def sasl_prep(text):
"""
Performs a SASL-PREP on the string to ensure it is SASL-compatible.
"""
normalized_chars = []
for c in text:
if stringprep.in_table_c12(c):
continue
if stringprep.in_table_c21(c):
continue
if stringprep.in_table_c22(c):
continue
if stringprep.in_table_c3(c):
continue
if stringprep.in_table_c4(c):
continue
if stringprep.in_table_c5(c):
continue
if stringprep.in_table_c6(c):
continue
if stringprep.in_table_c7(c):
continue
if stringprep.in_table_c8(c):
continue
if stringprep.in_table_c9(c):
continue
normalized_chars.append(c)
return "".join(normalized_chars)
def resourceprep(res):
chars = list(unicode(res))
i = 0
while i < len(chars):
c = chars[i]
# map to nothing
if stringprep.in_table_b1(c):
del chars[i]
else:
i += 1
# NFKC
chars = stringprep.unicodedata.normalize("NFKC", "".join(chars))
for c in chars:
if (stringprep.in_table_c12(c) or
stringprep.in_table_c21(c) or
stringprep.in_table_c22(c) or
stringprep.in_table_c3(c) or
stringprep.in_table_c4(c) or
stringprep.in_table_c5(c) or
stringprep.in_table_c6(c) or
stringprep.in_table_c7(c) or
stringprep.in_table_c8(c) or
stringprep.in_table_c9(c)):
raise UnicodeError("Invalid node character")
bidi(chars)
return chars
def nodeprep(u):
chars = list(six.text_type(u))
i = 0
while i < len(chars):
c = chars[i]
# map to nothing
if stringprep.in_table_b1(c):
del chars[i]
else:
# case fold
chars[i] = stringprep.map_table_b2(c)
i += 1
# NFKC
chars = stringprep.unicodedata.normalize("NFKC", "".join(chars))
for c in chars:
if (stringprep.in_table_c11(c) or stringprep.in_table_c12(c)
or stringprep.in_table_c21(c) or stringprep.in_table_c22(c)
or stringprep.in_table_c3(c) or stringprep.in_table_c4(c)
or stringprep.in_table_c5(c) or stringprep.in_table_c6(c)
or stringprep.in_table_c7(c) or stringprep.in_table_c8(c)
or stringprep.in_table_c9(c) or c in "\"&'/:<>@"):
raise UnicodeError("Invalid node character")
bidi(chars)
return chars
def nodeprep(u):
chars = list(unicode(u))
i = 0
while i < len(chars):
c = chars[i]
# map to nothing
if stringprep.in_table_b1(c):
del chars[i]
else:
# case fold
chars[i] = stringprep.map_table_b2(c)
i += 1
# NFKC
chars = stringprep.unicodedata.normalize("NFKC", "".join(chars))
for c in chars:
if (stringprep.in_table_c11(c) or
stringprep.in_table_c12(c) or
stringprep.in_table_c21(c) or
stringprep.in_table_c22(c) or
stringprep.in_table_c3(c) or
stringprep.in_table_c4(c) or
stringprep.in_table_c5(c) or
stringprep.in_table_c6(c) or
stringprep.in_table_c7(c) or
stringprep.in_table_c8(c) or
stringprep.in_table_c9(c) or
c in "\"&'/:<>@"):
raise UnicodeError("Invalid node character")
bidi(chars)
return chars
def __is_prohibited_in_saslgrep(char: str):
if stringprep.in_table_c12(char):
# Non-ASCII space characters
return True
elif stringprep.in_table_c12(char):
# ASCII control characters
return True
elif stringprep.in_table_c21(char):
# Non-ASCII control characters
return True
elif stringprep.in_table_c22(char):
# Private Use characters
return True
elif stringprep.in_table_c3(char):
# Non-character code points
return True
elif stringprep.in_table_c4(char):
# Non-character code points
return True
elif stringprep.in_table_c5(char):
# Surrogate code points
return True
elif stringprep.in_table_c6(char):
# Inappropriate for plain text characters
return True
elif stringprep.in_table_c7(char):
# Inappropriate for canonical representation characters
return True
elif stringprep.in_table_c8(char):
# Change display properties or deprecated characters
return True
elif stringprep.in_table_c9(char):
# Tagging characters
return True
return False
def saslprep(s, allow_unassigned = False):
'''
Prepare Unicode string s according to SASLprep: Stringprep Profile for
User Names and Passwords, a.k.a. RFC 4013
If the optional parameter allow_unassigned is set to True,
unassigned codepoints will be allowed. This is recommended for
query terms and other non-storing situations only.
