hsts: add read/write callbacks

- read/write callback options
- man pages for the 4 new setopts
- test 1915 verifies the callbacks

Closes #5896

7 files changed, 160 insertions, 8 deletions

diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md
index 0f66de277..d0a6d3b21 100644
--- a/tests/FILEFORMAT.md
+++ b/tests/FILEFORMAT.md
@@ -340,6 +340,7 @@ Features testable here are:
 - `getrlimit`
 - `GnuTLS`
 - `GSS-API`
+- `HSTS`
 - `HTTP-auth`
 - `http/2`
 - `idn`
diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc
index 04e23c6fc..97e5fd5eb 100644
--- a/tests/data/Makefile.inc
+++ b/tests/data/Makefile.inc
@@ -204,7 +204,7 @@ test1700 test1701 test1702 \
 test1800 test1801 \
 \
                                     test1904 test1905 test1906 test1907 \
-test1908 test1909 test1910 test1911 test1912 test1913 test1914 \
+test1908 test1909 test1910 test1911 test1912 test1913 test1914 test1915 \
 \
 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 \
 test2008 test2009 test2010 test2011 test2012 test2013 test2014 test2015 \
diff --git a/tests/data/test1915 b/tests/data/test1915
new file mode 100644
index 000000000..850213930
--- /dev/null
+++ b/tests/data/test1915
@@ -0,0 +1,50 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HSTS
+CURLOPT_HSTSREADFUNCTION
+</keywords>
+</info>
+
+# Server-side
+<reply>
+</reply>
+
+# Client-side
+<client>
+<features>
+HSTS
+http
+</features>
+<server>
+none
+</server>
+
+# require debug so that alt-svc can work over plain old HTTP
+<name>
+HSTS read/write callbacks
+</name>
+<tool>
+lib1915
+</tool>
+
+<command>
+http://%HOSTIP:%NOLISTENPORT/not-there/1915
+</command>
+</client>
+
+# Verify data after the test has been "shot"
+<verify>
+# it fails because there's nothing on that port
+<errorcode>
+7
+</errorcode>
+<stdout>
+[0/4] 1.example.com 20300320 01:02:03
+[1/4] 2.example.com 20300320 01:02:03
+[2/4] 3.example.com 20300320 01:02:03
+[3/4] 4.example.com 20300320 01:02:03
+</stdout>
+</verify>
+</testcase>
diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc
index 98fd2ee9f..b18d6e58e 100644
--- a/tests/libtest/Makefile.inc
+++ b/tests/libtest/Makefile.inc
@@ -59,6 +59,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect                \
  lib1558 lib1559 lib1560 lib1564 lib1565 lib1567 \
  lib1591 lib1592 lib1593 lib1594 lib1596 \
          lib1905 lib1906 lib1907 lib1908 lib1910 lib1911 lib1912 lib1913 \
+         lib1915 \
          lib3010
 
 chkdecimalpoint_SOURCES = chkdecimalpoint.c ../../lib/mprintf.c \
@@ -649,6 +650,10 @@ lib1913_SOURCES = lib1913.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib1913_LDADD = $(TESTUTIL_LIBS)
 lib1913_CPPFLAGS = $(AM_CPPFLAGS)
 
