def normalize_before_encryption(unencrypted, content_type, content_encoding, secret_type, enforce_text_only=False): """Normalize unencrypted prior to plugin encryption processing. This normalizes the secrets before they are handed off to the SecretStore for storage. This converts all data to Base64 data. If the data is plain text then it encoded using utf-8 first and then Base64 encoded. Binary data is simply converted to Base64. In addition if the secret type is one of private, public, or certificate then the PEM headers are added to the Base64 encoding. """ if not unencrypted: raise s.SecretNoPayloadProvidedException() # Validate and normalize content-type. normalized_mime = normalize_content_type(content_type) # Process plain-text type. if normalized_mime in mime_types.PLAIN_TEXT: # normalize text to binary and then base64 encode it unencrypted = unencrypted.encode('utf-8') unencrypted = base64.b64encode(unencrypted) # Process binary type. else: if content_encoding: content_encoding = content_encoding.lower() if content_encoding == 'base64': b64payload = unencrypted if is_pem_payload(unencrypted): pem_components = get_pem_components(unencrypted) b64payload = pem_components[1] try: base64.b64decode(b64payload) except TypeError: raise s.SecretPayloadDecodingError() elif mime_types.use_binary_content_as_is(content_type, content_encoding): if (secret_type == s.SecretType.PRIVATE or secret_type == s.SecretType.PUBLIC or secret_type == s.SecretType.CERTIFICATE): unencrypted = to_pem(secret_type, unencrypted) else: unencrypted = base64.b64encode(unencrypted) elif enforce_text_only: # For text-based protocols (such as the one-step secret POST), # only 'base64' encoding is possible/supported. raise s.SecretContentEncodingMustBeBase64() elif content_encoding: # Unsupported content-encoding request. raise s.SecretContentEncodingNotSupportedException( content_encoding ) return unencrypted, normalized_mime
def normalize_before_encryption(unencrypted, content_type, content_encoding, enforce_text_only=False): """Normalize unencrypted prior to plugin encryption processing.""" if not unencrypted: raise s.SecretNoPayloadProvidedException() # Validate and normalize content-type. normalized_mime = mime_types.normalize_content_type(content_type) if not mime_types.is_supported(normalized_mime): raise s.SecretContentTypeNotSupportedException(content_type) # Process plain-text type. if normalized_mime in mime_types.PLAIN_TEXT: # normalize text to binary string unencrypted = unencrypted.encode('utf-8') # Process binary type. else: # payload has to be decoded if mime_types.is_base64_processing_needed(content_type, content_encoding): try: unencrypted = base64.b64decode(unencrypted) except TypeError: raise s.SecretPayloadDecodingError() elif mime_types.use_binary_content_as_is(content_type, content_encoding): unencrypted = unencrypted elif enforce_text_only: # For text-based protocols (such as the one-step secret POST), # only 'base64' encoding is possible/supported. raise s.SecretContentEncodingMustBeBase64() elif content_encoding: # Unsupported content-encoding request. raise s.SecretContentEncodingNotSupportedException( content_encoding) return unencrypted, normalized_mime
def normalize_before_encryption(unencrypted, content_type, content_encoding, enforce_text_only=False): """Normalize unencrypted prior to plugin encryption processing.""" if not unencrypted: raise s.SecretNoPayloadProvidedException() # Validate and normalize content-type. normalized_mime = mime_types.normalize_content_type(content_type) if not mime_types.is_supported(normalized_mime): raise s.SecretContentTypeNotSupportedException(content_type) # Process plain-text type. if normalized_mime in mime_types.PLAIN_TEXT: # normalize text to binary string unencrypted = unencrypted.encode('utf-8') # Process binary type. else: # payload has to be decoded if mime_types.is_base64_processing_needed(content_type, content_encoding): try: unencrypted = base64.b64decode(unencrypted) except TypeError: raise s.SecretPayloadDecodingError() elif mime_types.use_binary_content_as_is(content_type, content_encoding): unencrypted = unencrypted elif enforce_text_only: # For text-based protocols (such as the one-step secret POST), # only 'base64' encoding is possible/supported. raise s.SecretContentEncodingMustBeBase64() elif content_encoding: # Unsupported content-encoding request. raise s.SecretContentEncodingNotSupportedException( content_encoding ) return unencrypted, normalized_mime
def test_plain_content_with_base64_encoding(self): r = mime_types.use_binary_content_as_is('text/plain', 'base64') self.assertFalse(r)
def test_not_allow_with_invalid_content_type(self): r = mime_types.use_binary_content_as_is('invalid_conent_type', 'binary') self.assertFalse(r)
def test_binary_content_with_base64_encoding(self): r = mime_types.use_binary_content_as_is('application/octet-stream', 'base64') self.assertFalse(r)
def test_binary_content_with_encoding(self): r = mime_types.use_binary_content_as_is('application/octet-stream', 'binary;q=0.5, ' 'gzip;q=0.6, compress') self.assertTrue(r)
def test_binary_content_with_valid_encoding(self): r = mime_types.use_binary_content_as_is('application/octet-stream', 'binary') self.assertTrue(r)
def test_plain_content_with_base64_encoding(self): r = mime_types.use_binary_content_as_is('text/plain', 'base64') self.assertFalse(r)
def test_not_allow_with_invalid_content_type(self): r = mime_types.use_binary_content_as_is('invalid_conent_type', 'binary') self.assertFalse(r)
def test_binary_content_with_base64_encoding(self): r = mime_types.use_binary_content_as_is('application/octet-stream', 'base64') self.assertFalse(r)
def test_binary_content_with_encoding(self): r = mime_types.use_binary_content_as_is( 'application/octet-stream', 'binary;q=0.5, ' 'gzip;q=0.6, compress') self.assertTrue(r)
def test_binary_content_with_valid_encoding(self): r = mime_types.use_binary_content_as_is('application/octet-stream', 'binary') self.assertTrue(r)