The return value is a Unicode string appropriately prepared.
Disallowed input leads to a ValueError.
'''
if type(s) != type(u''):
raise TypeError("input must be a Unicode string")
# phase 1: mapping
s = u''.join([ stringprep.in_table_c12(ch) and u' ' or ch for ch in unichars(s) if not stringprep.in_table_b1(ch) ])
# phase 2: normalization
s = unicodedata.normalize('NFKC', s)
# phase 3: prohibition
for ch in unichars(s):
if stringprep.in_table_c12(ch):
raise ValueError("prohibited non-ASCII space character")
if stringprep.in_table_c21(ch):
raise ValueError("prohibited ASCII control character")
if stringprep.in_table_c22(ch):
raise ValueError("prohibited non-ASCII control character")
if stringprep.in_table_c3(ch):
raise ValueError("prohibited private use character")
if stringprep.in_table_c4(ch):
raise ValueError("prohibited non-character code point")
if stringprep.in_table_c5(ch):
raise ValueError("prohibited surrogate code point")
if stringprep.in_table_c6(ch):
raise ValueError("prohibited character inappropriate for plain text")
if stringprep.in_table_c7(ch):
raise ValueError("prohibited character inappropriate for canonical representation")
if stringprep.in_table_c8(ch):
raise ValueError("prohibited character changing display properties, or a deprecated character")
if stringprep.in_table_c9(ch):
raise ValueError("prohibited tagging character")
# phase 4: bidi check
bidi_map = ''.join([ stringprep.in_table_d1(ch) and 'r' or stringprep.in_table_d2(ch) and 'l' or 'x' for ch in unichars(s) ])
if 'r' in bidi_map:
if 'l' in bidi_map:
raise ValueError("prohibited mixture of strong left-to-right and right-to-left text")
if bidi_map[0] != 'r' or bidi_map[-1] != 'r':
raise ValueError("string containing right-to-left text must start and end with right-to-left text")
# phase 5: unassigned check
if not allow_unassigned:
for ch in unichars(s):
if stringprep.in_table_a1(ch):
raise ValueError("prohibited unassigned code point")
return s
def nameprep(label):
forbidden = {'"', '&', "'", '/', ':', '<', '>', '@'}
if label is None:
return None
try:
label = encodings.idna.nameprep(label)
except:
return None
for c in label:
if stringprep.in_table_c11(c) or stringprep.in_table_c21(c) or c in forbidden:
return None
return label
def nodeprep( foo, errors='strict' ):
if foo is None:
return None
if isinstance( foo, str ):
foo = foo.decode( 'utf-8' )
ofoo = u''
for x in foo:
if not stringprep.in_table_b1( x ):
ofoo += stringprep.map_table_b2( x )
foo = unicodedata.normalize( 'NFKC', ofoo )
ofoo = u''
first_is_randal = False
if len(foo):
first_is_randal = stringprep.in_table_d1( foo[0] )
if first_is_randal:
if not stringprep.in_table_d1( foo[-1] ):
raise UnicodeError, "Section 6.3 [end]"
for x in range(len(foo)):
if errors=='strict' and stringprep.in_table_a1( foo[x] ):
raise UnicodeError, "Unassigned Codepoint"
if stringprep.in_table_c11( foo[x] ):
raise UnicodeError, "In table C.1.1"
if stringprep.in_table_c12( foo[x] ):
raise UnicodeError, "In table C.1.2"
if stringprep.in_table_c21( foo[x] ):
raise UnicodeError, "In table C.2.1"
if stringprep.in_table_c22( foo[x] ):
raise UnicodeError, "In table C.2.2"
if stringprep.in_table_c3( foo[x] ):
raise UnicodeError, "In table C.3"
if stringprep.in_table_c4( foo[x] ):
raise UnicodeError, "In table C.4"
if stringprep.in_table_c5( foo[x] ):
raise UnicodeError, "In table C.5"
if stringprep.in_table_c6( foo[x] ):
raise UnicodeError, "In table C.6"
if stringprep.in_table_c7( foo[x] ):
raise UnicodeError, "In table C.7"
if stringprep.in_table_c8( foo[x] ):
raise UnicodeError, "In table C.8"
if stringprep.in_table_c9( foo[x] ):
raise UnicodeError, "In table C.9"
if foo[x] in "\"&'/;<>@":
raise UnicodeError, "In nodeprep banned list"
if x:
if first_is_randal and stringprep.in_table_d2( foo[x] ):
raise UnicodeError, "Section 6.2"
if not first_is_randal and x!=(len(foo)-1) and stringprep.in_table_d1( foo[x] ):
raise UnicodeError, "Section 6.3"
else:
first = False
return foo
def sasl_prep(data):
"""
implement SASLPrep profile as per RFC4013:
it defines the "SASLprep" profile of the "stringprep" algorithm [StringPrep].
