def test_store_asymmetric_key_secret_assert_called(self, barbican_type,
barbican_key, kmip_type,
kmip_key, pkcs1_only):
key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048)
secret_value = base64.b64encode(barbican_key)
secret_dto = secret_store.SecretDTO(barbican_type, secret_value,
key_spec, 'content_type')
self.secret_store.pkcs1_only = pkcs1_only
self.secret_store.store_secret(secret_dto)
secret_value = base64.b64decode(secret_value)
if not pkcs1_only:
secret_value = translations.convert_pem_to_der(
secret_value, barbican_type)
if kmip_type == enums.ObjectType.PUBLIC_KEY:
if pkcs1_only:
secret_value = kss.get_public_key_der_pkcs1(secret_value)
secret = objects.PublicKey(enums.CryptographicAlgorithm.RSA, 2048,
secret_value, enums.KeyFormatType.X_509)
else:
if pkcs1_only:
secret_value = kss.get_private_key_der_pkcs1(secret_value)
secret = objects.PrivateKey(enums.CryptographicAlgorithm.RSA, 2048,
secret_value,
enums.KeyFormatType.PKCS_8)
self.secret_store.client.register.assert_called_once_with(secret)
def get_sample_private_key(pkcs1=False):
if pkcs1:
private_key_value = kss.get_private_key_der_pkcs1(
keys.get_private_key_pem())
key_format_type = enums.KeyFormatType.PKCS_1
else:
private_key_value = keys.get_private_key_der()
key_format_type = enums.KeyFormatType.PKCS_8
return objects.PrivateKey(enums.CryptographicAlgorithm.RSA, 2048,
private_key_value, key_format_type)
def test_convert_private_key_pie_to_core(self):
"""
Test that a Pie private key can be converted into a core private key.
"""
pie_key = pobjects.PrivateKey(enums.CryptographicAlgorithm.RSA, 2048,
self.private_bytes,
enums.KeyFormatType.PKCS_8)
core_key = self.factory.convert(pie_key)
self.assertIsInstance(core_key, secrets.PrivateKey)
self._test_core_key(core_key, enums.CryptographicAlgorithm.RSA, 2048,
self.private_bytes, enums.KeyFormatType.PKCS_8)
def _get_kmip_secret(self, secret_dto):
"""Builds a KMIP object from a SecretDTO
This is needed for register calls. The Barbican object needs to be
converted to KMIP object before it can be stored
:param secret_dto: SecretDTO of secret to be stored
:returns: KMIP object
"""
secret_type = secret_dto.type
key_spec = secret_dto.key_spec
object_type, key_format_type = (
self._map_type_ss_to_kmip(secret_type))
normalized_secret = self._normalize_secret(secret_dto.secret,
secret_type)
kmip_object = None
if object_type == enums.ObjectType.CERTIFICATE:
kmip_object = objects.X509Certificate(normalized_secret)
elif object_type == enums.ObjectType.OPAQUE_DATA:
opaque_type = enums.OpaqueDataType.NONE
kmip_object = objects.OpaqueObject(normalized_secret,
opaque_type)
elif object_type == enums.ObjectType.PRIVATE_KEY:
algorithm = self._get_kmip_algorithm(key_spec.alg)
length = key_spec.bit_length
format_type = enums.KeyFormatType.PKCS_8
kmip_object = objects.PrivateKey(
algorithm, length, normalized_secret, format_type)
elif object_type == enums.ObjectType.PUBLIC_KEY:
algorithm = self._get_kmip_algorithm(key_spec.alg)
length = key_spec.bit_length
format_type = enums.KeyFormatType.X_509
kmip_object = objects.PublicKey(
algorithm, length, normalized_secret, format_type)
elif object_type == enums.ObjectType.SYMMETRIC_KEY:
algorithm = self._get_kmip_algorithm(key_spec.alg)
length = key_spec.bit_length
kmip_object = objects.SymmetricKey(algorithm, length,
normalized_secret)
elif object_type == enums.ObjectType.SECRET_DATA:
data_type = enums.SecretDataType.PASSWORD
kmip_object = objects.SecretData(normalized_secret, data_type)
return kmip_object
def test_private_key_register_get_destroy(self):
"""
Test that the ProxyKmipClient can register, retrieve, and destroy a
private key.
