Changeset 90979 in webkit

Timestamp:

Jul 13, 2011 10:32:44 PM (13 years ago)

Author:

yutak@chromium.org

Message:

WebSocket: Implement hybi handshake
​https://bugs.webkit.org/show_bug.cgi?id=64344

Reviewed by Kent Tamura.

Source/WebCore:

Implement WebSocket handshake which is described at
<​http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10#section-5.1>.

Notable differences from hixie-76 protocol are:

• Challenge-response scheme has been changed dramatically.
• Servers do not send Sec-WebSocket-Location and Sec-WebSocket-Origin anymore.
• The value of "Upgrade" header has been changed to "websocket" (lower-case only).
• "Origin" header in client's request is renamed to "Sec-WebSocket-Origin".

New tests: http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header.html

http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header.html
http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header.html

Note: Tests under hybi/ directory (including the new ones) are skipped and cannot be enabled
yet, because pywebsocket does not accept requests from half-baked client implementation
(i.e. hybi handshake + hixie-76 framing). They will be unskipped when hybi framing is landed
in WebCore.

• websockets/WebSocketHandshake.cpp:

Functions and members only used for hixie-76 handshake are renamed so that they are not confused
with hybi-10's ones.
(WebCore::generateHixie76SecWebSocketKey):
(WebCore::generateHixie76Key3):
(WebCore::generateHixie76ExpectedChallengeResponse):
(WebCore::generateSecWebSocketKey):
Generates a value for Sec-WebSocket-Key as stated in hybi-10.
(WebCore::getExpectedWebSocketAccept):
Calculates the expected value of Sec-WebSocket-Accept.
(WebCore::WebSocketHandshake::WebSocketHandshake):
(WebCore::WebSocketHandshake::clientHandshakeMessage):
(WebCore::WebSocketHandshake::clientHandshakeRequest):
(WebCore::WebSocketHandshake::readServerHandshake):
(WebCore::WebSocketHandshake::serverWebSocketAccept):
(WebCore::WebSocketHandshake::serverWebSocketExtensions):
(WebCore::WebSocketHandshake::checkResponseHeaders):

• websockets/WebSocketHandshake.h:

LayoutTests:

Fix existing tests so they match the new handshake format, and add tests for new header fields.

There are several changes in the format of handshake response, such as:

• Reason string in HTTP status line has been changed to "Switching Protocols".
• The value of "Upgrade" header has been changed to "websocket" (lower-case only).
• Sec-WebSocket-Location and Sec-WebSocket-Origin are gone.
• "Challenge response" value (16-byte data after the response header fields) is removed, and Sec-WebSocket-Accept header is added instead.

The value of Sec-WebSocket-Accept header is computed using compute_accept() function
located in mod_pywebsocket.handshake.hybi06 module. Although the module name contains
"hybi06", this function can be used to calculate the value of Sec-WebSocket-Accept header
for hybi-10 (calculation method has not been changed since hybi-06).

Note: Tests under hybi/ directory (including the new ones) are skipped and cannot be enabled
yet, because pywebsocket does not accept requests from half-baked client implementation
(i.e. hybi handshake + hixie-76 framing). They will be unskipped when hybi framing is landed
in WebCore.

• http/tests/websocket/tests/handler_map.txt:

There must be only one handler that can handle requests to "/". hybi/echo-location_wsh.py
is modified to accept requests of both protocol versions.

