1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/testing/mochitest/pywebsocket/mod_pywebsocket/handshake/hybi.py Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,378 @@
1.4 +# Copyright 2011, Google Inc.
1.5 +# All rights reserved.
1.6 +#
1.7 +# Redistribution and use in source and binary forms, with or without
1.8 +# modification, are permitted provided that the following conditions are
1.9 +# met:
1.10 +#
1.11 +# * Redistributions of source code must retain the above copyright
1.12 +# notice, this list of conditions and the following disclaimer.
1.13 +# * Redistributions in binary form must reproduce the above
1.14 +# copyright notice, this list of conditions and the following disclaimer
1.15 +# in the documentation and/or other materials provided with the
1.16 +# distribution.
1.17 +# * Neither the name of Google Inc. nor the names of its
1.18 +# contributors may be used to endorse or promote products derived from
1.19 +# this software without specific prior written permission.
1.20 +#
1.21 +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
1.22 +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
1.23 +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
1.24 +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
1.25 +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.26 +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
1.27 +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
1.28 +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.29 +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.30 +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
1.31 +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
1.32 +
1.33 +
1.34 +"""This file provides the opening handshake processor for the WebSocket
1.35 +protocol (RFC 6455).
1.36 +
1.37 +Specification:
1.38 +http://tools.ietf.org/html/rfc6455
1.39 +"""
1.40 +
1.41 +
1.42 +# Note: request.connection.write is used in this module, even though mod_python
1.43 +# document says that it should be used only in connection handlers.
1.44 +# Unfortunately, we have no other options. For example, request.write is not
1.45 +# suitable because it doesn't allow direct raw bytes writing.
1.46 +
1.47 +
1.48 +import base64
1.49 +import logging
1.50 +import os
1.51 +import re
1.52 +
1.53 +from mod_pywebsocket import common
1.54 +from mod_pywebsocket.extensions import get_extension_processor
1.55 +from mod_pywebsocket.handshake._base import check_request_line
1.56 +from mod_pywebsocket.handshake._base import format_extensions
1.57 +from mod_pywebsocket.handshake._base import format_header
1.58 +from mod_pywebsocket.handshake._base import get_mandatory_header
1.59 +from mod_pywebsocket.handshake._base import HandshakeException
1.60 +from mod_pywebsocket.handshake._base import parse_extensions
1.61 +from mod_pywebsocket.handshake._base import parse_token_list
1.62 +from mod_pywebsocket.handshake._base import validate_mandatory_header
1.63 +from mod_pywebsocket.handshake._base import validate_subprotocol
1.64 +from mod_pywebsocket.handshake._base import VersionException
1.65 +from mod_pywebsocket.stream import Stream
1.66 +from mod_pywebsocket.stream import StreamOptions
1.67 +from mod_pywebsocket import util
1.68 +
1.69 +
1.70 +# Used to validate the value in the Sec-WebSocket-Key header strictly. RFC 4648
1.71 +# disallows non-zero padding, so the character right before == must be any of
1.72 +# A, Q, g and w.
1.73 +_SEC_WEBSOCKET_KEY_REGEX = re.compile('^[+/0-9A-Za-z]{21}[AQgw]==$')
1.74 +
1.75 +# Defining aliases for values used frequently.
1.76 +_VERSION_HYBI08 = common.VERSION_HYBI08
1.77 +_VERSION_HYBI08_STRING = str(_VERSION_HYBI08)
1.78 +_VERSION_LATEST = common.VERSION_HYBI_LATEST
1.79 +_VERSION_LATEST_STRING = str(_VERSION_LATEST)
1.80 +_SUPPORTED_VERSIONS = [
1.81 + _VERSION_LATEST,
1.82 + _VERSION_HYBI08,
1.83 +]
1.84 +
1.85 +
1.86 +def compute_accept(key):
1.87 + """Computes value for the Sec-WebSocket-Accept header from value of the
1.88 + Sec-WebSocket-Key header.
