tarball import for version 1.9.0
This commit is contained in:
parent
2339384a9d
commit
58183dfa7b
|
@ -0,0 +1,373 @@
|
|||
Mozilla Public License Version 2.0
|
||||
==================================
|
||||
|
||||
1. Definitions
|
||||
--------------
|
||||
|
||||
1.1. "Contributor"
|
||||
means each individual or legal entity that creates, contributes to
|
||||
the creation of, or owns Covered Software.
|
||||
|
||||
1.2. "Contributor Version"
|
||||
means the combination of the Contributions of others (if any) used
|
||||
by a Contributor and that particular Contributor's Contribution.
|
||||
|
||||
1.3. "Contribution"
|
||||
means Covered Software of a particular Contributor.
|
||||
|
||||
1.4. "Covered Software"
|
||||
means Source Code Form to which the initial Contributor has attached
|
||||
the notice in Exhibit A, the Executable Form of such Source Code
|
||||
Form, and Modifications of such Source Code Form, in each case
|
||||
including portions thereof.
|
||||
|
||||
1.5. "Incompatible With Secondary Licenses"
|
||||
means
|
||||
|
||||
(a) that the initial Contributor has attached the notice described
|
||||
in Exhibit B to the Covered Software; or
|
||||
|
||||
(b) that the Covered Software was made available under the terms of
|
||||
version 1.1 or earlier of the License, but not also under the
|
||||
terms of a Secondary License.
|
||||
|
||||
1.6. "Executable Form"
|
||||
means any form of the work other than Source Code Form.
|
||||
|
||||
1.7. "Larger Work"
|
||||
means a work that combines Covered Software with other material, in
|
||||
a separate file or files, that is not Covered Software.
|
||||
|
||||
1.8. "License"
|
||||
means this document.
|
||||
|
||||
1.9. "Licensable"
|
||||
means having the right to grant, to the maximum extent possible,
|
||||
whether at the time of the initial grant or subsequently, any and
|
||||
all of the rights conveyed by this License.
|
||||
|
||||
1.10. "Modifications"
|
||||
means any of the following:
|
||||
|
||||
(a) any file in Source Code Form that results from an addition to,
|
||||
deletion from, or modification of the contents of Covered
|
||||
Software; or
|
||||
|
||||
(b) any new file in Source Code Form that contains any Covered
|
||||
Software.
|
||||
|
||||
1.11. "Patent Claims" of a Contributor
|
||||
means any patent claim(s), including without limitation, method,
|
||||
process, and apparatus claims, in any patent Licensable by such
|
||||
Contributor that would be infringed, but for the grant of the
|
||||
License, by the making, using, selling, offering for sale, having
|
||||
made, import, or transfer of either its Contributions or its
|
||||
Contributor Version.
|
||||
|
||||
1.12. "Secondary License"
|
||||
means either the GNU General Public License, Version 2.0, the GNU
|
||||
Lesser General Public License, Version 2.1, the GNU Affero General
|
||||
Public License, Version 3.0, or any later versions of those
|
||||
licenses.
|
||||
|
||||
1.13. "Source Code Form"
|
||||
means the form of the work preferred for making modifications.
|
||||
|
||||
1.14. "You" (or "Your")
|
||||
means an individual or a legal entity exercising rights under this
|
||||
License. For legal entities, "You" includes any entity that
|
||||
controls, is controlled by, or is under common control with You. For
|
||||
purposes of this definition, "control" means (a) the power, direct
|
||||
or indirect, to cause the direction or management of such entity,
|
||||
whether by contract or otherwise, or (b) ownership of more than
|
||||
fifty percent (50%) of the outstanding shares or beneficial
|
||||
ownership of such entity.
|
||||
|
||||
2. License Grants and Conditions
|
||||
--------------------------------
|
||||
|
||||
2.1. Grants
|
||||
|
||||
Each Contributor hereby grants You a world-wide, royalty-free,
|
||||
non-exclusive license:
|
||||
|
||||
(a) under intellectual property rights (other than patent or trademark)
|
||||
Licensable by such Contributor to use, reproduce, make available,
|
||||
modify, display, perform, distribute, and otherwise exploit its
|
||||
Contributions, either on an unmodified basis, with Modifications, or
|
||||
as part of a Larger Work; and
|
||||
|
||||
(b) under Patent Claims of such Contributor to make, use, sell, offer
|
||||
for sale, have made, import, and otherwise transfer either its
|
||||
Contributions or its Contributor Version.
|
||||
|
||||
2.2. Effective Date
|
||||
|
||||
The licenses granted in Section 2.1 with respect to any Contribution
|
||||
become effective for each Contribution on the date the Contributor first
|
||||
distributes such Contribution.
|
||||
|
||||
2.3. Limitations on Grant Scope
|
||||
|
||||
The licenses granted in this Section 2 are the only rights granted under
|
||||
this License. No additional rights or licenses will be implied from the
|
||||
distribution or licensing of Covered Software under this License.
|
||||
Notwithstanding Section 2.1(b) above, no patent license is granted by a
|
||||
Contributor:
|
||||
|
||||
(a) for any code that a Contributor has removed from Covered Software;
|
||||
or
|
||||
|
||||
(b) for infringements caused by: (i) Your and any other third party's
|
||||
modifications of Covered Software, or (ii) the combination of its
|
||||
Contributions with other software (except as part of its Contributor
|
||||
Version); or
|
||||
|
||||
(c) under Patent Claims infringed by Covered Software in the absence of
|
||||
its Contributions.
|
||||
|
||||
This License does not grant any rights in the trademarks, service marks,
|
||||
or logos of any Contributor (except as may be necessary to comply with
|
||||
the notice requirements in Section 3.4).
|
||||
|
||||
2.4. Subsequent Licenses
|
||||
|
||||
No Contributor makes additional grants as a result of Your choice to
|
||||
distribute the Covered Software under a subsequent version of this
|
||||
License (see Section 10.2) or under the terms of a Secondary License (if
|
||||
permitted under the terms of Section 3.3).
|
||||
|
||||
2.5. Representation
|
||||
|
||||
Each Contributor represents that the Contributor believes its
|
||||
Contributions are its original creation(s) or it has sufficient rights
|
||||
to grant the rights to its Contributions conveyed by this License.
|
||||
|
||||
2.6. Fair Use
|
||||
|
||||
This License is not intended to limit any rights You have under
|
||||
applicable copyright doctrines of fair use, fair dealing, or other
|
||||
equivalents.
|
||||
|
||||
2.7. Conditions
|
||||
|
||||
Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
|
||||
in Section 2.1.
|
||||
|
||||
3. Responsibilities
|
||||
-------------------
|
||||
|
||||
3.1. Distribution of Source Form
|
||||
|
||||
All distribution of Covered Software in Source Code Form, including any
|
||||
Modifications that You create or to which You contribute, must be under
|
||||
the terms of this License. You must inform recipients that the Source
|
||||
Code Form of the Covered Software is governed by the terms of this
|
||||
License, and how they can obtain a copy of this License. You may not
|
||||
attempt to alter or restrict the recipients' rights in the Source Code
|
||||
Form.
|
||||
|
||||
3.2. Distribution of Executable Form
|
||||
|
||||
If You distribute Covered Software in Executable Form then:
|
||||
|
||||
(a) such Covered Software must also be made available in Source Code
|
||||
Form, as described in Section 3.1, and You must inform recipients of
|
||||
the Executable Form how they can obtain a copy of such Source Code
|
||||
Form by reasonable means in a timely manner, at a charge no more
|
||||
than the cost of distribution to the recipient; and
|
||||
|
||||
(b) You may distribute such Executable Form under the terms of this
|
||||
License, or sublicense it under different terms, provided that the
|
||||
license for the Executable Form does not attempt to limit or alter
|
||||
the recipients' rights in the Source Code Form under this License.
|
||||
|
||||
3.3. Distribution of a Larger Work
|
||||
|
||||
You may create and distribute a Larger Work under terms of Your choice,
|
||||
provided that You also comply with the requirements of this License for
|
||||
the Covered Software. If the Larger Work is a combination of Covered
|
||||
Software with a work governed by one or more Secondary Licenses, and the
|
||||
Covered Software is not Incompatible With Secondary Licenses, this
|
||||
License permits You to additionally distribute such Covered Software
|
||||
under the terms of such Secondary License(s), so that the recipient of
|
||||
the Larger Work may, at their option, further distribute the Covered
|
||||
Software under the terms of either this License or such Secondary
|
||||
License(s).
|
||||
|
||||
3.4. Notices
|
||||
|
||||
You may not remove or alter the substance of any license notices
|
||||
(including copyright notices, patent notices, disclaimers of warranty,
|
||||
or limitations of liability) contained within the Source Code Form of
|
||||
the Covered Software, except that You may alter any license notices to
|
||||
the extent required to remedy known factual inaccuracies.
|
||||
|
||||
3.5. Application of Additional Terms
|
||||
|
||||
You may choose to offer, and to charge a fee for, warranty, support,
|
||||
indemnity or liability obligations to one or more recipients of Covered
|
||||
Software. However, You may do so only on Your own behalf, and not on
|
||||
behalf of any Contributor. You must make it absolutely clear that any
|
||||
such warranty, support, indemnity, or liability obligation is offered by
|
||||
You alone, and You hereby agree to indemnify every Contributor for any
|
||||
liability incurred by such Contributor as a result of warranty, support,
|
||||
indemnity or liability terms You offer. You may include additional
|
||||
disclaimers of warranty and limitations of liability specific to any
|
||||
jurisdiction.