• http/tests/websocket/tests/hybi/bad-handshake-crash_wsh.py:
• http/tests/websocket/tests/hybi/echo-challenge_wsh.py:
• http/tests/websocket/tests/hybi/echo-location_wsh.py:
• http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header-expected.txt: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header.html: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header_wsh.py: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-maxlength_wsh.py:
• http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header-expected.txt: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header.html: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header_wsh.py: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-no-connection-header_wsh.py:
• http/tests/websocket/tests/hybi/handshake-fail-by-no-cr_wsh.py:
• http/tests/websocket/tests/hybi/handshake-fail-by-no-upgrade-header_wsh.py:
• http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py:
• http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header-expected.txt: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header.html: Added.
• http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header_wsh.py: Added.
• http/tests/websocket/tests/hybi/long-invalid-header_wsh.py:
• http/tests/websocket/tests/hybi/workers/resources/echo-challenge_wsh.py:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/handler_map.txt (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/bad-handshake-crash_wsh.py (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/echo-challenge_wsh.py (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/echo-location_wsh.py (modified) (3 diffs)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header-expected.txt (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header.html (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header_wsh.py (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-maxlength_wsh.py (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header-expected.txt (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header.html (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header_wsh.py (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-connection-header_wsh.py (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-cr_wsh.py (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-upgrade-header_wsh.py (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py (modified) (2 diffs)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header-expected.txt (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header.html (added)
• LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header_wsh.py (added)
• LayoutTests/http/tests/websocket/tests/hybi/long-invalid-header_wsh.py (modified) (1 diff)
• LayoutTests/http/tests/websocket/tests/hybi/workers/resources/echo-challenge_wsh.py (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/websockets/WebSocketHandshake.cpp (modified) (17 diffs)
• Source/WebCore/websockets/WebSocketHandshake.h (modified) (4 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-07-13  Yuta Kitamura  <yutak@chromium.org>
+
+        WebSocket: Implement hybi handshake
+        https://bugs.webkit.org/show_bug.cgi?id=64344
+
+        Reviewed by Kent Tamura.
+
+        Fix existing tests so they match the new handshake format, and add tests for new header fields.
+
+        There are several changes in the format of handshake response, such as:
+        - Reason string in HTTP status line has been changed to "Switching Protocols".
+        - The value of "Upgrade" header has been changed to "websocket" (lower-case only).
+        - Sec-WebSocket-Location and Sec-WebSocket-Origin are gone.
+        - "Challenge response" value (16-byte data after the response header fields) is removed, and
+          Sec-WebSocket-Accept header is added instead.
+
+        The value of Sec-WebSocket-Accept header is computed using compute_accept() function
+        located in mod_pywebsocket.handshake.hybi06 module. Although the module name contains
+        "hybi06", this function can be used to calculate the value of Sec-WebSocket-Accept header
+        for hybi-10 (calculation method has not been changed since hybi-06).
+
+        Note: Tests under hybi/ directory (including the new ones) are skipped and cannot be enabled
+        yet, because pywebsocket does not accept requests from half-baked client implementation
+        (i.e. hybi handshake + hixie-76 framing). They will be unskipped when hybi framing is landed
+        in WebCore.
+
+        * http/tests/websocket/tests/handler_map.txt:
+        There must be only one handler that can handle requests to "/". hybi/echo-location_wsh.py
+        is modified to accept requests of both protocol versions.
+        * http/tests/websocket/tests/hybi/bad-handshake-crash_wsh.py:
+        * http/tests/websocket/tests/hybi/echo-challenge_wsh.py:
+        * http/tests/websocket/tests/hybi/echo-location_wsh.py:
+        * http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header-expected.txt: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header.html: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header_wsh.py: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-maxlength_wsh.py:
+        * http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header-expected.txt: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header.html: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header_wsh.py: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-no-connection-header_wsh.py:
+        * http/tests/websocket/tests/hybi/handshake-fail-by-no-cr_wsh.py:
+        * http/tests/websocket/tests/hybi/handshake-fail-by-no-upgrade-header_wsh.py:
+        * http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py:
+        * http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header-expected.txt: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header.html: Added.
+        * http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header_wsh.py: Added.
+        * http/tests/websocket/tests/hybi/long-invalid-header_wsh.py:
+        * http/tests/websocket/tests/hybi/workers/resources/echo-challenge_wsh.py:
+
 2011-07-13  MORITA Hajime  <morrita@google.com>
 

trunk/LayoutTests/http/tests/websocket/tests/handler_map.txt

@@ -1 +1 @@
 # websocket handler map file.
 # request to '/' will be handled by echo-location_wsh.py
-/ /websocket/tests/hixie76/echo-location
+# hybi/echo-location_wsh.py can handle both hixie-76 and hybi-10 protocols.
+/ /websocket/tests/hybi/echo-location

