Validate origins when generating subdomain tokens

tools/origin_trials/generate_token.py

Index: tools/origin_trials/generate_token.py
diff --git a/tools/origin_trials/generate_token.py b/tools/origin_trials/generate_token.py
index a79f169234b01b78da36485504799b2302ae6c1a..c034e2f2cc8ee4723206896b4d81942b4bc095ff 100755
--- a/tools/origin_trials/generate_token.py
+++ b/tools/origin_trials/generate_token.py
@@ -20,6 +20,7 @@ import json
 import re
 import os
 import struct
+import subprocess
 import sys
 import time
 import urlparse
@@ -39,6 +40,9 @@ VERSION = "\x02"
 # Default key file, relative to script_dir.
 DEFAULT_KEY_FILE = 'eftest.key'
 
+# Default location of validate subdomain utility, relative to script_dir.
+DEFAULT_TARGET_PATH = '../../out/Default/'
+
 def HostnameFromArg(arg):
   """Determines whether a string represents a valid hostname.
 
@@ -86,6 +90,28 @@ def ExpiryFromArgs(args):
     return int(args.expire_timestamp)
   return (int(time.time()) + (int(args.expire_days) * 86400))
 
+def ValidateSubdomainTokenOrigin(origin, target_path):
+  """ Calls validate_subdomain_origin utility to check the origin
+
+  If the utility is not found, prints a warning for manual validation, and
+  returns True
+  """
+  utility_path = "%s/validate_subdomain_origin" % target_path
+  if not os.path.exists(utility_path):
+    print "WARNING!"
+    print "Origin not validated for use in subdomain token"
+    print "  (missing '%s' utility)" % utility_path
+    print "Must manually check origin against the Public Suffix List"
+    print
+    return True
+
+  rc = subprocess.call([utility_path, "--quiet", origin])
+  if (rc < 0 or rc > 3):
+    print("Unexpected return code from validate subdomain utility: %d" % rc)

[iclelland, 2016/11/03 19:47:55]

May as well use |utility_path| here instead

[chasej, 2016/11/03 21:13:10]

Done.

+    sys.exit(1)
+
+  return rc == 0
+
 def GenerateTokenData(origin, is_subdomain, feature_name, expiry):
   data = {"origin": origin,
           "feature": feature_name,
@@ -106,6 +132,7 @@ def FormatToken(version, signature, data):
 
 def main():
   default_key_file_absolute = os.path.join(script_dir, DEFAULT_KEY_FILE)
+  default_target_path_absolute = os.path.join(script_dir, DEFAULT_TARGET_PATH)
 
   parser = argparse.ArgumentParser(
       description="Generate tokens for enabling experimental features")
@@ -145,6 +172,11 @@ def main():
                                  "00:00:00 UTC) when the token should expire",
                             type=int)
 
+  parser.add_argument("--target",
+                      help="Path to the output directory for compiled resources"
+                           ", relative to the script directory",

[iclelland, 2016/11/03 19:47:55]

Is this correct? I think that since you're just using os.path.expanduser on it,
then it should be relative to whatever directory the user runs the script from.
(And allow for things like ~ expansion)

[chasej, 2016/11/03 21:13:10]

Done. Just removed the part about "relative to ..."

+                      default=default_target_path_absolute)
+
   args = parser.parse_args()
   expiry = ExpiryFromArgs(args)
 
@@ -159,6 +191,13 @@ def main():
     print("Unable to use the specified private key file.")
     sys.exit(1)
 
+  # For subdomain tokens, validate that the origin is allowed
+  if args.is_subdomain:
+    target_path = os.path.expanduser(args.target)
+    if not ValidateSubdomainTokenOrigin(args.origin, target_path):
+      print "The specified origin is not valid for use in a subdomain token."
+      sys.exit(1)
+
   token_data = GenerateTokenData(args.origin, args.is_subdomain,
                                  args.trial_name, expiry)
   data_to_sign = GenerateDataToSign(VERSION, token_data)