# Copyright 2012, Google Inc. # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are # met: # # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above # copyright notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # * Neither the name of Google Inc. nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. """Common functions and exceptions used by WebSocket opening handshake processors. """ from __future__ import absolute_import from mod_pywebsocket import common from mod_pywebsocket import http_header_util from mod_pywebsocket.extensions import get_extension_processor from mod_pywebsocket.stream import StreamOptions from mod_pywebsocket.stream import Stream from mod_pywebsocket import util from six.moves import map from six.moves import range # Defining aliases for values used frequently. _VERSION_LATEST = common.VERSION_HYBI_LATEST _VERSION_LATEST_STRING = str(_VERSION_LATEST) _SUPPORTED_VERSIONS = [ _VERSION_LATEST, ] class AbortedByUserException(Exception): """Exception for aborting a connection intentionally. If this exception is raised in do_extra_handshake handler, the connection will be abandoned. No other WebSocket or HTTP(S) handler will be invoked. If this exception is raised in transfer_data_handler, the connection will be closed without closing handshake. No other WebSocket or HTTP(S) handler will be invoked. """ pass class HandshakeException(Exception): """This exception will be raised when an error occurred while processing WebSocket initial handshake. """ def __init__(self, name, status=None): super(HandshakeException, self).__init__(name) self.status = status class VersionException(Exception): """This exception will be raised when a version of client request does not match with version the server supports. """ def __init__(self, name, supported_versions=''): """Construct an instance. Args: supported_version: a str object to show supported hybi versions. (e.g. '13') """ super(VersionException, self).__init__(name) self.supported_versions = supported_versions def get_default_port(is_secure): if is_secure: return common.DEFAULT_WEB_SOCKET_SECURE_PORT else: return common.DEFAULT_WEB_SOCKET_PORT def validate_subprotocol(subprotocol): """Validate a value in the Sec-WebSocket-Protocol field. See the Section 4.1., 4.2.2., and 4.3. of RFC 6455. """ if not subprotocol: raise HandshakeException('Invalid subprotocol name: empty') # Parameter should be encoded HTTP token. state = http_header_util.ParsingState(subprotocol) token = http_header_util.consume_token(state) rest = http_header_util.peek(state) # If |rest| is not None, |subprotocol| is not one token or invalid. If # |rest| is None, |token| must not be None because |subprotocol| is # concatenation of |token| and |rest| and is not None. if rest is not None: raise HandshakeException('Invalid non-token string in subprotocol ' 'name: %r' % rest) def parse_host_header(request): fields = request.headers_in[common.HOST_HEADER].split(':', 1) if len(fields) == 1: return fields[0], get_default_port(request.is_https()) try: return fields[0], int(fields[1]) except ValueError as e: raise HandshakeException('Invalid port number format: %r' % e) def get_mandatory_header(request, key): value = request.headers_in.get(key) if value is None: raise HandshakeException('Header %s is not defined' % key) return value def validate_mandatory_header(request, key, expected_value, fail_status=None): value = get_mandatory_header(request, key) if value.lower() != expected_value.lower(): raise HandshakeException( 'Expected %r for header %s but found %r (case-insensitive)' % (expected_value, key, value), status=fail_status) def parse_token_list(data): """Parses a header value which follows 1#token and returns parsed elements as a list of strings. Leading LWSes must be trimmed. """ state = http_header_util.ParsingState(data) token_list = [] while True: token = http_header_util.consume_token(state) if token is not None: token_list.append(token) http_header_util.consume_lwses(state) if http_header_util.peek(state) is None: break if not http_header_util.consume_string(state, ','): raise HandshakeException('Expected a comma but found %r' % http_header_util.peek(state)) http_header_util.consume_lwses(state) if len(token_list) == 0: raise HandshakeException('No valid token found') return token_list class HandshakerBase(object): def __init__(self, request, dispatcher): self._logger = util.get_class_logger(self) self._request = request self._dispatcher = dispatcher """ subclasses must implement the five following methods """ def _protocol_rfc(self): """ Return the name of the RFC that the handshake class is implementing. """ raise AssertionError("subclasses should implement this method") def _transform_header(self, header): """ :param header: header name transform the header name if needed. For example, HTTP/2 subclass will return the name of the header in lower case. """ raise AssertionError("subclasses should implement this method") def _validate_request(self): """ validate that all the mandatory fields are set """ raise AssertionError("subclasses should implement this method") def _set_accept(self): """ Computes accept value based on Sec-WebSocket-Accept if needed. """ raise AssertionError("subclasses should implement this method") def _send_handshake(self): """ Prepare and send the response after it has been parsed and processed. """ raise