The profile is designed for use in Simple Authentication and Security
Layer ([SASL]) mechanisms, such as [PLAIN], [CRAM-MD5], and
[DIGEST-MD5]. It may be applicable where simple user names and
passwords are used. This profile is not intended for use in
preparing identity strings that are not simple user names (e.g.,
email addresses, domain names, distinguished names), or where
identity or password strings that are not character data, or require
different handling (e.g., case folding).
"""
# mapping
prepared_data = ''
for c in data:
if stringprep.in_table_c12(c):
# non-ASCII space characters [StringPrep, C.1.2] that can be mapped to SPACE (U+0020)
prepared_data += ' '
elif stringprep.in_table_b1(c):
# the "commonly mapped to nothing" characters [StringPrep, B.1] that can be mapped to nothing.
pass
else:
prepared_data += c
# normalizing
# This profile specifies using Unicode normalization form KC
# The repertoire is Unicode 3.2 as per RFC 4013 (2)
prepared_data = unicode32.normalize('NFKC', prepared_data)
if not prepared_data:
raise LDAPSASLPrepError('SASLprep error: unable to normalize string')
# prohibit
for c in prepared_data:
if stringprep.in_table_c12(c):
# Non-ASCII space characters [StringPrep, C.1.2]
raise LDAPSASLPrepError('SASLprep error: non-ASCII space character present')
elif stringprep.in_table_c21(c):
# ASCII control characters [StringPrep, C.2.1]
raise LDAPSASLPrepError('SASLprep error: ASCII control character present')
elif stringprep.in_table_c22(c):
# Non-ASCII control characters [StringPrep, C.2.2]
raise LDAPSASLPrepError('SASLprep error: non-ASCII control character present')
elif stringprep.in_table_c3(c):
# Private Use characters [StringPrep, C.3]
raise LDAPSASLPrepError('SASLprep error: private character present')
elif stringprep.in_table_c4(c):
# Non-character code points [StringPrep, C.4]
raise LDAPSASLPrepError('SASLprep error: non-character code point present')
elif stringprep.in_table_c5(c):
# Surrogate code points [StringPrep, C.5]
raise LDAPSASLPrepError('SASLprep error: surrogate code point present')
elif stringprep.in_table_c6(c):
# Inappropriate for plain text characters [StringPrep, C.6]
raise LDAPSASLPrepError('SASLprep error: inappropriate for plain text character present')
elif stringprep.in_table_c7(c):
# Inappropriate for canonical representation characters [StringPrep, C.7]
raise LDAPSASLPrepError('SASLprep error: inappropriate for canonical representation character present')
elif stringprep.in_table_c8(c):
# Change display properties or deprecated characters [StringPrep, C.8]
raise LDAPSASLPrepError('SASLprep error: change display property or deprecated character present')
elif stringprep.in_table_c9(c):
# Tagging characters [StringPrep, C.9]
raise LDAPSASLPrepError('SASLprep error: tagging character present')