trunk/LayoutTests/http/tests/websocket/tests/hybi/bad-handshake-crash_wsh.py

@@ +1 @@
+from mod_pywebsocket.handshake.hybi06 import compute_accept
+
+
 def web_socket_do_extra_handshake(request):
-    msg = "HTTP/1.1 101 WebSocket Protocol Handshake\r\n"
-    msg += "Upgrade: WebSocket\r\n"
+    msg = "HTTP/1.1 101 Switching Protocols\r\n"
+    msg += "Upgrade: websocket\r\n"
     msg += "Connection: Upgrade\r\n"
-    msg += "Sec-WebSocket-Location: " + request.ws_location + "\r\n"
-    msg += "Sec-WebSocket-Origin: " + request.ws_origin + "\r\n"
+    msg += "Sec-WebSocket-Accept: %s\r\n" % compute_accept(request.headers_in["Sec-WebSocket-Key"])[0]
     msg += "\xa5:\r\n"
     msg += "\r\n"
-    msg += request.ws_challenge_md5
     request.connection.write(msg)
     print msg

trunk/LayoutTests/http/tests/websocket/tests/hybi/echo-challenge_wsh.py

@@ -7 +7 @@
 
 def web_socket_transfer_data(request):
-    msgutil.send_message(request, _hexify(request.ws_challenge))
-
-
-def _hexify(bytes):
-    return ':'.join(['%02X' % ord(byte) for byte in bytes])
+    msgutil.send_message(request, request.headers_in['Sec-WebSocket-Key'])

trunk/LayoutTests/http/tests/websocket/tests/hybi/echo-location_wsh.py

@@ -1 @@
-# Copyright (C) 2009 Google Inc. All rights reserved.
+# Copyright (C) 2011 Google Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without
@@ -29 +29 @@
 
 from mod_pywebsocket import msgutil
+from mod_pywebsocket.handshake._base import build_location
 
 
@@ -36 +37 @@
 
 def web_socket_transfer_data(request):
-    print request.ws_location
-    msgutil.send_message(request, request.ws_location)
+    if hasattr(request, 'ws_location'):
+        location = request.ws_location
+    else:
+        # When hybi protocol is used, pywebsocket does not provide
+        # ws_location attribute because servers are not required to send
+        # Sec-WebSocket-Location header according to the protocol
+        # specification. If ws_location attribute is not available,
+        # we use pywebsocket's internal function "build_function"
+        # to obtain the identical value.
+        location = build_location(request)
+    msgutil.send_message(request, location)

trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-maxlength_wsh.py

@@ -21 +21 @@
 
 
+from mod_pywebsocket.handshake.hybi06 import compute_accept
+
+
 def web_socket_do_extra_handshake(request):
     # This will cause the handshake to fail because it pushes the length of the
     # status line past 1024 characters
     msg = '.' * 1024
-    msg += 'HTTP/1.1 101 WebSocket Protocol Handshake\r\n'
-    msg += 'Upgrade: WebSocket\r\n'
+    msg += 'HTTP/1.1 101 Switching Protocols\r\n'
+    msg += 'Upgrade: websocket\r\n'
     msg += 'Connection: Upgrade\r\n'
-    msg += 'Sec-WebSocket-Location: ' + request.ws_location + '\r\n'
-    msg += 'Sec-WebSocket-Origin: ' + request.ws_origin + '\r\n'
+    msg += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
     msg += '\r\n'
-    msg += request.ws_challenge_md5
     request.connection.write(msg)
     raise Exception('abort the connection') # Prevents pywebsocket from sending its own handshake message.

trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-connection-header_wsh.py

@@ +1 @@
+from mod_pywebsocket.handshake.hybi06 import compute_accept
+
+
 def web_socket_do_extra_handshake(request):
-    msg = 'HTTP/1.1 101 WebSocket Protocol Handshake\r\n'
-    msg += 'Upgrade: WebSocket\r\n'
+    msg = 'HTTP/1.1 101 Switching Protocols\r\n'
+    msg += 'Upgrade: websocket\r\n'
 #   Missing 'Connection: Upgrade\r\n'
-    msg += 'Sec-WebSocket-Location: ' + request.ws_location + '\r\n'
-    msg += 'Sec-WebSocket-Origin: ' + request.ws_origin + '\r\n'
+    msg += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
     msg += '\r\n'
-    msg += request.ws_challenge_md5
     request.connection.write(msg)
     print msg

trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-cr_wsh.py

@@ +1 @@
+from mod_pywebsocket.handshake.hybi06 import compute_accept
+
+
 def web_socket_do_extra_handshake(request):
-    msg = 'HTTP/1.1 101 WebSocket Protocol Handshake\n' # Does not end with "\r\n".
-    msg += 'Upgrade: WebSocket\r\n'
+    msg = 'HTTP/1.1 101 Switching Protocols\n' # Does not end with "\r\n".
+    msg += 'Upgrade: websocket\r\n'
     msg += 'Connection: Upgrade\r\n'
-    msg += 'Sec-WebSocket-Location: ' + request.ws_location + '\r\n'
-    msg += 'Sec-WebSocket-Origin: ' + request.ws_origin + '\r\n'
+    msg += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
     msg += '\r\n'
-    msg += request.ws_challenge_md5
     request.connection.write(msg)
     print msg

trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-no-upgrade-header_wsh.py

@@ +1 @@
+from mod_pywebsocket.handshake.hybi06 import compute_accept
+
+
 def web_socket_do_extra_handshake(request):
-    msg = 'HTTP/1.1 101 WebSocket Protocol Handshake\r\n'
-#   Missing 'Upgrade: WebSocket\r\n'
+    msg = 'HTTP/1.1 101 Switching Protocols\r\n'
+#   Missing 'Upgrade: websocket\r\n'
     msg += 'Connection: Upgrade\r\n'
-    msg += 'Sec-WebSocket-Location: ' + request.ws_location + '\r\n'
-    msg += 'Sec-WebSocket-Origin: ' + request.ws_origin + '\r\n'
+    msg += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
     msg += '\r\n'
-    msg += request.ws_challenge_md5
     request.connection.write(msg)
     print msg

trunk/LayoutTests/http/tests/websocket/tests/hybi/handshake-fail-by-prepended-null_wsh.py

@@ -20 +20 @@
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+
 import time
+from mod_pywebsocket import stream
+from mod_pywebsocket.handshake.hybi06 import compute_accept
 
 
@@ -29 +32 @@
     # to send more data - it should abort after reading a reasonable number of
     # bytes (set arbitrarily to 1024).
-    frame = '\0Frame-contains-thirty-two-bytes'
+    frame = stream.create_text_frame('\0Frame-contains-thirty-two-bytes')
 
     msg = frame
-    msg += 'HTTP/1.1 101 WebSocket Protocol Handshake\r\n'
-    msg += 'Upgrade: WebSocket\r\n'
+    msg += 'HTTP/1.1 101 Switching Protocols\r\n'
+    msg += 'Upgrade: websocket\r\n'
     msg += 'Connection: Upgrade\r\n'
-    msg += 'Sec-WebSocket-Location: ' + request.ws_location + '\r\n'
-    msg += 'Sec-WebSocket-Origin: ' + request.ws_origin + '\r\n'
+    msg += 'Sec-WebSocket-Accept: %s\r\n' % compute_accept(request.headers_in['Sec-WebSocket-Key'])[0]
     msg += '\r\n'
-    msg += request.ws_challenge_md5
     request.connection.write(msg)
     # continue writing data until the client disconnects

trunk/LayoutTests/http/tests/websocket/tests/hybi/long-invalid-header_wsh.py

@@ -3 +3 @@
     msg += ("p" * 1024) + "\r\n"
     msg += "\r\n"
-    msg += request.ws_challenge_md5
     request.connection.write(msg)
     raise Exception("Abort the connection") # Prevents pywebsocket from sending its own handshake message.

trunk/LayoutTests/http/tests/websocket/tests/hybi/workers/resources/echo-challenge_wsh.py

@@ -7 +7 @@
 
 def web_socket_transfer_data(request):
-    msgutil.send_message(request, _hexify(request.ws_challenge))
-
-
-def _hexify(bytes):
-    return ':'.join(['%02X' % ord(byte) for byte in bytes])
+    msgutil.send_message(request, request.headers_in['Sec-WebSocket-Key'])