1.89 + """
1.90 +
1.91 + accept_binary = util.sha1_hash(
1.92 + key + common.WEBSOCKET_ACCEPT_UUID).digest()
1.93 + accept = base64.b64encode(accept_binary)
1.94 +
1.95 + return (accept, accept_binary)
1.96 +
1.97 +
1.98 +class Handshaker(object):
1.99 + """Opening handshake processor for the WebSocket protocol (RFC 6455)."""
1.100 +
1.101 + def __init__(self, request, dispatcher):
1.102 + """Construct an instance.
1.103 +
1.104 + Args:
1.105 + request: mod_python request.
1.106 + dispatcher: Dispatcher (dispatch.Dispatcher).
1.107 +
1.108 + Handshaker will add attributes such as ws_resource during handshake.
1.109 + """
1.110 +
1.111 + self._logger = util.get_class_logger(self)
1.112 +
1.113 + self._request = request
1.114 + self._dispatcher = dispatcher
1.115 +
1.116 + def _validate_connection_header(self):
1.117 + connection = get_mandatory_header(
1.118 + self._request, common.CONNECTION_HEADER)
1.119 +
1.120 + try:
1.121 + connection_tokens = parse_token_list(connection)
1.122 + except HandshakeException, e:
1.123 + raise HandshakeException(
1.124 + 'Failed to parse %s: %s' % (common.CONNECTION_HEADER, e))
1.125 +
1.126 + connection_is_valid = False
1.127 + for token in connection_tokens:
1.128 + if token.lower() == common.UPGRADE_CONNECTION_TYPE.lower():
1.129 + connection_is_valid = True
1.130 + break
1.131 + if not connection_is_valid:
1.132 + raise HandshakeException(
1.133 + '%s header doesn\'t contain "%s"' %
1.134 + (common.CONNECTION_HEADER, common.UPGRADE_CONNECTION_TYPE))
1.135 +
1.136 + def do_handshake(self):
1.137 + self._request.ws_close_code = None
1.138 + self._request.ws_close_reason = None
1.139 +
1.140 + # Parsing.
1.141 +
1.142 + check_request_line(self._request)
1.143 +
1.144 + validate_mandatory_header(
1.145 + self._request,
1.146 + common.UPGRADE_HEADER,
1.147 + common.WEBSOCKET_UPGRADE_TYPE)
1.148 +
1.149 + self._validate_connection_header()
1.150 +
1.151 + self._request.ws_resource = self._request.uri
1.152 +
1.153 + unused_host = get_mandatory_header(self._request, common.HOST_HEADER)
1.154 +
1.155 + self._request.ws_version = self._check_version()
1.156 +
1.157 + # This handshake must be based on latest hybi. We are responsible to
1.158 + # fallback to HTTP on handshake failure as latest hybi handshake
1.159 + # specifies.
1.160 + try:
1.161 + self._get_origin()
1.162 + self._set_protocol()
1.163 + self._parse_extensions()
1.164 +
1.165 + # Key validation, response generation.
1.166 +
1.167 + key = self._get_key()
1.168 + (accept, accept_binary) = compute_accept(key)
1.169 + self._logger.debug(
1.170 + '%s: %r (%s)',
1.171 + common.SEC_WEBSOCKET_ACCEPT_HEADER,
1.172 + accept,
1.173 + util.hexify(accept_binary))
1.174 +
1.175 + self._logger.debug('Protocol version is RFC 6455')
1.176 +
1.177 + # Setup extension processors.
1.178 +
1.179 + processors = []
1.180 + if self._request.ws_requested_extensions is not None:
1.181 + for extension_request in self._request.ws_requested_extensions:
1.182 + processor = get_extension_processor(extension_request)
1.183 + # Unknown extension requests are just ignored.
1.184 + if processor is not None:
1.185 + processors.append(processor)
1.186 + self._request.ws_extension_processors = processors
1.187 +
1.188 + # Extra handshake handler may modify/remove processors.
1.189 + self._dispatcher.do_extra_handshake(self._request)
1.190 +
1.191 + stream_options = StreamOptions()
1.192 +
1.193 + self._request.ws_extensions = None
1.194 + for processor in self._request.ws_extension_processors:
1.195 + if processor is None:
1.196 + # Some processors may be removed by extra handshake
1.197 + # handler.
