Ejemplo n.º 1
0
def nodeprep(u):
    chars = list(unicode(u))
    i = 0
    while i < len(chars):
        c = chars[i]
        # map to nothing
        if stringprep.in_table_b1(c):
            del chars[i]
        else:
            # case fold
            chars[i] = stringprep.map_table_b2(c)
            i += 1
    # NFKC
    chars = stringprep.unicodedata.normalize("NFKC", "".join(chars))
    for c in chars:
        if (stringprep.in_table_c11(c) or
            stringprep.in_table_c12(c) or
            stringprep.in_table_c21(c) or
            stringprep.in_table_c22(c) or
            stringprep.in_table_c3(c) or
            stringprep.in_table_c4(c) or
            stringprep.in_table_c5(c) or
            stringprep.in_table_c6(c) or
            stringprep.in_table_c7(c) or
            stringprep.in_table_c8(c) or
            stringprep.in_table_c9(c) or
            c in "\"&'/:<>@"):
            raise UnicodeError("Invalid node character")

    bidi(chars)

    return chars
Ejemplo n.º 2
0
def sasl_prep(text):
    """
    Performs a SASL-PREP on the string to ensure it is SASL-compatible.
    """
    normalized_chars = []
    for c in text:
        if stringprep.in_table_c12(c):
            continue
        if stringprep.in_table_c21(c):
            continue
        if stringprep.in_table_c22(c):
            continue
        if stringprep.in_table_c3(c):
            continue
        if stringprep.in_table_c4(c):
            continue
        if stringprep.in_table_c5(c):
            continue
        if stringprep.in_table_c6(c):
            continue
        if stringprep.in_table_c7(c):
            continue
        if stringprep.in_table_c8(c):
            continue
        if stringprep.in_table_c9(c):
            continue
        normalized_chars.append(c)

    return "".join(normalized_chars)
Ejemplo n.º 3
0
def nodeprep(u):
    chars = list(six.text_type(u))
    i = 0
    while i < len(chars):
        c = chars[i]
        # map to nothing
        if stringprep.in_table_b1(c):
            del chars[i]
        else:
            # case fold
            chars[i] = stringprep.map_table_b2(c)
            i += 1
    # NFKC
    chars = stringprep.unicodedata.normalize("NFKC", "".join(chars))
    for c in chars:
        if (stringprep.in_table_c11(c) or stringprep.in_table_c12(c)
                or stringprep.in_table_c21(c) or stringprep.in_table_c22(c)
                or stringprep.in_table_c3(c) or stringprep.in_table_c4(c)
                or stringprep.in_table_c5(c) or stringprep.in_table_c6(c)
                or stringprep.in_table_c7(c) or stringprep.in_table_c8(c)
                or stringprep.in_table_c9(c) or c in "\"&'/:<>@"):
            raise UnicodeError("Invalid node character")

    bidi(chars)

    return chars
Ejemplo n.º 4
0
def resourceprep(res):
    chars = list(unicode(res))
    i = 0
    while i < len(chars):
        c = chars[i]
        # map to nothing
        if stringprep.in_table_b1(c):
            del chars[i]
        else:
            i += 1
    # NFKC
    chars = stringprep.unicodedata.normalize("NFKC", "".join(chars))
    for c in chars:
        if (stringprep.in_table_c12(c) or
            stringprep.in_table_c21(c) or
            stringprep.in_table_c22(c) or
            stringprep.in_table_c3(c) or
            stringprep.in_table_c4(c) or
            stringprep.in_table_c5(c) or
            stringprep.in_table_c6(c) or
            stringprep.in_table_c7(c) or
            stringprep.in_table_c8(c) or
            stringprep.in_table_c9(c)):
            raise UnicodeError("Invalid node character")

    bidi(chars)

    return chars
Ejemplo n.º 5
0
 def __is_prohibited_in_saslgrep(char: str):
     if stringprep.in_table_c12(char):
         # Non-ASCII space characters
         return True
     elif stringprep.in_table_c12(char):
         # ASCII control characters
         return True
     elif stringprep.in_table_c21(char):
         # Non-ASCII control characters
         return True
     elif stringprep.in_table_c22(char):
         # Private Use characters
         return True
     elif stringprep.in_table_c3(char):
         # Non-character code points
         return True
     elif stringprep.in_table_c4(char):
         # Non-character code points
         return True
     elif stringprep.in_table_c5(char):
         # Surrogate code points
         return True
     elif stringprep.in_table_c6(char):
         # Inappropriate for plain text characters
         return True
     elif stringprep.in_table_c7(char):
         # Inappropriate for canonical representation characters
         return True
     elif stringprep.in_table_c8(char):
         # Change display properties or deprecated characters
         return True
     elif stringprep.in_table_c9(char):
         # Tagging characters
         return True
     return False
Ejemplo n.º 6
0
def nameprep(label):
    newlabel = []
    for c in label:
        if stringprep.in_table_b1(c):
            continue
        newlabel.append(stringprep.map_table_b2(c))

    label = u''.join(newlabel)
    label = unicodedata.normalize('NFKC', label)
    for c in label:
        if stringprep.in_table_c12(c) or stringprep.in_table_c22(
                c) or stringprep.in_table_c3(c) or stringprep.in_table_c4(
                    c) or stringprep.in_table_c5(c) or stringprep.in_table_c6(
                        c) or stringprep.in_table_c7(
                            c) or stringprep.in_table_c8(
                                c) or stringprep.in_table_c9(c):
            raise UnicodeError('Invalid character %r' % c)

