def normalize_before_encryption(unencrypted,
content_type,
content_encoding,
secret_type,
enforce_text_only=False):
"""Normalize unencrypted prior to plugin encryption processing.
This normalizes the secrets before they are handed off to the SecretStore
for storage. This converts all data to Base64 data. If the data is plain
text then it encoded using utf-8 first and then Base64 encoded. Binary
data is simply converted to Base64.
:param str unencrypted: Raw payload
:param str content_type: The media type for the payload
:param str content_encoding: Transfer encoding
:param str secret_type: The type of secret
:param bool enforce_text_only: Require text content_type or base64
content_encoding
:returns: Tuple containing the normalized (base64 encoded) payload and
the normalized media type.
"""
if not unencrypted:
raise s.SecretNoPayloadProvidedException()
# Validate and normalize content-type.
normalized_media_type = normalize_content_type(content_type)
# Process plain-text type.
if normalized_media_type in mime_types.PLAIN_TEXT:
# normalize text to binary and then base64 encode it
if six.PY3:
b64payload = base64.encode_as_bytes(unencrypted)
else:
unencrypted_bytes = unencrypted.encode('utf-8')
b64payload = base64.encode_as_bytes(unencrypted_bytes)
# Process binary type.
else:
if not content_encoding:
b64payload = base64.encode_as_bytes(unencrypted)
elif content_encoding.lower() == 'base64':
if not isinstance(unencrypted, six.binary_type):
b64payload = unencrypted.encode('utf-8')
else:
b64payload = unencrypted
elif enforce_text_only:
# For text-based protocols (such as the one-step secret POST),
# only 'base64' encoding is possible/supported.
raise s.SecretContentEncodingMustBeBase64()
else:
# Unsupported content-encoding request.
raise s.SecretContentEncodingNotSupportedException(
content_encoding)
return b64payload, normalized_media_type
def test_handle_secret_content_encoding_not_supported_exception(self):
operation = 'operation'
content_encoding = 'application/octet-stream'
test_excep = secret_store.SecretContentEncodingNotSupportedException(
content_encoding)
status, message = api.generate_safe_exception_message(
operation, test_excep)
self.assertEqual(400, status)
self.assertEqual("operation issue seen - content-encoding of "
"'application/octet-stream' not "
"supported.", message)
def normalize_before_encryption(unencrypted,
content_type,
content_encoding,
enforce_text_only=False):
"""Normalize unencrypted prior to plugin encryption processing."""
if not unencrypted:
raise s.SecretNoPayloadProvidedException()
# Validate and normalize content-type.
normalized_mime = mime_types.normalize_content_type(content_type)
if not mime_types.is_supported(normalized_mime):
raise s.SecretContentTypeNotSupportedException(content_type)
# Process plain-text type.
if normalized_mime in mime_types.PLAIN_TEXT:
# normalize text to binary string
unencrypted = unencrypted.encode('utf-8')
# Process binary type.
else:
# payload has to be decoded
if mime_types.is_base64_processing_needed(content_type,
content_encoding):
try:
unencrypted = base64.b64decode(unencrypted)
except TypeError:
raise s.SecretPayloadDecodingError()
elif mime_types.use_binary_content_as_is(content_type,
content_encoding):
unencrypted = unencrypted
elif enforce_text_only:
# For text-based protocols (such as the one-step secret POST),
# only 'base64' encoding is possible/supported.
raise s.SecretContentEncodingMustBeBase64()
elif content_encoding:
# Unsupported content-encoding request.
raise s.SecretContentEncodingNotSupportedException(
content_encoding)
return unencrypted, normalized_mime