"""
# Key encoding obtained from Section 13.4 of the KMIP 1.1 test
# documentation.
key = objects.PrivateKey(
enums.CryptographicAlgorithm.RSA, 2048,
(b'\x30\x82\x04\xA5\x02\x01\x00\x02\x82\x01\x01\x00\xAB\x7F\x16'
b'\x1C\x00\x42\x49\x6C\xCD\x6C\x6D\x4D\xAD\xB9\x19\x97\x34\x35'
b'\x35\x77\x76\x00\x3A\xCF\x54\xB7\xAF\x1E\x44\x0A\xFB\x80\xB6'
b'\x4A\x87\x55\xF8\x00\x2C\xFE\xBA\x6B\x18\x45\x40\xA2\xD6\x60'
b'\x86\xD7\x46\x48\x34\x6D\x75\xB8\xD7\x18\x12\xB2\x05\x38\x7C'
b'\x0F\x65\x83\xBC\x4D\x7D\xC7\xEC\x11\x4F\x3B\x17\x6B\x79\x57'
b'\xC4\x22\xE7\xD0\x3F\xC6\x26\x7F\xA2\xA6\xF8\x9B\x9B\xEE\x9E'
b'\x60\xA1\xD7\xC2\xD8\x33\xE5\xA5\xF4\xBB\x0B\x14\x34\xF4\xE7'
b'\x95\xA4\x11\x00\xF8\xAA\x21\x49\x00\xDF\x8B\x65\x08\x9F\x98'
b'\x13\x5B\x1C\x67\xB7\x01\x67\x5A\xBD\xBC\x7D\x57\x21\xAA\xC9'
b'\xD1\x4A\x7F\x08\x1F\xCE\xC8\x0B\x64\xE8\xA0\xEC\xC8\x29\x53'
b'\x53\xC7\x95\x32\x8A\xBF\x70\xE1\xB4\x2E\x7B\xB8\xB7\xF4\xE8'
b'\xAC\x8C\x81\x0C\xDB\x66\xE3\xD2\x11\x26\xEB\xA8\xDA\x7D\x0C'
b'\xA3\x41\x42\xCB\x76\xF9\x1F\x01\x3D\xA8\x09\xE9\xC1\xB7\xAE'
b'\x64\xC5\x41\x30\xFB\xC2\x1D\x80\xE9\xC2\xCB\x06\xC5\xC8\xD7'
b'\xCC\xE8\x94\x6A\x9A\xC9\x9B\x1C\x28\x15\xC3\x61\x2A\x29\xA8'
b'\x2D\x73\xA1\xF9\x93\x74\xFE\x30\xE5\x49\x51\x66\x2A\x6E\xDA'
b'\x29\xC6\xFC\x41\x13\x35\xD5\xDC\x74\x26\xB0\xF6\x05\x02\x03'
b'\x01\x00\x01\x02\x82\x01\x00\x3B\x12\x45\x5D\x53\xC1\x81\x65'
b'\x16\xC5\x18\x49\x3F\x63\x98\xAA\xFA\x72\xB1\x7D\xFA\x89\x4D'
b'\xB8\x88\xA7\xD4\x8C\x0A\x47\xF6\x25\x79\xA4\xE6\x44\xF8\x6D'
b'\xA7\x11\xFE\xC8\x50\xCD\xD9\xDB\xBD\x17\xF6\x9A\x44\x3D\x2E'
b'\xC1\xDD\x60\xD3\xC6\x18\xFA\x74\xCD\xE5\xFD\xAF\xAB\xD6\xBA'
b'\xA2\x6E\xB0\xA3\xAD\xB4\xDE\xF6\x48\x0F\xB1\x21\x8C\xD3\xB0'
b'\x83\xE2\x52\xE8\x85\xB6\xF0\x72\x9F\x98\xB2\x14\x4D\x2B\x72'
b'\x29\x3E\x1B\x11\xD7\x33\x93\xBC\x41\xF7\x5B\x15\xEE\x3D\x75'
b'\x69\xB4\x99\x5E\xD1\xA1\x44\x25\xDA\x43\x19\xB7\xB2\x6B\x0E'
b'\x8F\xEF\x17\xC3\x75\x42\xAE\x5C\x6D\x58\x49\xF8\x72\x09\x56'
b'\x7F\x39\x25\xA4\x7B\x01\x6D\x56\x48\x59\x71\x7B\xC5\x7F\xCB'
b'\x45\x22\xD0\xAA\x49\xCE\x81\x6E\x5B\xE7\xB3\x08\x81\x93\x23'
b'\x6E\xC9\xEF\xFF\x14\x08\x58\x04\x5B\x73\xC5\xD7\x9B\xAF\x38'
b'\xF7\xC6\x7F\x04\xC5\xDC\xF0\xE3\x80\x6A\xD9\x82\xD1\x25\x90'