    RandAL = map(stringprep.in_table_d1, label)
    for c in RandAL:
        if c:
            if filter(stringprep.in_table_d2, label):
                raise UnicodeError('Violation of BIDI requirement 2')
            if not RandAL[0] or not RandAL[-1]:
                raise UnicodeError('Violation of BIDI requirement 3')

    return label
Ejemplo n.º 7
0
def saslprep(s, allow_unassigned = False):
    '''
    Prepare Unicode string s according to SASLprep: Stringprep Profile for
    User Names and Passwords, a.k.a. RFC 4013

    If the optional parameter allow_unassigned is set to True,
    unassigned codepoints will be allowed. This is recommended for
    query terms and other non-storing situations only.

    The return value is a Unicode string appropriately prepared.

    Disallowed input leads to a ValueError.
    '''
    if type(s) != type(u''):
        raise TypeError("input must be a Unicode string")
    # phase 1: mapping
    s = u''.join([ stringprep.in_table_c12(ch) and u' ' or ch for ch in unichars(s) if not stringprep.in_table_b1(ch) ])
    # phase 2: normalization
    s = unicodedata.normalize('NFKC', s)
    # phase 3: prohibition
    for ch in unichars(s):
        if stringprep.in_table_c12(ch):
            raise ValueError("prohibited non-ASCII space character")
        if stringprep.in_table_c21(ch):
            raise ValueError("prohibited ASCII control character")
        if stringprep.in_table_c22(ch):
            raise ValueError("prohibited non-ASCII control character")
        if stringprep.in_table_c3(ch):
            raise ValueError("prohibited private use character")
        if stringprep.in_table_c4(ch):
            raise ValueError("prohibited non-character code point")
        if stringprep.in_table_c5(ch):
            raise ValueError("prohibited surrogate code point")
        if stringprep.in_table_c6(ch):
            raise ValueError("prohibited character inappropriate for plain text")
        if stringprep.in_table_c7(ch):
            raise ValueError("prohibited character inappropriate for canonical representation")
        if stringprep.in_table_c8(ch):
            raise ValueError("prohibited character changing display properties, or a deprecated character")
        if stringprep.in_table_c9(ch):
            raise ValueError("prohibited tagging character")
    # phase 4: bidi check
    bidi_map = ''.join([ stringprep.in_table_d1(ch) and 'r' or stringprep.in_table_d2(ch) and 'l' or 'x' for ch in unichars(s) ])
    if 'r' in bidi_map:
        if 'l' in bidi_map:
            raise ValueError("prohibited mixture of strong left-to-right and right-to-left text")
        if bidi_map[0] != 'r' or bidi_map[-1] != 'r':
            raise ValueError("string containing right-to-left text must start and end with right-to-left text")
    # phase 5: unassigned check
    if not allow_unassigned:
        for ch in unichars(s):
            if stringprep.in_table_a1(ch):
                raise ValueError("prohibited unassigned code point")
    return s
Ejemplo n.º 8
0
def nodeprep( foo, errors='strict' ):
    if foo is None:
        return None
    if isinstance( foo, str ):
        foo = foo.decode( 'utf-8' )
    ofoo = u''
    for x in foo:
        if not stringprep.in_table_b1( x ):
            ofoo += stringprep.map_table_b2( x )
    foo = unicodedata.normalize( 'NFKC', ofoo )
    ofoo = u''
    first_is_randal = False
    if len(foo):
        first_is_randal = stringprep.in_table_d1( foo[0] )
        if first_is_randal:
            if not stringprep.in_table_d1( foo[-1] ):
                raise UnicodeError, "Section 6.3 [end]"
    for x in range(len(foo)):
        if errors=='strict' and stringprep.in_table_a1( foo[x] ):
            raise UnicodeError, "Unassigned Codepoint"
        if stringprep.in_table_c11( foo[x] ):
            raise UnicodeError, "In table C.1.1"
        if stringprep.in_table_c12( foo[x] ):
            raise UnicodeError, "In table C.1.2"
        if stringprep.in_table_c21( foo[x] ):
            raise UnicodeError, "In table C.2.1"
        if stringprep.in_table_c22( foo[x] ):
            raise UnicodeError, "In table C.2.2"
        if stringprep.in_table_c3( foo[x] ):
            raise UnicodeError, "In table C.3"
        if stringprep.in_table_c4( foo[x] ):
            raise UnicodeError, "In table C.4"
        if stringprep.in_table_c5( foo[x] ):
            raise UnicodeError, "In table C.5"
        if stringprep.in_table_c6( foo[x] ):
            raise UnicodeError, "In table C.6"
        if stringprep.in_table_c7( foo[x] ):
            raise UnicodeError, "In table C.7"
        if stringprep.in_table_c8( foo[x] ):
            raise UnicodeError, "In table C.8"
        if stringprep.in_table_c9( foo[x] ):
            raise UnicodeError, "In table C.9"
        if foo[x] in "\"&'/;<>@":
            raise UnicodeError, "In nodeprep banned list"
        if x:
            if first_is_randal and stringprep.in_table_d2( foo[x] ):
                raise UnicodeError, "Section 6.2"
            if not first_is_randal and x!=(len(foo)-1) and stringprep.in_table_d1( foo[x] ):
                raise UnicodeError, "Section 6.3"
        else:
            first = False
    return foo
Ejemplo n.º 9
0
 def _process(self, value):
     for code in force_text(value):
         # TODO: Is this long enough?
         if stringprep.in_table_c12(code) or stringprep.in_table_c21_c22(code) or \
             stringprep.in_table_c3(code) or stringprep.in_table_c4(code) or \
             stringprep.in_table_c5(code) or stringprep.in_table_c6(code) or \
             stringprep.in_table_c7(code) or stringprep.in_table_c8(code) or \
                 stringprep.in_table_c9(code):
             self.invalid = False
         if stringprep.in_table_d1(code):
             self.r_and_al_cat = True
         if stringprep.in_table_d2(code):
             self.l_cat = True
 def _process(self, value):
     for code in force_text(value):
         # TODO: Is this long enough?
         if stringprep.in_table_c12(code) or stringprep.in_table_c21_c22(code) or \
             stringprep.in_table_c3(code) or stringprep.in_table_c4(code) or \
             stringprep.in_table_c5(code) or stringprep.in_table_c6(code) or \
             stringprep.in_table_c7(code) or stringprep.in_table_c8(code) or \
                 stringprep.in_table_c9(code):
             self.invalid = False
         if stringprep.in_table_d1(code):
             self.r_and_al_cat = True
         if stringprep.in_table_d2(code):
             self.l_cat = True
Ejemplo n.º 11
0
def nameprep(label):
    # Map
    newlabel = []
    for c in label:
        if stringprep.in_table_b1(c):
            # Map to nothing
            continue
        newlabel.append(stringprep.map_table_b2(c))
    label = "".join(newlabel)

