def _retrieve_and_analyze_http_response(
server_info: ServerConnectivityInfo) -> HttpHeadersScanResult:
# Send HTTP requests until we no longer received an HTTP redirection, but allow only 4 redirections max
redirections_count = 0
next_location_path: Optional[str] = "/"
while next_location_path and redirections_count < 4:
ssl_connection = server_info.get_preconfigured_tls_connection()
try:
# Perform the TLS handshake
ssl_connection.connect()
# Send an HTTP GET request to the server
ssl_connection.ssl_client.write(
HttpRequestGenerator.get_request(
host=server_info.network_configuration.
tls_server_name_indication,
path=next_location_path))
http_response = HttpResponseParser.parse_from_ssl_connection(
ssl_connection.ssl_client)
finally:
ssl_connection.close()
if http_response.version == 9:
# HTTP 0.9 => Probably not an HTTP response
raise ValueError("Server did not return an HTTP response")
# Handle redirection if there is one
next_location_path = _detect_http_redirection(
http_response=http_response,
server_host_name=server_info.network_configuration.
tls_server_name_indication,
server_port=server_info.server_location.port,
)
redirections_count += 1
# Parse and return each header
return HttpHeadersScanResult(
strict_transport_security_header=_parse_hsts_header_from_http_response(
http_response),
public_key_pins_header=_parse_hpkp_header_from_http_response(
http_response),
public_key_pins_report_only_header=
_parse_hpkp_report_only_header_from_http_response(http_response),
expect_ct_header=_parse_expect_ct_header_from_http_response(
http_response),
)
def _retrieve_and_analyze_http_response(
server_info: ServerConnectivityInfo) -> HttpHeadersScanResult:
# Perform the TLS handshake
ssl_connection = server_info.get_preconfigured_tls_connection()
try:
ssl_connection.connect()
# Send an HTTP GET request to the server
ssl_connection.ssl_client.write(
HttpRequestGenerator.get_request(
host=server_info.network_configuration.
tls_server_name_indication))
# We do not follow redirections because the security headers must be set on the first page according to
# https://hstspreload.appspot.com/:
# "If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS
# header (rather than the page it redirects to)."
http_response = HttpResponseParser.parse_from_ssl_connection(
ssl_connection.ssl_client)
finally:
ssl_connection.close()
if http_response.version == 9:
# HTTP 0.9 => Probably not an HTTP response
raise ValueError("Server did not return an HTTP response")
# Parse and return each header
return HttpHeadersScanResult(
strict_transport_security_header=_parse_hsts_header_from_http_response(
http_response),
public_key_pins_header=_parse_hpkp_header_from_http_response(
http_response),
public_key_pins_report_only_header=
_parse_hpkp_report_only_header_from_http_response(http_response),
expect_ct_header=_parse_expect_ct_header_from_http_response(
http_response),
)
def _retrieve_and_analyze_http_response(server_info: ServerConnectivityInfo) -> HttpHeadersScanResult:
# Send HTTP requests until we no longer received an HTTP redirection, but allow only 4 redirections max
_logger.info(f"Retrieving HTTP headers from {server_info}")
redirections_count = 0
next_location_path: Optional[str] = "/"
http_error_trace = None
while next_location_path and redirections_count < 4:
_logger.info(f"Sending HTTP request to {next_location_path}")
http_path_redirected_to = next_location_path
# Perform the TLS handshake
ssl_connection = server_info.get_preconfigured_tls_connection()
ssl_connection.connect()
try:
# Send an HTTP GET request to the server
ssl_connection.ssl_client.write(
HttpRequestGenerator.get_request(
host=server_info.network_configuration.tls_server_name_indication, path=next_location_path
)
)
http_response = HttpResponseParser.parse_from_ssl_connection(ssl_connection.ssl_client)
except (OSError, NotAValidHttpResponseError, SslError) as e:
# The server closed/rejected the connection, or didn't return a valid HTTP response
http_error_trace = TracebackException.from_exception(e)
finally:
ssl_connection.close()
if http_error_trace:
break
# Handle redirection if there is one
next_location_path = _detect_http_redirection(
http_response=http_response,
server_host_name=server_info.network_configuration.tls_server_name_indication,
server_port=server_info.server_location.port,
)
redirections_count += 1
# Prepare the results
initial_http_request = HttpRequestGenerator.get_request(
host=server_info.network_configuration.tls_server_name_indication, path="/"
).decode("ascii")
if http_error_trace:
# If the server errored when receiving an HTTP request, return the error as the result
return HttpHeadersScanResult(
http_request_sent=initial_http_request,
http_error_trace=http_error_trace,
http_path_redirected_to=None,
strict_transport_security_header=None,
expect_ct_header=None,
)
else:
# If no HTTP error happened, parse and return each header
return HttpHeadersScanResult(
http_request_sent=initial_http_request,
http_path_redirected_to=http_path_redirected_to,
http_error_trace=None,
strict_transport_security_header=_parse_hsts_header_from_http_response(http_response),
expect_ct_header=_parse_expect_ct_header_from_http_response(http_response),
)