1.198 + continue
1.199 +
1.200 + extension_response = processor.get_extension_response()
1.201 + if extension_response is None:
1.202 + # Rejected.
1.203 + continue
1.204 +
1.205 + if self._request.ws_extensions is None:
1.206 + self._request.ws_extensions = []
1.207 + self._request.ws_extensions.append(extension_response)
1.208 +
1.209 + processor.setup_stream_options(stream_options)
1.210 +
1.211 + if self._request.ws_extensions is not None:
1.212 + self._logger.debug(
1.213 + 'Extensions accepted: %r',
1.214 + map(common.ExtensionParameter.name,
1.215 + self._request.ws_extensions))
1.216 +
1.217 + self._request.ws_stream = Stream(self._request, stream_options)
1.218 +
1.219 + if self._request.ws_requested_protocols is not None:
1.220 + if self._request.ws_protocol is None:
1.221 + raise HandshakeException(
1.222 + 'do_extra_handshake must choose one subprotocol from '
1.223 + 'ws_requested_protocols and set it to ws_protocol')
1.224 + validate_subprotocol(self._request.ws_protocol, hixie=False)
1.225 +
1.226 + self._logger.debug(
1.227 + 'Subprotocol accepted: %r',
1.228 + self._request.ws_protocol)
1.229 + else:
1.230 + if self._request.ws_protocol is not None:
1.231 + raise HandshakeException(
1.232 + 'ws_protocol must be None when the client didn\'t '
1.233 + 'request any subprotocol')
1.234 +
1.235 + self._send_handshake(accept)
1.236 + except HandshakeException, e:
1.237 + if not e.status:
1.238 + # Fallback to 400 bad request by default.
1.239 + e.status = common.HTTP_STATUS_BAD_REQUEST
1.240 + raise e
1.241 +
1.242 + def _get_origin(self):
1.243 + if self._request.ws_version is _VERSION_HYBI08:
1.244 + origin_header = common.SEC_WEBSOCKET_ORIGIN_HEADER
1.245 + else:
1.246 + origin_header = common.ORIGIN_HEADER
1.247 + origin = self._request.headers_in.get(origin_header)
1.248 + if origin is None:
1.249 + self._logger.debug('Client request does not have origin header')
1.250 + self._request.ws_origin = origin
1.251 +
1.252 + def _check_version(self):
1.253 + version = get_mandatory_header(self._request,
1.254 + common.SEC_WEBSOCKET_VERSION_HEADER)
1.255 + if version == _VERSION_HYBI08_STRING:
1.256 + return _VERSION_HYBI08
1.257 + if version == _VERSION_LATEST_STRING:
1.258 + return _VERSION_LATEST
1.259 +
1.260 + if version.find(',') >= 0:
1.261 + raise HandshakeException(
1.262 + 'Multiple versions (%r) are not allowed for header %s' %
1.263 + (version, common.SEC_WEBSOCKET_VERSION_HEADER),
1.264 + status=common.HTTP_STATUS_BAD_REQUEST)
1.265 + raise VersionException(
1.266 + 'Unsupported version %r for header %s' %
1.267 + (version, common.SEC_WEBSOCKET_VERSION_HEADER),
1.268 + supported_versions=', '.join(map(str, _SUPPORTED_VERSIONS)))
1.269 +
1.270 + def _set_protocol(self):
1.271 + self._request.ws_protocol = None
1.272 + # MOZILLA
1.273 + self._request.sts = None
1.274 + # /MOZILLA
1.275 +
1.276 + protocol_header = self._request.headers_in.get(
1.277 + common.SEC_WEBSOCKET_PROTOCOL_HEADER)
1.278 +
1.279 + if not protocol_header:
1.280 + self._request.ws_requested_protocols = None
1.281 + return
1.282 +
1.283 + self._request.ws_requested_protocols = parse_token_list(
1.284 + protocol_header)
1.285 + self._logger.debug('Subprotocols requested: %r',
1.286 + self._request.ws_requested_protocols)
1.287 +
1.288 + def _parse_extensions(self):