    # Normalize
    label = unicodedata.normalize("NFKC", label)

    # Prohibit
    for c in label:
        if (
            stringprep.in_table_c12(c)
            or stringprep.in_table_c22(c)
            or stringprep.in_table_c3(c)
            or stringprep.in_table_c4(c)
            or stringprep.in_table_c5(c)
            or stringprep.in_table_c6(c)
            or stringprep.in_table_c7(c)
            or stringprep.in_table_c8(c)
            or stringprep.in_table_c9(c)
        ):
            raise UnicodeError("Invalid character %r" % c)

    # Check bidi
    RandAL = [stringprep.in_table_d1(x) for x in label]
    for c in RandAL:
        if c:
            # There is a RandAL char in the string. Must perform further
            # tests:
            # 1) The characters in section 5.8 MUST be prohibited.
            # This is table C.8, which was already checked
            # 2) If a string contains any RandALCat character, the string
            # MUST NOT contain any LCat character.
            if any(stringprep.in_table_d2(x) for x in label):
                raise UnicodeError("Violation of BIDI requirement 2")

            # 3) If a string contains any RandALCat character, a
            # RandALCat character MUST be the first character of the
            # string, and a RandALCat character MUST be the last
            # character of the string.
            if not RandAL[0] or not RandAL[-1]:
                raise UnicodeError("Violation of BIDI requirement 3")

    return label
Ejemplo n.º 12
0
def resource_validator(name):
    """Check the *name* of a resource for some really bad characters that shouldn't be used
    anywhere in RestAuth.

    This filters names containing a slash ("/") or colon (":") and those starting with '.'. It also
    filters control characters etc., including those from unicode.

    .. deprecated:: 0.7.0
       This method is deprecated in favour of the RestAuthCommon.strprep. This method will be
       removed in 0.7.1.

    :param str name: The name to validate
    :returns: False if the name contains any invalid characters, True otherwise.
    :rtype: bool
    """
    warnings.warn(
        'This method is deprecated, use RestAuthCommon.strprep.stringcheck() instead.',
        DeprecationWarning)

    if PY2 and isinstance(name, str):  # pragma: py2
        name = name.decode('utf-8')

    # filter various dangerous characters
    for enc_char in name:
        if stringprep.in_table_c12(
                enc_char):  # C.1.2 Non-ASCII space characters
            return False
        if stringprep.in_table_c21_c22(enc_char):  # C.2 Control characters
            return False
        if stringprep.in_table_c3(enc_char):  # C.3 Private use
            return False
        if stringprep.in_table_c4(enc_char):  # C.4 Non-character code points
            return False
        if stringprep.in_table_c5(enc_char):  # C.5 Surrogate codes
            return False
        if stringprep.in_table_c6(
                enc_char):  # C.6 Inappropriate for plain text
            return False
        if stringprep.in_table_c7(
                enc_char):  # C.7 Inappropriate for canonical representation
            return False
        if stringprep.in_table_c8(
                enc_char):  # C.8 Change display properties or are deprecated
            return False
        if stringprep.in_table_c9(enc_char):  # C.9 Tagging characters
            return False

    return True
Ejemplo n.º 13
0
def nameprep(label):
    # Map
    newlabel = []
    for c in label:
        if stringprep.in_table_b1(c):
            # Map to nothing
            continue
        newlabel.append(stringprep.map_table_b2(c))
    label = "".join(newlabel)

    # Normalize
    label = unicodedata.normalize("NFKC", label)

    # Prohibit
    for c in label:
        if stringprep.in_table_c12(c) or \
           stringprep.in_table_c22(c) or \
           stringprep.in_table_c3(c) or \
           stringprep.in_table_c4(c) or \
           stringprep.in_table_c5(c) or \
           stringprep.in_table_c6(c) or \
           stringprep.in_table_c7(c) or \
           stringprep.in_table_c8(c) or \
           stringprep.in_table_c9(c):
            raise UnicodeError("Invalid character %r" % c)