|
||||
|
||||
4. Inability to Comply Due to Statute or Regulation
|
||||
---------------------------------------------------
|
||||
|
||||
If it is impossible for You to comply with any of the terms of this
|
||||
License with respect to some or all of the Covered Software due to
|
||||
statute, judicial order, or regulation then You must: (a) comply with
|
||||
the terms of this License to the maximum extent possible; and (b)
|
||||
describe the limitations and the code they affect. Such description must
|
||||
be placed in a text file included with all distributions of the Covered
|
||||
Software under this License. Except to the extent prohibited by statute
|
||||
or regulation, such description must be sufficiently detailed for a
|
||||
recipient of ordinary skill to be able to understand it.
|
||||
|
||||
5. Termination
|
||||
--------------
|
||||
|
||||
5.1. The rights granted under this License will terminate automatically
|
||||
if You fail to comply with any of its terms. However, if You become
|
||||
compliant, then the rights granted under this License from a particular
|
||||
Contributor are reinstated (a) provisionally, unless and until such
|
||||
Contributor explicitly and finally terminates Your grants, and (b) on an
|
||||
ongoing basis, if such Contributor fails to notify You of the
|
||||
non-compliance by some reasonable means prior to 60 days after You have
|
||||
come back into compliance. Moreover, Your grants from a particular
|
||||
Contributor are reinstated on an ongoing basis if such Contributor
|
||||
notifies You of the non-compliance by some reasonable means, this is the
|
||||
first time You have received notice of non-compliance with this License
|
||||
from such Contributor, and You become compliant prior to 30 days after
|
||||
Your receipt of the notice.
|
||||
|
||||
5.2. If You initiate litigation against any entity by asserting a patent
|
||||
infringement claim (excluding declaratory judgment actions,
|
||||
counter-claims, and cross-claims) alleging that a Contributor Version
|
||||
directly or indirectly infringes any patent, then the rights granted to
|
||||
You by any and all Contributors for the Covered Software under Section
|
||||
2.1 of this License shall terminate.
|
||||
|
||||
5.3. In the event of termination under Sections 5.1 or 5.2 above, all
|
||||
end user license agreements (excluding distributors and resellers) which
|
||||
have been validly granted by You or Your distributors under this License
|
||||
prior to termination shall survive termination.
|
||||
|
||||
************************************************************************
|
||||
* *
|
||||
* 6. Disclaimer of Warranty *
|
||||
* ------------------------- *
|
||||
* *
|
||||
* Covered Software is provided under this License on an "as is" *
|
||||
* basis, without warranty of any kind, either expressed, implied, or *
|
||||
* statutory, including, without limitation, warranties that the *
|
||||
* Covered Software is free of defects, merchantable, fit for a *
|
||||
* particular purpose or non-infringing. The entire risk as to the *
|
||||
* quality and performance of the Covered Software is with You. *
|
||||
* Should any Covered Software prove defective in any respect, You *
|
||||
* (not any Contributor) assume the cost of any necessary servicing, *
|
||||
* repair, or correction. This disclaimer of warranty constitutes an *
|
||||
* essential part of this License. No use of any Covered Software is *
|
||||
* authorized under this License except under this disclaimer. *
|
||||
* *
|
||||
************************************************************************
|
||||
|
||||
************************************************************************
|
||||
* *
|
||||
* 7. Limitation of Liability *
|
||||
* -------------------------- *
|
||||
* *
|
||||
* Under no circumstances and under no legal theory, whether tort *
|
||||
* (including negligence), contract, or otherwise, shall any *
|
||||
* Contributor, or anyone who distributes Covered Software as *
|
||||
* permitted above, be liable to You for any direct, indirect, *
|
||||
* special, incidental, or consequential damages of any character *
|
||||
* including, without limitation, damages for lost profits, loss of *
|
||||
* goodwill, work stoppage, computer failure or malfunction, or any *
|
||||
* and all other commercial damages or losses, even if such party *
|
||||
* shall have been informed of the possibility of such damages. This *
|
||||
* limitation of liability shall not apply to liability for death or *
|
||||
* personal injury resulting from such party's negligence to the *
|
||||
* extent applicable law prohibits such limitation. Some *
|
||||
* jurisdictions do not allow the exclusion or limitation of *
|
||||
* incidental or consequential damages, so this exclusion and *
|
||||
* limitation may not apply to You. *
|
||||
* *
|
||||
************************************************************************
|
||||
|
||||
8. Litigation
|
||||
-------------
|
||||
|
||||
Any litigation relating to this License may be brought only in the
|
||||
courts of a jurisdiction where the defendant maintains its principal
|
||||
place of business and such litigation shall be governed by laws of that
|
||||
jurisdiction, without reference to its conflict-of-law provisions.
|
||||
Nothing in this Section shall prevent a party's ability to bring
|
||||
cross-claims or counter-claims.
|
||||
|
||||
9. Miscellaneous
|
||||
----------------
|
||||
|
||||
This License represents the complete agreement concerning the subject
|
||||
matter hereof. If any provision of this License is held to be
|
||||
unenforceable, such provision shall be reformed only to the extent
|
||||
necessary to make it enforceable. Any law or regulation which provides
|
||||
that the language of a contract shall be construed against the drafter
|
||||
shall not be used to construe this License against a Contributor.
|
||||
|
||||
10. Versions of the License
|
||||
---------------------------
|
||||
|
||||
10.1. New Versions
|
||||
|
||||
Mozilla Foundation is the license steward. Except as provided in Section
|
||||
10.3, no one other than the license steward has the right to modify or
|
||||
publish new versions of this License. Each version will be given a
|
||||
distinguishing version number.
|
||||
|
||||
10.2. Effect of New Versions
|
||||
|
||||
You may distribute the Covered Software under the terms of the version
|
||||
of the License under which You originally received the Covered Software,
|
||||
or under the terms of any subsequent version published by the license
|
||||
steward.
|
||||
|
||||
10.3. Modified Versions
|
||||
|
||||
If you create software not governed by this License, and you want to
|
||||
create a new license for such software, you may create and use a
|
||||
modified version of this License if you rename the license and remove
|
||||
any references to the name of the license steward (except to note that
|
||||
such modified license differs from this License).
|
||||
|
||||
10.4. Distributing Source Code Form that is Incompatible With Secondary
|
||||
Licenses
|
||||
|
||||
If You choose to distribute Source Code Form that is Incompatible With
|
||||
Secondary Licenses under the terms of this version of the License, the
|
||||
notice described in Exhibit B of this License must be attached.
|
||||
|
||||
Exhibit A - Source Code Form License Notice
|
||||
-------------------------------------------
|
||||
|
||||
This Source Code Form is subject to the terms of the Mozilla Public
|
||||
License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
|
||||
If it is not possible or desirable to put the notice in a particular
|
||||
file, then You may include the notice in a location (such as a LICENSE
|
||||
file in a relevant directory) where a recipient would be likely to look
|
||||
for such a notice.
|
||||
|
||||
You may add additional accurate notices of copyright ownership.
|
||||
|
||||
Exhibit B - "Incompatible With Secondary Licenses" Notice
|
||||
---------------------------------------------------------
|
||||
|
||||
This Source Code Form is "Incompatible With Secondary Licenses", as
|
||||
defined by the Mozilla Public License, v. 2.0.
|
218
PKG-INFO
218
PKG-INFO
|
@ -1,115 +1,125 @@
|
|||
Metadata-Version: 1.1
|
||||
Metadata-Version: 2.1
|
||||
Name: py-vapid
|
||||
Version: 1.4.0
|
||||
Version: 1.9.0
|
||||
Summary: Simple VAPID header generation library
|
||||
Home-page: https://github.com/mozilla-services/vapid
|
||||
Author: JR Conlin
|
||||
Author-email: src+vapid@jrconlin.com
|
||||
License: MPL2
|
||||
Description: Easy VAPID generation
|
||||
=====================
|
||||
|
||||
This minimal library contains the minimal set of functions you need to
|
||||
generate a VAPID key set and get the headers you'll need to sign a
|
||||
WebPush subscription update.
|
||||
|
||||
VAPID is a voluntary standard for WebPush subscription providers (sites
|
||||
that send WebPush updates to remote customers) to self-identify to Push
|
||||
Servers (the servers that convey the push notifications).
|
||||
|
||||
The VAPID "claims" are a set of JSON keys and values. There are two
|
||||
required fields, one semi-optional and several optional additional
|
||||
fields.
|
||||
|
||||
At a minimum a VAPID claim set should look like:
|
||||
|
||||
::
|
||||
|
||||
{"sub":"mailto:YourEmail@YourSite.com","aud":"https://PushServer","exp":"ExpirationTimestamp"}
|
||||
|
||||
A few notes:
|
||||
|
||||
***sub*** is the email address you wish to have on record for this
|
||||
request, prefixed with "``mailto:``". If things go wrong, this is the
|
||||
email that will be used to contact you (for instance). This can be a
|
||||
general delivery address like "``mailto:push_operations@example.com``"
|
||||
or a specific address like "``mailto:bob@example.com``".
|
||||
|
||||
***aud*** is the audience for the VAPID. This is the scheme and host you
|
||||
use to send subscription endpoints and generally coincides with the
|
||||
``endpoint`` specified in the Subscription Info block.
