Implement draft 10 of the http2 spec

hyper/compat.py

@@ -5,6 +5,7 @@
 
 Normalizes the Python 2/3 API for internal use.
 """
+from contextlib import contextmanager
 import sys
 import zlib
 
@@ -17,7 +18,15 @@
 #: Python 3.x?
 is_py3 = (_ver[0] == 3)
 
+@contextmanager
+def handle_missing():
+    try:
+        yield
+    except (AttributeError, NotImplementedError):  # pragma: no cover
+        pass
+
 if is_py2:
+    import ssl_compat as ssl
     from urlparse import urlparse
 
     def to_byte(char):
@@ -32,6 +41,7 @@ def zlib_compressobj(level=6, method=zlib.DEFLATED, wbits=15, memlevel=8,
         return zlib.compressobj(level, method, wbits, memlevel, strategy)
 
 elif is_py3:
+    import ssl
     from urllib.parse import urlparse
 
     def to_byte(char):

hyper/http20/connection.py

@@ -7,7 +7,7 @@
 """
 from .hpack import Encoder, Decoder
 from .stream import Stream
-from .tls import wrap_socket
+from .tls import NPN_PROTOCOL, wrap_socket
 from .frame import (
     DataFrame, HeadersFrame, SettingsFrame, Frame, WindowUpdateFrame,
     GoAwayFrame

hyper/http20/frame.py

@@ -12,6 +12,9 @@
 # The maximum length of a frame. Some frames have shorter maximum lengths.
 FRAME_MAX_LEN = (2 ** 14) - 1
 
+def _total_padding(high, low):
+    return high * 256 + low
+
 
 class Frame(object):
     """
@@ -82,26 +85,51 @@ class DataFrame(Frame):
     associated with a stream. One or more DATA frames are used, for instance,
     to carry HTTP request or response payloads.
     """
-    defined_flags = [('END_STREAM', 0x01)]
+    defined_flags = [('END_STREAM', 0x01), ('END_SEGMENT', 0x02),
+                     ('PAD_LOW', 0x10), ('PAD_HIGH', 0x20)]
 
     type = 0
 
     def __init__(self, stream_id):
         super(DataFrame, self).__init__(stream_id)
 
         self.data = b''
+        self.low_padding = 0
+        self.high_padding = 0
 
         # Data frames may not be stream 0.
         if not self.stream_id:
             raise ValueError()
 
     def serialize(self):
-        data = self.build_frame_header(len(self.data))
+        padding_length = _total_padding(self.high_padding, self.low_padding)
+        data = self.build_frame_header(len(self.data) + self._padding_lengths + padding_length)
+        if 'PAD_LOW' in self.flags:
+            if 'PAD_HIGH' in self.flags:
+                data += struct.pack('!BB', self.high_padding, self.low_padding)
+            else:
+                data += struct.pack('!B', self.low_padding)
         data += self.data
+        data += b'\0' * padding_length
         return data
 
     def parse_body(self, data):
-        self.data = data
+        padding_length = 0
+        if 'PAD_LOW' in self.flags:
+            if 'PAD_HIGH' in self.flags:
+                self.high_padding, self.low_padding = struct.unpack('!BB', data[:2])
+                padding_length = _total_padding(self.high_padding, self.low_padding)
+            else:
+                padding_length = self.low_padding = struct.unpack('!B', data[:1])[0]
+        self.data = data[self._padding_lengths:len(data)-padding_length]
+
+    @property
+    def _padding_lengths(self):
+        if 'PAD_LOW' in self.flags:
+            if 'PAD_HIGH' in self.flags:
+                return 2
+            return 1
+        return 0
 
 
 class PriorityFrame(Frame):
@@ -187,9 +215,8 @@ class SettingsFrame(Frame):
     # attributes.
     HEADER_TABLE_SIZE      = 0x01
     ENABLE_PUSH            = 0x02
-    MAX_CONCURRENT_STREAMS = 0x04
-    INITIAL_WINDOW_SIZE    = 0x07
-    FLOW_CONTROL_OPTIONS   = 0x0A
+    MAX_CONCURRENT_STREAMS = 0x03
+    INITIAL_WINDOW_SIZE    = 0x04
 
     def __init__(self, stream_id):
         super(SettingsFrame, self).__init__(stream_id)
@@ -202,18 +229,18 @@ def __init__(self, stream_id):
 
     def serialize(self):
         # Each setting consumes 8 bytes.
-        length = len(self.settings) * 8
+        length = len(self.settings) * 5
 
         data = self.build_frame_header(length)
 
         for setting, value in self.settings.items():
-            data += struct.pack("!LL", setting & 0x00FFFFFF, value)
+            data += struct.pack("!BL", setting & 0xFF, value)
 
         return data
 
     def parse_body(self, data):
-        for i in range(0, len(data), 8):
-            name, value = struct.unpack("!LL", data[i:i+8])
+        for i in range(0, len(data), 5):
+            name, value = struct.unpack("!BL", data[i:i+5])
             self.settings[name] = value
 