    # Check bidi
    RandAL = [stringprep.in_table_d1(x) for x in label]
    for c in RandAL:
        if c:
            # There is a RandAL char in the string. Must perform further
            # tests:
            # 1) The characters in section 5.8 MUST be prohibited.
            # This is table C.8, which was already checked
            # 2) If a string contains any RandALCat character, the string
            # MUST NOT contain any LCat character.
            if any(stringprep.in_table_d2(x) for x in label):
                raise UnicodeError("Violation of BIDI requirement 2")

            # 3) If a string contains any RandALCat character, a
            # RandALCat character MUST be the first character of the
            # string, and a RandALCat character MUST be the last
            # character of the string.
            if not RandAL[0] or not RandAL[-1]:
                raise UnicodeError("Violation of BIDI requirement 3")

    return label
Ejemplo n.º 14
0
def canonicaliseUsername(username, ignoreSpaces = False, throws = True):
    # Read stringprep documentation for the meaning of the tables

    chars = list(username)
    for c, char in enumerate(chars):
        if stringprep.in_table_a1(char):
            if throws:
                raise ValueError
            else:
                chars[c] = u""
        elif stringprep.in_table_b1(char):
            chars[c] = u""
        else:
            chars[c] = stringprep.map_table_b2(char)

    chars = list(stringprep.unicodedata.normalize("NFKC", u"".join(chars)))

    for c, char in enumerate(chars):
        if ((not ignoreSpaces and stringprep.in_table_c11_c12(char)) or
            stringprep.in_table_c21_c22(char) or
            stringprep.in_table_c3(char) or
            stringprep.in_table_c4(char) or
            stringprep.in_table_c5(char) or
            stringprep.in_table_c6(char) or
            stringprep.in_table_c7(char) or
            stringprep.in_table_c8(char) or
            stringprep.in_table_c9(char) or
            stringprep.unicodedata.category(char) in ("Ps", "Pe", "Pi", "Pf", "Po")):
            if throws:
                raise ValueError
            else:
                chars[c] = u""

    chars = u"".join(chars)

    if throws:
        RandAL = map(stringprep.in_table_d1, chars)
        for c in RandAL:
            if c:
                if filter(stringprep.in_table_d2, chars):
                    raise ValueError
                if not RandAL[0] or not RandAL[-1]:
                    raise ValueError

    return chars
Ejemplo n.º 15
0
def sals_stringprep(string):
    """

    TODO: implements bidirectional checks https://tools.ietf.org/html/rfc3454#section-6
    """
    new_string = []
    for x in string:
        if stringprep.in_table_c12(x):
            new_string.append(' ')
        elif stringprep.in_table_b1(x):
            continue
        elif stringprep.in_table_c12(x) or stringprep.in_table_c21_c22(x) or stringprep.in_table_c3(x)\
                or stringprep.in_table_c4(x) or stringprep.in_table_c5(x) or stringprep.in_table_c6(x)\
                or stringprep.in_table_c7(x) or stringprep.in_table_c8(x) or stringprep.in_table_c9(x):
            raise PDFGenericError("Invalid input character in password.")
        else:
            new_string.append(x)
    return unicodedata.normalize('NFKC', "".join(c for c in new_string))
Ejemplo n.º 16
0
def nameprep(label):
    newlabel = []
    for c in label:
        if stringprep.in_table_b1(c):
            pass
        newlabel.append(stringprep.map_table_b2(c))
    label = ''.join(newlabel)
    label = unicodedata.normalize('NFKC', label)
    for c in label:
        while stringprep.in_table_c12(c) or (stringprep.in_table_c22(c) or (stringprep.in_table_c3(c) or (stringprep.in_table_c4(c) or (stringprep.in_table_c5(c) or (stringprep.in_table_c6(c) or (stringprep.in_table_c7(c) or stringprep.in_table_c8(c))))))) or stringprep.in_table_c9(c):
            raise UnicodeError('Invalid character %r' % c)
    RandAL = [stringprep.in_table_d1(x) for x in label]
    for c in RandAL:
        while c:
            if any(stringprep.in_table_d2(x) for x in label):
                raise UnicodeError('Violation of BIDI requirement 2')
            if not RandAL[0] or not RandAL[-1]:
                raise UnicodeError('Violation of BIDI requirement 3')
    return label
Ejemplo n.º 17
0
def resource_validator(name):
    """Check the *name* of a resource for some really bad characters that shouldn't be used
    anywhere in RestAuth.

    This filters names containing a slash ("/") or colon (":") and those starting with '.'. It also
    filters control characters etc., including those from unicode.

    .. deprecated:: 0.7.0
       This method is deprecated in favour of the RestAuthCommon.strprep. This method will be
       removed in 0.7.1.

