Initial Checkin

Author: jrconlin

.gitignore

@@ -0,0 +1,11 @@
+bin/
+build/
+dist/
+include/
+lib/
+local/
+man/
+*.egg-info
+*.pem
+*.pyc
+.*.sw?

README.md

@@ -0,0 +1,25 @@
+# Easy VAPID generation
+
+A set of VAPID encoding libraries for popular languages.
+
+***PLEASE FEEL FREE TO SUBMIT YOUR FAVORITE LANGUAGE!***
+
+VAPID is a draft specification for providing self identification.
+see https://datatracker.ietf.org/doc/draft-thomson-webpush-vapid/
+for the latest specification.
+
+## TL;DR:
+
+In short, you create a JSON blob that contains some contact
+information about your WebPush feed, for instance:
+
+```
+{
+    "aud": "https://YourSiteHere.example",
+    "sub": "mailto://[email protected]",
+    "exp": 1457718878
+}
+```
+
+You then convert that to a [JWT](https://tools.ietf.org/html/rfc7519) encoded
+with `alg = "ES256"`

js/decode.js

@@ -0,0 +1,14 @@
+
+function decode(str) {
+    /* Take a URL Safe base64 string and convert to a Uint8 Byte Array.
+     *
+     * See https://en.wikipedia.org/wiki/Base64 for characters exchanges
+     */
+    cstr = atob(str.replace('-', '+').replace('_', '/'));
+    arr = new Uint8Array(cstr.length)
+    for (i=0; i<cstr.length;i++) {
+        arr[i] = cstr.charCodeAt(i);
+    }
+    return arr;
+}
+

python/CHANGELOG.md

@@ -0,0 +1,32 @@
+# Easy VAPID generation
+
+This minimal library contains the minimal set of functions you need to
+generate a VAPID key set and get the headers you'll need to sign a
+WebPush subscription update.
+
+This can either be installed as a library or used as a stand along
+app.
+
+## App Installation
+
+You'll need `python virtualenv` Run that in the current directory.
+
+Then run
+```
+bin/pip install -r requirements.txt
+
+bin/python setup.py`install
+```
+## App Usage
+
+Run by itself, `bin/vapid` will check and optionally create the
+public_key.pem and private_key.pem files.
+
+`bin/vapid --sign _claims.json_` will generate a set of HTTP headers
+from a JSON formatted claims file. A sample `claims.json` is included
+with this distribution.
+
+`bin/vapid --validate _token_` will generate a token response for the
+Mozilla WebPush dashboard.
+
+

python/README.md

@@ -0,0 +1,4 @@
+{
+    "aud": "https://my_site.example.com",
+    "sub": "mailto:admin@my_site.example.com"
+}

python/claims.json

@@ -0,0 +1,2 @@
+ecdsa==0.13
+python-jose==0.6.1

python/requirements.txt

@@ -0,0 +1,41 @@
+import io
+import os
+
+from vapid import __version__
+from setuptools import setup, find_packages
+
+here = os.path.abspath(os.path.dirname(__file__))
+with io.open(os.path.join(here, 'README.md'), encoding='utf8') as f:
+    README = f.read()
+with io.open(os.path.join(here, 'CHANGELOG.md'), encoding='utf8') as f:
+    CHANGES = f.read()
+
+extra_options = {
+    "packages": find_packages(),
+}
+setup(name="VAPID library",
+      version=__version__,
+      description='Simple VAPID header generation library',
+      long_description=README + '\n\n' + CHANGES,
+      classifiers=["Topic :: Internet :: WWW/HTTP",
+                   'Programming Language :: Python',
+                   "Programming Language :: Python :: 2",
+                   "Programming Language :: Python :: 2.7"
+                   ],
+      keywords='vapid',
+      author="JR Conlin",
+      author_email="[email protected]",
+      url='http:///',
+      license="MPL2",
+      test_suite="nose.collector",
+      include_package_data=True,
+      zip_safe=False,
+      tests_require=['nose', 'coverage', 'mock>=1.0.1'],
+      entry_points="""
+      [console_scripts]
+      vapid = vapid.main:main
+      [nose.plugins]
+      object-tracker = autopush.noseplugin:ObjectTracker
+      """,
+      **extra_options
+      )

