tools/origin_trials/generate_token.py - chromium/src - Git at Google

 #!/usr/bin/env python
 # Copyright (c) 2016 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 """Utility for generating experimental API tokens

 usage: generate_token.py [-h] [--key-file KEY_FILE]
                          [--expire-days EXPIRE_DAYS |
                           --expire-timestamp EXPIRE_TIMESTAMP]
                          origin trial_name

 Run "generate_token.py -h" for more help on usage.
 """
 import argparse
 import base64
 import re
 import os
 import sys
 import time
 import urlparse

 script_dir = os.path.dirname(os.path.realpath(__file__))
 sys.path.insert(0, os.path.join(script_dir, 'third_party', 'ed25519'))
 import ed25519


 # Matches a valid DNS name label (alphanumeric plus hyphens, except at the ends,
 # no longer than 63 ASCII characters)
 DNS_LABEL_REGEX = re.compile(r"^(?!-)[a-z\d-]{1,63}(?<!-)$", re.IGNORECASE)

 def HostnameFromArg(arg):
   """Determines whether a string represents a valid hostname.

   Returns the canonical hostname if its argument is valid, or None otherwise.
   """
   if not arg or len(arg) > 255:
     return None
   if arg[-1] == ".":
     arg = arg[:-1]
   if all(DNS_LABEL_REGEX.match(label) for label in arg.split(".")):
     return arg.lower()

 def OriginFromArg(arg):
   """Constructs the origin for the token from a command line argument.

   Returns None if this is not possible (neither a valid hostname nor a
   valid origin URL was provided.)
   """
   # Does it look like a hostname?
   hostname = HostnameFromArg(arg)
   if hostname:
     return "https://" + hostname + ":443"
   # If not, try to construct an origin URL from the argument
   origin = urlparse.urlparse(arg)
   if not origin or not origin.scheme or not origin.netloc:
     raise argparse.ArgumentTypeError("%s is not a hostname or a URL" % arg)
   # HTTPS or HTTP only
   if origin.scheme not in ('https','http'):
     raise argparse.ArgumentTypeError("%s does not use a recognized URL scheme" %
                                      arg)
   # Add default port if it is not specified
   try:
     port = origin.port
   except ValueError:
     raise argparse.ArgumentTypeError("%s is not a hostname or a URL" % arg)
   if not port:
     port = {"https": 443, "http": 80}[origin.scheme]
   # Strip any extra components and return the origin URL:
   return "{0}://{1}:{2}".format(origin.scheme, origin.hostname, port)

 def ExpiryFromArgs(args):
   if args.expire_timestamp:
     return int(args.expire_timestamp)
   return (int(time.time()) + (int(args.expire_days) * 86400))

 def GenerateTokenData(origin, api_name, expiry):
   return "{0}|{1}|{2}".format(origin, api_name, expiry)

 def Sign(private_key, data):
   return ed25519.signature(data, private_key[:32], private_key[32:])

 def FormatToken(version, signature, data):
   return version + "|" + base64.b64encode(signature) + "|" + data

 def main():
   parser = argparse.ArgumentParser(
       description="Generate tokens for enabling experimental APIs")
   parser.add_argument("origin",
                       help="Origin for which to enable the API. This can be "
                            "either a hostname (default scheme HTTPS, default "
                            "port 443) or a URL.",
                       type=OriginFromArg)
   parser.add_argument("trial_name",
                       help="Feature to enable. The current list of "
                            "experimental feature trials can be found in "
                            "RuntimeFeatures.in")
   parser.add_argument("--key-file",
                       help="Ed25519 private key file to sign the token with",
                       default="eftest.key")
   expiry_group = parser.add_mutually_exclusive_group()
   expiry_group.add_argument("--expire-days",
                             help="Days from now when the token should exipire",
                             type=int,
                             default=42)
   expiry_group.add_argument("--expire-timestamp",
                             help="Exact time (seconds since 1970-01-01 "
                                  "00:00:00 UTC) when the token should exipire",
                             type=int)

   args = parser.parse_args()
   expiry = ExpiryFromArgs(args)

   key_file = open(os.path.expanduser(args.key_file), mode="rb")
   private_key = key_file.read(64)

   # Validate that the key file read was a proper Ed25519 key -- running the
   # publickey method on the first half of the key should return the second
   # half.
   if (len(private_key) < 64 or
     ed25519.publickey(private_key[:32]) != private_key[32:]):
     print("Unable to use the specified private key file.")
     sys.exit(1)

   token_data = GenerateTokenData(args.origin, args.trial_name, expiry)
   signature = Sign(private_key, token_data)

   # Verify that that the signature is correct before printing it.
   try:
     ed25519.checkvalid(signature, token_data, private_key[32:])
   except Exception, exc:
     print "There was an error generating the signature."
     print "(The original error was: %s)" % exc
     sys.exit(1)

