tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

query-resource.py (3151B)

      1 '''
      2 SRI Message Signature helper for `@query` tests
      3 
      4 These all represent the following response:
      5 
      6 > HTTP/1.1 200 OK
      7 > Date: Tue, 20 Apr 2021 02:07:56 GMT
      8 > Content-Type: application/json
      9 > Unencoded-Digest: sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=:
     10 > Content-Length: 18
     11 > Signature-Input: signature=("unencoded-digest";sf "@query";req); \
     12 >                  keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";       \
     13 >                  tag="sri"
     14 > Signature: signature=[SEE NOTE BELOW]
     15 >
     16 > {"hello": "world"}
     17 
     18 With the `signature` header governed by the query string.
     19 '''
     20 def getSignature(param):
     21  if param == b'(empty)':
     22    # "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:
     23    # "@query";req: ?
     24    # "@signature-params": ("unencoded-digest";sf "@query";req);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
     25    return b'nddn9dgy3sPXvxoBcV5jxwCgejS3FOIuzXRmQ05V321MnArHDd1BydFm5Na3Q0gUNQFsBJus4+x8+VkTIjlFBA=='
     26  elif param == b'':
     27    # "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:
     28    # "@query";req: ?test
     29    # "@signature-params": ("unencoded-digest";sf "@query";req);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
     30    return b'F4fftMcvtwmghk6n3J86MpYhDT9fPHInd69SXdKb8SB6cWQJMfaKxM0FmO1fJa/pnB2ThO/Sp077+vLURnDEBw=='
     31  elif param == b'a':
     32    # "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:
     33    # "@query";req: ?test=a
     34    # "@signature-params": ("unencoded-digest";sf "@query";req);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
     35    return b'QYLmBgierby9E6Q9ZG92jT28+AF73cFHVgBeX/05hqFIt+MG8niYq3G3YWgxPigS7O1i2Vbxu7eQU1JYxht0Dw=='
     36  elif param == b'/':
     37    # "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:
     38    # "@query";req: ?test=%2F
     39    # "@signature-params": ("unencoded-digest";sf "@query";req);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
     40    return b'6RY+KehKbGFhE9RItvGuYvs4uOTD7hTE23w5O/oTsvdM6kuU1gD7Y3x3KIjCxTjiFij+8xlFAyYYLsv3LaQSDg=='
     41  elif param == b'\xc3\xbc':
     42    # "unencoded-digest";sf: sha-256=:PZJ+9CdAAIacg7wfUe4t/RkDQJVKM0mCZ2K7qiRhHFc=:
     43    # "@query";req: ?test=%C3%BC
     44    # "@signature-params": ("unencoded-digest";sf "@query";req);keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs=";tag="sri"
     45    return b'TMyMXXE6Pw0wBzeuBpaEOr9RI3WaZLNB7Rhu1euibMqTcp35y7JM3bWZICb7keSGZBvWbidbxrWfWFSsw+J0CA=='
     46  return param
     47 
     48 def main(request, response):
     49  response.status = 200
     50  response.content = b'{"hello": "world"}'
     51 
     52  response.headers.set(b'content-type', b'application/json')
     53  response.headers.set(b'access-control-allow-origin', b'*')
     54  response.headers.set(b'unencoded-digest', b'sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=:')
     55  response.headers.set(b'signature-input', \
     56                       b'signature=("unencoded-digest";sf "@query";req); '      \
     57                       b'keyid="JrQLj5P/89iXES9+vFgrIy29clF9CC/oPPsw3c5D0bs="; ' \
     58                       b'tag="sri"')
     59 
     60  sig = getSignature(request.GET.first(b'test', b'(empty)'))
     61  response.headers.set(b'signature', b'signature=:%s:' % sig)