    :param str name: The name to validate
    :returns: False if the name contains any invalid characters, True otherwise.
    :rtype: bool
    """
    warnings.warn('This method is deprecated, use RestAuthCommon.strprep.stringcheck() instead.',
                  DeprecationWarning)

    if PY2 and isinstance(name, str):  # pragma: py2
        name = name.decode('utf-8')

    # filter various dangerous characters
    for enc_char in name:
        if stringprep.in_table_c12(enc_char):  # C.1.2 Non-ASCII space characters
            return False
        if stringprep.in_table_c21_c22(enc_char):  # C.2 Control characters
            return False
        if stringprep.in_table_c3(enc_char):  # C.3 Private use
            return False
        if stringprep.in_table_c4(enc_char):  # C.4 Non-character code points
            return False
        if stringprep.in_table_c5(enc_char):  # C.5 Surrogate codes
            return False
        if stringprep.in_table_c6(enc_char):  # C.6 Inappropriate for plain text
            return False
        if stringprep.in_table_c7(enc_char):  # C.7 Inappropriate for canonical representation
            return False
        if stringprep.in_table_c8(enc_char):  # C.8 Change display properties or are deprecated
            return False
        if stringprep.in_table_c9(enc_char):  # C.9 Tagging characters
            return False

    return True
Ejemplo n.º 18
0
def nameprep(label):
    newlabel = []
    for c in label:
        if stringprep.in_table_b1(c):
            continue
        newlabel.append(stringprep.map_table_b2(c))

    label = u''.join(newlabel)
    label = unicodedata.normalize('NFKC', label)
    for c in label:
        if stringprep.in_table_c12(c) or stringprep.in_table_c22(c) or stringprep.in_table_c3(c) or stringprep.in_table_c4(c) or stringprep.in_table_c5(c) or stringprep.in_table_c6(c) or stringprep.in_table_c7(c) or stringprep.in_table_c8(c) or stringprep.in_table_c9(c):
            raise UnicodeError('Invalid character %r' % c)

    RandAL = map(stringprep.in_table_d1, label)
    for c in RandAL:
        if c:
            if filter(stringprep.in_table_d2, label):
                raise UnicodeError('Violation of BIDI requirement 2')
            if not RandAL[0] or not RandAL[-1]:
                raise UnicodeError('Violation of BIDI requirement 3')

    return label
Ejemplo n.º 19
0
def saslprep(text, strict=True):
    """
    Return a processed version of the given string, using the SASLPrep
    profile of stringprep.

    :param text: The string to process, in UTF-8.
    :param strict: If ``True``, prevent the use of unassigned code points.
    """

    if sys.version_info < (3, 0):
        if type(text) == str:
            text = text.decode("utf-8")

    # Mapping:
    #
    #  -  non-ASCII space characters [StringPrep, C.1.2] that can be
    #     mapped to SPACE (U+0020), and
    #
    #  -  the 'commonly mapped to nothing' characters [StringPrep, B.1]
    #     that can be mapped to nothing.
    buffer = ""
    for char in text:
        if stringprep.in_table_c12(char):
            buffer += " "
        elif not stringprep.in_table_b1(char):
            buffer += char

    # Normalization using form KC
    text = unicodedata.normalize("NFKC", buffer)

    # Check for bidirectional string
    buffer = ""
    first_is_randal = False
    if text:
        first_is_randal = stringprep.in_table_d1(text[0])
        if first_is_randal and not stringprep.in_table_d1(text[-1]):
            raise SASLPrepFailure("Section 6.3 [end]")

    # Check for prohibited characters
    for x in range(len(text)):
        if strict and stringprep.in_table_a1(text[x]):
            raise SASLPrepFailure("Unassigned Codepoint")
        if stringprep.in_table_c12(text[x]):
            raise SASLPrepFailure("In table C.1.2")
        if stringprep.in_table_c21(text[x]):
            raise SASLPrepFailure("In table C.2.1")
        if stringprep.in_table_c22(text[x]):
            raise SASLPrepFailure("In table C.2.2")
        if stringprep.in_table_c3(text[x]):
            raise SASLPrepFailure("In table C.3")
        if stringprep.in_table_c4(text[x]):
            raise SASLPrepFailure("In table C.4")
        if stringprep.in_table_c5(text[x]):
            raise SASLPrepFailure("In table C.5")
        if stringprep.in_table_c6(text[x]):
            raise SASLPrepFailure("In table C.6")
        if stringprep.in_table_c7(text[x]):
            raise SASLPrepFailure("In table C.7")
        if stringprep.in_table_c8(text[x]):
            raise SASLPrepFailure("In table C.8")
        if stringprep.in_table_c9(text[x]):
            raise SASLPrepFailure("In table C.9")
        if x:
            if first_is_randal and stringprep.in_table_d2(text[x]):
                raise SASLPrepFailure("Section 6.2")
            if not first_is_randal and x != len(text) - 1 and stringprep.in_table_d1(text[x]):
                raise SASLPrepFailure("Section 6.3")

    return text
Ejemplo n.º 20
0
def sasl_prep(data):
    """
    implement SASLPrep profile as per RFC4013:
    it defines the "SASLprep" profile of the "stringprep" algorithm [StringPrep].
    The profile is designed for use in Simple Authentication and Security
    Layer ([SASL]) mechanisms, such as [PLAIN], [CRAM-MD5], and
    [DIGEST-MD5].  It may be applicable where simple user names and
    passwords are used.  This profile is not intended for use in
    preparing identity strings that are not simple user names (e.g.,
    email addresses, domain names, distinguished names), or where
    identity or password strings that are not character data, or require
    different handling (e.g., case folding).
    """

    # mapping
    prepared_data = ''
    for c in data:
        if stringprep.in_table_c12(c):
            # non-ASCII space characters [StringPrep, C.1.2] that can be mapped to SPACE (U+0020)
            prepared_data += ' '
        elif stringprep.in_table_b1(c):
            # the "commonly mapped to nothing" characters [StringPrep, B.1] that can be mapped to nothing.
            pass
        else:
            prepared_data += c

