tahoe-lafs/src/allmydata/storage/http_common.py

"""
Common HTTP infrastructure for the storge server.
"""

from enum import Enum
from base64 import urlsafe_b64encode, b64encode
from hashlib import sha256
from typing import Optional

from cryptography.x509 import Certificate
from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat

from werkzeug.http import parse_options_header
from twisted.web.http_headers import Headers

CBOR_MIME_TYPE = "application/cbor"


def get_content_type(headers: Headers) -> Optional[str]:
    """
    Get the content type from the HTTP ``Content-Type`` header.

    Returns ``None`` if no content-type was set.
    """
    values = headers.getRawHeaders("content-type") or [None]
    content_type = parse_options_header(values[0])[0] or None
    return content_type


def swissnum_auth_header(swissnum: bytes) -> bytes:
    """Return value for ``Authentication`` header."""
    return b"Tahoe-LAFS " + b64encode(swissnum).strip()


class Secrets(Enum):
    """Different kinds of secrets the client may send."""

    LEASE_RENEW = "lease-renew-secret"
    LEASE_CANCEL = "lease-cancel-secret"
    UPLOAD = "upload-secret"
    WRITE_ENABLER = "write-enabler"


def get_spki_hash(certificate: Certificate) -> bytes:
    """
    Get the public key hash, as per RFC 7469: base64 of sha256 of the public
    key encoded in DER + Subject Public Key Info format.

    We use the URL-safe base64 variant, since this is typically found in NURLs.
    """
    public_key_bytes = certificate.public_key().public_bytes(
        Encoding.DER, PublicFormat.SubjectPublicKeyInfo
    )
    return urlsafe_b64encode(sha256(public_key_bytes).digest()).strip().rstrip(b"=")
Reorganize into shared file. 2022-01-06 17:36:46 +00:00			`"""`
			`Common HTTP infrastructure for the storge server.`
			`"""`

			`from enum import Enum`
Switch to URL-safe base64 for SPKI hash, for nicer usage in NURLs. 2022-04-06 13:37:18 +00:00			`from base64 import urlsafe_b64encode, b64encode`
Function for getting SPKI hash. 2022-03-02 15:35:41 +00:00			`from hashlib import sha256`
Switch to shared utility so server can use it too. 2022-03-14 15:09:40 +00:00			`from typing import Optional`
Function for getting SPKI hash. 2022-03-02 15:35:41 +00:00
			`from cryptography.x509 import Certificate`
			`from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat`
Reorganize into shared file. 2022-01-06 17:36:46 +00:00
Switch to shared utility so server can use it too. 2022-03-14 15:09:40 +00:00			`from werkzeug.http import parse_options_header`
			`from twisted.web.http_headers import Headers`

Use a constant. 2022-03-14 15:18:53 +00:00			`CBOR_MIME_TYPE = "application/cbor"`

Switch to shared utility so server can use it too. 2022-03-14 15:09:40 +00:00
			`def get_content_type(headers: Headers) -> Optional[str]:`
			`"""`
			Get the content type from the HTTP ``Content-Type`` header.

			Returns ``None`` if no content-type was set.
			`"""`
			`values = headers.getRawHeaders("content-type") or [None]`
			`content_type = parse_options_header(values[0])[0] or None`
			`return content_type`
Reorganize into shared file. 2022-01-06 17:36:46 +00:00

Minor type annotation improvements. 2022-04-14 15:45:47 +00:00			`def swissnum_auth_header(swissnum: bytes) -> bytes:`
Reorganize into shared file. 2022-01-06 17:36:46 +00:00			"""Return value for ``Authentication`` header."""
			`return b"Tahoe-LAFS " + b64encode(swissnum).strip()`


			`class Secrets(Enum):`
			`"""Different kinds of secrets the client may send."""`

			`LEASE_RENEW = "lease-renew-secret"`
			`LEASE_CANCEL = "lease-cancel-secret"`
			`UPLOAD = "upload-secret"`
Sketch of server-side read-test-write endpoint. 2022-04-15 13:08:16 +00:00			`WRITE_ENABLER = "write-enabler"`
Function for getting SPKI hash. 2022-03-02 15:35:41 +00:00

			`def get_spki_hash(certificate: Certificate) -> bytes:`
			`"""`
			`Get the public key hash, as per RFC 7469: base64 of sha256 of the public`
			`key encoded in DER + Subject Public Key Info format.`
Switch to URL-safe base64 for SPKI hash, for nicer usage in NURLs. 2022-04-06 13:37:18 +00:00
			`We use the URL-safe base64 variant, since this is typically found in NURLs.`
Function for getting SPKI hash. 2022-03-02 15:35:41 +00:00			`"""`
			`public_key_bytes = certificate.public_key().public_bytes(`
			`Encoding.DER, PublicFormat.SubjectPublicKeyInfo`
			`)`
Switch to URL-safe base64 for SPKI hash, for nicer usage in NURLs. 2022-04-06 13:37:18 +00:00			`return urlsafe_b64encode(sha256(public_key_bytes).digest()).strip().rstrip(b"=")`