python/setup.py

@@ -0,0 +1,4 @@
+nose
+coverage
+mock>=1.0.1
+flake8

python/test-requirements.txt

@@ -0,0 +1,113 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import base64
+import time
+
+import ecdsa
+import logging
+from jose import jws
+
+__version__ = "0.1"
+
+
+class VapidException(Exception):
+    pass
+
+
+class Vapid(object):
+    """Minimal VAPID signature generation library. """
+    _private_key = None
+    _public_key = None
+
+    def __init__(self, private_key_file=None):
+        """Initialize VAPID using an optional file containing a private key
+        in PEM format.
+
+        :param private_key_file: The name of the file containing the
+        private key
+        """
+        if private_key_file:
+            try:
+                self.private_key = ecdsa.SigningKey.from_pem(
+                    open(private_key_file).read())
+            except Exception, exc:
+                import pdb;pdb.set_trace()
+                logging.error("Could not open private key file: %s", repr(exc))
+                raise VapidException(exc)
+            self.pubilcKey = self.private_key.get_verifying_key()
+
+    @property
+    def private_key(self):
+        if not self._private_key:
+            raise VapidException(
+                "No private key defined. Please import or generate a key.")
+        return self._private_key
+
+    @private_key.setter
+    def private_key(self, value):
+        self._private_key = value
+
+    @property
+    def public_key(self):
+        if not self._public_key:
+            self._public_key = self.private_key.get_verifying_key()
+        return self._public_key
+
+    def generate_keys(self):
+        """Generate a valid ECDSA Key Pair."""
+        self.private_key = ecdsa.SigningKey.generate(curve=ecdsa.NIST256p)
+        self.public_key
+
+    def save_key(self, key_file):
+        """Save the private key to a PEM file."""
+        file = open(key_file, "w")
+        if not self._private_key:
+            self.generate_keys()
+        file.write(self._private_key.to_pem())
+        file.close()
+
+    def save_public_key(self, key_file):
+        """Save the public key to a PEM file.
+
+        :param key_file: The name of the file to save the public key
+        """
+        file = open(key_file, "w")
+        file.write(self.public_key.to_pem())
+        file.close()
+
+    def validate(self, token):
+        return base64.urlsafe_b64encode(self.private_key.sign(token))
+
+    def sign(self, claims, crypto_key=None):
+        """Sign a set of claims.
+
+        :param claims: JSON object containing the JWT claims to use.
+        :param crypto_key: Optional existing crypto_key header content. The
+            vapid public key will be appended to this data.
+        :returns result: a hash containing the header fields to use in
+            the subscription update.
+        """
+        if not claims.get('exp'):
+            claims['exp'] = int(time.time()) + 86400
+        if not claims.get('aud'):
+            raise VapidException(
+                "Missing 'aud' from claims. "
+                "'aud' is your site's URL.")
+        if not claims.get('sub'):
+            raise VapidException(
+                "Missing 'sub' from claims. "
+                "'sub' is your admin email as a mailto: link.")
+        sig = jws.sign(claims, self.private_key, algorithm="ES256")
+        pkey = 'p256ecdsa='
+        pkey += base64.urlsafe_b64encode(self.public_key.to_string())
+        if crypto_key:
+            crypto_key = crypto_key + ';' + pkey
+        else:
+            crypto_key = pkey
+
+        return {"Authorization": "Bearer " + sig.strip('='),
+                "Crypto-Key": crypto_key}
+
+

python/vapid/__init__.py

@@ -0,0 +1,82 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import argparse
+import os
+import json
+
+from vapid import Vapid
+
+
+def main():
+    parser = argparse.ArgumentParser(description="VAPID tool")
+    parser.add_argument('--sign', '-s', help='claims file to sign')
+    parser.add_argument('--validate', '-v', help='dashboard token to validate')
+    args = parser.parse_args()
+    if not os.path.exists('private_key.pem'):
+        print "No private_key.pem file found."
+        answer = None
+        while answer not in ['y', 'n']:
+            answer = raw_input("Do you want me to create one for you? (Y/n)")
+            if not answer:
+                answer = 'y'
+            answer = answer.lower()[0]
+            if answer == 'n':
+                print "Sorry, can't do much for you then."
+                exit
+            if answer == 'y':
+                break
+        Vapid().save_key('private_key.pem')
+    vapid = Vapid('private_key.pem')
+    if not os.path.exists('public_key.pem'):
+        print "No public_key.pem file found. You'll need this to access "
+        print "the developer dashboard."
+        answer = None
+        while answer not in ['y', 'n']:
+            answer = raw_input("Do you want me to create one for you? (Y/n)")
+            if not answer:
+                answer = 'y'
+            answer = answer.lower()[0]
+            if answer == 'y':
+                vapid.save_public_key('public_key.pem')
+    claim_file = args.sign
+    if claim_file:
+        if not os.path.exists(claim_file):
+            print "No %s file found." % claim_file
+            print """
+The claims file should be a JSON formatted file that holds the
+information that describes you. There are three elements in the claims
+file you'll need:
+
+    "aud" This is your site's URL (e.g. "https://example.com")
+    "sub" This is your site's admin email address
+          (e.g. "mailto:[email protected]")
+    "exp" This is the expiration time for the claim in seconds. If you don't
+          have one, I'll add one that expires in 24 hours.
+
+For example, a claims.json file could contain:
+
+{"aud": "https://example.com", "sub": "mailto:[email protected]"}
+"""
+            exit
+        try:
+            claims = json.loads(open(claim_file).read())
+            result = vapid.sign(claims)
+        except Exception, exc:
+            print "Crap, something went wrong: %s", repr(exc)
+
+        print "Include the following headers in your request:\n"
+        for key, value in result.items():
+            print "%s: %s" % (key, value)
+        print "\n"
+
+    token = args.validate
+    if token:
+        print "signed token for dashboard validation:\n"
+        print vapid.validate(token)
+        print "\n"
+
+
+if __name__ == '__main__':
+    main()