def test_credential_None(self):
CONF = kss.CONF
CONF.kmip_plugin.username = None
CONF.kmip_plugin.password = None
CONF.kmip_plugin.keyfile = None
secret_store = kss.KMIPSecretStore(CONF)
self.assertIsNone(secret_store.credential)
def setUp(self):
super(WhenTestingKMIPSecretStore, self).setUp()
self.expected_username = "******"
self.expected_password = "******"
CONF = kss.CONF
CONF.kmip_plugin.username = self.expected_username
CONF.kmip_plugin.password = self.expected_password
CONF.kmip_plugin.keyfile = None
CONF.kmip_plugin.pkcs1_only = False
# get the latest protocol that SSL supports
protocol_dict = ssl.__dict__.get('_PROTOCOL_NAMES')
latest_protocol = protocol_dict.get(max(protocol_dict.keys()))
if not latest_protocol.startswith('PROTOCOL_'):
latest_protocol = 'PROTOCOL_' + latest_protocol
CONF.kmip_plugin.ssl_version = latest_protocol
self.secret_store = kss.KMIPSecretStore(CONF)
self.credential = self.secret_store.credential
self.symmetric_type = secret_store.SecretType.SYMMETRIC
self.sample_secret_features = {
'key_format_type': enums.KeyFormatType.RAW,
'key_value': {
'bytes': bytearray(b'\x00\x00\x00')
},
'cryptographic_algorithm': enums.CryptographicAlgorithm.AES,
'cryptographic_length': 128
}
self.symmetric_key_uuid = 'dde870ad-cea3-41a3-9bb9-e8ab579a2f91'
self.public_key_uuid = 'cb908abb-d363-4d9f-8ef2-5e84d27dd25c'
self.private_key_uuid = '2d4c0544-4ec6-45b7-81cd-b23c75744eac'
self.sample_secret = get_sample_symmetric_key()
self.secret_store.client.open = mock.MagicMock(
spec=client.ProxyKmipClient.open)
self.secret_store.client.close = mock.MagicMock(
spec=client.ProxyKmipClient.close)
self.secret_store.client.create = mock.MagicMock(
return_value=self.symmetric_key_uuid)
self.secret_store.client.create_key_pair = mock.MagicMock(
return_value=(self.public_key_uuid, self.private_key_uuid))
self.secret_store.client.register = mock.MagicMock(
return_value='uuid')
self.secret_store.client.destroy = mock.MagicMock(
return_value=None)
self.secret_store.client.get = mock.MagicMock(
return_value=self.sample_secret)
def test_checks_keyfile_permissions(self):
config = {'return_value': True}
func = ("barbican.plugin.kmip_secret_store."
"KMIPSecretStore._validate_keyfile_permissions")
with mock.patch(func, **config) as m:
CONF = kss.CONF
CONF.kmip_plugin.keyfile = '/some/path'
kss.KMIPSecretStore(CONF)
self.assertEqual(1, len(m.mock_calls))
def setUp(self):
super(WhenTestingKMIPSecretStore, self).setUp()
self.kmipclient_mock = mock.MagicMock(name="KMIP client mock")
CONF = cfg.CONF
CONF.kmip_plugin.keyfile = None
self.credential = None
self.secret_store = kss.KMIPSecretStore(CONF)
self.secret_store.client = self.kmipclient_mock
self.secret_store.credential = self.credential
self.sample_secret_features = {
'key_format_type': enums.KeyFormatType.RAW,
'key_value': {
'bytes': bytearray(b'\x00\x00\x00')
},
'cryptographic_algorithm': enums.CryptographicAlgorithm.AES,
'cryptographic_length': 128
}
self.sample_secret = secrets.SecretFactory().create_secret(
enums.ObjectType.SYMMETRIC_KEY, self.sample_secret_features)
self.secret_store.client.create = mock.create_autospec(
proxy.KMIPProxy.create,
return_value=results.CreateResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
uuid=attr.UniqueIdentifier('uuid')))
self.secret_store.client.register = mock.create_autospec(
proxy.KMIPProxy.register,
return_value=results.RegisterResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
uuid=attr.UniqueIdentifier('uuid')))