    # normalizing
    # This profile specifies using Unicode normalization form KC
    # The repertoire is Unicode 3.2 as per RFC 4013 (2)

    prepared_data = unicode32.normalize('NFKC', prepared_data)

    if not prepared_data:
        raise LDAPSASLPrepError('SASLprep error: unable to normalize string')

    # prohibit
    for c in prepared_data:
        if stringprep.in_table_c12(c):
            # Non-ASCII space characters [StringPrep, C.1.2]
            raise LDAPSASLPrepError('SASLprep error: non-ASCII space character present')
        elif stringprep.in_table_c21(c):
            # ASCII control characters [StringPrep, C.2.1]
            raise LDAPSASLPrepError('SASLprep error: ASCII control character present')
        elif stringprep.in_table_c22(c):
            # Non-ASCII control characters [StringPrep, C.2.2]
            raise LDAPSASLPrepError('SASLprep error: non-ASCII control character present')
        elif stringprep.in_table_c3(c):
            # Private Use characters [StringPrep, C.3]
            raise LDAPSASLPrepError('SASLprep error: private character present')
        elif stringprep.in_table_c4(c):
            # Non-character code points [StringPrep, C.4]
            raise LDAPSASLPrepError('SASLprep error: non-character code point present')
        elif stringprep.in_table_c5(c):
            # Surrogate code points [StringPrep, C.5]
            raise LDAPSASLPrepError('SASLprep error: surrogate code point present')
        elif stringprep.in_table_c6(c):
            # Inappropriate for plain text characters [StringPrep, C.6]
            raise LDAPSASLPrepError('SASLprep error: inappropriate for plain text character present')
        elif stringprep.in_table_c7(c):
            # Inappropriate for canonical representation characters [StringPrep, C.7]
            raise LDAPSASLPrepError('SASLprep error: inappropriate for canonical representation character present')
        elif stringprep.in_table_c8(c):
            # Change display properties or deprecated characters [StringPrep, C.8]
            raise LDAPSASLPrepError('SASLprep error: change display property or deprecated character present')
        elif stringprep.in_table_c9(c):
            # Tagging characters [StringPrep, C.9]
            raise LDAPSASLPrepError('SASLprep error: tagging character present')

    # check bidi
    # if a string contains any r_and_al_cat character, the string MUST NOT contain any l_cat character.
    flag_r_and_al_cat = False
    flag_l_cat = False
    for c in prepared_data:
        if stringprep.in_table_d1(c):
            flag_r_and_al_cat = True
        elif stringprep.in_table_d2(c):
            flag_l_cat = True

        if flag_r_and_al_cat and flag_l_cat:
            raise LDAPSASLPrepError('SASLprep error: string cannot contain (R or AL) and L bidirectional chars')

    # If a string contains any r_and_al_cat character, a r_and_al_cat character MUST be the first character of the string
    # and a r_and_al_cat character MUST be the last character of the string.
    if flag_r_and_al_cat and not stringprep.in_table_d1(prepared_data[0]) and not stringprep.in_table_d2(prepared_data[-1]):
        raise LDAPSASLPrepError('r_and_al_cat character present, must be first and last character of the string')

    return prepared_data
Ejemplo n.º 21
0
def saslprep(text, strict=True):
    """
    Return a processed version of the given string, using the SASLPrep
    profile of stringprep.

    :param text: The string to process, in UTF-8.
    :param strict: If ``True``, prevent the use of unassigned code points.
    """

    if sys.version_info < (3, 0):
        if type(text) == str:
            text = text.decode('utf-8')

    # Mapping:
    #
    #  -  non-ASCII space characters [StringPrep, C.1.2] that can be
    #     mapped to SPACE (U+0020), and
    #
    #  -  the 'commonly mapped to nothing' characters [StringPrep, B.1]
    #     that can be mapped to nothing.
    buffer = ''
    for char in text:
        if stringprep.in_table_c12(char):
            buffer += ' '
        elif not stringprep.in_table_b1(char):
            buffer += char

    # Normalization using form KC
    text = unicodedata.normalize('NFKC', buffer)

    # Check for bidirectional string
    buffer = ''
    first_is_randal = False
    if text:
        first_is_randal = stringprep.in_table_d1(text[0])
        if first_is_randal and not stringprep.in_table_d1(text[-1]):
            raise SASLPrepFailure('Section 6.3 [end]')

    # Check for prohibited characters
    for x in range(len(text)):
        if strict and stringprep.in_table_a1(text[x]):
            raise SASLPrepFailure('Unassigned Codepoint')
        if stringprep.in_table_c12(text[x]):
            raise SASLPrepFailure('In table C.1.2')
        if stringprep.in_table_c21(text[x]):
            raise SASLPrepFailure('In table C.2.1')
        if stringprep.in_table_c22(text[x]):
            raise SASLPrepFailure('In table C.2.2')
        if stringprep.in_table_c3(text[x]):
            raise SASLPrepFailure('In table C.3')
        if stringprep.in_table_c4(text[x]):
            raise SASLPrepFailure('In table C.4')
        if stringprep.in_table_c5(text[x]):
            raise SASLPrepFailure('In table C.5')
        if stringprep.in_table_c6(text[x]):
            raise SASLPrepFailure('In table C.6')
        if stringprep.in_table_c7(text[x]):
            raise SASLPrepFailure('In table C.7')
        if stringprep.in_table_c8(text[x]):
            raise SASLPrepFailure('In table C.8')
        if stringprep.in_table_c9(text[x]):
            raise SASLPrepFailure('In table C.9')
        if x:
            if first_is_randal and stringprep.in_table_d2(text[x]):
                raise SASLPrepFailure('Section 6.2')
            if not first_is_randal and \
               x != len(text) - 1 and \
               stringprep.in_table_d1(text[x]):
                raise SASLPrepFailure('Section 6.3')

