UnicodeEncodeError that results in an HTTP 500 on certain unicode characters in payload_content_type

Returns a 500 error for any payload_content_type in a request's payload (no encoding stated), with a character from \u0080 to \uffff.

Request:

curl -X POST -H 'content-type:application/json' -H 'X-Project-Id:12345' -d '{"payload": "my-secret-here", "payload_content_type": "ÄÄÄ"}' http://localhost:9311/v1/secrets

Response:

{"code": 500, "description": "Secret creation failure seen - please contact site administrator.", "title": "Internal Server Error"}

Stacktrace:
2015-03-24 00:44:26.712 16982 ERROR barbican.api [-] Failed to validate JSON information: Provided object does not match schema 'Secret': payload_content_type ÄÄÄ is not one of ['text/plain', 'text/plain;charset=utf-8', 'text/plain; charset=utf-8', 'application/octet-stream', 'application/pkcs8', 'application/pkix-cert']
2015-03-24 00:44:26.712 16982 TRACE barbican.api Traceback (most recent call last):
2015-03-24 00:44:26.712 16982 TRACE barbican.api File "/home/barbican/barbican/barbican/api/__init__.py", line 76, in load_body
2015-03-24 00:44:26.712 16982 TRACE barbican.api parsed_body = validator.validate(parsed_body)
2015-03-24 00:44:26.712 16982 TRACE barbican.api File "/home/barbican/barbican/barbican/common/validators.py", line 205, in validate
2015-03-24 00:44:26.712 16982 TRACE barbican.api schema_name)
2015-03-24 00:44:26.712 16982 TRACE barbican.api File "/home/barbican/barbican/barbican/common/validators.py", line 288, in _validate_content_parameters
2015-03-24 00:44:26.712 16982 TRACE barbican.api "payload_content_type")
2015-03-24 00:44:26.712 16982 TRACE barbican.api File "/home/barbican/barbican/barbican/common/validators.py", line 141, in _assert_validity
2015-03-24 00:44:26.712 16982 TRACE barbican.api property=property)
2015-03-24 00:44:26.712 16982 TRACE barbican.api InvalidObject: Failed to validate JSON information: Provided object does not match schema 'Secret': payload_content_type \xc4\xc4\xc4 is not one of ['text/plain', 'text/plain;charset=utf-8', 'text/plain; charset=utf-8', 'application/octet-stream', 'application/pkcs8', 'application/pkix-cert']
2015-03-24 00:44:26.712 16982 TRACE barbican.api
2015-03-24 00:44:26.716 16982 ERROR barbican.api.controllers [-] Secret creation failure seen - please contact site administrator.
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers Traceback (most recent call last):
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers File "/home/barbican/barbican/barbican/api/controllers/__init__.py", line 98, in handler
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers File "/home/barbican/barbican/barbican/api/controllers/__init__.py", line 84, in enforcer
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers File "/home/barbican/barbican/barbican/api/controllers/__init__.py", line 140, in content_types_enforcer
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers return fn(inst, *args, **kwargs)
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers File "/home/barbican/barbican/barbican/api/controllers/secrets.py", line 273, in on_post
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers data = api.load_body(pecan.request, validator=self.validator)
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers File "/home/barbican/barbican/barbican/api/__init__.py", line 79, in load_body
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers pecan.abort(e.status_code, str(e.client_message))
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers UnicodeEncodeError: 'ascii' codec can't encode characters in position 69-71: ordinal not in range(128)
2015-03-24 00:44:26.716 16982 TRACE barbican.api.controllers
{address space usage: 230359040 bytes/219MB} {rss usage: 70705152 bytes/67MB} [pid: 16982|app: 0|req: 6/6] 127.0.0.1 () {30 vars in 349 bytes} [Tue Mar 24 00:44:26 2015] POST /v1/secrets => generated 131 bytes in 12 msecs (HTTP/1.1 500) 4 headers in 191 bytes (1 switches on core 0)
=== Impact: ===
Low
=== Systems Vulnerable: ===
Local environment
=== Suggested Mitigation: ===
Either:
- Don't cast to string the BarbicanHTTPException (e.client_message) that's originally risen by the unsupported payload_content_type, which contains problematic characters.
- Modify e.client_message so that the user-given content type is not printed whenever it does not match any of the supported ones.
Return error 415 (unsupported media type) instead of error 500 (internal server error)
=== Further References: ===
https://review.openstack.org/#/c/165056/ -- Contains a relevant discussion on a similar bug.