b'\x58\xC3\x47\x3E\x84\x71\x79\xA8\x78\xF2\xC6\xB3\xBD\x96\x8F'
b'\xB9\x9E\xA4\x6E\x91\x85\x89\x2F\x36\x76\xE7\x89\x65\xC2\xAE'
b'\xD4\x87\x7B\xA3\x91\x7D\xF0\x7C\x5E\x92\x74\x74\xF1\x9E\x76'
b'\x4B\xA6\x1D\xC3\x8D\x63\xBF\x29\x02\x81\x81\x00\xD5\xC6\x9C'
b'\x8C\x3C\xDC\x24\x64\x74\x4A\x79\x37\x13\xDA\xFB\x9F\x1D\xBC'
b'\x79\x9F\xF9\x64\x23\xFE\xCD\x3C\xBA\x79\x42\x86\xBC\xE9\x20'
b'\xF4\xB5\xC1\x83\xF9\x9E\xE9\x02\x8D\xB6\x21\x2C\x62\x77\xC4'
b'\xC8\x29\x7F\xCF\xBC\xE7\xF7\xC2\x4C\xA4\xC5\x1F\xC7\x18\x2F'
b'\xB8\xF4\x01\x9F\xB1\xD5\x65\x96\x74\xC5\xCB\xE6\xD5\xFA\x99'
b'\x20\x51\x34\x17\x60\xCD\x00\x73\x57\x29\xA0\x70\xA9\xE5\x4D'
b'\x34\x2B\xEB\xA8\xEF\x47\xEE\x82\xD3\xA0\x1B\x04\xCE\xC4\xA0'
b'\x0D\x4D\xDB\x41\xE3\x51\x16\xFC\x22\x1E\x85\x4B\x43\xA6\x96'
b'\xC0\xE6\x41\x9B\x1B\x02\x81\x81\x00\xCD\x5E\xA7\x70\x27\x89'
b'\x06\x4B\x67\x35\x40\xCB\xFF\x09\x35\x6A\xD8\x0B\xC3\xD5\x92'
b'\x81\x2E\xBA\x47\x61\x0B\x9F\xAC\x6A\xEC\xEF\xE2\x2A\xCA\xE4'
b'\x38\x45\x9C\xDA\x74\xE5\x96\x53\xD8\x8C\x04\x18\x9D\x34\x39'
b'\x9B\xF5\xB1\x4B\x92\x0E\x34\xEF\x38\xA7\xD0\x9F\xE6\x95\x93'
b'\x39\x6E\x8F\xE7\x35\xE6\xF0\xA6\xAE\x49\x90\x40\x10\x41\xD8'
b'\xA4\x06\xB6\xFD\x86\xA1\x16\x1E\x45\xF9\x5A\x3E\xAA\x5C\x10'
b'\x12\xE6\x66\x2E\x44\xF1\x5F\x33\x5A\xC9\x71\xE1\x76\x6B\x2B'
b'\xB9\xC9\x85\x10\x99\x74\x14\x1B\x44\xD3\x7E\x1E\x31\x98\x20'
b'\xA5\x5F\x02\x81\x81\x00\xB2\x87\x12\x37\xBF\x9F\xAD\x38\xC3'
b'\x31\x6A\xB7\x87\x7A\x6A\x86\x80\x63\xE5\x42\xA7\x18\x6D\x43'
b'\x1E\x8D\x27\xC1\x9A\xC0\x41\x45\x84\x03\x39\x42\xE9\xFF\x6E'
b'\x29\x73\xBB\x7B\x2D\x8B\x0E\x94\xAD\x1E\xE8\x21\x58\x10\x8F'
b'\xBC\x86\x64\x51\x7A\x5A\x46\x7F\xB9\x63\x01\x4B\xD5\xDC\xC2'
b'\xB4\xFB\x08\x7C\x23\x03\x9D\x11\x92\x0D\xBE\x22\xFD\x9F\x16'
b'\xB4\xD8\x9E\x23\x22\x5C\xD4\x55\xAD\xBA\xF3\x2E\xF4\x3F\x18'
b'\x58\x64\xA3\x6D\x63\x03\x09\xD6\x85\x3F\x77\x14\xB3\x9A\xAE'
b'\x1E\xBE\xE3\x93\x8F\x87\xC2\x70\x7E\x17\x8C\x73\x9F\x9F\x02'
b'\x81\x81\x00\x96\x90\xBE\xD1\x4B\x2A\xFA\xA2\x6D\x98\x6D\x59'
b'\x22\x31\xEE\x27\xD7\x1D\x49\x06\x5B\xD2\xBA\x1F\x78\x15\x7E'
b'\x20\x22\x98\x81\xFD\x9D\x23\x22\x7D\x0F\x84\x79\xEA\xEF\xA9'
b'\x22\xFD\x75\xD5\xB1\x6B\x1A\x56\x1F\xA6\x68\x0B\x04\x0C\xA0'