|
||||
|
||||
As example, if a WebPush subscription info contains:
|
||||
``{"endpoint": "https://push.example.com:8012/v1/push/...", ...}``
|
||||
|
||||
then the ``aud`` would be "``https://push.example.com:8012``"
|
||||
|
||||
While some Push Services consider this an optional field, others may be
|
||||
stricter.
|
||||
|
||||
***exp*** This is the UTC timestamp for when this VAPID request will
|
||||
expire. The maximum period is 24 hours. Setting a shorter period can
|
||||
prevent "replay" attacks. Setting a longer period allows you to reuse
|
||||
headers for multiple sends (e.g. if you're sending hundreds of updates
|
||||
within an hour or so.) If no ``exp`` is included, one that will expire
|
||||
in 24 hours will be auto-generated for you.
|
||||
|
||||
Claims should be stored in a JSON compatible file. In the examples
|
||||
below, we've stored the claims into a file named ``claims.json``.
|
||||
|
||||
py\_vapid can either be installed as a library or used as a stand along
|
||||
app, ``bin/vapid``.
|
||||
|
||||
App Installation
|
||||
----------------
|
||||
|
||||
You'll need ``python virtualenv`` Run that in the current directory.
|
||||
|
||||
Then run
|
||||
|
||||
::
|
||||
|
||||
bin/pip install -r requirements.txt
|
||||
|
||||
bin/python setup.py install
|
||||
|
||||
App Usage
|
||||
---------
|
||||
|
||||
Run by itself, ``bin/vapid`` will check and optionally create the
|
||||
public\_key.pem and private\_key.pem files.
|
||||
|
||||
``bin/vapid --gen`` can be used to generate a new set of public and
|
||||
private key PEM files. These will overwrite the contents of
|
||||
``private_key.pem`` and ``public_key.pem``.
|
||||
|
||||
``bin/vapid --sign claims.json`` will generate a set of HTTP headers
|
||||
from a JSON formatted claims file. A sample ``claims.json`` is included
|
||||
with this distribution.
|
||||
|
||||
``bin/vapid --sign claims.json --json`` will output the headers in JSON
|
||||
format, which may be useful for other programs.
|
||||
|
||||
``bin/vapid --applicationServerKey`` will return the
|
||||
``applicationServerKey`` value you can use to make a restricted
|
||||
endpoint. See
|
||||
https://developer.mozilla.org/en-US/docs/Web/API/PushManager/subscribe
|
||||
for more details. Be aware that this value is tied to the generated
|
||||
public/private key. If you remove or generate a new key, any restricted
|
||||
URL you've previously generated will need to be reallocated. Please note
|
||||
that some User Agents may require you `to decode this string into a
|
||||
Uint8Array <https://github.com/GoogleChrome/push-notifications/blob/master/app/scripts/main.js>`__.
|
||||
|
||||
See ``bin/vapid -h`` for all options and commands.
|
||||
|
||||
|
||||
|
||||
Keywords: vapid push webpush
|
||||
Platform: UNKNOWN
|
||||
Classifier: Topic :: Internet :: WWW/HTTP
|
||||
Classifier: Programming Language :: Python
|
||||
Classifier: Programming Language :: Python :: 2
|
||||
Classifier: Programming Language :: Python :: 2.7
|
||||
Classifier: Programming Language :: Python :: 3
|
||||
Classifier: Programming Language :: Python :: 3.4
|
||||
Classifier: Programming Language :: Python :: 3.5
|
||||
Description-Content-Type: text/x-rst
|
||||
License-File: LICENSE
|
||||
|
||||
|PyPI version py_vapid|
|
||||
|
||||
Easy VAPID generation
|
||||
=====================
|
||||
|
||||
This minimal library contains the minimal set of functions you need to
|
||||
generate a VAPID key set and get the headers you’ll need to sign a
|
||||
WebPush subscription update.
|
||||
|
||||
VAPID is a voluntary standard for WebPush subscription providers (sites
|
||||
that send WebPush updates to remote customers) to self-identify to Push
|
||||
Servers (the servers that convey the push notifications).
|
||||
|
||||
The VAPID “claims” are a set of JSON keys and values. There are two
|
||||
required fields, one semi-optional and several optional additional
|
||||
fields.
|
||||
|
||||
At a minimum a VAPID claim set should look like:
|
||||
|
||||
::
|
||||
|
||||
{"sub":"mailto:YourEmail@YourSite.com","aud":"https://PushServer","exp":"ExpirationTimestamp"}
|
||||
|
||||
A few notes:
|
||||
|
||||
**sub** is the email address you wish to have on record for this
|
||||
request, prefixed with “``mailto:``”. If things go wrong, this is the
|
||||
email that will be used to contact you (for instance). This can be a
|
||||
general delivery address like “``mailto:push_operations@example.com``”
|
||||
or a specific address like “``mailto:bob@example.com``”.
|
||||
|
||||
**aud** is the audience for the VAPID. This is the scheme and host you
|
||||
use to send subscription endpoints and generally coincides with the
|
||||
``endpoint`` specified in the Subscription Info block.
|
||||
|
||||
As example, if a WebPush subscription info contains:
|
||||
``{"endpoint": "https://push.example.com:8012/v1/push/...", ...}``
|
||||
|
||||
then the ``aud`` would be “``https://push.example.com:8012``”
|
||||
|
||||
While some Push Services consider this an optional field, others may be
|
||||
stricter.
|
||||
|
||||
**exp** This is the UTC timestamp for when this VAPID request will
|
||||
expire. The maximum period is 24 hours. Setting a shorter period can
|
||||
prevent “replay” attacks. Setting a longer period allows you to reuse
|
||||
headers for multiple sends (e.g. if you’re sending hundreds of updates
|
||||
within an hour or so.) If no ``exp`` is included, one that will expire
|
||||
in 24 hours will be auto-generated for you.
|
||||
|
||||
Claims should be stored in a JSON compatible file. In the examples
|
||||
below, we’ve stored the claims into a file named ``claims.json``.
|
||||
|
||||
py_vapid can either be installed as a library or used as a stand along
|
||||
app, ``bin/vapid``.
|
||||
|
||||
App Installation
|
||||
----------------
|
||||
|
||||
You’ll need ``python virtualenv`` Run that in the current directory.
|
||||
|
||||
Then run
|
||||
|
||||
::
|
||||
|
||||
bin/pip install -r requirements.txt
|
||||
|
||||
bin/python setup.py install
|
||||
|
||||
App Usage
|
||||
---------
|
||||
|
||||
Run by itself, ``bin/vapid`` will check and optionally create the
|
||||
public_key.pem and private_key.pem files.
|
||||
|
||||
``bin/vapid --gen`` can be used to generate a new set of public and
|
||||
private key PEM files. These will overwrite the contents of
|
||||
``private_key.pem`` and ``public_key.pem``.
|
||||
|
||||
``bin/vapid --sign claims.json`` will generate a set of HTTP headers
|
||||
from a JSON formatted claims file. A sample ``claims.json`` is included
|
||||
with this distribution.
|
||||
|
||||
``bin/vapid --sign claims.json --json`` will output the headers in JSON
|
||||
format, which may be useful for other programs.
|
||||
|
||||
``bin/vapid --applicationServerKey`` will return the
|
||||
``applicationServerKey`` value you can use to make a restricted
|
||||
endpoint. See
|
||||
https://developer.mozilla.org/en-US/docs/Web/API/PushManager/subscribe
|
||||
for more details. Be aware that this value is tied to the generated
|
||||
public/private key. If you remove or generate a new key, any restricted
|
||||
URL you’ve previously generated will need to be reallocated. Please note
|
||||
that some User Agents may require you `to decode this string into a
|
||||
Uint8Array <https://github.com/GoogleChrome/push-notifications/blob/master/app/scripts/main.js>`__.
|
||||
|
||||
See ``bin/vapid -h`` for all options and commands.
|
||||
|
||||
CHANGELOG
|
||||
---------
|
||||
|
||||
I’m terrible about updating the Changelog. Please see the
|
||||
```git log`` <https://github.com/web-push-libs/vapid/pulls?q=is%3Apr+is%3Aclosed>`__
|
||||
history for details.
|
||||
|
||||
.. |PyPI version py_vapid| image:: https://badge.fury.io/py/py-vapid.svg
|
||||
:target: https://pypi.org/project/py-vapid/
|
||||
|
||||
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
[![PyPI version py_vapid](https://badge.fury.io/py/py-vapid.svg)](https://pypi.org/project/py-vapid/)
|
||||
|
||||
# Easy VAPID generation
|
||||
|
||||
This minimal library contains the minimal set of functions you need to
|
||||
|
@ -83,8 +85,12 @@ for more details. Be aware that this value is tied to the generated
|
|||
public/private key. If you remove or generate a new key, any
|
||||
restricted URL you've previously generated will need to be
|
||||
reallocated. Please note that some User Agents may require you [to
|
||||
decode this string into a Uint8Array](https://github.com/GoogleChrome/push-notifications/blob/master/app/scripts/main.js).
|
||||
decode this string into a Uint8Array](https://github.com/GoogleChrome/push-notifications/blob/master/app/scripts/main.js).
|
||||
|
||||
See `bin/vapid -h` for all options and commands.
|
||||
|
||||
## CHANGELOG
|
||||
|
||||
I'm terrible about updating the Changelog. Please see the [`git
|
||||
log`](https://github.com/web-push-libs/vapid/pulls?q=is%3Apr+is%3Aclosed)
|
||||
history for details.
