def __init__(self, app, conf):
#: The next WSGI application/filter in the paste.deploy pipeline.
self.app = app
#: The filter configuration dict.
self.conf = conf
self.disallowed_headers = set(
header_to_environ_key(h)
for h in DISALLOWED_INCOMING_HEADERS.split())
headers = [header_to_environ_key(h)
for h in conf.get('incoming_remove_headers',
DEFAULT_INCOMING_REMOVE_HEADERS.split())]
#: Headers to remove from incoming requests. Uppercase WSGI env style,
#: like `HTTP_X_PRIVATE`.
self.incoming_remove_headers = \
[h for h in headers if not h.endswith('*')]
#: Header with match prefixes to remove from incoming requests.
#: Uppercase WSGI env style, like `HTTP_X_SENSITIVE_*`.
self.incoming_remove_headers_startswith = \
[h[:-1] for h in headers if h.endswith('*')]
headers = [header_to_environ_key(h)
for h in conf.get('incoming_allow_headers',
DEFAULT_INCOMING_ALLOW_HEADERS.split())]
#: Headers to allow in incoming requests. Uppercase WSGI env style,
#: like `HTTP_X_MATCHES_REMOVE_PREFIX_BUT_OKAY`.
self.incoming_allow_headers = \
[h for h in headers if not h.endswith('*')]
#: Header with match prefixes to allow in incoming requests. Uppercase
#: WSGI env style, like `HTTP_X_MATCHES_REMOVE_PREFIX_BUT_OKAY_*`.
self.incoming_allow_headers_startswith = \
[h[:-1] for h in headers if h.endswith('*')]
headers = [h.title()
for h in conf.get('outgoing_remove_headers',
DEFAULT_OUTGOING_REMOVE_HEADERS.split())]
#: Headers to remove from outgoing responses. Lowercase, like
#: `x-account-meta-temp-url-key`.
self.outgoing_remove_headers = \
[h for h in headers if not h.endswith('*')]
#: Header with match prefixes to remove from outgoing responses.
#: Lowercase, like `x-account-meta-private-*`.
self.outgoing_remove_headers_startswith = \
[h[:-1] for h in headers if h.endswith('*')]
headers = [h.title()
for h in conf.get('outgoing_allow_headers',
DEFAULT_OUTGOING_ALLOW_HEADERS.split())]
#: Headers to allow in outgoing responses. Lowercase, like
#: `x-matches-remove-prefix-but-okay`.
self.outgoing_allow_headers = \
[h for h in headers if not h.endswith('*')]
#: Header with match prefixes to allow in outgoing responses.
#: Lowercase, like `x-matches-remove-prefix-but-okay-*`.
self.outgoing_allow_headers_startswith = \
[h[:-1] for h in headers if h.endswith('*')]
#: HTTP user agent to use for subrequests.
self.agent = '%(orig)s TempURL'
# See the License for the specific language governing permissions and
# limitations under the License.
from swift.common.middleware.crypto.crypto_utils import Crypto
from swift.common.swob import header_to_environ_key
from swift.common.utils import strict_b64decode
ALGO_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Algorithm'
KEY_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Key'
KEY_MD5_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Key-Md5'
SRC_ALGO_HEADER = 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm'
SRC_KEY_HEADER = 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key'
SRC_KEY_MD5_HEADER = \
'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5'
ALGO_ENV_KEY = header_to_environ_key(ALGO_HEADER)
KEY_ENV_KEY = header_to_environ_key(KEY_HEADER)
KEY_MD5_ENV_KEY = header_to_environ_key(KEY_MD5_HEADER)
SRC_ALGO_ENV_KEY = header_to_environ_key(SRC_ALGO_HEADER)
SRC_KEY_ENV_KEY = header_to_environ_key(SRC_KEY_HEADER)
SRC_KEY_MD5_ENV_KEY = header_to_environ_key(SRC_KEY_MD5_HEADER)
def decode_secret(b64_secret):
"""Decode and check a base64 encoded secret key."""
binary_secret = strict_b64decode(b64_secret, allow_line_breaks=True)
if len(binary_secret) != Crypto.key_length:
raise ValueError
return binary_secret
if any(c not in valid_chars for c in value.strip(strip_chars)):
raise ValueError
try:
return base64.b64decode(value)
except (TypeError, binascii.Error): # (py2 error, py3 error)
raise ValueError
ALGO_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Algorithm'
KEY_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Key'
KEY_MD5_HEADER = 'X-Amz-Server-Side-Encryption-Customer-Key-Md5'
SRC_ALGO_HEADER = 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm'
SRC_KEY_HEADER = 'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key'
SRC_KEY_MD5_HEADER = \
'X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5'
ALGO_ENV_KEY = header_to_environ_key(ALGO_HEADER)
KEY_ENV_KEY = header_to_environ_key(KEY_HEADER)
KEY_MD5_ENV_KEY = header_to_environ_key(KEY_MD5_HEADER)
SRC_ALGO_ENV_KEY = header_to_environ_key(SRC_ALGO_HEADER)
SRC_KEY_ENV_KEY = header_to_environ_key(SRC_KEY_HEADER)
SRC_KEY_MD5_ENV_KEY = header_to_environ_key(SRC_KEY_MD5_HEADER)
def decode_secret(b64_secret):
"""Decode and check a base64 encoded secret key."""
binary_secret = strict_b64decode(b64_secret, allow_line_breaks=True)
if len(binary_secret) != Crypto.key_length:
raise ValueError
return binary_secret