b'\xBD\xCE\x65\x0B\x23\xB9\x17\xA4\xB1\xBB\x79\x83\xA7\x4F\xAD'
b'\x70\xE1\xC3\x05\xCB\xEC\x2B\xFF\x1A\x85\xA7\x26\xA1\xD9\x02'
b'\x60\xE4\xF1\x08\x4F\x51\x82\x34\xDC\xD3\xFE\x77\x0B\x95\x20'
b'\x21\x5B\xD5\x43\xBB\x6A\x41\x17\x71\x87\x54\x67\x6A\x34\x17'
b'\x16\x66\xA7\x9F\x26\xE7\x9C\x14\x9C\x5A\xA1\x02\x81\x81\x00'
b'\xA0\xC9\x85\xA0\xA0\xA7\x91\xA6\x59\xF9\x97\x31\x13\x4C\x44'
b'\xF3\x7B\x2E\x52\x0A\x2C\xEA\x35\x80\x0A\xD2\x72\x41\xED\x36'
b'\x0D\xFD\xE6\xE8\xCA\x61\x4F\x12\x04\x7F\xD0\x8B\x76\xAC\x4D'
b'\x13\xC0\x56\xA0\x69\x9E\x2F\x98\xA1\xCA\xC9\x10\x11\x29\x4D'
b'\x71\x20\x8F\x4A\xBA\xB3\x3B\xA8\x7A\xA0\x51\x7F\x41\x5B\xAC'
b'\xA8\x8D\x6B\xAC\x00\x60\x88\xFA\x60\x1D\x34\x94\x17\xE1\xF0'
b'\xC9\xB2\x3A\xFF\xA4\xD4\x96\x61\x8D\xBC\x02\x49\x86\xED\x69'
b'\x0B\xBB\x7B\x02\x57\x68\xFF\x9D\xF8\xAC\x15\x41\x6F\x48\x9F'
b'\x81\x29\xC3\x23\x41\xA8\xB4\x4F'), enums.KeyFormatType.PKCS_8)
uid = self.client.register(key)
self.assertIsInstance(uid, six.string_types)
try:
result = self.client.get(uid)
self.assertIsInstance(result, objects.PrivateKey)
self.assertEqual(result, key,
"expected {0}\nobserved {1}".format(result, key))
finally:
self.client.destroy(uid)
self.assertRaises(exceptions.KmipOperationFailure, self.client.get,
uid)
self.assertRaises(exceptions.KmipOperationFailure,
self.client.destroy, uid)
b'\x20\x22\x98\x81\xFD\x9D\x23\x22\x7D\x0F\x84\x79\xEA\xEF\xA9\x22'
b'\xFD\x75\xD5\xB1\x6B\x1A\x56\x1F\xA6\x68\x0B\x04\x0C\xA0\xBD\xCE'
b'\x65\x0B\x23\xB9\x17\xA4\xB1\xBB\x79\x83\xA7\x4F\xAD\x70\xE1\xC3'
b'\x05\xCB\xEC\x2B\xFF\x1A\x85\xA7\x26\xA1\xD9\x02\x60\xE4\xF1\x08'
b'\x4F\x51\x82\x34\xDC\xD3\xFE\x77\x0B\x95\x20\x21\x5B\xD5\x43\xBB'
b'\x6A\x41\x17\x71\x87\x54\x67\x6A\x34\x17\x16\x66\xA7\x9F\x26\xE7'
b'\x9C\x14\x9C\x5A\xA1\x02\x81\x81\x00\xA0\xC9\x85\xA0\xA0\xA7\x91'
b'\xA6\x59\xF9\x97\x31\x13\x4C\x44\xF3\x7B\x2E\x52\x0A\x2C\xEA\x35'
b'\x80\x0A\xD2\x72\x41\xED\x36\x0D\xFD\xE6\xE8\xCA\x61\x4F\x12\x04'
b'\x7F\xD0\x8B\x76\xAC\x4D\x13\xC0\x56\xA0\x69\x9E\x2F\x98\xA1\xCA'
b'\xC9\x10\x11\x29\x4D\x71\x20\x8F\x4A\xBA\xB3\x3B\xA8\x7A\xA0\x51'
b'\x7F\x41\x5B\xAC\xA8\x8D\x6B\xAC\x00\x60\x88\xFA\x60\x1D\x34\x94'
b'\x17\xE1\xF0\xC9\xB2\x3A\xFF\xA4\xD4\x96\x61\x8D\xBC\x02\x49\x86'