|
||||
|
|
50
README.rst
50
README.rst
|
@ -1,15 +1,17 @@
|
|||
|PyPI version py_vapid|
|
||||
|
||||
Easy VAPID generation
|
||||
=====================
|
||||
|
||||
This minimal library contains the minimal set of functions you need to
|
||||
generate a VAPID key set and get the headers you'll need to sign a
|
||||
generate a VAPID key set and get the headers you’ll need to sign a
|
||||
WebPush subscription update.
|
||||
|
||||
VAPID is a voluntary standard for WebPush subscription providers (sites
|
||||
that send WebPush updates to remote customers) to self-identify to Push
|
||||
Servers (the servers that convey the push notifications).
|
||||
|
||||
The VAPID "claims" are a set of JSON keys and values. There are two
|
||||
The VAPID “claims” are a set of JSON keys and values. There are two
|
||||
required fields, one semi-optional and several optional additional
|
||||
fields.
|
||||
|
||||
|
@ -17,59 +19,59 @@ At a minimum a VAPID claim set should look like:
|
|||
|
||||
::
|
||||
|
||||
{"sub":"mailto:YourEmail@YourSite.com","aud":"https://PushServer","exp":"ExpirationTimestamp"}
|
||||
{"sub":"mailto:YourEmail@YourSite.com","aud":"https://PushServer","exp":"ExpirationTimestamp"}
|
||||
|
||||
A few notes:
|
||||
|
||||
***sub*** is the email address you wish to have on record for this
|
||||
request, prefixed with "``mailto:``". If things go wrong, this is the
|
||||
**sub** is the email address you wish to have on record for this
|
||||
request, prefixed with “``mailto:``”. If things go wrong, this is the
|
||||
email that will be used to contact you (for instance). This can be a
|
||||
general delivery address like "``mailto:push_operations@example.com``"
|
||||
or a specific address like "``mailto:bob@example.com``".
|
||||
general delivery address like “``mailto:push_operations@example.com``”
|
||||
or a specific address like “``mailto:bob@example.com``”.
|
||||
|
||||
***aud*** is the audience for the VAPID. This is the scheme and host you
|
||||
**aud** is the audience for the VAPID. This is the scheme and host you
|
||||
use to send subscription endpoints and generally coincides with the
|
||||
``endpoint`` specified in the Subscription Info block.
|
||||
|
||||
As example, if a WebPush subscription info contains:
|
||||
``{"endpoint": "https://push.example.com:8012/v1/push/...", ...}``
|
||||
|
||||
then the ``aud`` would be "``https://push.example.com:8012``"
|
||||
then the ``aud`` would be “``https://push.example.com:8012``”
|
||||
|
||||
While some Push Services consider this an optional field, others may be
|
||||
stricter.
|
||||
|
||||
***exp*** This is the UTC timestamp for when this VAPID request will
|
||||
**exp** This is the UTC timestamp for when this VAPID request will
|
||||
expire. The maximum period is 24 hours. Setting a shorter period can
|
||||
prevent "replay" attacks. Setting a longer period allows you to reuse
|
||||
headers for multiple sends (e.g. if you're sending hundreds of updates
|
||||
prevent “replay” attacks. Setting a longer period allows you to reuse
|
||||
headers for multiple sends (e.g. if you’re sending hundreds of updates
|
||||
within an hour or so.) If no ``exp`` is included, one that will expire
|
||||
in 24 hours will be auto-generated for you.
|
||||
|
||||
Claims should be stored in a JSON compatible file. In the examples
|
||||
below, we've stored the claims into a file named ``claims.json``.
|
||||
below, we’ve stored the claims into a file named ``claims.json``.
|
||||
|
||||
py\_vapid can either be installed as a library or used as a stand along
|
||||
py_vapid can either be installed as a library or used as a stand along
|
||||
app, ``bin/vapid``.
|
||||
|
||||
App Installation
|
||||
----------------
|
||||
|
||||
You'll need ``python virtualenv`` Run that in the current directory.
|
||||
You’ll need ``python virtualenv`` Run that in the current directory.
|
||||
|
||||
Then run
|
||||
|
||||
::
|
||||
|
||||
bin/pip install -r requirements.txt
|
||||
bin/pip install -r requirements.txt
|
||||
|
||||
bin/python setup.py install
|
||||
bin/python setup.py install
|
||||
|
||||
App Usage
|
||||
---------
|
||||
|
||||
Run by itself, ``bin/vapid`` will check and optionally create the
|
||||
public\_key.pem and private\_key.pem files.
|
||||
public_key.pem and private_key.pem files.
|
||||
|
||||
``bin/vapid --gen`` can be used to generate a new set of public and
|
||||
private key PEM files. These will overwrite the contents of
|
||||
|
@ -88,8 +90,18 @@ endpoint. See
|
|||
https://developer.mozilla.org/en-US/docs/Web/API/PushManager/subscribe
|
||||
for more details. Be aware that this value is tied to the generated
|
||||
public/private key. If you remove or generate a new key, any restricted
|
||||
URL you've previously generated will need to be reallocated. Please note
|
||||
URL you’ve previously generated will need to be reallocated. Please note
|
||||
that some User Agents may require you `to decode this string into a
|
||||
Uint8Array <https://github.com/GoogleChrome/push-notifications/blob/master/app/scripts/main.js>`__.
|
||||
|
||||
See ``bin/vapid -h`` for all options and commands.
|
||||
|
||||
CHANGELOG
|
||||
---------
|
||||
|
||||
I’m terrible about updating the Changelog. Please see the
|
||||
```git log`` <https://github.com/web-push-libs/vapid/pulls?q=is%3Apr+is%3Aclosed>`__
|
||||
history for details.
|
||||
|
||||
.. |PyPI version py_vapid| image:: https://badge.fury.io/py/py-vapid.svg
|
||||
:target: https://pypi.org/project/py-vapid/
|
||||
|
|
|
@ -1,3 +1,9 @@
|
|||
py-vapid (1.9.0-1) UNRELEASED; urgency=medium
|
||||
|
||||
* import tarball for version 1.9.0
|
||||
|
||||
-- Benjamin Dauvergne <bdauvergne@entrouvert.com> Thu, 07 Dec 2023 08:11:09 +0100
|
||||
|
||||
py-vapid (1.4.0-2) UNRELEASED; urgency=medium
|
||||
|
||||
* debian: install vapid program as vapid3 in python3 package
|
||||
|
|
|
@ -1,115 +1,125 @@
|
|||
Metadata-Version: 1.1
|
||||
Metadata-Version: 2.1
|
||||
Name: py-vapid
|
||||
Version: 1.4.0
|
||||
Version: 1.9.0
|
||||
Summary: Simple VAPID header generation library
|
||||
Home-page: https://github.com/mozilla-services/vapid
|
||||
Author: JR Conlin
|
||||
Author-email: src+vapid@jrconlin.com
|
||||
License: MPL2
|
||||
Description: Easy VAPID generation
|
||||
=====================
|
||||
|
||||
This minimal library contains the minimal set of functions you need to
|
||||
generate a VAPID key set and get the headers you'll need to sign a
|
||||
WebPush subscription update.
|
||||
|
||||
VAPID is a voluntary standard for WebPush subscription providers (sites
|
||||
that send WebPush updates to remote customers) to self-identify to Push
|
||||
Servers (the servers that convey the push notifications).
|
||||
|
||||
The VAPID "claims" are a set of JSON keys and values. There are two
|
||||
required fields, one semi-optional and several optional additional
|
||||
fields.
|
||||
|
||||
At a minimum a VAPID claim set should look like:
|
||||
|
||||
::
|
||||
|
||||
{"sub":"mailto:YourEmail@YourSite.com","aud":"https://PushServer","exp":"ExpirationTimestamp"}
|
||||
|
||||
A few notes:
|
||||
|
||||
***sub*** is the email address you wish to have on record for this
|
||||
request, prefixed with "``mailto:``". If things go wrong, this is the
|
||||
email that will be used to contact you (for instance). This can be a
|
||||
general delivery address like "``mailto:push_operations@example.com``"
|
||||
or a specific address like "``mailto:bob@example.com``".
|
||||
|
||||
***aud*** is the audience for the VAPID. This is the scheme and host you
|
||||
use to send subscription endpoints and generally coincides with the
|
||||
``endpoint`` specified in the Subscription Info block.
|
||||
|
||||
As example, if a WebPush subscription info contains:
|
||||
``{"endpoint": "https://push.example.com:8012/v1/push/...", ...}``
|
||||
|
||||
then the ``aud`` would be "``https://push.example.com:8012``"
|
||||
|
||||
While some Push Services consider this an optional field, others may be
|
||||
stricter.
|
||||
|
||||
***exp*** This is the UTC timestamp for when this VAPID request will
|
||||
expire. The maximum period is 24 hours. Setting a shorter period can
|
||||
prevent "replay" attacks. Setting a longer period allows you to reuse
|
||||
headers for multiple sends (e.g. if you're sending hundreds of updates
|
||||
within an hour or so.) If no ``exp`` is included, one that will expire
|
||||
in 24 hours will be auto-generated for you.
|
||||
|
||||
Claims should be stored in a JSON compatible file. In the examples
|
||||
below, we've stored the claims into a file named ``claims.json``.
|
||||
|
||||
py\_vapid can either be installed as a library or used as a stand along
|
||||
app, ``bin/vapid``.
