def _validate_content_parameters(self, content_type, content_encoding, schema_name): """Content parameter validator. Check that the content_type, content_encoding and the parameters that they affect are valid. """ self._assert_validity( content_type is not None, schema_name, u._("If 'payload' is supplied, 'payload_content_type' must also " "be supplied."), "payload_content_type") self._assert_validity( mime_types.is_supported(content_type), schema_name, u._("payload_content_type {supplied} is not one of {supported}" ).format(supplied=content_type, supported=mime_types.SUPPORTED), "payload_content_type") self._assert_validity( mime_types.is_content_type_with_encoding_supported( content_type, content_encoding), schema_name, u._("payload_content_encoding is not one of {supported}").format( supported=mime_types.get_supported_encodings(content_type)), "payload_content_encoding")
def _validate_content_parameters(self, content_type, content_encoding, schema_name): """Content parameter validator. Check that the content_type, content_encoding and the parameters that they affect are valid. """ self._assert_validity( content_type is not None, schema_name, u._("If 'payload' is supplied, 'payload_content_type' must also " "be supplied."), "payload_content_type") self._assert_validity( mime_types.is_supported(content_type), schema_name, u._("payload_content_type {supplied} is not one of {supported}" ).format(supplied=content_type, supported=mime_types.SUPPORTED), "payload_content_type") self._assert_validity( mime_types.is_content_type_with_encoding_supported( content_type, content_encoding), schema_name, u._("payload_content_encoding is not one of {supported}").format( supported=mime_types.get_supported_encodings(content_type)), "payload_content_encoding")
def validate(self, json_data, parent_schema=None): """Validate the input JSON for the schema for secrets.""" schema_name = self._full_name(parent_schema) self._assert_schema_is_valid(json_data, schema_name) json_data['name'] = self._extract_name(json_data) expiration = self._extract_expiration(json_data, schema_name) self._assert_expiration_is_valid(expiration, schema_name) json_data['expiration'] = expiration content_type = json_data.get('payload_content_type') if 'payload' in json_data: content_encoding = json_data.get('payload_content_encoding') self._validate_content_parameters(content_type, content_encoding, schema_name) payload = self._extract_payload(json_data) self._assert_validity(payload, schema_name, u._("If 'payload' specified, must be non " "empty"), "payload") self._validate_payload_by_content_encoding(content_encoding, payload, schema_name) json_data['payload'] = payload elif 'payload_content_type' in json_data: # parent_schema would be populated if it comes from an order. self._assert_validity(parent_schema is not None, schema_name, u._("payload must be provided when " "payload_content_type is specified"), "payload") if content_type: self._assert_validity( mime_types.is_supported(content_type), schema_name, u._("payload_content_type is not one of {supported}" ).format(supplied=content_type, supported=mime_types.SUPPORTED), "payload_content_type") return json_data
def validate(self, json_data, parent_schema=None): """Validate the input JSON for the schema for secrets.""" schema_name = self._full_name(parent_schema) self._assert_schema_is_valid(json_data, schema_name) json_data['name'] = self._extract_name(json_data) expiration = self._extract_expiration(json_data, schema_name) self._assert_expiration_is_valid(expiration, schema_name) json_data['expiration'] = expiration content_type = json_data.get('payload_content_type') if 'payload' in json_data: content_encoding = json_data.get('payload_content_encoding') self._validate_content_parameters(content_type, content_encoding, schema_name) payload = self._extract_payload(json_data) self._assert_validity(payload, schema_name, u._("If 'payload' specified, must be non " "empty"), "payload") self._validate_payload_by_content_encoding(content_encoding, payload, schema_name) json_data['payload'] = payload elif 'payload_content_type' in json_data: # parent_schema would be populated if it comes from an order. self._assert_validity(parent_schema is not None, schema_name, u._("payload must be provided when " "payload_content_type is specified"), "payload") if content_type: self._assert_validity( mime_types.is_supported(content_type), schema_name, u._("payload_content_type is not one of {supported}" ).format(supplied=content_type, supported=mime_types.SUPPORTED), "payload_content_type") return json_data
def normalize_before_encryption(unencrypted, content_type, content_encoding, enforce_text_only=False): """Normalize unencrypted prior to plugin encryption processing.""" if not unencrypted: raise s.SecretNoPayloadProvidedException() # Validate and normalize content-type. normalized_mime = mime_types.normalize_content_type(content_type) if not mime_types.is_supported(normalized_mime): raise s.SecretContentTypeNotSupportedException(content_type) # Process plain-text type. if normalized_mime in mime_types.PLAIN_TEXT: # normalize text to binary string unencrypted = unencrypted.encode('utf-8') # Process binary type. else: # payload has to be decoded if mime_types.is_base64_processing_needed(content_type, content_encoding): try: unencrypted = base64.b64decode(unencrypted) except TypeError: raise s.SecretPayloadDecodingError() elif mime_types.use_binary_content_as_is(content_type, content_encoding): unencrypted = unencrypted elif enforce_text_only: # For text-based protocols (such as the one-step secret POST), # only 'base64' encoding is possible/supported. raise s.SecretContentEncodingMustBeBase64() elif content_encoding: # Unsupported content-encoding request. raise s.SecretContentEncodingNotSupportedException( content_encoding) return unencrypted, normalized_mime
def normalize_before_encryption(unencrypted, content_type, content_encoding, enforce_text_only=False): """Normalize unencrypted prior to plugin encryption processing.""" if not unencrypted: raise s.SecretNoPayloadProvidedException() # Validate and normalize content-type. normalized_mime = mime_types.normalize_content_type(content_type) if not mime_types.is_supported(normalized_mime): raise s.SecretContentTypeNotSupportedException(content_type) # Process plain-text type. if normalized_mime in mime_types.PLAIN_TEXT: # normalize text to binary string unencrypted = unencrypted.encode('utf-8') # Process binary type. else: # payload has to be decoded if mime_types.is_base64_processing_needed(content_type, content_encoding): try: unencrypted = base64.b64decode(unencrypted) except TypeError: raise s.SecretPayloadDecodingError() elif mime_types.use_binary_content_as_is(content_type, content_encoding): unencrypted = unencrypted elif enforce_text_only: # For text-based protocols (such as the one-step secret POST), # only 'base64' encoding is possible/supported. raise s.SecretContentEncodingMustBeBase64() elif content_encoding: # Unsupported content-encoding request. raise s.SecretContentEncodingNotSupportedException( content_encoding ) return unencrypted, normalized_mime
def analyze_before_decryption(content_type): """Determine support for desired content type.""" if not mime_types.is_supported(content_type): raise s.SecretAcceptNotSupportedException(content_type)
def normalize_content_type(content_type): """Normalize the content type and validate that it is supported.""" normalized_mime = mime_types.normalize_content_type(content_type) if not mime_types.is_supported(normalized_mime): raise s.SecretContentTypeNotSupportedException(content_type) return normalized_mime
def analyze_before_decryption(content_type): """Determine support for desired content type.""" if not mime_types.is_supported(content_type): raise s.SecretAcceptNotSupportedException(content_type)
def normalize_content_type(content_type): """Normalize the content type and validate that it is supported.""" normalized_mime = mime_types.normalize_content_type(content_type) if not mime_types.is_supported(normalized_mime): raise s.SecretContentTypeNotSupportedException(content_type) return normalized_mime