b'\xED\x69\x0B\xBB\x7B\x02\x57\x68\xFF\x9D\xF8\xAC\x15\x41\x6F\x48'
b'\x9F\x81\x29\xC3\x23\x41\xA8\xB4\x4F')
format_type = enums.KeyFormatType.PKCS_1
usage_mask = [enums.CryptographicUsageMask.SIGN]
name = 'Demo Private Key'
key = objects.PrivateKey(algorithm, length, value, format_type, usage_mask,
name)
# Build the client and connect to the server
with client.ProxyKmipClient(config=config) as client:
try:
uid = client.register(key)
logger.info("Successfully registered private key with ID: "
"{0}".format(uid))
except Exception as e:
logger.error(e)
objects.PrivateKey(
enums.CryptographicAlgorithm.RSA,
1024,
(b'\x30\x82\x02\x76\x02\x01\x00\x30\x0d\x06\x09\x2a\x86'
b'\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x04\x82\x02\x60'
b'\x30\x82\x02\x5c\x02\x01\x00\x02\x81\x81\x00\xc0\x0f'
b'\x0b\x0a\xc5\x72\x36\x81\x71\x6c\x59\xd7\x14\x42\x31'
b'\x6a\xb9\xb2\x32\xd8\x91\x65\xab\xaa\x54\xab\xf7\x6a'
b'\xdc\xe4\x5c\x9c\x91\x8f\x0c\x90\xa7\x48\x9f\x65\x9c'
b'\x3f\xc9\x80\xcb\x51\x05\xf9\x11\x9a\xa2\x13\xd9\x15'
b'\x39\x8b\x97\xe8\xf5\xf0\x8b\xa0\xf8\xe5\x34\x47\x2a'
b'\xea\x87\xdf\x64\x2a\x16\x5f\xd0\x85\xf5\x8a\x60\xed'
b'\x97\xcd\x2b\x96\x72\x04\xf5\xd0\x99\x6a\x53\x90\xc2'
b'\xd0\xdf\x38\xa8\x9e\x61\xd0\xb7\x46\xe8\x4e\x48\x7d'
b'\x37\x85\x2f\xaf\xba\x70\x06\x31\x07\x65\x13\xb7\x78'
b'\xd2\x25\x34\x30\x2c\xf7\x4c\x9e\x17\x02\x03\x01\x00'
b'\x01\x02\x81\x80\x16\xc6\xb1\xec\x89\x15\xce\x58\xf3'
b'\x76\x82\x00\xfb\xaa\x0d\xea\x36\x33\x67\xcc\x3f\x11'
b'\xeb\x95\xbb\x8c\xd9\x3e\x97\x0b\x8d\xe0\x13\x72\xff'
b'\x6e\x78\x28\x28\x9f\x08\x34\x98\x54\xe9\xc7\xa6\x09'
b'\xaf\x88\xc3\x07\xcf\x8a\xb0\xd4\x59\x23\x8b\x67\x07'
b'\x68\x03\x9c\x16\x3d\xa1\xc9\x00\xf3\x31\x0a\x38\x0b'
b'\x76\x89\x8d\xb1\x86\x03\xaf\x81\xcb\x47\x37\xd0\x9f'
b'\x1c\x99\x6e\xb6\xb9\x7f\x1c\x8a\x07\x88\xb2\x9b\x2b'
b'\xc3\xb5\x93\xfd\xfc\x23\x6f\x31\xfb\xf0\xc7\xc1\x83'
b'\x86\x6a\x05\xc0\x9a\xfa\x79\x7e\xe3\x02\x80\x06\xa6'
b'\x3a\x81\x02\x41\x00\xe8\x06\x53\x54\x96\x8d\xa1\x35'
b'\xdf\xf8\x1a\x69\xd1\xbf\x53\x52\xd6\x4f\xe3\xd5\xef'
b'\x6d\x31\xd1\x51\xee\x89\x09\x62\x9b\xab\x5b\xfc\x87'
b'\xeb\xa7\x22\x1f\x99\x90\x00\x18\xe7\xa5\x78\xe9\x90'
b'\xae\xd9\xed\xa4\x25\x91\x11\x0f\x0d\xb1\x1c\xd0\xc4'
