Implement referred Token Bindings
As described in https://tools.ietf.org/html/draft-ietf-tokbind-https-02: when
a server sends the 'Include-Referer-Token-Binding-ID' header on a redirect
response, the client will include the TokenBindingID from the referrer in its
request to the new location in the redirect. If either connection does not
have Token Binding enabled, then this has no effect.
BUG=467312
Review URL: https://codereview.chromium.org/1781003003
Cr-Original-Commit-Position: refs/heads/master@{#384134}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: d6e658265a6a3baa7cd7befecb24b12acb181047
diff --git a/testserver.py b/testserver.py
index fe57a54..ba130af 100755
--- a/testserver.py
+++ b/testserver.py
@@ -341,6 +341,7 @@
self.SSLManySmallRecords,
self.GetChannelID,
self.GetTokenBindingEKM,
+ self.ForwardTokenBindingHeader,
self.GetClientCert,
self.ClientCipherListHandler,
self.CloseSocketHandler,
@@ -1532,6 +1533,26 @@
self.wfile.write(ekm)
return True
+ def ForwardTokenBindingHeader(self):
+ """Send a redirect that sets the Include-Referer-Token-Binding-ID
+ header."""
+
+ test_name = '/forward-tokbind'
+ if not self._ShouldHandleRequest(test_name):
+ return False
+
+ query_char = self.path.find('?')
+ if query_char < 0 or len(self.path) <= query_char + 1:
+ self.sendRedirectHelp(test_name)
+ return True
+ dest = urllib.unquote(self.path[query_char + 1:])
+
+ self.send_response(302)
+ self.send_header('Location', dest)
+ self.send_header('Include-Referer-Token-Binding-ID', 'true')
+ self.end_headers()
+ return True
+
def GetClientCert(self):
"""Send a reply whether a client certificate was provided."""