self.secret_store.client.destroy = mock.create_autospec(
proxy.KMIPProxy.destroy,
return_value=results.DestroyResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS)))
self.secret_store.client.get = mock.create_autospec(
proxy.KMIPProxy.get,
return_value=results.GetResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY),
secret=self.sample_secret))
self.attribute_factory = attributes.AttributeFactory()
def test_get_plugin_name(self):
CONF = kss.CONF
CONF.kmip_plugin.plugin_name = "Test KMIP Plugin"
secret_store = kss.KMIPSecretStore(CONF)
self.assertEqual("Test KMIP Plugin", secret_store.get_plugin_name())
def test_enable_tlsv1_config_option(self):
ssl_version = "PROTOCOL_TLSv1"
CONF = kss.CONF
CONF.kmip_plugin.ssl_version = ssl_version
kss.KMIPSecretStore(CONF)
self.assertEqual(ssl_version, CONF.kmip_plugin.ssl_version)
def test_enable_pkcs1_only_config_option(self):
CONF = kss.CONF
CONF.kmip_plugin.pkcs1_only = True
secret_store = kss.KMIPSecretStore(CONF)
self.assertTrue(secret_store.pkcs1_only)
def setUp(self):
super(WhenTestingKMIPSecretStore, self).setUp()
self.expected_username = "******"
self.expected_password = "******"
CONF = kss.CONF
CONF.kmip_plugin.username = self.expected_username
CONF.kmip_plugin.password = self.expected_password
CONF.kmip_plugin.keyfile = None
CONF.kmip_plugin.pkcs1_only = False
self.secret_store = kss.KMIPSecretStore(CONF)
self.credential = self.secret_store.credential
self.symmetric_type = secret_store.SecretType.SYMMETRIC
self.sample_secret_features = {
'key_format_type': enums.KeyFormatType.RAW,
'key_value': {
'bytes': bytearray(b'\x00\x00\x00')
},
'cryptographic_algorithm': enums.CryptographicAlgorithm.AES,
'cryptographic_length': 128
}
self.symmetric_key_uuid = 'dde870ad-cea3-41a3-9bb9-e8ab579a2f91'
self.public_key_uuid = 'cb908abb-d363-4d9f-8ef2-5e84d27dd25c'
self.private_key_uuid = '2d4c0544-4ec6-45b7-81cd-b23c75744eac'
self.sample_secret = get_sample_symmetric_key()
self.secret_store.client.proxy.open = mock.MagicMock(
proxy.KMIPProxy().open)
self.secret_store.client.proxy.close = mock.MagicMock(
proxy.KMIPProxy().close)
self.secret_store.client.proxy.create = mock.MagicMock(
proxy.KMIPProxy().create, return_value=results.CreateResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
uuid=attr.UniqueIdentifier(
self.symmetric_key_uuid)))
self.secret_store.client.proxy.create_key_pair = mock.MagicMock(
proxy.KMIPProxy().create_key_pair,
return_value=results.CreateKeyPairResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
private_key_uuid=attr.UniqueIdentifier(self.private_key_uuid),
public_key_uuid=attr.UniqueIdentifier(self.public_key_uuid)))
self.secret_store.client.proxy.register = mock.MagicMock(
proxy.KMIPProxy().register, return_value=results.RegisterResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
uuid=attr.UniqueIdentifier('uuid')))
self.secret_store.client.proxy.destroy = mock.MagicMock(
proxy.KMIPProxy().destroy, return_value=results.DestroyResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS)))
self.secret_store.client.proxy.get = mock.MagicMock(
proxy.KMIPProxy().get, return_value=results.GetResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY),
secret=self.sample_secret))
self.attribute_factory = attributes.AttributeFactory()
def test_enable_tlsv12_config_option(self):
ssl.PROTOCOL_TLSv1_2 = 5
CONF = kss.CONF
secret_store = kss.KMIPSecretStore(CONF)
self.assertTrue(secret_store)
self.assertEqual(CONF.kmip_plugin.ssl_version, 'PROTOCOL_TLSv1_2')