 
@@ -315,7 +342,7 @@ class WindowUpdateFrame(Frame):
     can indirectly cause the propagation of flow control information toward the
     original sender.
     """
-    type = 0x09
+    type = 0x08
 
     def __init__(self, stream_id):
         super(WindowUpdateFrame, self).__init__(stream_id)
@@ -386,21 +413,22 @@ class ContinuationFrame(DataFrame):
     Much like the HEADERS frame, hyper treats this as an opaque data frame with
     different flags and a different type.
     """
-    type = 0x0A
+    type = 0x09
 
     defined_flags = [('END_HEADERS', 0x04)]
 
 
 # A map of type byte to frame class.
-FRAMES = {
-    0x00: DataFrame,
-    0x01: HeadersFrame,
-    0x02: PriorityFrame,
-    0x03: RstStreamFrame,
-    0x04: SettingsFrame,
-    0x05: PushPromiseFrame,
-    0x06: PingFrame,
-    0x07: GoAwayFrame,
-    0x09: WindowUpdateFrame,
-    0x0A: ContinuationFrame
-}
+_FRAME_CLASSES = [
+    DataFrame,
+    HeadersFrame,
+    PriorityFrame,
+    RstStreamFrame,
+    SettingsFrame,
+    PushPromiseFrame,
+    PingFrame,
+    GoAwayFrame,
+    WindowUpdateFrame,
+    ContinuationFrame,
+]
+FRAMES = {cls.type: cls for cls in _FRAME_CLASSES}

hyper/http20/tls.py

@@ -5,75 +5,56 @@
 
 Contains the TLS/SSL logic for use in hyper.
 """
-import ssl
 import os.path as path
 
-from ..compat import is_py3
+from ..compat import handle_missing, ssl
 
 
-# Right now we support draft 9.
-SUPPORTED_PROTOCOLS = ['http/1.1', 'HTTP-draft-09/2.0']
+NPN_PROTOCOL = 'h2-10'
+SUPPORTED_NPN_PROTOCOLS = ['http/1.1', NPN_PROTOCOL]
 
 
 # We have a singleton SSLContext object. There's no reason to be creating one
-# per connection. We're using v23 right now until someone gives me a reason not
-# to.
+# per connection.
 _context = None
 
-# Exposed here so it can be monkey-patched in integration tests.
-_verify_mode = ssl.CERT_REQUIRED
-
-
 # Work out where our certificates are.
 cert_loc = path.join(path.dirname(__file__), '..', 'certs.pem')
 
+def wrap_socket(sock, server_hostname):
+    """
+    A vastly simplified SSL wrapping function. We'll probably extend this to
+    do more things later.
+    """
+    global _context
 
-if is_py3: # pragma: no cover
-    def wrap_socket(socket, server_hostname):
-        """
-        A vastly simplified SSL wrapping function. We'll probably extend this to
-        do more things later.
-        """
-        global _context
-
-        if _context is None:  # pragma: no cover
-            _context = _init_context()
-
-        if ssl.HAS_SNI:
-            return _context.wrap_socket(socket, server_hostname=server_hostname)
+    if _context is None:  # pragma: no cover
+        _context = _init_context()
 
-        wrapped = _context.wrap_socket(socket)  # pragma: no cover
-        assert wrapped.selected_npn_protocol() == 'HTTP-draft-09/2.0'
-        return wrapped
-else: # pragma: no cover
-    def wrap_socket(socket, server_hostname):
-        return ssl.wrap_socket(socket, ssl_version=ssl.PROTOCOL_SSLv23,
-            ca_certs=cert_loc, cert_reqs=_verify_mode)
+    # the spec requires SNI support
+    ssl_sock = _context.wrap_socket(sock, server_hostname=server_hostname)
+    with handle_missing():
+        assert ssl_sock.selected_npn_protocol() == NPN_PROTOCOL
+    return ssl_sock
 
 
-def _init_context(): # pragma: no cover
+def _init_context():
     """
     Creates the singleton SSLContext we use.
     """
-    context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+    context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
     context.set_default_verify_paths()
     context.load_verify_locations(cafile=cert_loc)
-    context.verify_mode = _verify_mode
-
-    try:
-        context.set_npn_protocols(SUPPORTED_PROTOCOLS)
-    except (AttributeError, NotImplementedError):  # pragma: no cover
-        pass
+    context.verify_mode = ssl.CERT_REQUIRED
+    # TODO This just verifies that the post-handshake servername matches the
+    # certificate, right? We need to also check that the returned servername
+    # matches the requested one... right?
+    context.check_hostname = True
 
-    # We do our best to do better security
-    try:
-        context.options |= ssl.OP_NO_SSLv2
-    except AttributeError:  # pragma: no cover
-        pass
+    with handle_missing():
+        context.set_npn_protocols(SUPPORTED_NPN_PROTOCOLS)
 
-    try:
-        context.options |= ssl.OP_NO_COMPRESSION
-    except AttributeError:  # pragma: no cover
-        pass
+    # required by the spec
+    context.options |= ssl.OP_NO_COMPRESSION
 
     return context

hyper/httplib_compat.py

@@ -15,7 +15,7 @@
 except ImportError:
     import httplib
 
-import ssl
+from .compat import ssl
 from .http20.tls import wrap_socket
 
 # If there's no NPN support, we're going to drop all support for HTTP/2.0.