Change origin trial token format

tools/origin_trials/generate_token.py

 #!/usr/bin/env python
 # Copyright (c) 2016 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """Utility for generating experimental API tokens

[chasej, 2016/04/07 15:52:30]

Nit: There are a couple usages of "API" instead of "feature" in this file.
Ideally, this would be consistent throughout.

 
 usage: generate_token.py [-h] [--key-file KEY_FILE]
                          [--expire-days EXPIRE_DAYS |
                           --expire-timestamp EXPIRE_TIMESTAMP]
                          origin trial_name
 
 Run "generate_token.py -h" for more help on usage.
 """
 import argparse
 import base64
+import json
 import re
 import os
+import struct
 import sys
 import time
 import urlparse
 
 script_dir = os.path.dirname(os.path.realpath(__file__))
 sys.path.insert(0, os.path.join(script_dir, 'third_party', 'ed25519'))
 import ed25519
 
 
 # Matches a valid DNS name label (alphanumeric plus hyphens, except at the ends,
 # no longer than 63 ASCII characters)
 DNS_LABEL_REGEX = re.compile(r"^(?!-)[a-z\d-]{1,63}(?<!-)$", re.IGNORECASE)
 
+# This script generates Version 1 tokens
+VERSION = "\x01"
+
 def HostnameFromArg(arg):
   """Determines whether a string represents a valid hostname.
 
   Returns the canonical hostname if its argument is valid, or None otherwise.
   """
   if not arg or len(arg) > 255:
     return None
   if arg[-1] == ".":
     arg = arg[:-1]
   if all(DNS_LABEL_REGEX.match(label) for label in arg.split(".")):
@@ skipping 25 matching lines @@
   if not port:
     port = {"https": 443, "http": 80}[origin.scheme]
   # Strip any extra components and return the origin URL:
   return "{0}://{1}:{2}".format(origin.scheme, origin.hostname, port)
 
 def ExpiryFromArgs(args):
   if args.expire_timestamp:
     return int(args.expire_timestamp)
   return (int(time.time()) + (int(args.expire_days) * 86400))
 
 def GenerateTokenData(origin, api_name, expiry):

[chasej, 2016/04/07 15:52:30]

Ditto for "API" vs "feature".

-  return "{0}|{1}|{2}".format(origin, api_name, expiry)
+  return json.dumps({"origin": origin,
+                     "feature": api_name,
+                     "expiry": expiry}).encode('utf-8')
+
+def GenerateDataToSign(version, data):
+  return version + struct.pack(">I",len(data)) + data
 
 def Sign(private_key, data):
   return ed25519.signature(data, private_key[:32], private_key[32:])
 
 def FormatToken(version, signature, data):
-  return version + "|" + base64.b64encode(signature) + "|" + data
+  return base64.b64encode(version + signature +
+                          struct.pack(">I",len(data)) + data)

[chasej, 2016/04/07 15:52:30]

Nit: Could pull out the logic to pack the length + data into a separate
function, e.g. GeneratePayload(). I had to look twice before I realized that
GenerateTokenData() and FormatToken() weren't exactly the same. I think that
would make the differences between the functions clearer (in addition to the DRY
micro-improvement).

 
 def main():
   parser = argparse.ArgumentParser(
       description="Generate tokens for enabling experimental APIs")

[chasej, 2016/04/07 15:52:30]

Ditto for "API" vs "feature".

   parser.add_argument("origin",
                       help="Origin for which to enable the API. This can be "

[chasej, 2016/04/07 15:52:30]

Ditto for "API" vs "feature".

                            "either a hostname (default scheme HTTPS, default "
                            "port 443) or a URL.",
                       type=OriginFromArg)
   parser.add_argument("trial_name",
                       help="Feature to enable. The current list of "
                            "experimental feature trials can be found in "
                            "RuntimeFeatures.in")
   parser.add_argument("--key-file",
                       help="Ed25519 private key file to sign the token with",
                       default="eftest.key")
@@ skipping 15 matching lines @@
 
   # Validate that the key file read was a proper Ed25519 key -- running the
   # publickey method on the first half of the key should return the second
   # half.
   if (len(private_key) < 64 or
     ed25519.publickey(private_key[:32]) != private_key[32:]):
     print("Unable to use the specified private key file.")
     sys.exit(1)
 
   token_data = GenerateTokenData(args.origin, args.trial_name, expiry)
-  signature = Sign(private_key, token_data)
+  data_to_sign = GenerateDataToSign(VERSION, token_data)
+  signature = Sign(private_key, data_to_sign)

[chasej, 2016/04/07 15:52:30]

Nit: Add a comment linking to the design doc somewhere here/in this file. I
think that would help explain what the code is doing.

 
   # Verify that that the signature is correct before printing it.
   try:
-    ed25519.checkvalid(signature, token_data, private_key[32:])
+    ed25519.checkvalid(signature, data_to_sign, private_key[32:])
   except Exception, exc:
     print "There was an error generating the signature."
     print "(The original error was: %s)" % exc
     sys.exit(1)
 
   # Output a properly-formatted token. Version 1 is hard-coded, as it is
   # the only defined token version.
-  print FormatToken("1", signature, token_data)
+  print FormatToken(VERSION, signature, token_data)
 
 if __name__ == "__main__":
   main()