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-07-13  Yuta Kitamura  <yutak@chromium.org>
+
+        WebSocket: Implement hybi handshake
+        https://bugs.webkit.org/show_bug.cgi?id=64344
+
+        Reviewed by Kent Tamura.
+
+        Implement WebSocket handshake which is described at
+        <http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-10#section-5.1>.
+
+        Notable differences from hixie-76 protocol are:
+        - Challenge-response scheme has been changed dramatically.
+        - Servers do not send Sec-WebSocket-Location and Sec-WebSocket-Origin anymore.
+        - The value of "Upgrade" header has been changed to "websocket" (lower-case only).
+        - "Origin" header in client's request is renamed to "Sec-WebSocket-Origin".
+
+        New tests: http/tests/websocket/tests/hybi/handshake-fail-by-extensions-header.html
+                   http/tests/websocket/tests/hybi/handshake-fail-by-no-accept-header.html
+                   http/tests/websocket/tests/hybi/handshake-fail-by-wrong-accept-header.html
+
+        Note: Tests under hybi/ directory (including the new ones) are skipped and cannot be enabled
+        yet, because pywebsocket does not accept requests from half-baked client implementation
+        (i.e. hybi handshake + hixie-76 framing). They will be unskipped when hybi framing is landed
+        in WebCore.
+
+        * websockets/WebSocketHandshake.cpp:
+        Functions and members only used for hixie-76 handshake are renamed so that they are not confused
+        with hybi-10's ones.
+        (WebCore::generateHixie76SecWebSocketKey):
+        (WebCore::generateHixie76Key3):
+        (WebCore::generateHixie76ExpectedChallengeResponse):
+        (WebCore::generateSecWebSocketKey):
+        Generates a value for Sec-WebSocket-Key as stated in hybi-10.
+        (WebCore::getExpectedWebSocketAccept):
+        Calculates the expected value of Sec-WebSocket-Accept.
+        (WebCore::WebSocketHandshake::WebSocketHandshake):
+        (WebCore::WebSocketHandshake::clientHandshakeMessage):
+        (WebCore::WebSocketHandshake::clientHandshakeRequest):
+        (WebCore::WebSocketHandshake::readServerHandshake):
+        (WebCore::WebSocketHandshake::serverWebSocketAccept):
+        (WebCore::WebSocketHandshake::serverWebSocketExtensions):
+        (WebCore::WebSocketHandshake::checkResponseHeaders):
+        * websockets/WebSocketHandshake.h:
+
 2011-07-13  MORITA Hajime  <morrita@google.com>
 

trunk/Source/WebCore/websockets/WebSocketHandshake.cpp

@@ -36 +36 @@
 #include "WebSocketHandshake.h"
 
+#include "Base64.h"
 #include "Cookie.h"
 #include "CookieJar.h"
@@ -47 +48 @@
 #include <wtf/CryptographicallyRandomNumber.h>
 #include <wtf/MD5.h>
+#include <wtf/SHA1.h>
 #include <wtf/StdLibExtras.h>
 #include <wtf/StringExtras.h>
@@ -107 +109 @@
 }
 
-static void generateSecWebSocketKey(uint32_t& number, String& key)
+static void generateHixie76SecWebSocketKey(uint32_t& number, String& key)
 {
     uint32_t space = randomNumberLessThan(12) + 1;
@@ -132 +134 @@
 }
 
-static void generateKey3(unsigned char key3[8])
+static void generateHixie76Key3(unsigned char key3[8])
 {
     cryptographicallyRandomValues(key3, 8);
@@ -147 +149 @@
 }
 
-static void generateExpectedChallengeResponse(uint32_t number1, uint32_t number2, unsigned char key3[8], unsigned char expectedChallenge[16])
+static void generateHixie76ExpectedChallengeResponse(uint32_t number1, uint32_t number2, unsigned char key3[8], unsigned char expectedChallenge[16])
 {
     unsigned char challenge[16];
@@ -160 +162 @@
 }
 