AssertionError("subclasses should implement this method") def do_handshake(self): self._request.ws_close_code = None self._request.ws_close_reason = None # Parsing. self._validate_request() self._request.ws_resource = self._request.uri self._request.ws_version = self._check_version() try: self._get_origin() self._set_protocol() self._parse_extensions() self._set_accept() self._logger.debug('Protocol version is ' + self._protocol_rfc()) # Setup extension processors. self._request.ws_extension_processors = self._get_extension_processors_requested( ) # List of extra headers. The extra handshake handler may add header # data as name/value pairs to this list and pywebsocket appends # them to the WebSocket handshake. self._request.extra_headers = [] # Extra handshake handler may modify/remove processors. self._dispatcher.do_extra_handshake(self._request) stream_options = StreamOptions() self._process_extensions(stream_options) self._request.ws_stream = Stream(self._request, stream_options) if self._request.ws_requested_protocols is not None: if self._request.ws_protocol is None: raise HandshakeException( 'do_extra_handshake must choose one subprotocol from ' 'ws_requested_protocols and set it to ws_protocol') validate_subprotocol(self._request.ws_protocol) self._logger.debug('Subprotocol accepted: %r', self._request.ws_protocol) else: if self._request.ws_protocol is not None: raise HandshakeException( 'ws_protocol must be None when the client didn\'t ' 'request any subprotocol') self._send_handshake() except HandshakeException as e: if not e.status: # Fallback to 400 bad request by default. e.status = common.HTTP_STATUS_BAD_REQUEST raise e def _check_version(self): sec_websocket_version_header = self._transform_header( common.SEC_WEBSOCKET_VERSION_HEADER) version = get_mandatory_header(self._request, sec_websocket_version_header) if version == _VERSION_LATEST_STRING: return _VERSION_LATEST if version.find(',') >= 0: raise HandshakeException( 'Multiple versions (%r) are not allowed for header %s' % (version, sec_websocket_version_header), status=common.HTTP_STATUS_BAD_REQUEST) raise VersionException('Unsupported version %r for header %s' % (version, sec_websocket_version_header), supported_versions=', '.join( map(str, _SUPPORTED_VERSIONS))) def _get_origin(self): origin_header = self._transform_header(common.ORIGIN_HEADER) origin = self._request.headers_in.get(origin_header) if origin is None: self._logger.debug('Client request does not have origin header') self._request.ws_origin = origin def _set_protocol(self): self._request.ws_protocol = None # MOZILLA self._request.sts = None # /MOZILLA sec_websocket_protocol_header = self._transform_header( common.SEC_WEBSOCKET_PROTOCOL_HEADER) protocol_header = self._request.headers_in.get( sec_websocket_protocol_header) if protocol_header is None: self._request.ws_requested_protocols = None return self._request.ws_requested_protocols = parse_token_list( protocol_header) self._logger.debug('Subprotocols requested: %r', self._request.ws_requested_protocols) def _parse_extensions(self): sec_websocket_extensions_header = self._transform_header( common.SEC_WEBSOCKET_EXTENSIONS_HEADER) extensions_header = self._request.headers_in.get( sec_websocket_extensions_header) if not extensions_header: self._request.ws_requested_extensions = None return try: self._request.ws_requested_extensions = common.parse_extensions( extensions_header) except common.ExtensionParsingException as e: raise HandshakeException( 'Failed to parse sec-websocket-extensions header: %r' % e) self._logger.debug( 'Extensions requested: %r', list( map(common.ExtensionParameter.name, self._request.ws_requested_extensions))) def _get_extension_processors_requested(self): processors = [] if self._request.ws_requested_extensions is not None: for extension_request in self._request.ws_requested_extensions: processor = get_extension_processor(extension_request) # Unknown extension requests are just ignored. if processor is not None: processors.append(processor) return processors def _process_extensions(self, stream_options): processors = [ processor for processor in self._request.ws_extension_processors if processor is not None ] # Ask each processor if there are extensions on the request which # cannot co-exist. When processor decided other processors cannot # co-exist with it, the processor marks them (or itself) as # "inactive". The first extension processor has the right to # make the final call. for processor in reversed(processors): if processor.is_active(): processor.check_consistency_with_other_processors(processors) processors = [ processor for processor in processors if processor.is_active() ] accepted_extensions = [] for index, processor in enumerate(processors): if not processor.is_active(): continue extension_response = processor.get_extension_response() if extension_response is None: # Rejected. continue accepted_extensions.append(extension_response) processor.setup_stream_options(stream_options) # Inactivate all of the following compression extensions. for j in range(index + 1, len(processors)): processors[j].set_active(False) if len(accepted_extensions) > 0: self._request.ws_extensions = accepted_extensions self._logger.debug( 'Extensions accepted: %r', list(map(common.ExtensionParameter.name, accepted_extensions))) else: self._request.ws_extensions = None # vi:sts=4 sw=4 et