1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
|
from http.server import HTTPServer, BaseHTTPRequestHandler
from exc.server_error import ServerError, AuthError, NoBodyServerError
from socketserver import BaseServer
from posixpath import basename, splitext
from base64 import b64encode
from random import random
from hashlib import md5
import threading
import socket
import os
class StoppableHTTPServer(HTTPServer):
""" This class extends the HTTPServer class from default http.server library
in Python 3. The StoppableHTTPServer class is capable of starting an HTTP
server that serves a virtual set of files made by the WgetFile class and
has most of its properties configurable through the server_conf()
method. """
request_headers = list()
""" Define methods for configuring the Server. """
def server_conf(self, filelist, conf_dict):
""" Set Server Rules and File System for this instance. """
self.server_configs = conf_dict
self.fileSys = filelist
def get_req_headers(self):
return self.request_headers
class HTTPSServer(StoppableHTTPServer):
""" The HTTPSServer class extends the StoppableHTTPServer class with
additional support for secure connections through SSL. """
def __init__(self, address, handler):
import ssl
BaseServer.__init__(self, address, handler)
# step one up because test suite change directory away from $srcdir
# (don't do that !!!)
CERTFILE = os.path.abspath(os.path.join('..',
os.getenv('srcdir', '.'),
'certs',
'server-cert.pem'))
KEYFILE = os.path.abspath(os.path.join('..',
os.getenv('srcdir', '.'),
'certs',
'server-key.pem'))
ctx = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_SERVER)
ctx.load_cert_chain(CERTFILE, KEYFILE)
self.socket = ctx.wrap_socket(
sock=socket.socket(self.address_family, self.socket_type),
server_side=True
)
self.server_bind()
self.server_activate()
class _Handler(BaseHTTPRequestHandler):
""" This is a private class which tells the server *HOW* to handle each
request. For each HTTP Request Command that the server should be capable of
responding to, there must exist a do_REQUESTNAME() method which details the
steps in which such requests should be processed. The rest of the methods
in this class are auxiliary methods created to help in processing certain
requests. """
def get_rule_list(self, name):
return self.rules.get(name)
# The default protocol version of the server we run is HTTP/1.1 not
# HTTP/1.0 which is the default with the http.server module.
protocol_version = 'HTTP/1.1'
""" Define functions for various HTTP Requests. """
def do_HEAD(self):
self.send_head("HEAD")
def do_GET(self):
""" Process HTTP GET requests. This is the same as processing HEAD
requests and then actually transmitting the data to the client. If
send_head() does not specify any "start" offset, we send the complete
data, else transmit only partial data. """
content, start = self.send_head("GET")
if content:
if start is None:
self.wfile.write(content.encode('utf-8'))
else:
self.wfile.write(content.encode('utf-8')[start:])
def do_POST(self):
""" According to RFC 7231 sec 4.3.3, if the resource requested in a POST
request does not exist on the server, the first POST request should
create that resource. PUT requests are otherwise used to create a
resource. Hence, we call the handle for processing PUT requests if the
resource requested does not already exist.
Currently, when the server receives a POST request for a resource, we
simply append the body data to the existing file and return the new
file to the client. If the file does not exist, a new file is created
using the contents of the request body. """
path = self.path[1:]
if path in self.server.fileSys:
self.rules = self.server.server_configs.get(path)
if not self.rules:
self.rules = dict()
if not self.custom_response():
return(None, None)
body_data = self.get_body_data()
self.send_response(200)
self.add_header("Content-type", "text/plain")
content = self.server.fileSys.pop(path) + "\n" + body_data
total_length = len(content)
self.server.fileSys[path] = content
self.add_header("Content-Length", total_length)
self.add_header("Location", self.path)
self.finish_headers()
try:
self.wfile.write(content.encode('utf-8'))
except Exception:
pass
else:
self.send_put(path)
def do_PUT(self):
path = self.path[1:]
self.rules = self.server.server_configs.get(path)
if not self.custom_response():
return(None, None)
self.send_put(path)
""" End of HTTP Request Method Handlers. """
""" Helper functions for the Handlers. """
def parse_range_header(self, header_line, length):
import re
if header_line is None:
return None
if not header_line.startswith("bytes="):
raise ServerError("Cannot parse header Range: %s" %
(header_line))
regex = re.match(r"^bytes=(\d*)\-$", header_line)
range_start = int(regex.group(1))
if range_start >= length:
raise ServerError("Range Overflow")
return range_start
def get_body_data(self):
cLength_header = self.headers.get("Content-Length")
cLength = int(cLength_header) if cLength_header is not None else 0
body_data = self.rfile.read(cLength).decode('utf-8')
return body_data
def send_put(self, path):
if path in self.server.fileSys:
self.server.fileSys.pop(path, None)
self.send_response(204)
else:
self.rules = dict()
self.send_response(201)
body_data = self.get_body_data()
self.server.fileSys[path] = body_data
self.add_header("Location", self.path)
self.finish_headers()
""" This empty method is called automatically when all the rules are
processed for a given request. However, send_header() should only be called
AFTER a response has been sent. But, at the moment of processing the rules,
the appropriate response has not yet been identified. As a result, we defer
the processing of this rule till later. Each do_* request handler MUST call
finish_headers() instead of end_headers(). The finish_headers() method
takes care of sending the appropriate headers before completing the
response. """
def SendHeader(self, header_obj):
pass
def send_cust_headers(self):
header_obj = self.get_rule_list('SendHeader')
if header_obj:
for header in header_obj.headers:
self.add_header(header, header_obj.headers[header])
def finish_headers(self):
self.send_cust_headers()
try:
for keyword, value in self._headers_dict.items():
if isinstance(value, list):
for value_el in value:
self.send_header(keyword, value_el)
else:
self.send_header(keyword, value)
# Clear the dictionary of existing headers for the next request
self._headers_dict.clear()
except AttributeError:
pass
self.end_headers()
def Response(self, resp_obj):
self.send_response(resp_obj.response_code)
if resp_obj.response_code == 304:
raise NoBodyServerError("Conditional get falling to head")
raise ServerError("Custom Response code sent.")