|
||||
|
||||
App Installation
|
||||
----------------
|
||||
|
||||
You'll need ``python virtualenv`` Run that in the current directory.
|
||||
|
||||
Then run
|
||||
|
||||
::
|
||||
|
||||
bin/pip install -r requirements.txt
|
||||
|
||||
bin/python setup.py install
|
||||
|
||||
App Usage
|
||||
---------
|
||||
|
||||
Run by itself, ``bin/vapid`` will check and optionally create the
|
||||
public\_key.pem and private\_key.pem files.
|
||||
|
||||
``bin/vapid --gen`` can be used to generate a new set of public and
|
||||
private key PEM files. These will overwrite the contents of
|
||||
``private_key.pem`` and ``public_key.pem``.
|
||||
|
||||
``bin/vapid --sign claims.json`` will generate a set of HTTP headers
|
||||
from a JSON formatted claims file. A sample ``claims.json`` is included
|
||||
with this distribution.
|
||||
|
||||
``bin/vapid --sign claims.json --json`` will output the headers in JSON
|
||||
format, which may be useful for other programs.
|
||||
|
||||
``bin/vapid --applicationServerKey`` will return the
|
||||
``applicationServerKey`` value you can use to make a restricted
|
||||
endpoint. See
|
||||
https://developer.mozilla.org/en-US/docs/Web/API/PushManager/subscribe
|
||||
for more details. Be aware that this value is tied to the generated
|
||||
public/private key. If you remove or generate a new key, any restricted
|
||||
URL you've previously generated will need to be reallocated. Please note
|
||||
that some User Agents may require you `to decode this string into a
|
||||
Uint8Array <https://github.com/GoogleChrome/push-notifications/blob/master/app/scripts/main.js>`__.
|
||||
|
||||
See ``bin/vapid -h`` for all options and commands.
|
||||
|
||||
|
||||
|
||||
Keywords: vapid push webpush
|
||||
Platform: UNKNOWN
|
||||
Classifier: Topic :: Internet :: WWW/HTTP
|
||||
Classifier: Programming Language :: Python
|
||||
Classifier: Programming Language :: Python :: 2
|
||||
Classifier: Programming Language :: Python :: 2.7
|
||||
Classifier: Programming Language :: Python :: 3
|
||||
Classifier: Programming Language :: Python :: 3.4
|
||||
Classifier: Programming Language :: Python :: 3.5
|
||||
Description-Content-Type: text/x-rst
|
||||
License-File: LICENSE
|
||||
|
||||
|PyPI version py_vapid|
|
||||
|
||||
Easy VAPID generation
|
||||
=====================
|
||||
|
||||
This minimal library contains the minimal set of functions you need to
|
||||
generate a VAPID key set and get the headers you’ll need to sign a
|
||||
WebPush subscription update.
|
||||
|
||||
VAPID is a voluntary standard for WebPush subscription providers (sites
|
||||
that send WebPush updates to remote customers) to self-identify to Push
|
||||
Servers (the servers that convey the push notifications).
|
||||
|
||||
The VAPID “claims” are a set of JSON keys and values. There are two
|
||||
required fields, one semi-optional and several optional additional
|
||||
fields.
|
||||
|
||||
At a minimum a VAPID claim set should look like:
|
||||
|
||||
::
|
||||
|
||||
{"sub":"mailto:YourEmail@YourSite.com","aud":"https://PushServer","exp":"ExpirationTimestamp"}
|
||||
|
||||
A few notes:
|
||||
|
||||
**sub** is the email address you wish to have on record for this
|
||||
request, prefixed with “``mailto:``”. If things go wrong, this is the
|
||||
email that will be used to contact you (for instance). This can be a
|
||||
general delivery address like “``mailto:push_operations@example.com``”
|
||||
or a specific address like “``mailto:bob@example.com``”.
|
||||
|
||||
**aud** is the audience for the VAPID. This is the scheme and host you
|
||||
use to send subscription endpoints and generally coincides with the
|
||||
``endpoint`` specified in the Subscription Info block.
|
||||
|
||||
As example, if a WebPush subscription info contains:
|
||||
``{"endpoint": "https://push.example.com:8012/v1/push/...", ...}``
|
||||
|
||||
then the ``aud`` would be “``https://push.example.com:8012``”
|
||||
|
||||
While some Push Services consider this an optional field, others may be
|
||||
stricter.
|
||||
|
||||
**exp** This is the UTC timestamp for when this VAPID request will
|
||||
expire. The maximum period is 24 hours. Setting a shorter period can
|
||||
prevent “replay” attacks. Setting a longer period allows you to reuse
|
||||
headers for multiple sends (e.g. if you’re sending hundreds of updates
|
||||
within an hour or so.) If no ``exp`` is included, one that will expire
|
||||
in 24 hours will be auto-generated for you.
|
||||
|
||||
Claims should be stored in a JSON compatible file. In the examples
|
||||
below, we’ve stored the claims into a file named ``claims.json``.
|
||||
|
||||
py_vapid can either be installed as a library or used as a stand along
|
||||
app, ``bin/vapid``.
|
||||
|
||||
App Installation
|
||||
----------------
|
||||
|
||||
You’ll need ``python virtualenv`` Run that in the current directory.
|
||||
|
||||
Then run
|
||||
|
||||
::
|
||||
|
||||
bin/pip install -r requirements.txt
|
||||
|
||||
bin/python setup.py install
|
||||
|
||||
App Usage
|
||||
---------
|
||||
|
||||
Run by itself, ``bin/vapid`` will check and optionally create the
|
||||
public_key.pem and private_key.pem files.
|
||||
|
||||
``bin/vapid --gen`` can be used to generate a new set of public and
|
||||
private key PEM files. These will overwrite the contents of
|
||||
``private_key.pem`` and ``public_key.pem``.
|
||||
|
||||
``bin/vapid --sign claims.json`` will generate a set of HTTP headers
|
||||
from a JSON formatted claims file. A sample ``claims.json`` is included
|
||||
with this distribution.
|
||||
|
||||
``bin/vapid --sign claims.json --json`` will output the headers in JSON
|
||||
format, which may be useful for other programs.
|
||||
|
||||
``bin/vapid --applicationServerKey`` will return the
|
||||
``applicationServerKey`` value you can use to make a restricted
|
||||
endpoint. See
|
||||
https://developer.mozilla.org/en-US/docs/Web/API/PushManager/subscribe
|
||||
for more details. Be aware that this value is tied to the generated
|
||||
public/private key. If you remove or generate a new key, any restricted
|
||||
URL you’ve previously generated will need to be reallocated. Please note
|
||||
that some User Agents may require you `to decode this string into a
|
||||
Uint8Array <https://github.com/GoogleChrome/push-notifications/blob/master/app/scripts/main.js>`__.
|
||||
|
||||
See ``bin/vapid -h`` for all options and commands.
|
||||
|
||||
CHANGELOG
|
||||
---------
|
||||
|
||||
I’m terrible about updating the Changelog. Please see the
|
||||
```git log`` <https://github.com/web-push-libs/vapid/pulls?q=is%3Apr+is%3Aclosed>`__
|
||||
history for details.
|
||||
|
||||
.. |PyPI version py_vapid| image:: https://badge.fury.io/py/py-vapid.svg
|
||||
:target: https://pypi.org/project/py-vapid/
|
||||
|
||||
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
CHANGELOG.md
|
||||
LICENSE
|
||||
MANIFEST.in
|
||||
README.md
|
||||
README.rst
|
||||
reqs.txt
|
||||
requirements.txt
|
||||
setup.cfg
|
||||
setup.py
|
||||
|
|
|
@ -1 +1 @@
|
|||
cryptography>=1.8.2
|
||||
cryptography>=2.5
|
||||
|
|
|
@ -20,7 +20,7 @@ from py_vapid.utils import b64urldecode, b64urlencode
|
|||
from py_vapid.jwt import sign
|
||||
|
||||
# Show compliance version. For earlier versions see previously tagged releases.
|
||||
VERSION = "VAPID-DRAFT-02/ECE-DRAFT-07"
|
||||
VERSION = "VAPID-RFC/ECE-RFC"
|
||||
|
||||
|
||||
class VapidException(Exception):
|
||||
|
@ -38,13 +38,16 @@ class Vapid01(object):
|
|||
_public_key = None
|
||||
_schema = "WebPush"
|
||||
|
||||
def __init__(self, private_key=None):
|
||||
def __init__(self, private_key=None, conf=None):
|
||||
"""Initialize VAPID with an optional private key.
|
||||
|
||||
:param private_key: A private key object
|
||||
:type private_key: ec.EllipticCurvePrivateKey
|
||||
|
||||
"""
|
||||
if conf is None:
|
||||
conf = {}
|
||||
self.conf = conf
|
||||
self.private_key = private_key
|
||||
if private_key:
|
||||
self._public_key = self.private_key.public_key()
|
||||
|
@ -67,10 +70,10 @@ class Vapid01(object):
|
|||
|
||||
@classmethod
|
||||
def from_raw_public(cls, public_raw):
|
||||
key = ec.EllipticCurvePublicNumbers.from_encoded_point(
|
||||
key = ec.EllipticCurvePublicKey.from_encoded_point(
|
||||
curve=ec.SECP256R1(),
|
||||
data=b64urldecode(public_raw)
|
||||
).public_key(default_backend())
|
||||
)
|
||||
ss = cls()
|
||||
ss._public_key = key
|
||||
return ss
|
||||
|
@ -110,6 +113,7 @@ class Vapid01(object):
|
|||
|
||||
"""
|
||||
if not os.path.isfile(private_key_file):
|
||||
logging.info("Private key not found, generating key...")