# check bidi
# if a string contains any r_and_al_cat character, the string MUST NOT contain any l_cat character.
flag_r_and_al_cat = False
flag_l_cat = False
for c in prepared_data:
if stringprep.in_table_d1(c):
flag_r_and_al_cat = True
elif stringprep.in_table_d2(c):
flag_l_cat = True
if flag_r_and_al_cat and flag_l_cat:
raise LDAPSASLPrepError('SASLprep error: string cannot contain (R or AL) and L bidirectional chars')
# If a string contains any r_and_al_cat character, a r_and_al_cat character MUST be the first character of the string
# and a r_and_al_cat character MUST be the last character of the string.
if flag_r_and_al_cat and not stringprep.in_table_d1(prepared_data[0]) and not stringprep.in_table_d2(prepared_data[-1]):
raise LDAPSASLPrepError('r_and_al_cat character present, must be first and last character of the string')
return prepared_data
def saslprep(text, strict=True):
"""
Return a processed version of the given string, using the SASLPrep
profile of stringprep.
:param text: The string to process, in UTF-8.
:param strict: If ``True``, prevent the use of unassigned code points.
"""
if sys.version_info < (3, 0):
if type(text) == str:
text = text.decode('utf-8')
# Mapping:
#
# - non-ASCII space characters [StringPrep, C.1.2] that can be
# mapped to SPACE (U+0020), and
#
# - the 'commonly mapped to nothing' characters [StringPrep, B.1]
# that can be mapped to nothing.
buffer = ''
for char in text:
if stringprep.in_table_c12(char):
buffer += ' '
elif not stringprep.in_table_b1(char):
buffer += char
# Normalization using form KC
text = unicodedata.normalize('NFKC', buffer)
# Check for bidirectional string
buffer = ''
first_is_randal = False
if text:
first_is_randal = stringprep.in_table_d1(text[0])
if first_is_randal and not stringprep.in_table_d1(text[-1]):
raise SASLPrepFailure('Section 6.3 [end]')
# Check for prohibited characters
for x in range(len(text)):
if strict and stringprep.in_table_a1(text[x]):
raise SASLPrepFailure('Unassigned Codepoint')
if stringprep.in_table_c12(text[x]):
raise SASLPrepFailure('In table C.1.2')
if stringprep.in_table_c21(text[x]):
raise SASLPrepFailure('In table C.2.1')
if stringprep.in_table_c22(text[x]):
raise SASLPrepFailure('In table C.2.2')
if stringprep.in_table_c3(text[x]):
raise SASLPrepFailure('In table C.3')
if stringprep.in_table_c4(text[x]):
raise SASLPrepFailure('In table C.4')
if stringprep.in_table_c5(text[x]):
raise SASLPrepFailure('In table C.5')
if stringprep.in_table_c6(text[x]):
raise SASLPrepFailure('In table C.6')
if stringprep.in_table_c7(text[x]):
raise SASLPrepFailure('In table C.7')
if stringprep.in_table_c8(text[x]):
raise SASLPrepFailure('In table C.8')
if stringprep.in_table_c9(text[x]):
raise SASLPrepFailure('In table C.9')
if x:
if first_is_randal and stringprep.in_table_d2(text[x]):
raise SASLPrepFailure('Section 6.2')
if not first_is_randal and \
x != len(text) - 1 and \
stringprep.in_table_d1(text[x]):
raise SASLPrepFailure('Section 6.3')
return text
def sasl_prep(data):
"""
implement SASLPrep profile as per RFC4013:
it defines the "SASLprep" profile of the "stringprep" algorithm [StringPrep].
The profile is designed for use in Simple Authentication and Security
Layer ([SASL]) mechanisms, such as [PLAIN], [CRAM-MD5], and
[DIGEST-MD5]. It may be applicable where simple user names and
passwords are used. This profile is not intended for use in
preparing identity strings that are not simple user names (e.g.,
email addresses, domain names, distinguished names), or where
identity or password strings that are not character data, or require
different handling (e.g., case folding).