   # Output a properly-formatted token. Version 1 is hard-coded, as it is
   # the only defined token version.
   print FormatToken("1", signature, token_data)

 if __name__ == "__main__":
   main()
	#!/usr/bin/env python
	# Copyright (c) 2016 The Chromium Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	"""Utility for generating experimental API tokens

	usage: generate_token.py [-h] [--key-file KEY_FILE]
	[--expire-days EXPIRE_DAYS \|
	--expire-timestamp EXPIRE_TIMESTAMP]
	origin trial_name

	Run "generate_token.py -h" for more help on usage.
	"""
	import argparse
	import base64
	import re
	import os
	import sys
	import time
	import urlparse

	script_dir = os.path.dirname(os.path.realpath(__file__))
	sys.path.insert(0, os.path.join(script_dir, 'third_party', 'ed25519'))
	import ed25519


	# Matches a valid DNS name label (alphanumeric plus hyphens, except at the ends,
	# no longer than 63 ASCII characters)
	DNS_LABEL_REGEX = re.compile(r"^(?!-)[a-z\d-]{1,63}(?<!-)$", re.IGNORECASE)

	def HostnameFromArg(arg):
	"""Determines whether a string represents a valid hostname.

	Returns the canonical hostname if its argument is valid, or None otherwise.
	"""
	if not arg or len(arg) > 255:
	return None
	if arg[-1] == ".":
	arg = arg[:-1]
	if all(DNS_LABEL_REGEX.match(label) for label in arg.split(".")):
	return arg.lower()

	def OriginFromArg(arg):
	"""Constructs the origin for the token from a command line argument.

	Returns None if this is not possible (neither a valid hostname nor a
	valid origin URL was provided.)
	"""
	# Does it look like a hostname?
	hostname = HostnameFromArg(arg)
	if hostname:
	return "https://" + hostname + ":443"
	# If not, try to construct an origin URL from the argument
	origin = urlparse.urlparse(arg)
	if not origin or not origin.scheme or not origin.netloc:
	raise argparse.ArgumentTypeError("%s is not a hostname or a URL" % arg)
	# HTTPS or HTTP only
	if origin.scheme not in ('https','http'):
	raise argparse.ArgumentTypeError("%s does not use a recognized URL scheme" %
	arg)
	# Add default port if it is not specified
	try:
	port = origin.port
	except ValueError:
	raise argparse.ArgumentTypeError("%s is not a hostname or a URL" % arg)
	if not port:
	port = {"https": 443, "http": 80}[origin.scheme]
	# Strip any extra components and return the origin URL:
	return "{0}://{1}:{2}".format(origin.scheme, origin.hostname, port)

	def ExpiryFromArgs(args):
	if args.expire_timestamp:
	return int(args.expire_timestamp)
	return (int(time.time()) + (int(args.expire_days) * 86400))

	def GenerateTokenData(origin, api_name, expiry):
	return "{0}\|{1}\|{2}".format(origin, api_name, expiry)

	def Sign(private_key, data):
	return ed25519.signature(data, private_key[:32], private_key[32:])

	def FormatToken(version, signature, data):
	return version + "\|" + base64.b64encode(signature) + "\|" + data

	def main():
	parser = argparse.ArgumentParser(
	description="Generate tokens for enabling experimental APIs")
	parser.add_argument("origin",
	help="Origin for which to enable the API. This can be "
	"either a hostname (default scheme HTTPS, default "
	"port 443) or a URL.",
	type=OriginFromArg)
	parser.add_argument("trial_name",
	help="Feature to enable. The current list of "
	"experimental feature trials can be found in "
	"RuntimeFeatures.in")
	parser.add_argument("--key-file",
	help="Ed25519 private key file to sign the token with",
	default="eftest.key")
	expiry_group = parser.add_mutually_exclusive_group()
	expiry_group.add_argument("--expire-days",
	help="Days from now when the token should exipire",
	type=int,
	default=42)
	expiry_group.add_argument("--expire-timestamp",
	help="Exact time (seconds since 1970-01-01 "
	"00:00:00 UTC) when the token should exipire",
	type=int)

	args = parser.parse_args()
	expiry = ExpiryFromArgs(args)

	key_file = open(os.path.expanduser(args.key_file), mode="rb")
	private_key = key_file.read(64)

	# Validate that the key file read was a proper Ed25519 key -- running the
	# publickey method on the first half of the key should return the second
	# half.
	if (len(private_key) < 64 or
	ed25519.publickey(private_key[:32]) != private_key[32:]):
	print("Unable to use the specified private key file.")
	sys.exit(1)

	token_data = GenerateTokenData(args.origin, args.trial_name, expiry)
	signature = Sign(private_key, token_data)

	# Verify that that the signature is correct before printing it.
	try:
	ed25519.checkvalid(signature, token_data, private_key[32:])
	except Exception, exc:
	print "There was an error generating the signature."
	print "(The original error was: %s)" % exc
	sys.exit(1)

	# Output a properly-formatted token. Version 1 is hard-coded, as it is
	# the only defined token version.
	print FormatToken("1", signature, token_data)

	if __name__ == "__main__":
	main()