|
||||
vapid = cls()
|
||||
vapid.generate_keys()
|
||||
vapid.save_key(private_key_file)
|
||||
|
@ -257,21 +261,22 @@ class Vapid01(object):
|
|||
def _base_sign(self, claims):
|
||||
cclaims = copy.deepcopy(claims)
|
||||
if not cclaims.get('exp'):
|
||||
cclaims['exp'] = str(int(time.time()) + 86400)
|
||||
if not re.match("mailto:.+@.+\..+",
|
||||
cclaims.get('sub', ''),
|
||||
re.IGNORECASE):
|
||||
cclaims['exp'] = int(time.time()) + 86400
|
||||
if not self.conf.get('no-strict', False):
|
||||
valid = _check_sub(cclaims.get('sub', ''))
|
||||
else:
|
||||
valid = cclaims.get('sub') is not None
|
||||
if not valid:
|
||||
raise VapidException(
|
||||
"Missing 'sub' from claims. "
|
||||
"'sub' is your admin email as a mailto: link.")
|
||||
if not re.match("^https?:\/\/[^\/\.:]+\.[^\/:]+(:\d+)?$",
|
||||
if not re.match(r"^https?://[^/:]+(:\d+)?$",
|
||||
cclaims.get("aud", ""),
|
||||
re.IGNORECASE):
|
||||
raise VapidException(
|
||||
"Missing 'aud' from claims. "
|
||||
"'aud' is the scheme, host and optional port for this "
|
||||
"transaction e.g. https://example.com:8080")
|
||||
|
||||
return cclaims
|
||||
|
||||
def sign(self, claims, crypto_key=None):
|
||||
|
@ -289,7 +294,10 @@ class Vapid01(object):
|
|||
sig = sign(self._base_sign(claims), self.private_key)
|
||||
pkey = 'p256ecdsa='
|
||||
pkey += b64urlencode(
|
||||
self.public_key.public_numbers().encode_point())
|
||||
self.public_key.public_bytes(
|
||||
serialization.Encoding.X962,
|
||||
serialization.PublicFormat.UncompressedPoint
|
||||
))
|
||||
if crypto_key:
|
||||
crypto_key = crypto_key + ';' + pkey
|
||||
else:
|
||||
|
@ -300,16 +308,19 @@ class Vapid01(object):
|
|||
|
||||
|
||||
class Vapid02(Vapid01):
|
||||
"""Minimal Vapid 02 signature generation library
|
||||
"""Minimal Vapid RFC8292 signature generation library
|
||||
|
||||
https://tools.ietf.org/html/draft-ietf-webpush-vapid-02
|
||||
https://tools.ietf.org/html/rfc8292
|
||||
|
||||
"""
|
||||
_schema = "vapid"
|
||||
|
||||
def sign(self, claims, crypto_key=None):
|
||||
sig = sign(self._base_sign(claims), self.private_key)
|
||||
pkey = self.public_key.public_numbers().encode_point()
|
||||
pkey = self.public_key.public_bytes(
|
||||
serialization.Encoding.X962,
|
||||
serialization.PublicFormat.UncompressedPoint
|
||||
)
|
||||
return{
|
||||
"Authorization": "{schema} t={t},k={k}".format(
|
||||
schema=self._schema,
|
||||
|
@ -338,5 +349,11 @@ class Vapid02(Vapid01):
|
|||
verification_token=tokens[1]
|
||||
)
|
||||
|
||||
def _check_sub(sub):
|
||||
pattern =(
|
||||
r"^(mailto:.+@((localhost|[%\w-]+(\.[%\w-]+)+|([0-9a-f]{1,4}):+([0-9a-f]{1,4})?)))|https:\/\/(localhost|[\w-]+\.[\w\.-]+|([0-9a-f]{1,4}:+)+([0-9a-f]{1,4})?)$"
|
||||
)
|
||||
return re.match(pattern, sub, re.IGNORECASE) is not None
|
||||
|
||||
Vapid = Vapid01
|
||||
|
||||
Vapid = Vapid02
|
||||
|
|
|
@ -2,7 +2,6 @@ import binascii
|
|||
import json
|
||||
|
||||
from cryptography.exceptions import InvalidSignature
|
||||
from cryptography.hazmat.backends import default_backend
|
||||
from cryptography.hazmat.primitives.asymmetric import ec, utils
|
||||
from cryptography.hazmat.primitives import hashes
|
||||
|
||||
|
@ -47,10 +46,10 @@ def decode(token, key):
|
|||
try:
|
||||
sig_material, signature = extract_signature(token)
|
||||
dkey = b64urldecode(key.encode('utf8'))
|
||||
pkey = ec.EllipticCurvePublicNumbers.from_encoded_point(
|
||||
pkey = ec.EllipticCurvePublicKey.from_encoded_point(
|
||||
ec.SECP256R1(),
|
||||
dkey,
|
||||
).public_key(default_backend())
|
||||
)
|
||||
pkey.verify(
|
||||
signature,
|
||||
sig_material,
|
||||
|
@ -84,5 +83,5 @@ def sign(claims, key):
|
|||
token = "{}.{}".format(header, claims)
|
||||
rsig = key.sign(token.encode('utf8'), ec.ECDSA(hashes.SHA256()))
|
||||
(r, s) = utils.decode_dss_signature(rsig)
|
||||
sig = b64urlencode(num_to_bytes(r) + num_to_bytes(s))
|
||||
sig = b64urlencode(num_to_bytes(r, 32) + num_to_bytes(s, 32))
|
||||
return "{}.{}".format(token, sig)
|
||||
|
|
|
@ -6,6 +6,8 @@ import argparse
|
|||
import os
|
||||
import json
|
||||
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
|
||||
from py_vapid import Vapid01, Vapid02, b64urlencode
|
||||
|
||||
|
||||
|
@ -23,24 +25,28 @@ def main():
|
|||
parser.add_argument('--sign', '-s', help='claims file to sign')
|
||||
parser.add_argument('--gen', '-g', help='generate new key pairs',
|
||||
default=False, action="store_true")
|
||||
parser.add_argument('--version2', '-2', help="use VAPID spec Draft-02",
|
||||
default=False, action="store_true")
|
||||
parser.add_argument('--version1', '-1', help="use VAPID spec Draft-01",
|
||||
parser.add_argument('--version2', '-2', help="use RFC8292 VAPID spec",
|
||||
default=True, action="store_true")
|
||||
parser.add_argument('--version1', '-1', help="use VAPID spec Draft-01",
|
||||
default=False, action="store_true")
|
||||
parser.add_argument('--json', help="dump as json",
|
||||
default=False, action="store_true")
|
||||
parser.add_argument('--no-strict', help='Do not be strict about "sub"',
|
||||
default=False, action="store_true")
|
||||
parser.add_argument('--applicationServerKey',
|
||||
help="show applicationServerKey value",
|
||||
default=False, action="store_true")
|
||||
parser.add_argument('--private-key', '-k', help='private key pem file',
|
||||
default="private_key.pem")
|
||||
args = parser.parse_args()
|
||||
|
||||
# Added to solve 2.7 => 3.* incompatibility
|
||||
Vapid = Vapid01
|
||||
if args.version2:
|
||||
Vapid = Vapid02
|
||||
if args.gen or not os.path.exists('private_key.pem'):
|
||||
Vapid = Vapid02
|
||||
if args.version1:
|
||||
Vapid = Vapid01
|
||||
if args.gen or not os.path.exists(args.private_key):
|
||||
if not args.gen:
|
||||
print("No private_key.pem file found.")
|
||||
print("No private key file found.")
|
||||
answer = None
|
||||
while answer not in ['y', 'n']:
|
||||
answer = prompt("Do you want me to create one for you? (Y/n)")
|
||||
|
@ -50,17 +56,20 @@ def main():
|
|||
if answer == 'n':
|
||||
print("Sorry, can't do much for you then.")
