Set Token-Binding HTTP header

net/tools/testserver/testserver.py

Index: net/tools/testserver/testserver.py
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index 7919f87b8f079dea4fd00546bae5a2c1c3cfbace..1ed7bf0b557ce50dc07c19d7306a879b5f0002a4 100755
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -340,6 +340,7 @@ class TestPageHandler(testserver_base.BasePageHandler):
       self.GetSSLSessionCacheHandler,
       self.SSLManySmallRecords,
       self.GetChannelID,
+      self.GetTokenBindingEKM,
       self.GetClientCert,
       self.ClientCipherListHandler,
       self.CloseSocketHandler,
@@ -1517,6 +1518,22 @@ class TestPageHandler(testserver_base.BasePageHandler):
     self.wfile.write(hashlib.sha256(channel_id).digest().encode('base64'))
     return True
 
+  def GetTokenBindingEKM(self):
+    """Send a reply containing the EKM value for token binding from the TLS
+    layer."""
+
+    if not self._ShouldHandleRequest('/tokbind-ekm'):
+      return False
+
+    ekm = self.server.tlsConnection.session.exportKeyingMaterial(
+        self.server.tlsConnection.version, "EXPORTER-Token-Binding", "",
+        False, 32)
+    self.send_response(200)
+    self.send_header('Content-Type', 'application/octet-stream')
+    self.end_headers()
+    self.wfile.write(ekm)
+    return True
+
   def GetClientCert(self):
     """Send a reply whether a client certificate was provided."""