    return text
Ejemplo n.º 22
0
def sasl_prep(data):
    """
    implement SASLPrep profile as per RFC4013:
    it defines the "SASLprep" profile of the "stringprep" algorithm [StringPrep].
    The profile is designed for use in Simple Authentication and Security
    Layer ([SASL]) mechanisms, such as [PLAIN], [CRAM-MD5], and
    [DIGEST-MD5].  It may be applicable where simple user names and
    passwords are used.  This profile is not intended for use in
    preparing identity strings that are not simple user names (e.g.,
    email addresses, domain names, distinguished names), or where
    identity or password strings that are not character data, or require
    different handling (e.g., case folding).
    """

    # mapping
    prepared_data = ''
    for c in data:
        if stringprep.in_table_c12(c):
            # non-ASCII space characters [StringPrep, C.1.2] that can be mapped to SPACE (U+0020)
            prepared_data += ' '
        elif stringprep.in_table_b1(c):
            # the "commonly mapped to nothing" characters [StringPrep, B.1] that can be mapped to nothing.
            pass
        else:
            prepared_data += c

    # normalizing
    # This profile specifies using Unicode normalization form KC
    # The repertoire is Unicode 3.2 as per RFC 4013 (2)

    prepared_data = unicode32.normalize('NFKC', prepared_data)

    if not prepared_data:
        raise LDAPSASLPrepError('SASLprep error: unable to normalize string')

    # prohibit
    for c in prepared_data:
        if stringprep.in_table_c12(c):
            # Non-ASCII space characters [StringPrep, C.1.2]
            raise LDAPSASLPrepError('SASLprep error: non-ASCII space character present')
        elif stringprep.in_table_c21(c):
            # ASCII control characters [StringPrep, C.2.1]
            raise LDAPSASLPrepError('SASLprep error: ASCII control character present')
        elif stringprep.in_table_c22(c):
            # Non-ASCII control characters [StringPrep, C.2.2]
            raise LDAPSASLPrepError('SASLprep error: non-ASCII control character present')
        elif stringprep.in_table_c3(c):
            # Private Use characters [StringPrep, C.3]
            raise LDAPSASLPrepError('SASLprep error: private character present')
        elif stringprep.in_table_c4(c):
            # Non-character code points [StringPrep, C.4]
            raise LDAPSASLPrepError('SASLprep error: non-character code point present')
        elif stringprep.in_table_c5(c):
            # Surrogate code points [StringPrep, C.5]
            raise LDAPSASLPrepError('SASLprep error: surrogate code point present')
        elif stringprep.in_table_c6(c):
            # Inappropriate for plain text characters [StringPrep, C.6]
            raise LDAPSASLPrepError('SASLprep error: inappropriate for plain text character present')
        elif stringprep.in_table_c7(c):
            # Inappropriate for canonical representation characters [StringPrep, C.7]
            raise LDAPSASLPrepError('SASLprep error: inappropriate for canonical representation character present')
        elif stringprep.in_table_c8(c):
            # Change display properties or deprecated characters [StringPrep, C.8]
            raise LDAPSASLPrepError('SASLprep error: change display property or deprecated character present')
        elif stringprep.in_table_c9(c):
            # Tagging characters [StringPrep, C.9]
            raise LDAPSASLPrepError('SASLprep error: tagging character present')

    # check bidi
    # if a string contains any r_and_al_cat character, the string MUST NOT contain any l_cat character.
    flag_r_and_al_cat = False
    flag_l_cat = False
    for c in prepared_data:
        if stringprep.in_table_d1(c):
            flag_r_and_al_cat = True
        elif stringprep.in_table_d2(c):
            flag_l_cat = True

        if flag_r_and_al_cat and flag_l_cat:
            raise LDAPSASLPrepError('SASLprep error: string cannot contain (R or AL) and L bidirectional chars')

    # If a string contains any r_and_al_cat character, a r_and_al_cat character MUST be the first character of the string
    # and a r_and_al_cat character MUST be the last character of the string.
    if flag_r_and_al_cat and not stringprep.in_table_d1(prepared_data[0]) and not stringprep.in_table_d2(prepared_data[-1]):
        raise LDAPSASLPrepError('r_and_al_cat character present, must be first and last character of the string')

    return prepared_data
Ejemplo n.º 23
0
def prohibited_output_profile(string):
    """RFC4013 Prohibited output profile implementation."""
    # Implements:
    # RFC4013, 2.3. Prohibited Output.
    # This profile specifies the following characters as prohibited input:
    #   - Non-ASCII space characters [StringPrep, C.1.2]
    #   - ASCII control characters [StringPrep, C.2.1]
    #   - Non-ASCII control characters [StringPrep, C.2.2]
    #   - Private Use characters [StringPrep, C.3]
    #   - Non-character code points [StringPrep, C.4]
    #   - Surrogate code points [StringPrep, C.5]
    #   - Inappropriate for plain text characters [StringPrep, C.6]
    #   - Inappropriate for canonical representation characters [StringPrep, C.7]
    #   - Change display properties or deprecated characters [StringPrep, C.8]
    #   - Tagging characters [StringPrep, C.9]
    # RFC4013, 2.4. Bidirectional Characters.
    # RFC4013, 2.5. Unassigned Code Points.