|
||||
exit(1)
|
||||
vapid = Vapid()
|
||||
vapid = Vapid(conf=args)
|
||||
vapid.generate_keys()
|
||||
print("Generating private_key.pem")
|
||||
vapid.save_key('private_key.pem')
|
||||
print("Generating public_key.pem")
|
||||
vapid.save_public_key('public_key.pem')
|
||||
vapid = Vapid.from_file('private_key.pem')
|
||||
vapid = Vapid.from_file(args.private_key)
|
||||
claim_file = args.sign
|
||||
result = dict()
|
||||
if args.applicationServerKey:
|
||||
raw_pub = vapid.public_key.public_numbers().encode_point()
|
||||
raw_pub = vapid.public_key.public_bytes(
|
||||
serialization.Encoding.X962,
|
||||
serialization.PublicFormat.UncompressedPoint
|
||||
)
|
||||
print("Application Server Key = {}\n\n".format(
|
||||
b64urlencode(raw_pub)))
|
||||
if claim_file:
|
||||
|
|
|
@ -4,14 +4,13 @@ import copy
|
|||
import os
|
||||
import json
|
||||
import unittest
|
||||
from nose.tools import eq_, ok_
|
||||
from cryptography.hazmat.primitives import serialization
|
||||
from mock import patch, Mock
|
||||
|
||||
from py_vapid import Vapid01, Vapid02, VapidException
|
||||
from py_vapid import Vapid01, Vapid02, VapidException, _check_sub
|
||||
from py_vapid.jwt import decode
|
||||
|
||||
# This is a private key in DER form.
|
||||
T_DER = """
|
||||
TEST_KEY_PRIVATE_DER = """
|
||||
MHcCAQEEIPeN1iAipHbt8+/KZ2NIF8NeN24jqAmnMLFZEMocY8RboAoGCCqGSM49
|
||||
AwEHoUQDQgAEEJwJZq/GN8jJbo1GGpyU70hmP2hbWAUpQFKDByKB81yldJ9GTklB
|
||||
M5xqEwuPM7VuQcyiLDhvovthPIXx+gsQRQ==
|
||||
|
@ -24,17 +23,18 @@ key = dict(
|
|||
)
|
||||
|
||||
# This is the same private key, in PEM form.
|
||||
T_PRIVATE = ("-----BEGIN PRIVATE KEY-----{}"
|
||||
"-----END PRIVATE KEY-----\n").format(T_DER)
|
||||
TEST_KEY_PRIVATE_PEM = (
|
||||
"-----BEGIN PRIVATE KEY-----{}"
|
||||
"-----END PRIVATE KEY-----\n").format(TEST_KEY_PRIVATE_DER)
|
||||
|
||||
# This is the same private key, as a point in uncompressed form. This should
|
||||
# be Base64url-encoded without padding.
|
||||
T_RAW = """
|
||||
TEST_KEY_PRIVATE_RAW = """
|
||||
943WICKkdu3z78pnY0gXw143biOoCacwsVkQyhxjxFs
|
||||
""".strip().encode('utf8')
|
||||
|
||||
# This is a public key in PEM form.
|
||||
T_PUBLIC = """-----BEGIN PUBLIC KEY-----
|
||||
TEST_KEY_PUBLIC_PEM = """-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEJwJZq/GN8jJbo1GGpyU70hmP2hb
|
||||
WAUpQFKDByKB81yldJ9GTklBM5xqEwuPM7VuQcyiLDhvovthPIXx+gsQRQ==
|
||||
-----END PUBLIC KEY-----
|
||||
|
@ -42,44 +42,44 @@ WAUpQFKDByKB81yldJ9GTklBM5xqEwuPM7VuQcyiLDhvovthPIXx+gsQRQ==
|
|||
|
||||
# this is a public key in uncompressed form ('\x04' + 2 * 32 octets)
|
||||
# Remember, this should have any padding stripped.
|
||||
T_PUBLIC_RAW = (
|
||||
TEST_KEY_PUBLIC_RAW = (
|
||||
"BBCcCWavxjfIyW6NRhqclO9IZj9oW1gFKUBSgwcigfNc"
|
||||
"pXSfRk5JQTOcahMLjzO1bkHMoiw4b6L7YTyF8foLEEU"
|
||||
).strip('=').encode('utf8')
|
||||
|
||||
|
||||
def setUp(self):
|
||||
def setup_module(self):
|
||||
with open('/tmp/private', 'w') as ff:
|
||||
ff.write(T_PRIVATE)
|
||||
ff.write(TEST_KEY_PRIVATE_PEM)
|
||||
with open('/tmp/public', 'w') as ff:
|
||||
ff.write(T_PUBLIC)
|
||||
ff.write(TEST_KEY_PUBLIC_PEM)
|
||||
with open('/tmp/private.der', 'w') as ff:
|
||||
ff.write(T_DER)
|
||||
ff.write(TEST_KEY_PRIVATE_DER)
|
||||
|
||||
|
||||
def tearDown(self):
|
||||
def teardown_module(self):
|
||||
os.unlink('/tmp/private')
|
||||
os.unlink('/tmp/public')
|
||||
|
||||
|
||||
class VapidTestCase(unittest.TestCase):
|
||||
def check_keys(self, v):
|
||||
eq_(v.private_key.private_numbers().private_value, key.get('d'))
|
||||
eq_(v.public_key.public_numbers().x, key.get('x'))
|
||||
eq_(v.public_key.public_numbers().y, key.get('y'))
|
||||
assert v.private_key.private_numbers().private_value == key.get('d')
|
||||
assert v.public_key.public_numbers().x == key.get('x')
|
||||
assert v.public_key.public_numbers().y == key.get('y')
|
||||
|
||||
def test_init(self):
|
||||
v1 = Vapid01.from_file("/tmp/private")
|
||||
self.check_keys(v1)
|
||||
v2 = Vapid01.from_pem(T_PRIVATE.encode())
|
||||
v2 = Vapid01.from_pem(TEST_KEY_PRIVATE_PEM.encode())
|
||||
self.check_keys(v2)
|
||||
v3 = Vapid01.from_der(T_DER.encode())
|
||||
v3 = Vapid01.from_der(TEST_KEY_PRIVATE_DER.encode())
|
||||
self.check_keys(v3)
|
||||
v4 = Vapid01.from_file("/tmp/private.der")
|
||||
self.check_keys(v4)
|
||||
no_exist = '/tmp/not_exist'
|
||||
Vapid01.from_file(no_exist)
|
||||
ok_(os.path.isfile(no_exist))
|
||||
assert os.path.isfile(no_exist)
|
||||
os.unlink(no_exist)
|
||||
|
||||
def repad(self, data):
|
||||
|
@ -94,8 +94,8 @@ class VapidTestCase(unittest.TestCase):
|
|||
def test_gen_key(self):
|
||||
v = Vapid01()
|
||||
v.generate_keys()
|
||||
ok_(v.public_key)
|
||||
ok_(v.private_key)
|
||||
assert v.public_key
|
||||
assert v.private_key
|
||||
|
||||
def test_private_key(self):
|
||||
v = Vapid01()
|
||||
|
@ -104,8 +104,8 @@ class VapidTestCase(unittest.TestCase):
|
|||
|
||||
def test_public_key(self):
|
||||
v = Vapid01()
|
||||
eq_(v._private_key, None)
|
||||
eq_(v._public_key, None)
|
||||
assert v._private_key is None
|
||||
assert v._public_key is None
|
||||
|
||||
def test_save_key(self):
|
||||
v = Vapid01()
|
||||
|
@ -120,37 +120,40 @@ class VapidTestCase(unittest.TestCase):
|
|||
os.unlink("/tmp/p2")
|
||||
|
||||
def test_from_raw(self):
|
||||
v = Vapid01.from_raw(T_RAW)
|
||||
v = Vapid01.from_raw(TEST_KEY_PRIVATE_RAW)
|
||||
self.check_keys(v)
|
||||
|
||||
def test_from_string(self):
|
||||
v1 = Vapid01.from_string(T_DER)
|
||||
v2 = Vapid01.from_string(T_RAW.decode())
|
||||
v1 = Vapid01.from_string(TEST_KEY_PRIVATE_DER)
|
||||
v2 = Vapid01.from_string(TEST_KEY_PRIVATE_RAW.decode())
|
||||
self.check_keys(v1)
|
||||
self.check_keys(v2)
|
||||
|
||||
def test_sign_01(self):
|
||||
v = Vapid01.from_string(T_DER)
|
||||
v = Vapid01.from_string(TEST_KEY_PRIVATE_DER)
|
||||
claims = {"aud": "https://example.com",
|
||||
"sub": "mailto:admin@example.com"}
|
||||
result = v.sign(claims, "id=previous")
|
||||
eq_(result['Crypto-Key'],
|
||||
'id=previous;p256ecdsa=' + T_PUBLIC_RAW.decode('utf8'))
|
||||
assert result['Crypto-Key'] == (
|
||||
'id=previous;p256ecdsa=' + TEST_KEY_PUBLIC_RAW.decode('utf8'))
|
||||
pkey = binascii.b2a_base64(
|
||||
v.public_key.public_numbers().encode_point()
|
||||
v.public_key.public_bytes(
|
||||
serialization.Encoding.X962,
|
||||
serialization.PublicFormat.UncompressedPoint
|
||||
)
|
||||
).decode('utf8').replace('+', '-').replace('/', '_').strip()
|
||||
items = decode(result['Authorization'].split(' ')[1], pkey)
|
||||
for k in claims:
|
||||
eq_(items[k], claims[k])
|
||||
assert items[k] == claims[k]
|
||||
result = v.sign(claims)
|
||||
eq_(result['Crypto-Key'],
|
||||
'p256ecdsa=' + T_PUBLIC_RAW.decode('utf8'))
|
||||
assert result['Crypto-Key'] == ('p256ecdsa=' +
|
||||
TEST_KEY_PUBLIC_RAW.decode('utf8'))
|
||||
# Verify using the same function as Integration
|
||||
# this should ensure that the r,s sign values are correctly formed
|
||||
ok_(Vapid01.verify(
|
||||
assert Vapid01.verify(
|
||||
key=result['Crypto-Key'].split('=')[1],
|
||||
auth=result['Authorization']
|
||||
))
|
||||
)
|
||||
|
||||
def test_sign_02(self):
|
||||
v = Vapid02.from_file("/tmp/private")
|
||||
|
@ -160,20 +163,31 @@ class VapidTestCase(unittest.TestCase):
|
|||
claim_check = copy.deepcopy(claims)
|
||||
result = v.sign(claims, "id=previous")
|
||||
auth = result['Authorization']
|
||||
eq_(auth[:6], 'vapid ')
|
||||
ok_(' t=' in auth)
|
||||
ok_(',k=' in auth)
|
||||
assert auth[:6] == 'vapid '
|
||||
assert ' t=' in auth
|
||||
assert ',k=' in auth
|
||||
parts = auth[6:].split(',')
|
||||
eq_(len(parts), 2)
|
||||
assert len(parts) == 2
|
||||
t_val = json.loads(base64.urlsafe_b64decode(
|
||||
self.repad(parts[0][2:].split('.')[1])
|
||||
).decode('utf8'))
|
||||
k_val = binascii.a2b_base64(self.repad(parts[1][2:]))
|
||||
eq_(binascii.hexlify(k_val)[:2], b'04')
|
||||
eq_(len(k_val), 65)
|
||||
eq_(claims, claim_check)
|
||||
assert binascii.hexlify(k_val)[:2] == b'04'
|
||||
assert len(k_val) == 65
|
||||
assert claims == claim_check
|
||||
for k in claims:
|
||||
eq_(t_val[k], claims[k])
|
||||
assert t_val[k] == claims[k]
|
||||
|
||||
def test_sign_02_localhost(self):
|
||||
v = Vapid02.from_file("/tmp/private")
|
||||
claims = {"aud": "http://localhost:8000",
|
||||
"sub": "mailto:admin@example.com",
|
||||
"foo": "extra value"}
|
||||
result = v.sign(claims, "id=previous")
|
||||
auth = result['Authorization']
|
||||
assert auth[:6] == 'vapid '
|
||||
assert ' t=' in auth
|
||||
assert ',k=' in auth
|
||||
|
||||
def test_integration(self):