+static String generateSecWebSocketKey()
+{
+    static const size_t nonceSize = 16;
+    unsigned char key[nonceSize];
+    cryptographicallyRandomValues(key, nonceSize);
+    return base64Encode(reinterpret_cast<char*>(key), nonceSize);
+}
+
+static String getExpectedWebSocketAccept(const String& secWebSocketKey)
+{
+    static const char* const webSocketKeyGUID = "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
+    static const size_t sha1HashSize = 20; // FIXME: This should be defined in SHA1.h.
+    SHA1 sha1;
+    CString keyData = secWebSocketKey.ascii();
+    sha1.addBytes(reinterpret_cast<const uint8_t*>(keyData.data()), keyData.length());
+    sha1.addBytes(reinterpret_cast<const uint8_t*>(webSocketKeyGUID), strlen(webSocketKeyGUID));
+    Vector<uint8_t, sha1HashSize> hash;
+    sha1.computeHash(hash);
+    return base64Encode(reinterpret_cast<const char*>(hash.data()), sha1HashSize);
+}
+
 WebSocketHandshake::WebSocketHandshake(const KURL& url, const String& protocol, ScriptExecutionContext* context, bool useHixie76Protocol)
     : m_url(url)
@@ -168 +191 @@
     , m_mode(Incomplete)
 {
-    uint32_t number1;
-    uint32_t number2;
-    generateSecWebSocketKey(number1, m_secWebSocketKey1);
-    generateSecWebSocketKey(number2, m_secWebSocketKey2);
-    generateKey3(m_key3);
-    generateExpectedChallengeResponse(number1, number2, m_key3, m_expectedChallengeResponse);
+    if (m_useHixie76Protocol) {
+        uint32_t number1;
+        uint32_t number2;
+        generateHixie76SecWebSocketKey(number1, m_hixie76SecWebSocketKey1);
+        generateHixie76SecWebSocketKey(number2, m_hixie76SecWebSocketKey2);
+        generateHixie76Key3(m_hixie76Key3);
+        generateHixie76ExpectedChallengeResponse(number1, number2, m_hixie76Key3, m_hixie76ExpectedChallengeResponse);
+    } else {
+        m_secWebSocketKey = generateSecWebSocketKey();
+        m_expectedAccept = getExpectedWebSocketAccept(m_secWebSocketKey);
+    }
 }
 
@@ -235 +263 @@
 
     Vector<String> fields;
-    fields.append("Upgrade: WebSocket");
+    if (m_useHixie76Protocol)
+        fields.append("Upgrade: WebSocket");
+    else
+        fields.append("Upgrade: websocket");
     fields.append("Connection: Upgrade");
     fields.append("Host: " + hostName(m_url, m_secure));
-    fields.append("Origin: " + clientOrigin());
+    if (m_useHixie76Protocol)
+        fields.append("Origin: " + clientOrigin());
+    else
+        fields.append("Sec-WebSocket-Origin: " + clientOrigin());
     if (!m_clientProtocol.isEmpty())
         fields.append("Sec-WebSocket-Protocol: " + m_clientProtocol);
@@ -251 +285 @@
     }
 
-    fields.append("Sec-WebSocket-Key1: " + m_secWebSocketKey1);
-    fields.append("Sec-WebSocket-Key2: " + m_secWebSocketKey2);
+    if (m_useHixie76Protocol) {
+        fields.append("Sec-WebSocket-Key1: " + m_hixie76SecWebSocketKey1);
+        fields.append("Sec-WebSocket-Key2: " + m_hixie76SecWebSocketKey2);
+    } else {
+        fields.append("Sec-WebSocket-Key: " + m_secWebSocketKey);
+        // FIXME: Current version of pywebsocket only accepts version value of 7,
+        // while hybi-10 requires this value to be 8. Should be fixed when
+        // a new version of pywebsocket is released.
+        fields.append("Sec-WebSocket-Version: 7");
+    }
 
     // Fields in the handshake are sent by the client in a random order; the
@@ -266 +308 @@
 
