def __init__(self, app, conf): #: The next WSGI application/filter in the paste.deploy pipeline. self.app = app #: The filter configuration dict. self.conf = conf self.disallowed_headers = set( header_to_environ_key(h) for h in DISALLOWED_INCOMING_HEADERS.split()) headers = [header_to_environ_key(h) for h in conf.get('incoming_remove_headers', DEFAULT_INCOMING_REMOVE_HEADERS.split())] #: Headers to remove from incoming requests. Uppercase WSGI env style, #: like `HTTP_X_PRIVATE`. self.incoming_remove_headers = \ [h for h in headers if not h.endswith('*')] #: Header with match prefixes to remove from incoming requests. #: Uppercase WSGI env style, like `HTTP_X_SENSITIVE_*`. self.incoming_remove_headers_startswith = \ [h[:-1] for h in headers if h.endswith('*')] headers = [header_to_environ_key(h) for h in conf.get('incoming_allow_headers', DEFAULT_INCOMING_ALLOW_HEADERS.split())] #: Headers to allow in incoming requests. Uppercase WSGI env style, #: like `HTTP_X_MATCHES_REMOVE_PREFIX_BUT_OKAY`. self.incoming_allow_headers = \ [h for h in headers if not h.endswith('*')] #: Header with match prefixes to allow in incoming requests. Uppercase #: WSGI env style, like `HTTP_X_MATCHES_REMOVE_PREFIX_BUT_OKAY_*`. self.incoming_allow_headers_startswith = \ [h[:-1] for h in headers if h.endswith('*')] headers = [h.title() for h in conf.get('outgoing_remove_headers', DEFAULT_OUTGOING_REMOVE_HEADERS.split())] #: Headers to remove from outgoing responses. Lowercase, like #: `x-account-meta-temp-url-key`. self.outgoing_remove_headers = \ [h for h in headers if not h.endswith('*')] #: Header with match prefixes to remove from outgoing responses. #: Lowercase, like `x-account-meta-private-*`. self.outgoing_remove_headers_startswith = \ [h[:-1] for h in headers if h.endswith('*')] headers = [h.title() for h in conf.get('outgoing_allow_headers', DEFAULT_OUTGOING_ALLOW_HEADERS.split())] #: Headers to allow in outgoing responses. Lowercase, like #: `x-matches-remove-prefix-but-okay`. self.outgoing_allow_headers = \ [h for h in headers if not h.endswith('*')] #: Header with match prefixes to allow in outgoing responses. #: Lowercase, like `x-matches-remove-prefix-but-okay-*`. self.outgoing_allow_headers_startswith = \ [h[:-1] for h in headers if h.endswith('*')] #: HTTP user agent to use for subrequests. self.agent = '%(orig)s TempURL'
# See the License for the specific language governing permissions and # limitations under the License. from swift.common.middleware.crypto.crypto_utils import Crypto from swift.common.swob import header_to_environ_key from swift.common.utils import strict_b64decode ALGO_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Algorithm' KEY_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Key' KEY_MD5_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Key-Md5' SRC_ALGO_HEADER = 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm' SRC_KEY_HEADER = 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key' SRC_KEY_MD5_HEADER = \ 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5' ALGO_ENV_KEY = header_to_environ_key(ALGO_HEADER) KEY_ENV_KEY = header_to_environ_key(KEY_HEADER) KEY_MD5_ENV_KEY = header_to_environ_key(KEY_MD5_HEADER) SRC_ALGO_ENV_KEY = header_to_environ_key(SRC_ALGO_HEADER) SRC_KEY_ENV_KEY = header_to_environ_key(SRC_KEY_HEADER) SRC_KEY_MD5_ENV_KEY = header_to_environ_key(SRC_KEY_MD5_HEADER) def decode_secret(b64_secret): """Decode and check a base64 encoded secret key.""" binary_secret = strict_b64decode(b64_secret, allow_line_breaks=True) if len(binary_secret) != Crypto.key_length: raise ValueError return binary_secret
if any(c not in valid_chars for c in value.strip(strip_chars)): raise ValueError try: return base64.b64decode(value) except (TypeError, binascii.Error): # (py2 error, py3 error) raise ValueError ALGO_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Algorithm' KEY_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Key' KEY_MD5_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Key-Md5' SRC_ALGO_HEADER = 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm' SRC_KEY_HEADER = 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key' SRC_KEY_MD5_HEADER = \ 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5' ALGO_ENV_KEY = header_to_environ_key(ALGO_HEADER) KEY_ENV_KEY = header_to_environ_key(KEY_HEADER) KEY_MD5_ENV_KEY = header_to_environ_key(KEY_MD5_HEADER) SRC_ALGO_ENV_KEY = header_to_environ_key(SRC_ALGO_HEADER) SRC_KEY_ENV_KEY = header_to_environ_key(SRC_KEY_HEADER) SRC_KEY_MD5_ENV_KEY = header_to_environ_key(SRC_KEY_MD5_HEADER) def decode_secret(b64_secret): """Decode and check a base64 encoded secret key.""" binary_secret = strict_b64decode(b64_secret, allow_line_breaks=True) if len(binary_secret) != Crypto.key_length: raise ValueError return binary_secret