    # Determine how to handle bidirectional characters (RFC3454):
    if is_ral_string(string):
        # If a string contains any RandALCat characters,
        # The string MUST NOT contain any LCat character:
        is_prohibited_bidi_ch = in_table_d2
        bidi_table = 'D.2'
    else:
        # Forbid RandALCat characters in LCat string:
        is_prohibited_bidi_ch = in_table_d1
        bidi_table = 'D.1'

    RFC = 'RFC4013'
    for c in string:
        # RFC4013 2.3. Prohibited Output:
        if in_table_c12(c):
            raise ValueError('%s: prohibited non-ASCII space characters '
                             'that cannot be replaced (C.1.2).' % RFC)
        if in_table_c21_c22(c):
            raise ValueError('%s: prohibited control characters (C.2.1).' %
                             RFC)
        if in_table_c3(c):
            raise ValueError('%s: prohibited private Use characters (C.3).' %
                             RFC)
        if in_table_c4(c):
            raise ValueError(
                '%s: prohibited non-character code points (C.4).' % RFC)
        if in_table_c5(c):
            raise ValueError('%s: prohibited surrogate code points (C.5).' %
                             RFC)
        if in_table_c6(c):
            raise ValueError('%s: prohibited inappropriate for plain text '
                             'characters (C.6).' % RFC)
        if in_table_c7(c):
            raise ValueError('%s: prohibited inappropriate for canonical '
                             'representation characters (C.7).' % RFC)
        if in_table_c8(c):
            raise ValueError('%s: prohibited change display properties / '
                             'deprecated characters (C.8).' % RFC)
        if in_table_c9(c):
            raise ValueError('%s: prohibited tagging characters (C.9).' % RFC)

        # RFC4013, 2.4. Bidirectional Characters:
        if is_prohibited_bidi_ch(c):
            raise ValueError('%s: prohibited bidi characters (%s).' %
                             (RFC, bidi_table))

        # RFC4013, 2.5. Unassigned Code Points:
        if in_table_a1(c):
            raise ValueError('%s: prohibited unassigned code points (A.1).' %
                             RFC)
Ejemplo n.º 24
0
def saslprep(s, allow_unassigned=False):
    '''
    Prepare Unicode string s according to SASLprep: Stringprep Profile for
    User Names and Passwords, a.k.a. RFC 4013

    If the optional parameter allow_unassigned is set to True,
    unassigned codepoints will be allowed. This is recommended for
    query terms and other non-storing situations only.

    The return value is a Unicode string appropriately prepared.

    Disallowed input leads to a ValueError.
    '''
    if type(s) != type(u''):
        raise TypeError("input must be a Unicode string")
    # phase 1: mapping
    s = u''.join([
        stringprep.in_table_c12(ch) and u' ' or ch for ch in unichars(s)
        if not stringprep.in_table_b1(ch)
    ])
    # phase 2: normalization
    s = unicodedata.normalize('NFKC', s)
    # phase 3: prohibition
    for ch in unichars(s):
        if stringprep.in_table_c12(ch):
            raise ValueError("prohibited non-ASCII space character")
        if stringprep.in_table_c21(ch):
            raise ValueError("prohibited ASCII control character")
        if stringprep.in_table_c22(ch):
            raise ValueError("prohibited non-ASCII control character")
        if stringprep.in_table_c3(ch):
            raise ValueError("prohibited private use character")
        if stringprep.in_table_c4(ch):
            raise ValueError("prohibited non-character code point")
        if stringprep.in_table_c5(ch):
            raise ValueError("prohibited surrogate code point")
        if stringprep.in_table_c6(ch):
            raise ValueError(
                "prohibited character inappropriate for plain text")
        if stringprep.in_table_c7(ch):
            raise ValueError(
                "prohibited character inappropriate for canonical representation"
            )
        if stringprep.in_table_c8(ch):
            raise ValueError(
                "prohibited character changing display properties, or a deprecated character"
            )
        if stringprep.in_table_c9(ch):
            raise ValueError("prohibited tagging character")
    # phase 4: bidi check
    bidi_map = ''.join([
        stringprep.in_table_d1(ch) and 'r'
        or stringprep.in_table_d2(ch) and 'l' or 'x' for ch in unichars(s)
    ])
    if 'r' in bidi_map:
        if 'l' in bidi_map:
            raise ValueError(
                "prohibited mixture of strong left-to-right and right-to-left text"
            )
        if bidi_map[0] != 'r' or bidi_map[-1] != 'r':
            raise ValueError(
                "string containing right-to-left text must start and end with right-to-left text"
            )
    # phase 5: unassigned check
    if not allow_unassigned:
        for ch in unichars(s):
            if stringprep.in_table_a1(ch):
                raise ValueError("prohibited unassigned code point")
    return s
Ejemplo n.º 25
0
 def update_event(self, inp=-1):
     self.set_output_val(0, stringprep.in_table_c3(self.input(0)))