+lib1915_SOURCES = lib1915.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
+lib1915_LDADD = $(TESTUTIL_LIBS)
+lib1915_CPPFLAGS = $(AM_CPPFLAGS)
+
 lib3010_SOURCES = lib3010.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS)
 lib3010_LDADD = $(TESTUTIL_LIBS)
 lib3010_CPPFLAGS = $(AM_CPPFLAGS)
diff --git a/tests/libtest/lib1915.c b/tests/libtest/lib1915.c
new file mode 100644
index 000000000..25da75d22
--- /dev/null
+++ b/tests/libtest/lib1915.c
@@ -0,0 +1,95 @@
+/***************************************************************************
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
+ *                             \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+ * You may opt to use, copy, modify, merge, publish, distribute and/or sell
+ * copies of the Software, and permit persons to whom the Software is
+ * furnished to do so, under the terms of the COPYING file.
+ *
+ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
+ * KIND, either express or implied.
+ *
+ ***************************************************************************/
+#include "test.h"
+
+#include "testutil.h"
+#include "warnless.h"
+#include "memdebug.h"
+
+static const char *preload_hosts[] = {
+  "1.example.com",
+  "2.example.com",
+  "3.example.com",
+  "4.example.com",
+  NULL /* end of list marker */
+};
+
+struct state {
+  int index;
+};
+
+/* "read" is from the point of the library, it wants data from us */
+static CURLSTScode hstsread(CURL *easy, struct curl_hstsentry *e,
+                            void *userp)
+{
+  const char *host;
+  struct state *s = (struct state *)userp;
+  (void)easy;
+  host = preload_hosts[s->index++];
+
+  if(host && (strlen(host) < e->namelen)) {
+    strcpy(e->name, host);
+    e->includeSubDomains = FALSE;
+    strcpy(e->expire, "20300320 01:02:03"); /* curl turns 32 that day */
+    fprintf(stderr, "add '%s'\n", host);
+  }
+  else
+    return CURLSTS_DONE;
+  return CURLSTS_OK;
+}
+
+/* check that we get the hosts back in the save */
+static CURLSTScode hstswrite(CURL *easy, struct curl_hstsentry *e,
+                             struct curl_index *i, void *userp)
+{
+  (void)easy;
+  (void)userp;
+  printf("[%u/%u] %s %s\n", i->index, i->total, e->name, e->expire);
+  return CURLSTS_OK;
+}
+
+/*
+ * Read/write HSTS cache entries via callback.
+ */
+
+int test(char *URL)
+{
+  CURLcode ret = CURLE_OK;
+  CURL *hnd;
+  struct state st = {0};
+
+  curl_global_init(CURL_GLOBAL_ALL);
+
+  hnd = curl_easy_init();
+  if(hnd) {
+    curl_easy_setopt(hnd, CURLOPT_URL, URL);
+    curl_easy_setopt(hnd, CURLOPT_HSTSREADFUNCTION, hstsread);
+    curl_easy_setopt(hnd, CURLOPT_HSTSREADDATA, &st);
+    curl_easy_setopt(hnd, CURLOPT_HSTSWRITEFUNCTION, hstswrite);
+    curl_easy_setopt(hnd, CURLOPT_HSTSWRITEDATA, &st);
+    curl_easy_setopt(hnd, CURLOPT_HSTS_CTRL, CURLHSTS_ENABLE);
+    ret = curl_easy_perform(hnd);
+    curl_easy_cleanup(hnd);
+  }
+  curl_global_cleanup();
+  return (int)ret;
+}
diff --git a/tests/libtest/mk-lib1521.pl b/tests/libtest/mk-lib1521.pl
index 9b57b64ee..fa2d38c9a 100755
--- a/tests/libtest/mk-lib1521.pl
+++ b/tests/libtest/mk-lib1521.pl
@@ -133,6 +133,8 @@ static curl_chunk_end_callback chunk_end_cb;
 static curl_fnmatch_callback fnmatch_cb;
 static curl_closesocket_callback closesocketcb;
 static curl_xferinfo_callback xferinfocb;
+static curl_hstsread_callback hstsreadcb;
+static curl_hstswrite_callback hstswritecb;
 static curl_resolver_start_callback resolver_start_cb;
 
 int test(char *URL)
diff --git a/tests/unit/unit1660.c b/tests/unit/unit1660.c
index 1687cafa1..28b724611 100644
--- a/tests/unit/unit1660.c
+++ b/tests/unit/unit1660.c
@@ -125,8 +125,11 @@ UNITTEST_START
   CURL *easy;
   if(!h)
     return 1;
+  easy = curl_easy_init();
+  if(!easy)
+    return 1;
 
-  Curl_hsts_load(h, "log/input1660");
+  Curl_hsts_loadfile(easy, h, "log/input1660");
 
   for(i = 0; headers[i].host ; i++) {
     if(headers[i].hdr) {
@@ -159,13 +162,9 @@ UNITTEST_START
     deltatime++; /* another second passed */
   }
 
-  easy = curl_easy_init();
-  if(easy) {
-    (void)Curl_hsts_save(easy, h, "log/hsts1660");
-    curl_easy_cleanup(easy);
-  }
-
+  (void)Curl_hsts_save(easy, h, "log/hsts1660");
   Curl_hsts_cleanup(&h);
+  curl_easy_cleanup(easy);
   return unitfail;
 }
 UNITTEST_STOP