Index: net/tools/testserver/testserver.py |
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py |
index 15317657d08b65cb102aaa2897340b09aa5a15b5..fe57a54c1717861f819bc7060d83bebb7a4562e2 100755 |
--- a/net/tools/testserver/testserver.py |
+++ b/net/tools/testserver/testserver.py |
@@ -340,6 +340,7 @@ class TestPageHandler(testserver_base.BasePageHandler): |
self.GetSSLSessionCacheHandler, |
self.SSLManySmallRecords, |
self.GetChannelID, |
+ self.GetTokenBindingEKM, |
self.GetClientCert, |
self.ClientCipherListHandler, |
self.CloseSocketHandler, |
@@ -1516,6 +1517,21 @@ class TestPageHandler(testserver_base.BasePageHandler): |
self.wfile.write(hashlib.sha256(channel_id).digest().encode('base64')) |
return True |
+ def GetTokenBindingEKM(self): |
+ """Send a reply containing the EKM value for token binding from the TLS |
+ layer.""" |
+ |
+ if not self._ShouldHandleRequest('/tokbind-ekm'): |
+ return False |
+ |
+ ekm = self.server.tlsConnection.exportKeyingMaterial( |
+ "EXPORTER-Token-Binding", "", False, 32) |
+ self.send_response(200) |
+ self.send_header('Content-Type', 'application/octet-stream') |
+ self.end_headers() |
+ self.wfile.write(ekm) |
+ return True |
+ |
def GetClientCert(self): |
"""Send a reply whether a client certificate was provided.""" |