b'\xbf\x7d\x43\xa7\x02\x41\x00\xd3\xe7\x82\xe9\x84\x59'
b'\xff\x1e\x9a\x16\x98\xd3\xaa\xbd\x9f\xae\x56\x52\xe5'
b'\x2a\x78\x95\xb1\x61\x27\xc0\xd3\x59\x76\xef\x33\xfd'
b'\xc8\xdf\x20\xf8\x79\x92\x90\xe6\x11\x88\xf6\x3b\xd6'
b'\xd4\xcc\x43\xc4\x0c\x21\xa0\xec\x29\x68\x6f\x29\xc3'
b'\xcb\x58\xa2\x0f\xe0\x11\x02\x40\x38\xd5\x5b\xd2\x0b'
b'\x72\xb3\xbb\x53\x9a\x1d\x36\x30\x67\x72\x0c\x87\x6c'
b'\x58\x3d\x8e\x01\x2c\x43\xbe\x92\xf4\x44\x35\x40\x36'
b'\x50\x38\xe2\x3e\x49\xd9\x24\xee\x63\x84\x72\x95\x43'
b'\x46\x03\xc8\x29\xdc\x3d\xc6\x88\x61\x29\x51\x8b\xa4'
b'\x07\x8f\xe7\xb1\x94\x08\x5f\x02\x41\x00\xb0\x28\x08'
b'\x43\x39\xfc\x5a\xc2\x44\xd4\x3e\x2d\xd0\x05\x9d\x06'
b'\x1f\xca\xff\xa9\x43\xdf\x25\x3b\x20\x02\x03\x70\x9f'
b'\x17\x91\x40\x0b\x49\xba\x2d\xf5\x5a\xab\x4c\x27\x0d'
b'\x95\xac\xff\x15\x9d\xcd\x43\xdf\xd5\xe0\xe2\x12\x36'
b'\x38\x1b\x1f\x22\x1f\x47\x72\x2d\x11\x02\x40\x20\x9b'
b'\x55\xb5\x2d\xce\x33\x45\xed\x29\x2a\x95\xa2\x2b\x03'
b'\xa4\x2b\xd3\x75\x8d\xe6\xa1\x24\x0d\x5a\xc4\xe2\x96'
b'\x80\x90\x74\xc3\x8d\xaf\x17\x69\x4d\x70\x1d\x62\xaf'
b'\x79\x94\xfe\x74\xd3\x7b\x40\x0c\x60\x36\xde\x2c\x51'
b'\x4a\x66\x66\x73\x10\x9f\xd7\x86\x7f\x70'),
enums.KeyFormatType.PKCS_8,
masks=[enums.CryptographicUsageMask.SIGN]))
def _process_create_key_pair(self, payload):
self._logger.info("Processing operation: CreateKeyPair")
algorithm = None
length = None
# Process attribute sets
public_key_attributes = {}
private_key_attributes = {}
common_attributes = {}
if payload.public_key_template_attribute:
public_key_attributes = self._process_template_attribute(
payload.public_key_template_attribute)
if payload.private_key_template_attribute:
private_key_attributes = self._process_template_attribute(
payload.private_key_template_attribute)
if payload.common_template_attribute:
common_attributes = self._process_template_attribute(
payload.common_template_attribute)
# Propagate common attributes if not overridden by the public/private
# attribute sets
for key, value in six.iteritems(common_attributes):
if key not in public_key_attributes.keys():
public_key_attributes.update([(key, value)])
if key not in private_key_attributes.keys():
private_key_attributes.update([(key, value)])
