Index: net/tools/testserver/testserver.py |
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py |
index 7919f87b8f079dea4fd00546bae5a2c1c3cfbace..1ed7bf0b557ce50dc07c19d7306a879b5f0002a4 100755 |
--- a/net/tools/testserver/testserver.py |
+++ b/net/tools/testserver/testserver.py |
@@ -340,6 +340,7 @@ class TestPageHandler(testserver_base.BasePageHandler): |
self.GetSSLSessionCacheHandler, |
self.SSLManySmallRecords, |
self.GetChannelID, |
+ self.GetTokenBindingEKM, |
self.GetClientCert, |
self.ClientCipherListHandler, |
self.CloseSocketHandler, |
@@ -1517,6 +1518,22 @@ class TestPageHandler(testserver_base.BasePageHandler): |
self.wfile.write(hashlib.sha256(channel_id).digest().encode('base64')) |
return True |
+ def GetTokenBindingEKM(self): |
+ """Send a reply containing the EKM value for token binding from the TLS |
+ layer.""" |
+ |
+ if not self._ShouldHandleRequest('/tokbind-ekm'): |
+ return False |
+ |
+ ekm = self.server.tlsConnection.session.exportKeyingMaterial( |
+ self.server.tlsConnection.version, "EXPORTER-Token-Binding", "", |
+ False, 32) |
+ self.send_response(200) |
+ self.send_header('Content-Type', 'application/octet-stream') |
+ self.end_headers() |
+ self.wfile.write(ekm) |
+ return True |
+ |
def GetClientCert(self): |
"""Send a reply whether a client certificate was provided.""" |