"""
# mapping
prepared_data = ''
for c in data:
if stringprep.in_table_c12(c):
# non-ASCII space characters [StringPrep, C.1.2] that can be mapped to SPACE (U+0020)
prepared_data += ' '
elif stringprep.in_table_b1(c):
# the "commonly mapped to nothing" characters [StringPrep, B.1] that can be mapped to nothing.
pass
else:
prepared_data += c
# normalizing
# This profile specifies using Unicode normalization form KC
# The repertoire is Unicode 3.2 as per RFC 4013 (2)
prepared_data = unicode32.normalize('NFKC', prepared_data)
if not prepared_data:
raise LDAPSASLPrepError('SASLprep error: unable to normalize string')
# prohibit
for c in prepared_data:
if stringprep.in_table_c12(c):
# Non-ASCII space characters [StringPrep, C.1.2]
raise LDAPSASLPrepError('SASLprep error: non-ASCII space character present')
elif stringprep.in_table_c21(c):
# ASCII control characters [StringPrep, C.2.1]
raise LDAPSASLPrepError('SASLprep error: ASCII control character present')
elif stringprep.in_table_c22(c):
# Non-ASCII control characters [StringPrep, C.2.2]
raise LDAPSASLPrepError('SASLprep error: non-ASCII control character present')
elif stringprep.in_table_c3(c):
# Private Use characters [StringPrep, C.3]
raise LDAPSASLPrepError('SASLprep error: private character present')
elif stringprep.in_table_c4(c):
# Non-character code points [StringPrep, C.4]
raise LDAPSASLPrepError('SASLprep error: non-character code point present')
elif stringprep.in_table_c5(c):
# Surrogate code points [StringPrep, C.5]
raise LDAPSASLPrepError('SASLprep error: surrogate code point present')
elif stringprep.in_table_c6(c):
# Inappropriate for plain text characters [StringPrep, C.6]
raise LDAPSASLPrepError('SASLprep error: inappropriate for plain text character present')
elif stringprep.in_table_c7(c):
# Inappropriate for canonical representation characters [StringPrep, C.7]
raise LDAPSASLPrepError('SASLprep error: inappropriate for canonical representation character present')
elif stringprep.in_table_c8(c):
# Change display properties or deprecated characters [StringPrep, C.8]
raise LDAPSASLPrepError('SASLprep error: change display property or deprecated character present')
elif stringprep.in_table_c9(c):
# Tagging characters [StringPrep, C.9]
raise LDAPSASLPrepError('SASLprep error: tagging character present')
# check bidi
# if a string contains any r_and_al_cat character, the string MUST NOT contain any l_cat character.
flag_r_and_al_cat = False
flag_l_cat = False
for c in prepared_data:
if stringprep.in_table_d1(c):
flag_r_and_al_cat = True
elif stringprep.in_table_d2(c):
flag_l_cat = True
if flag_r_and_al_cat and flag_l_cat:
raise LDAPSASLPrepError('SASLprep error: string cannot contain (R or AL) and L bidirectional chars')
# If a string contains any r_and_al_cat character, a r_and_al_cat character MUST be the first character of the string
# and a r_and_al_cat character MUST be the last character of the string.
if flag_r_and_al_cat and not stringprep.in_table_d1(prepared_data[0]) and not stringprep.in_table_d2(prepared_data[-1]):
raise LDAPSASLPrepError('r_and_al_cat character present, must be first and last character of the string')
return prepared_data
def saslprep(text, strict=True):
"""
Return a processed version of the given string, using the SASLPrep
profile of stringprep.
:param text: The string to process, in UTF-8.
:param strict: If ``True``, prevent the use of unassigned code points.
"""
if sys.version_info < (3, 0):
if type(text) == str:
text = text.decode("utf-8")