     CString handshakeHeader = builder.toString().utf8();
+    // Hybi-10 handshake is complete at this point.
+    if (!m_useHixie76Protocol)
+        return handshakeHeader;
+    // Hixie-76 protocol requires sending eight-byte data (so-called "key3") after the request header fields.
     char* characterBuffer = 0;
-    CString msg = CString::newUninitialized(handshakeHeader.length() + sizeof(m_key3), characterBuffer);
+    CString msg = CString::newUninitialized(handshakeHeader.length() + sizeof(m_hixie76Key3), characterBuffer);
     memcpy(characterBuffer, handshakeHeader.data(), handshakeHeader.length());
-    memcpy(characterBuffer + handshakeHeader.length(), m_key3, sizeof(m_key3));
+    memcpy(characterBuffer + handshakeHeader.length(), m_hixie76Key3, sizeof(m_hixie76Key3));
     return msg;
 }
@@ -279 +325 @@
     // m_key3 in WebSocketHandshakeRequest?
     WebSocketHandshakeRequest request("GET", m_url);
-    request.addHeaderField("Upgrade", "WebSocket");
+    if (m_useHixie76Protocol)
+        request.addHeaderField("Upgrade", "WebSocket");
+    else
+        request.addHeaderField("Upgrade", "websocket");
     request.addHeaderField("Connection", "Upgrade");
     request.addHeaderField("Host", hostName(m_url, m_secure));
-    request.addHeaderField("Origin", clientOrigin());
+    if (m_useHixie76Protocol)
+        request.addHeaderField("Origin", clientOrigin());
+    else
+        request.addHeaderField("Sec-WebSocket-Origin", clientOrigin());
     if (!m_clientProtocol.isEmpty())
         request.addHeaderField("Sec-WebSocket-Protocol:", m_clientProtocol);
@@ -295 +347 @@
     }
 
-    request.addHeaderField("Sec-WebSocket-Key1", m_secWebSocketKey1);
-    request.addHeaderField("Sec-WebSocket-Key2", m_secWebSocketKey2);
-    request.setKey3(m_key3);
+    if (m_useHixie76Protocol) {
+        request.addHeaderField("Sec-WebSocket-Key1", m_hixie76SecWebSocketKey1);
+        request.addHeaderField("Sec-WebSocket-Key2", m_hixie76SecWebSocketKey2);
+        request.setKey3(m_hixie76Key3);
+    } else {
+        request.addHeaderField("Sec-WebSocket-Key", m_secWebSocketKey);
+        request.addHeaderField("Sec-WebSocket-Version", "7"); // FIXME: See FIXME in clientHandshakeMessage().
+    }
 
     return request;
@@ -349 +406 @@
         return p - header;
     }
-    if (len < static_cast<size_t>(p - header + sizeof(m_expectedChallengeResponse))) {
+
+    if (!m_useHixie76Protocol) { // Hybi-10 handshake is complete at this point.
+        m_mode = Connected;
+        return p - header;
+    }
+
+    // In hixie-76 protocol, server's handshake contains sixteen-byte data (called "challenge response")
+    // after the header fields.
+    if (len < static_cast<size_t>(p - header + sizeof(m_hixie76ExpectedChallengeResponse))) {
         // Just hasn't been received /expected/ yet.
         m_mode = Incomplete;
         return -1;
     }
+
     m_response.setChallengeResponse(static_cast<const unsigned char*>(static_cast<const void*>(p)));
-    if (memcmp(p, m_expectedChallengeResponse, sizeof(m_expectedChallengeResponse))) {
+    if (memcmp(p, m_hixie76ExpectedChallengeResponse, sizeof(m_hixie76ExpectedChallengeResponse))) {
         m_mode = Failed;
-        return (p - header) + sizeof(m_expectedChallengeResponse);
+        return (p - header) + sizeof(m_hixie76ExpectedChallengeResponse);
     }
     m_mode = Connected;
-    return (p - header) + sizeof(m_expectedChallengeResponse);
+    return (p - header) + sizeof(m_hixie76ExpectedChallengeResponse);
 }
 
@@ -406 +472 @@
 {
     return m_response.headerFields().get("connection");
+}
+
+String WebSocketHandshake::serverWebSocketAccept() const
+{
+    return m_response.headerFields().get("sec-websocket-accept");
+}
+
+String WebSocketHandshake::serverWebSocketExtensions() const
+{
+    return m_response.headerFields().get("sec-websocket-extensions");
 }
 
@@ -572 +648 @@
     const String& serverUpgrade = this->serverUpgrade();
     const String& serverConnection = this->serverConnection();
+    const String& serverWebSocketAccept = this->serverWebSocketAccept();
+    const String& serverWebSocketExtensions = this->serverWebSocketExtensions();
 
     if (serverUpgrade.isNull()) {
@@ -581 +659 @@
         return false;
     }
-    if (serverWebSocketOrigin.isNull()) {
-        m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Origin' header is missing";
-        return false;
-    }
-    if (serverWebSocketLocation.isNull()) {
-        m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Location' header is missing";
-        return false;
+    if (m_useHixie76Protocol) {
+        if (serverWebSocketOrigin.isNull()) {
+            m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Origin' header is missing";
+            return false;
+        }
+        if (serverWebSocketLocation.isNull()) {
+            m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Location' header is missing";
+            return false;
+        }
+    } else {
+        if (serverWebSocketAccept.isNull()) {
+            m_failureReason = "Error during WebSocket handshake: 'Sec-WebSocket-Accept' header is missing";
+            return false;
+        }
     }
 