def custom_response(self):
codes = self.get_rule_list('Response')
if codes:
self.send_response(codes.response_code)
self.finish_headers()
return False
else:
return True
def add_header(self, keyword, value):
if not hasattr(self, "_headers_dict"):
self._headers_dict = dict()
self._headers_dict[keyword.lower()] = value
def base64(self, data):
string = b64encode(data.encode('utf-8'))
return string.decode('utf-8')
""" Send an authentication challenge.
This method calls self.send_header() directly instead of using the
add_header() method because sending multiple WWW-Authenticate headers
actually makes sense and we do use that feature in some tests. """
def send_challenge(self, auth_type, auth_parm):
auth_type = auth_type.lower()
if auth_type == "both":
self.send_challenge("basic", auth_parm)
self.send_challenge("digest", auth_parm)
return
if auth_type == "basic":
challenge_str = 'BasIc realm="Wget-Test"'
elif auth_type == "digest" or auth_type == "both_inline":
self.nonce = md5(str(random()).encode('utf-8')).hexdigest()
self.opaque = md5(str(random()).encode('utf-8')).hexdigest()
# 'DIgest' to provoke a Wget failure with turkish locales
challenge_str = 'DIgest realm="Test", nonce="%s", opaque="%s"' % (
self.nonce,
self.opaque)
try:
if auth_parm['qop']:
challenge_str += ', qop="%s"' % auth_parm['qop']
except KeyError:
pass
if auth_type == "both_inline":
# 'BasIc' to provoke a Wget failure with turkish locales
challenge_str = 'BasIc realm="Wget-Test", ' + challenge_str
self.send_header("WWW-Authenticate", challenge_str)
def authorize_basic(self, auth_header, auth_rule):
if auth_header is None or auth_header.split(' ')[0].lower() != 'basic':
return False
else:
self.user = auth_rule.auth_user
self.passw = auth_rule.auth_pass
auth_str = "basic " + self.base64(self.user + ":" + self.passw)
return True if auth_str.lower() == auth_header.lower() else False
def parse_auth_header(self, auth_header):
n = len("digest ")
auth_header = auth_header[n:].strip()
items = auth_header.split(", ")
keyvals = [i.split("=", 1) for i in items]
keyvals = [(k.strip(), v.strip().replace('"', '')) for k, v in keyvals]
return dict(keyvals)
def KD(self, secret, data):
return self.H(secret + ":" + data)
def H(self, data):
return md5(data.encode('utf-8')).hexdigest()
def A1(self):
return "%s:%s:%s" % (self.user, "Test", self.passw)
def A2(self, params):
return "%s:%s" % (self.command, params["uri"])
def check_response(self, params):
if "qop" in params:
data_str = params['nonce'] \
+ ":" + params['nc'] \
+ ":" + params['cnonce'] \
+ ":" + params['qop'] \
+ ":" + self.H(self.A2(params))
else:
data_str = params['nonce'] + ":" + self.H(self.A2(params))
resp = self.KD(self.H(self.A1()), data_str)
return True if resp == params['response'] else False
def authorize_digest(self, auth_header, auth_rule):
if auth_header is None or \
auth_header.split(' ')[0].lower() != 'digest':
return False
else:
self.user = auth_rule.auth_user
self.passw = auth_rule.auth_pass
params = self.parse_auth_header(auth_header)
if self.user != params['username'] or \
self.nonce != params['nonce'] or \
self.opaque != params['opaque']:
return False
req_attribs = ['username', 'realm', 'nonce', 'uri', 'response']
for attrib in req_attribs:
if attrib not in params:
return False
if not self.check_response(params):
return False
def authorize_both(self, auth_header, auth_rule):
return False
def authorize_both_inline(self, auth_header, auth_rule):
return False
def Authentication(self, auth_rule):
try:
self.handle_auth(auth_rule)
except AuthError as se:
self.send_response(401, "Authorization Required")
self.send_challenge(auth_rule.auth_type, auth_rule.auth_parm)
raise se
def handle_auth(self, auth_rule):
is_auth = True
auth_header = self.headers.get("Authorization")
required_auth = auth_rule.auth_type.lower()
if required_auth == "both" or required_auth == "both_inline":
if auth_header:
auth_type = auth_header.split(' ')[0].lower()
else:
auth_type = required_auth
else:
auth_type = required_auth
try:
assert hasattr(self, "authorize_" + auth_type)
is_auth = getattr(self, "authorize_" + auth_type)(auth_header,
auth_rule)
except AssertionError:
raise AuthError("Authentication Mechanism %s not supported" %
auth_type)
except AttributeError as ae:
raise AuthError(ae.__str__())
if is_auth is False:
raise AuthError("Unable to Authenticate")
def ExpectHeader(self, header_obj):
exp_headers = header_obj.headers
for header_line in exp_headers:
header_recd = self.headers.get(header_line)
if header_recd is None or header_recd != exp_headers[header_line]:
self.send_error(400, "Expected Header %s not found" %
header_line)
raise ServerError("Header " + header_line + " not found")
def RejectHeader(self, header_obj):
rej_headers = header_obj.headers
for header_line in rej_headers:
header_recd = self.headers.get(header_line)
if header_recd and header_recd == rej_headers[header_line]:
self.send_error(400, 'Blacklisted Header %s received' %
header_line)
raise ServerError("Header " + header_line + ' received')
def __log_request(self, method):
req = method + " " + self.path
self.server.request_headers.append(req)
def send_head(self, method):
""" Common code for GET and HEAD Commands.
This method is overridden to use the fileSys dict.
The method variable contains whether this was a HEAD or a GET Request.
According to RFC 2616, the server should not differentiate between
the two requests, however, we use it here for a specific test.
"""
if self.path == "/":
path = "index.html"
else:
path = self.path[1:]
self.__log_request(method)
if path in self.server.fileSys:
self.rules = self.server.server_configs.get(path)
content = self.server.fileSys.get(path)
content_length = len(content)
for rule_name in self.rules:
try:
assert hasattr(self, rule_name)
getattr(self, rule_name)(self.rules[rule_name])
except AssertionError as ae:
msg = "Rule " + rule_name + " not defined"
self.send_error(500, msg)
return(None, None)
except AuthError as ae:
print(ae.__str__())
self.finish_headers()
return(None, None)
except NoBodyServerError as nbse:
print(nbse.__str__())
self.finish_headers()
return(None, None)
except ServerError as se:
print(se.__str__())
self.add_header("Content-Length", content_length)
self.finish_headers()
return(content, None)
try:
self.range_begin = self.parse_range_header(
self.headers.get("Range"), content_length)
except ServerError as ae:
# self.log_error("%s", ae.err_message)
if ae.err_message == "Range Overflow":
try:
self.overflows += 1
except AttributeError as s:
self.overflows = 0
self.send_response(416)
if self.overflows > 0:
self.add_header("Content-Length", 17)
self.finish_headers()
if self.overflows > 0:
return("Range Unsatisfied", 0)
return(None, None)
else:
self.range_begin = None
if self.range_begin is None:
self.send_response(200)
else:
self.send_response(206)
self.add_header("Accept-Ranges", "bytes")
self.add_header("Content-Range",
"bytes %d-%d/%d" % (self.range_begin,
content_length - 1,
content_length))
content_length -= self.range_begin
cont_type = self.guess_type(path)
self.add_header("Content-Type", cont_type)
self.add_header("Content-Length", content_length)
self.finish_headers()
return(content, self.range_begin)
else:
self.send_error(404, "Not Found")
return(None, None)
def guess_type(self, path):
base_name = basename("/" + path)
name, ext = splitext(base_name)
extension_map = {
".txt": "text/plain",
".css": "text/css",
".html": "text/html"
}
return extension_map.get(ext, "text/plain")
class HTTPd(threading.Thread):
server_class = StoppableHTTPServer
handler = _Handler
def __init__(self, addr=None):
threading.Thread.__init__(self)
if addr is None:
addr = ('localhost', 0)
self.server_inst = self.server_class(addr, self.handler)
self.server_address = self.server_inst.socket.getsockname()[:2]
def run(self):
self.server_inst.serve_forever()
def server_conf(self, file_list, server_rules):
self.server_inst.server_conf(file_list, server_rules)
class HTTPSd(HTTPd):
server_class = HTTPSServer
# vim: set ts=4 sts=4 sw=4 tw=79 et :
|