# Mapping:
#
# - non-ASCII space characters [StringPrep, C.1.2] that can be
# mapped to SPACE (U+0020), and
#
# - the 'commonly mapped to nothing' characters [StringPrep, B.1]
# that can be mapped to nothing.
buffer = ""
for char in text:
if stringprep.in_table_c12(char):
buffer += " "
elif not stringprep.in_table_b1(char):
buffer += char
# Normalization using form KC
text = unicodedata.normalize("NFKC", buffer)
# Check for bidirectional string
buffer = ""
first_is_randal = False
if text:
first_is_randal = stringprep.in_table_d1(text[0])
if first_is_randal and not stringprep.in_table_d1(text[-1]):
raise SASLPrepFailure("Section 6.3 [end]")
# Check for prohibited characters
for x in range(len(text)):
if strict and stringprep.in_table_a1(text[x]):
raise SASLPrepFailure("Unassigned Codepoint")
if stringprep.in_table_c12(text[x]):
raise SASLPrepFailure("In table C.1.2")
if stringprep.in_table_c21(text[x]):
raise SASLPrepFailure("In table C.2.1")
if stringprep.in_table_c22(text[x]):
raise SASLPrepFailure("In table C.2.2")
if stringprep.in_table_c3(text[x]):
raise SASLPrepFailure("In table C.3")
if stringprep.in_table_c4(text[x]):
raise SASLPrepFailure("In table C.4")
if stringprep.in_table_c5(text[x]):
raise SASLPrepFailure("In table C.5")
if stringprep.in_table_c6(text[x]):
raise SASLPrepFailure("In table C.6")
if stringprep.in_table_c7(text[x]):
raise SASLPrepFailure("In table C.7")
if stringprep.in_table_c8(text[x]):
raise SASLPrepFailure("In table C.8")
if stringprep.in_table_c9(text[x]):
raise SASLPrepFailure("In table C.9")
if x:
if first_is_randal and stringprep.in_table_d2(text[x]):
raise SASLPrepFailure("Section 6.2")
if not first_is_randal and x != len(text) - 1 and stringprep.in_table_d1(text[x]):
raise SASLPrepFailure("Section 6.3")
return text
def saslprep(s, allow_unassigned=False):
'''
Prepare Unicode string s according to SASLprep: Stringprep Profile for
User Names and Passwords, a.k.a. RFC 4013
If the optional parameter allow_unassigned is set to True,
unassigned codepoints will be allowed. This is recommended for
query terms and other non-storing situations only.
The return value is a Unicode string appropriately prepared.
Disallowed input leads to a ValueError.
'''
if type(s) != type(u''):
raise TypeError("input must be a Unicode string")
# phase 1: mapping
s = u''.join([
stringprep.in_table_c12(ch) and u' ' or ch for ch in unichars(s)
if not stringprep.in_table_b1(ch)
])
# phase 2: normalization
s = unicodedata.normalize('NFKC', s)
# phase 3: prohibition
for ch in unichars(s):
if stringprep.in_table_c12(ch):
raise ValueError("prohibited non-ASCII space character")
if stringprep.in_table_c21(ch):
raise ValueError("prohibited ASCII control character")
if stringprep.in_table_c22(ch):
raise ValueError("prohibited non-ASCII control character")
if stringprep.in_table_c3(ch):
raise ValueError("prohibited private use character")
if stringprep.in_table_c4(ch):
raise ValueError("prohibited non-character code point")
if stringprep.in_table_c5(ch):
raise ValueError("prohibited surrogate code point")
if stringprep.in_table_c6(ch):
raise ValueError(
"prohibited character inappropriate for plain text")
if stringprep.in_table_c7(ch):
raise ValueError(
"prohibited character inappropriate for canonical representation"
)
if stringprep.in_table_c8(ch):
raise ValueError(
"prohibited character changing display properties, or a deprecated character"
)
if stringprep.in_table_c9(ch):
raise ValueError("prohibited tagging character")
# phase 4: bidi check
bidi_map = ''.join([
stringprep.in_table_d1(ch) and 'r'
or stringprep.in_table_d2(ch) and 'l' or 'x' for ch in unichars(s)
])
if 'r' in bidi_map:
if 'l' in bidi_map:
raise ValueError(
"prohibited mixture of strong left-to-right and right-to-left text"
)
if bidi_map[0] != 'r' or bidi_map[-1] != 'r':
raise ValueError(
"string containing right-to-left text must start and end with right-to-left text"
)
# phase 5: unassigned check
if not allow_unassigned:
for ch in unichars(s):
if stringprep.in_table_a1(ch):
raise ValueError("prohibited unassigned code point")
return s
def update_event(self, inp=-1):
self.set_output_val(0, stringprep.in_table_c21(self.input(0)))
