Beispiel #1
0
    def _get_kmip_secret(self, secret_dto):
        """Builds a KMIP object from a SecretDTO

        This is needed for register calls. The Barbican object needs to be
        converted to KMIP object before it can be stored

        :param secret_dto: SecretDTO of secret to be stored
        :returns: KMIP object
        """
        secret_type = secret_dto.type
        object_type, key_format_type = (self._map_type_ss_to_kmip(secret_type))

        normalized_secret = self._normalize_secret(secret_dto.secret,
                                                   secret_type)
        kmip_object = None
        if object_type == enums.ObjectType.CERTIFICATE:
            kmip_object = Certificate(
                certificate_type=enums.CertificateTypeEnum.X_509,
                certificate_value=normalized_secret)
        elif object_type == enums.ObjectType.OPAQUE_DATA:
            opaque_type = Opaque.OpaqueDataType(enums.OpaqueDataType.NONE)
            opaque_value = Opaque.OpaqueDataValue(normalized_secret)
            kmip_object = Opaque(opaque_type, opaque_value)
        elif (object_type == enums.ObjectType.SYMMETRIC_KEY
              or object_type == enums.ObjectType.SECRET_DATA
              or object_type == enums.ObjectType.PRIVATE_KEY
              or object_type == enums.ObjectType.PUBLIC_KEY):
            key_material = KeyMaterial(normalized_secret)
            key_value = KeyValue(key_material)

            key_spec = secret_dto.key_spec
            algorithm = None
            if key_spec.alg is not None:
                algorithm_name = self._map_algorithm_ss_to_kmip(
                    key_spec.alg.lower())
                algorithm = CryptographicAlgorithm(algorithm_name)
            bit_length = None
            if key_spec.bit_length is not None:
                bit_length = CryptographicLength(key_spec.bit_length)

            key_block = KeyBlock(
                key_format_type=misc.KeyFormatType(key_format_type),
                key_compression_type=None,
                key_value=key_value,
                cryptographic_algorithm=algorithm,
                cryptographic_length=bit_length,
                key_wrapping_data=None)

            if object_type == enums.ObjectType.SYMMETRIC_KEY:
                kmip_object = SymmetricKey(key_block)
            elif object_type == enums.ObjectType.PRIVATE_KEY:
                kmip_object = PrivateKey(key_block)
            elif object_type == enums.ObjectType.PUBLIC_KEY:
                kmip_object = PublicKey(key_block)
            elif object_type == enums.ObjectType.SECRET_DATA:
                kind = SecretData.SecretDataType(enums.SecretDataType.PASSWORD)
                return SecretData(secret_data_type=kind, key_block=key_block)

        return kmip_object
Beispiel #2
0
 def test_store_opaque_secret_assert_called(self):
     key_spec = secret_store.KeySpec(None, None, None)
     opaque = ('\x00\x01\x02\x03\x04\x05\x06\x07')
     secret_dto = secret_store.SecretDTO(secret_store.SecretType.OPAQUE,
                                         base64.b64encode(opaque),
                                         key_spec,
                                         'content_type',
                                         transport_key=None)
     self.secret_store.store_secret(secret_dto)
     self.secret_store.client.proxy.register.assert_called_once_with(
         enums.ObjectType.OPAQUE_DATA, mock.ANY, mock.ANY)
     proxy = self.secret_store.client.proxy
     register_call_args, _ = proxy.register.call_args
     actual_secret = register_call_args[2]
     self.assertEqual(Opaque.OpaqueDataType(enums.OpaqueDataType.NONE),
                      actual_secret.opaque_data_type)
     self.assertEqual(Opaque.OpaqueDataValue(opaque),
                      actual_secret.opaque_data_value)
Beispiel #3
0
 def test_store_opaque_secret_assert_called(self):
     key_spec = secret_store.KeySpec(None, None, None)
     opaque = ('\x00\x01\x02\x03\x04\x05\x06\x07')
     secret_dto = secret_store.SecretDTO(secret_store.SecretType.OPAQUE,
                                         base64.b64encode(opaque),
                                         key_spec,
                                         'content_type',
                                         transport_key=None)
     self.secret_store.store_secret(secret_dto)
     self.secret_store.client.register.assert_called_once_with(
         object_type=enums.ObjectType.OPAQUE_DATA,
         template_attribute=mock.ANY,
         secret=mock.ANY,
         credential=self.credential)
     _, register_call_kwargs = self.secret_store.client.register.call_args
     actual_secret = register_call_kwargs.get('secret')
     self.assertEqual(Opaque.OpaqueDataType(enums.OpaqueDataType.NONE),
                      actual_secret.opaque_data_type)
     self.assertEqual(Opaque.OpaqueDataValue(opaque),
                      actual_secret.opaque_data_value)
Beispiel #4
0
    def test_opaque_data_register_get_destroy(self):
        """
        Tests that opaque objects can be properly registered, retrieved,
        and destroyed
        """

