def _validate_tls

def _validate_tls_versions()

in mysqlx-connector-python/lib/mysqlx/connection.py [0:0]
74 lines of code
23 McCabe index (conditional complexity)

def _validate_tls_versions(settings: Dict[str, Any]) -> None:
    """Validate tls-versions.

    Args:
        settings (dict): Settings dictionary.

    Raises:
        :class:`mysqlx.InterfaceError`: If tls-versions name is not valid.
    """
    tls_versions = []
    if "tls-versions" not in settings:
        return

    tls_versions_settings = settings["tls-versions"]

    if isinstance(tls_versions_settings, str):
        if not (
            tls_versions_settings.startswith("[")
            and tls_versions_settings.endswith("]")
        ):
            raise InterfaceError(
                f"tls-versions must be a list, found: '{tls_versions_settings}'"
            )
        tls_vers = tls_versions_settings[1:-1].split(",")
        for tls_ver in tls_vers:
            tls_version = tls_ver.strip()
            if tls_version == "":
                continue
            if tls_version in tls_versions:
                raise InterfaceError(
                    DUPLICATED_IN_LIST_ERROR.format(
                        list="tls_versions", value=tls_version
                    )
                )
            tls_versions.append(tls_version)
    elif isinstance(tls_versions_settings, list):
        if not tls_versions_settings:
            raise InterfaceError(
                "At least one TLS protocol version must be "
                "specified in 'tls-versions' list."
            )
        for tls_ver in tls_versions_settings:
            if tls_ver in tls_versions:
                raise InterfaceError(
                    DUPLICATED_IN_LIST_ERROR.format(list="tls_versions", value=tls_ver)
                )
            tls_versions.append(tls_ver)

    elif isinstance(tls_versions_settings, set):
        for tls_ver in tls_versions_settings:
            tls_versions.append(tls_ver)
    else:
        raise InterfaceError(
            "tls-versions should be a list with one or more of versions in "
            f"{', '.join(SUPPORTED_TLS_VERSIONS)}. found: '{tls_versions}'"
        )

    if not tls_versions:
        raise InterfaceError(
            "At least one TLS protocol version must be specified in "
            "'tls-versions' list."
        )

    use_tls_versions = []
    unacceptable_tls_versions = []
    not_tls_versions = []
    for tls_ver in tls_versions:
        if tls_ver in SUPPORTED_TLS_VERSIONS:
            use_tls_versions.append(tls_ver)
        if tls_ver in UNACCEPTABLE_TLS_VERSIONS:
            unacceptable_tls_versions.append(tls_ver)
        else:
            not_tls_versions.append(tls_ver)

    if use_tls_versions:
        if use_tls_versions == ["TLSv1.3"] and not TLS_V1_3_SUPPORTED:
            raise NotSupportedError(
                TLS_VER_NO_SUPPORTED.format(tls_versions, SUPPORTED_TLS_VERSIONS)
            )
        settings["tls-versions"] = use_tls_versions
    elif unacceptable_tls_versions:
        raise NotSupportedError(
            TLS_VERSION_UNACCEPTABLE_ERROR.format(
                unacceptable_tls_versions, SUPPORTED_TLS_VERSIONS
            )
        )
    elif not_tls_versions:
        raise InterfaceError(TLS_VERSION_ERROR.format(tls_ver, SUPPORTED_TLS_VERSIONS))