1.289 + extensions_header = self._request.headers_in.get(
1.290 + common.SEC_WEBSOCKET_EXTENSIONS_HEADER)
1.291 + if not extensions_header:
1.292 + self._request.ws_requested_extensions = None
1.293 + return
1.294 +
1.295 + if self._request.ws_version is common.VERSION_HYBI08:
1.296 + allow_quoted_string=False
1.297 + else:
1.298 + allow_quoted_string=True
1.299 + self._request.ws_requested_extensions = parse_extensions(
1.300 + extensions_header, allow_quoted_string=allow_quoted_string)
1.301 +
1.302 + self._logger.debug(
1.303 + 'Extensions requested: %r',
1.304 + map(common.ExtensionParameter.name,
1.305 + self._request.ws_requested_extensions))
1.306 +
1.307 + def _validate_key(self, key):
1.308 + if key.find(',') >= 0:
1.309 + raise HandshakeException('Request has multiple %s header lines or '
1.310 + 'contains illegal character \',\': %r' %
1.311 + (common.SEC_WEBSOCKET_KEY_HEADER, key))
1.312 +
1.313 + # Validate
1.314 + key_is_valid = False
1.315 + try:
1.316 + # Validate key by quick regex match before parsing by base64
1.317 + # module. Because base64 module skips invalid characters, we have
1.318 + # to do this in advance to make this server strictly reject illegal
1.319 + # keys.
1.320 + if _SEC_WEBSOCKET_KEY_REGEX.match(key):
1.321 + decoded_key = base64.b64decode(key)
1.322 + if len(decoded_key) == 16:
1.323 + key_is_valid = True
1.324 + except TypeError, e:
1.325 + pass
1.326 +
1.327 + if not key_is_valid:
1.328 + raise HandshakeException(
1.329 + 'Illegal value for header %s: %r' %
1.330 + (common.SEC_WEBSOCKET_KEY_HEADER, key))
1.331 +
1.332 + return decoded_key
1.333 +
1.334 + def _get_key(self):
1.335 + key = get_mandatory_header(
1.336 + self._request, common.SEC_WEBSOCKET_KEY_HEADER)
1.337 +
1.338 + decoded_key = self._validate_key(key)
1.339 +
1.340 + self._logger.debug(
1.341 + '%s: %r (%s)',
1.342 + common.SEC_WEBSOCKET_KEY_HEADER,
1.343 + key,
1.344 + util.hexify(decoded_key))
1.345 +
1.346 + return key
1.347 +
1.348 + def _send_handshake(self, accept):
1.349 + response = []
1.350 +
1.351 + response.append('HTTP/1.1 101 Switching Protocols\r\n')
1.352 +
1.353 + response.append(format_header(
1.354 + common.UPGRADE_HEADER, common.WEBSOCKET_UPGRADE_TYPE))
1.355 + response.append(format_header(
1.356 + common.CONNECTION_HEADER, common.UPGRADE_CONNECTION_TYPE))
1.357 + response.append(format_header(
1.358 + common.SEC_WEBSOCKET_ACCEPT_HEADER, accept))
1.359 + if self._request.ws_protocol is not None:
1.360 + response.append(format_header(
1.361 + common.SEC_WEBSOCKET_PROTOCOL_HEADER,
1.362 + self._request.ws_protocol))
1.363 + if (self._request.ws_extensions is not None and
1.364 + len(self._request.ws_extensions) != 0):
1.365 + response.append(format_header(
1.366 + common.SEC_WEBSOCKET_EXTENSIONS_HEADER,
1.367 + format_extensions(self._request.ws_extensions)))
1.368 + # MOZILLA: Add HSTS header if requested to
1.369 + if self._request.sts is not None:
1.370 + response.append(format_header("Strict-Transport-Security",
1.371 + self._request.sts))
1.372 + # /MOZILLA
1.373 + response.append('\r\n')
1.374 +
1.375 + raw_response = ''.join(response)
1.376 + self._request.connection.write(raw_response)
1.377 + self._logger.debug('Sent server\'s opening handshake: %r',
1.378 + raw_response)
1.379 +
1.380 +
1.381 +# vi:sts=4 sw=4 et