        opaque_obj_type = ObjectType.OPAQUE_DATA
        opaque_obj_data_type = OpaqueObject.OpaqueDataType(OpaqueDataType.NONE)

        name = Attribute.AttributeName('Name')
        opaque_obj_name = 'Integration Test - Register-Get-Destroy Opaque Data'

        opaque_obj_name_value = Name.NameValue(opaque_obj_name)

        name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING)
        opaque_obj_value = Name(name_value=opaque_obj_name_value,
                                name_type=name_type)

        opaque_obj_name_attr = Attribute(attribute_name=name,
                                         attribute_value=opaque_obj_value)

        opaque_obj_attributes = [opaque_obj_name_attr]

        opaque_obj_template_attribute = TemplateAttribute(
            attributes=opaque_obj_attributes)

        opaque_obj_data = OpaqueObject.OpaqueDataValue((
            b'\x30\x82\x03\x12\x30\x82\x01\xFA\xA0\x03\x02\x01\x02\x02\x01\x01'
            b'\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30'
            b'\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D'
            b'\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30'
        ))

        opaque_obj = OpaqueObject(opaque_data_type=opaque_obj_data_type,
                                  opaque_data_value=opaque_obj_data)

        opaque_obj_result = self.client.register(opaque_obj_type,
                                                 opaque_obj_template_attribute,
                                                 opaque_obj,
                                                 credential=None)

        self._check_result_status(opaque_obj_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_uuid(opaque_obj_result.uuid.value, str)

        # Check that the returned key bytes match what was provided
        opaque_obj_uuid = opaque_obj_result.uuid.value

        opaque_obj_result = self.client.get(uuid=opaque_obj_uuid,
                                            credential=None)

        self._check_result_status(opaque_obj_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_object_type(opaque_obj_result.object_type.value,
                                ObjectType, ObjectType.OPAQUE_DATA)

        self._check_uuid(opaque_obj_result.uuid.value, str)

        # Check the secret type
        opaque_obj_secret = opaque_obj_result.secret

        opaque_obj_secret_expected = OpaqueObject

        self.assertIsInstance(opaque_obj_secret, opaque_obj_secret_expected)

        opaque_obj_material = opaque_obj_result.secret.opaque_data_value.value
        expected = opaque_obj_data.value

        self.assertEqual(expected, opaque_obj_material)

        self.logger.debug('Destroying opaque object: ' + opaque_obj_name +
                          '\nWith " "UUID: ' + opaque_obj_result.uuid.value)

        opaque_obj_result = self.client.destroy(opaque_obj_result.uuid.value)

        self._check_result_status(opaque_obj_result, ResultStatus,
                                  ResultStatus.SUCCESS)

        self._check_uuid(opaque_obj_result.uuid.value, str)

        # Verify the secret was destroyed
        opaque_obj_result_destroyed_result = self.client.get(
            uuid=opaque_obj_uuid, credential=None)

        self._check_result_status(opaque_obj_result_destroyed_result,
                                  ResultStatus, ResultStatus.OPERATION_FAILED)

        expected = ResultReason
        opaque_obj_observed = \
            type(opaque_obj_result_destroyed_result.result_reason.value)

        self.assertEqual(expected, opaque_obj_observed)
Beispiel #5
0
 def _create_opaque_data(self, value):
     if value:
         kind = OpaqueObject.OpaqueDataType(value.get("opaque_data_type"))
         data = OpaqueObject.OpaqueDataValue(value.get("opaque_data_value"))
         return OpaqueObject(kind, data)
     return OpaqueObject()
Beispiel #6
0
def get_sample_opaque_secret():
    opaque_type = Opaque.OpaqueDataType(enums.OpaqueDataType.NONE)
    opaque_value = Opaque.OpaqueDataValue(base64.b64decode(
        utils.get_symmetric_key()))
    return Opaque(opaque_type, opaque_value)