
+// This example uses a common include to avoid repetition
+#include "lwipopts_examples_common.h"
+
+/* TCP WND must be at least 16 kb to match TLS record size
+   or you will get a warning "altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!" */
+#undef TCP_WND
+#define TCP_WND  16384
+
+#define LWIP_ALTCP 1
+
+// If you don't want to use TLS (just a http request) you can avoid linking to mbedtls and remove the following
+#define LWIP_ALTCP_TLS           1
+#define LWIP_ALTCP_TLS_MBEDTLS   1
+
+// Note bug in lwip with LWIP_ALTCP and LWIP_DEBUG
+// https://savannah.nongnu.org/bugs/index.php?62159
+//#define LWIP_DEBUG 1
+#undef LWIP_DEBUG
+#define ALTCP_MBEDTLS_DEBUG  LWIP_DBG_ON
+
+#endif