|
||||
# These values were taken from a test page. DO NOT ALTER!
|
||||
|
@ -184,8 +198,8 @@ class VapidTestCase(unittest.TestCase):
|
|||
"4cCI6MTQ5NDY3MTQ3MCwic3ViIjoibWFpbHRvOnNpbXBsZS1wdXNoLWRlb"
|
||||
"W9AZ2F1bnRmYWNlLmNvLnVrIn0.LqPi86T-HJ71TXHAYFptZEHD7Wlfjcc"
|
||||
"4u5jYZ17WpqOlqDcW-5Wtx3x1OgYX19alhJ9oLumlS2VzEvNioZolQA")
|
||||
ok_(Vapid01.verify(key=key, auth="webpush {}".format(auth)))
|
||||
ok_(Vapid02.verify(auth="vapid t={},k={}".format(auth, key)))
|
||||
assert Vapid01.verify(key=key, auth="webpush {}".format(auth))
|
||||
assert Vapid02.verify(auth="vapid t={},k={}".format(auth, key))
|
||||
|
||||
def test_bad_integration(self):
|
||||
# These values were taken from a test page. DO NOT ALTER!
|
||||
|
@ -196,7 +210,7 @@ class VapidTestCase(unittest.TestCase):
|
|||
"4cCI6MTQ5NDY3MTQ3MCwic3ViIjoibWFpbHRvOnNpbXBsZS1wdXNoLWRlb"
|
||||
"W9AZ2F1bnRmYWNlLmNvLnVrIn0.LqPi86T-HJ71TXHAYFptZEHD7Wlfjcc"
|
||||
"4u5jYZ17WpqOlqDcW-5Wtx3x1OgYX19alhJ9oLumlS2VzEvNioZ_BAD")
|
||||
eq_(Vapid01.verify(key=key, auth=auth), False)
|
||||
assert Vapid01.verify(key=key, auth=auth) == False
|
||||
|
||||
def test_bad_sign(self):
|
||||
v = Vapid01.from_file("/tmp/private")
|
||||
|
@ -214,7 +228,12 @@ class VapidTestCase(unittest.TestCase):
|
|||
self.assertRaises(VapidException,
|
||||
v.sign,
|
||||
{'sub': 'mailto:foo@bar.com',
|
||||
'aud': "https://p.example.com:8080/"})
|
||||
'aud': "https://p.example.com:8080/"})
|
||||
|
||||
def test_ignore_sub(self):
|
||||
v = Vapid02.from_file("/tmp/private")
|
||||
v.conf['no-strict'] = True
|
||||
assert v.sign({"sub": "foo", "aud": "http://localhost:8000"})
|
||||
|
||||
@patch('cryptography.hazmat.primitives.asymmetric'
|
||||
'.ec.EllipticCurvePublicNumbers')
|
||||
|
@ -233,3 +252,31 @@ class VapidTestCase(unittest.TestCase):
|
|||
decode,
|
||||
'foo.bar.a',
|
||||
'aaaa')
|
||||
|
||||
def test_sub(self):
|
||||
valid = [
|
||||
'mailto:me@localhost',
|
||||
'mailto:me@1.2.3.4',
|
||||
'mailto:me@1234::',
|
||||
'mailto:me@1234::5678',
|
||||
'mailto:admin@example.org',
|
||||
'mailto:admin-test-case@example-test-case.test.org',
|
||||
'https://localhost',
|
||||
'https://exmample-test-case.test.org',
|
||||
'https://8001::',
|
||||
'https://8001:1000:0001',
|
||||
'https://1.2.3.4'
|
||||
]
|
||||
invalid = [
|
||||
'mailto:@foobar.com',
|
||||
'mailto:example.org',
|
||||
'mailto:0123:',
|
||||
'mailto:::1234',
|
||||
'https://somehost',
|
||||
'https://xyz:123',
|
||||
]
|
||||
|
||||
for val in valid:
|
||||
assert _check_sub(val) is True
|
||||
for val in invalid:
|
||||
assert _check_sub(val) is False
|
||||
|
|
|
@ -26,11 +26,14 @@ def b64urlencode(data):
|
|||
return base64.urlsafe_b64encode(data).replace(b'=', b'').decode('utf8')
|
||||
|
||||
|
||||
def num_to_bytes(n):
|
||||
def num_to_bytes(n, pad_to):
|
||||
"""Returns the byte representation of an integer, in big-endian order.
|
||||
:param n: The integer to encode.
|
||||
:type n: int
|
||||
:param pad_to: Expected length of result, zeropad if necessary.
|
||||
:type pad_to: int
|
||||
:returns bytes
|
||||
"""
|
||||
h = '%x' % n
|
||||
return binascii.unhexlify('0' * (len(h) % 2) + h)
|
||||
r = binascii.unhexlify('0' * (len(h) % 2) + h)
|
||||
return b'\x00' * (pad_to - len(r)) + r
|
||||
|
|
|
@ -1 +1 @@
|
|||
cryptography>=1.8.2
|
||||
cryptography>=2.5
|
||||
|
|
|
@ -1,11 +1,7 @@
|
|||
[nosetests]
|
||||
verbose = True
|
||||
verbosity = 1
|
||||
cover-tests = True
|
||||
cover-erase = True
|
||||
with-coverage = True
|
||||
detailed-errors = True
|
||||
cover-package = py_vapid
|
||||
|
||||
[egg_info]
|
||||
tag_build =
|
||||
|
|
16
setup.py
16
setup.py
|
@ -3,7 +3,7 @@ import os
|
|||
|
||||
from setuptools import setup, find_packages
|
||||
|
||||
__version__ = "1.4.0"
|
||||
__version__ = "1.9.0"
|
||||
|
||||
|
||||
def read_from(file):
|
||||
|
@ -24,31 +24,27 @@ def read_from(file):
|
|||
here = os.path.abspath(os.path.dirname(__file__))
|
||||
with io.open(os.path.join(here, 'README.rst'), encoding='utf8') as f:
|
||||
README = f.read()
|
||||
with io.open(os.path.join(here, 'CHANGELOG.md'), encoding='utf8') as f:
|
||||
CHANGES = f.read()
|
||||
#with io.open(os.path.join(here, 'CHANGELOG.md'), encoding='utf8') as f:
|
||||
# CHANGES = f.read()
|
||||
|
||||
setup(name="py-vapid",
|
||||
version=__version__,
|
||||
description='Simple VAPID header generation library',
|
||||
long_description=README + '\n\n' + CHANGES,
|
||||
long_description=README,
|
||||
long_description_content_type="text/x-rst",
|
||||
classifiers=["Topic :: Internet :: WWW/HTTP",
|
||||
"Programming Language :: Python",
|
||||
"Programming Language :: Python :: 2",
|
||||
"Programming Language :: Python :: 2.7",
|
||||
"Programming Language :: Python :: 3",
|
||||
"Programming Language :: Python :: 3.4",
|
||||
"Programming Language :: Python :: 3.5",
|
||||
],
|
||||
keywords='vapid push webpush',
|
||||
author="JR Conlin",
|
||||
author_email="src+vapid@jrconlin.com",
|
||||
url='https://github.com/mozilla-services/vapid',
|
||||
license="MPL2",
|
||||
test_suite="nose.collector",
|
||||
include_package_data=True,
|
||||
zip_safe=False,
|
||||
packages=find_packages(),
|
||||
package_data={'': ['README.md', 'CHANGELOG.md',
|
||||
package_data={'': ['README.rst',
|
||||
'requirements.txt', 'test-requirements.txt']},
|
||||
install_requires=read_from('requirements.txt'),
|
||||
tests_require=read_from('test-requirements.txt'),
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
nose
|
||||
-r requirements.txt
|
||||
pytest
|
||||
coverage
|
||||
mock>=1.0.1
|
||||
flake8
|
||||
|
|
Loading…
Reference in New Issue