@@ -599 +684 @@
     }
 
-    if (clientOrigin() != serverWebSocketOrigin) {
-        m_failureReason = "Error during WebSocket handshake: origin mismatch: " + clientOrigin() + " != " + serverWebSocketOrigin;
-        return false;
-    }
-    if (clientLocation() != serverWebSocketLocation) {
-        m_failureReason = "Error during WebSocket handshake: location mismatch: " + clientLocation() + " != " + serverWebSocketLocation;
-        return false;
-    }
-    if (!m_clientProtocol.isEmpty() && m_clientProtocol != serverWebSocketProtocol) {
-        m_failureReason = "Error during WebSocket handshake: protocol mismatch: " + m_clientProtocol + " != " + serverWebSocketProtocol;
-        return false;
+    if (m_useHixie76Protocol) {
+        if (clientOrigin() != serverWebSocketOrigin) {
+            m_failureReason = "Error during WebSocket handshake: origin mismatch: " + clientOrigin() + " != " + serverWebSocketOrigin;
+            return false;
+        }
+        if (clientLocation() != serverWebSocketLocation) {
+            m_failureReason = "Error during WebSocket handshake: location mismatch: " + clientLocation() + " != " + serverWebSocketLocation;
+            return false;
+        }
+        if (!m_clientProtocol.isEmpty() && m_clientProtocol != serverWebSocketProtocol) {
+            m_failureReason = "Error during WebSocket handshake: protocol mismatch: " + m_clientProtocol + " != " + serverWebSocketProtocol;
+            return false;
+        }
+    } else {
+        if (serverWebSocketAccept != m_expectedAccept) {
+            m_failureReason = "Error during WebSocket handshake: Sec-WebSocket-Accept mismatch";
+            return false;
+        }
+        if (!serverWebSocketExtensions.isNull()) {
+            // WebSocket protocol extensions are not supported yet.
+            // We do not send Sec-WebSocket-Extensions header in our request, thus
+            // servers should not return this header, either.
+            m_failureReason = "Error during WebSocket handshake: Sec-WebSocket-Extensions header is invalid";
+            return false;
+        }
     }
     return true;

trunk/Source/WebCore/websockets/WebSocketHandshake.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2009 Google Inc.  All rights reserved.
+ * Copyright (C) 2011 Google Inc.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -74 +74 @@
         String failureReason() const; // Returns a string indicating the reason of failure if mode() == Failed.
 
-        String serverWebSocketOrigin() const;
-        String serverWebSocketLocation() const;
+        String serverWebSocketOrigin() const; // Only for hixie-76 handshake.
+        String serverWebSocketLocation() const; // Only for hixie-76 handshake.
         String serverWebSocketProtocol() const;
         String serverSetCookie() const;
@@ -81 +81 @@
         String serverUpgrade() const;
         String serverConnection() const;
+        String serverWebSocketAccept() const; // Only for hybi-10 handshake.
+        String serverWebSocketExtensions() const; // Only for hybi-10 handshake.
 
         const WebSocketHandshakeResponse& serverHandshakeResponse() const;
@@ -102 +104 @@
         Mode m_mode;
 
-        String m_secWebSocketKey1;
-        String m_secWebSocketKey2;
-        unsigned char m_key3[8];
-        unsigned char m_expectedChallengeResponse[16];
-
         WebSocketHandshakeResponse m_response;
 
         String m_failureReason;
+
+        // For hixie-76 handshake.
+        String m_hixie76SecWebSocketKey1;
+        String m_hixie76SecWebSocketKey2;
+        unsigned char m_hixie76Key3[8];
+        unsigned char m_hixie76ExpectedChallengeResponse[16];
+
+        // For hybi-10 handshake.
+        String m_secWebSocketKey;
+        String m_expectedAccept;
     };