def normalize_before_encryption(unencrypted, content_type, content_encoding,
secret_type, enforce_text_only=False):
"""Normalize unencrypted prior to plugin encryption processing.
This normalizes the secrets before they are handed off to the SecretStore
for storage. This converts all data to Base64 data. If the data is plain
text then it encoded using utf-8 first and then Base64 encoded. Binary
data is simply converted to Base64. In addition if the secret type is
one of private, public, or certificate then the PEM headers are added
to the Base64 encoding.
"""
if not unencrypted:
raise s.SecretNoPayloadProvidedException()
# Validate and normalize content-type.
normalized_mime = normalize_content_type(content_type)
# Process plain-text type.
if normalized_mime in mime_types.PLAIN_TEXT:
# normalize text to binary and then base64 encode it
unencrypted = unencrypted.encode('utf-8')
unencrypted = base64.b64encode(unencrypted)
# Process binary type.
else:
if content_encoding:
content_encoding = content_encoding.lower()
if content_encoding == 'base64':
b64payload = unencrypted
if is_pem_payload(unencrypted):
pem_components = get_pem_components(unencrypted)
b64payload = pem_components[1]
try:
base64.b64decode(b64payload)
except TypeError:
raise s.SecretPayloadDecodingError()
elif mime_types.use_binary_content_as_is(content_type,
content_encoding):
if (secret_type == s.SecretType.PRIVATE or
secret_type == s.SecretType.PUBLIC or
secret_type == s.SecretType.CERTIFICATE):
unencrypted = to_pem(secret_type, unencrypted)
else:
unencrypted = base64.b64encode(unencrypted)
elif enforce_text_only:
# For text-based protocols (such as the one-step secret POST),
# only 'base64' encoding is possible/supported.
raise s.SecretContentEncodingMustBeBase64()
elif content_encoding:
# Unsupported content-encoding request.
raise s.SecretContentEncodingNotSupportedException(
content_encoding
)
return unencrypted, normalized_mime
def normalize_before_encryption(unencrypted,
content_type,
content_encoding,
enforce_text_only=False):
"""Normalize unencrypted prior to plugin encryption processing."""
if not unencrypted:
raise s.SecretNoPayloadProvidedException()
# Validate and normalize content-type.
normalized_mime = mime_types.normalize_content_type(content_type)
if not mime_types.is_supported(normalized_mime):
raise s.SecretContentTypeNotSupportedException(content_type)
# Process plain-text type.
if normalized_mime in mime_types.PLAIN_TEXT:
# normalize text to binary string
unencrypted = unencrypted.encode('utf-8')
# Process binary type.
else:
# payload has to be decoded
if mime_types.is_base64_processing_needed(content_type,
content_encoding):
try:
unencrypted = base64.b64decode(unencrypted)
except TypeError:
raise s.SecretPayloadDecodingError()
elif mime_types.use_binary_content_as_is(content_type,
content_encoding):
unencrypted = unencrypted
elif enforce_text_only:
# For text-based protocols (such as the one-step secret POST),
# only 'base64' encoding is possible/supported.
raise s.SecretContentEncodingMustBeBase64()
elif content_encoding:
# Unsupported content-encoding request.
raise s.SecretContentEncodingNotSupportedException(
content_encoding)
return unencrypted, normalized_mime
def normalize_before_encryption(unencrypted, content_type, content_encoding,
enforce_text_only=False):
"""Normalize unencrypted prior to plugin encryption processing."""
if not unencrypted:
raise s.SecretNoPayloadProvidedException()
# Validate and normalize content-type.
normalized_mime = mime_types.normalize_content_type(content_type)
if not mime_types.is_supported(normalized_mime):
raise s.SecretContentTypeNotSupportedException(content_type)
# Process plain-text type.
if normalized_mime in mime_types.PLAIN_TEXT:
# normalize text to binary string
unencrypted = unencrypted.encode('utf-8')
# Process binary type.
else:
# payload has to be decoded
if mime_types.is_base64_processing_needed(content_type,
content_encoding):
try:
unencrypted = base64.b64decode(unencrypted)
except TypeError:
raise s.SecretPayloadDecodingError()
elif mime_types.use_binary_content_as_is(content_type,
content_encoding):
unencrypted = unencrypted
elif enforce_text_only:
# For text-based protocols (such as the one-step secret POST),
# only 'base64' encoding is possible/supported.
raise s.SecretContentEncodingMustBeBase64()
elif content_encoding:
# Unsupported content-encoding request.
raise s.SecretContentEncodingNotSupportedException(
content_encoding
)
return unencrypted, normalized_mime
def test_plain_content_with_base64_encoding(self):
r = mime_types.use_binary_content_as_is('text/plain',
'base64')
self.assertFalse(r)
def test_not_allow_with_invalid_content_type(self):
r = mime_types.use_binary_content_as_is('invalid_conent_type',
'binary')
self.assertFalse(r)
def test_binary_content_with_base64_encoding(self):
r = mime_types.use_binary_content_as_is('application/octet-stream',
'base64')
self.assertFalse(r)
def test_binary_content_with_encoding(self):
r = mime_types.use_binary_content_as_is('application/octet-stream',
'binary;q=0.5, '
'gzip;q=0.6, compress')
self.assertTrue(r)
def test_binary_content_with_valid_encoding(self):
r = mime_types.use_binary_content_as_is('application/octet-stream',
'binary')
self.assertTrue(r)
def test_plain_content_with_base64_encoding(self):
r = mime_types.use_binary_content_as_is('text/plain', 'base64')
self.assertFalse(r)
def test_not_allow_with_invalid_content_type(self):
r = mime_types.use_binary_content_as_is('invalid_conent_type',
'binary')
self.assertFalse(r)
def test_binary_content_with_base64_encoding(self):
r = mime_types.use_binary_content_as_is('application/octet-stream',
'base64')
self.assertFalse(r)
def test_binary_content_with_encoding(self):
r = mime_types.use_binary_content_as_is(
'application/octet-stream', 'binary;q=0.5, '
'gzip;q=0.6, compress')
self.assertTrue(r)
def test_binary_content_with_valid_encoding(self):
r = mime_types.use_binary_content_as_is('application/octet-stream',
'binary')
self.assertTrue(r)