# Error check for required attributes.
public_algorithm = public_key_attributes.get('Cryptographic Algorithm')
if public_algorithm:
public_algorithm = public_algorithm.value
else:
raise exceptions.InvalidField(
"The cryptographic algorithm must be specified as an "
"attribute for the public key.")
public_length = public_key_attributes.get('Cryptographic Length')
if public_length:
public_length = public_length.value
else:
# TODO (peterhamilton) The cryptographic length is technically not
# required per the spec. Update the CryptographyEngine to accept a
# None length, allowing it to pick the length dynamically. Default
# to the strongest key size allowed for the algorithm type.
raise exceptions.InvalidField(
"The cryptographic length must be specified as an attribute "
"for the public key.")
public_usage_mask = public_key_attributes.get(
'Cryptographic Usage Mask')
if public_usage_mask is None:
raise exceptions.InvalidField(
"The cryptographic usage mask must be specified as an "
"attribute for the public key.")
private_algorithm = private_key_attributes.get(
'Cryptographic Algorithm')
if private_algorithm:
private_algorithm = private_algorithm.value
else:
raise exceptions.InvalidField(
"The cryptographic algorithm must be specified as an "
"attribute for the private key.")
private_length = private_key_attributes.get('Cryptographic Length')
if private_length:
private_length = private_length.value
else:
# TODO (peterhamilton) The cryptographic length is technically not
# required per the spec. Update the CryptographyEngine to accept a
# None length, allowing it to pick the length dynamically. Default
# to the strongest key size allowed for the algorithm type.
raise exceptions.InvalidField(
"The cryptographic length must be specified as an attribute "
"for the private key.")
private_usage_mask = private_key_attributes.get(
'Cryptographic Usage Mask')
if private_usage_mask is None:
raise exceptions.InvalidField(
"The cryptographic usage mask must be specified as an "
"attribute for the private key.")
if public_algorithm == private_algorithm:
algorithm = public_algorithm
else:
raise exceptions.InvalidField(
"The public and private key algorithms must be the same.")
if public_length == private_length:
length = public_length
else:
raise exceptions.InvalidField(
"The public and private key lengths must be the same.")
public, private = self._cryptography_engine.create_asymmetric_key_pair(
algorithm, length)
public_key = objects.PublicKey(algorithm, length, public.get('value'),
public.get('format'))
private_key = objects.PrivateKey(algorithm, length,
private.get('value'),
private.get('format'))
public_key.names = []
private_key.names = []
self._set_attributes_on_managed_object(public_key,
public_key_attributes)
self._set_attributes_on_managed_object(private_key,
private_key_attributes)
# TODO (peterhamilton) Set additional server-only attributes.
public_key._owner = self._client_identity
private_key._owner = self._client_identity
self._data_session.add(public_key)
self._data_session.add(private_key)
# NOTE (peterhamilton) SQLAlchemy will *not* assign an ID until
# commit is called. This makes future support for UNDO problematic.
self._data_session.commit()
self._logger.info("Created a PublicKey with ID: {0}".format(
public_key.unique_identifier))
self._logger.info("Created a PrivateKey with ID: {0}".format(
private_key.unique_identifier))
response_payload = create_key_pair.CreateKeyPairResponsePayload(
private_key_uuid=attributes.PrivateKeyUniqueIdentifier(
str(private_key.unique_identifier)),
public_key_uuid=attributes.PublicKeyUniqueIdentifier(
str(public_key.unique_identifier)))
self._id_placeholder = str(private_key.unique_identifier)
return response_payload
