Ejemplo n.º 1
0
    def setUp(self):
        super(TestRekeyKeyPairResponsePayload, self).setUp()

        self.uuid = '00000000-0000-0000-0000-000000000000'
        self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier(
            self.uuid)
        self.public_key_uuid = attributes.PublicKeyUniqueIdentifier(self.uuid)
        self.empty_private_key_uuid = attributes.PrivateKeyUniqueIdentifier('')
        self.empty_public_key_uuid = attributes.PublicKeyUniqueIdentifier('')

        self.private_key_template_attribute = \
            objects.PrivateKeyTemplateAttribute()
        self.public_key_template_attribute = \
            objects.PublicKeyTemplateAttribute()

        self.encoding_empty = utils.BytearrayStream((
            b'\x42\x00\x7C\x01\x00\x00\x00\x10\x42\x00\x66\x07\x00\x00\x00\x00'
            b'\x42\x00\x6F\x07\x00\x00\x00\x00'))
        self.encoding_full = utils.BytearrayStream((
            b'\x42\x00\x7C\x01\x00\x00\x00\x70\x42\x00\x66\x07\x00\x00\x00\x24'
            b'\x30\x30\x30\x30\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30'
            b'\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x30\x30\x30\x30'
            b'\x30\x30\x30\x30\x00\x00\x00\x00\x42\x00\x6F\x07\x00\x00\x00\x24'
            b'\x30\x30\x30\x30\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30'
            b'\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x30\x30\x30\x30'
            b'\x30\x30\x30\x30\x00\x00\x00\x00\x42\x00\x65\x01\x00\x00\x00\x00'
            b'\x42\x00\x6E\x01\x00\x00\x00\x00'))
Ejemplo n.º 2
0
    def test_get(self):
        """
        Test that a secret can be retrieved with proper input.
        """
        # Key encoding obtained from Section 14.2 of the KMIP 1.1 test
        # documentation.
        secret = objects.SymmetricKey(
            enums.CryptographicAlgorithm.AES, 128,
            (b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E'
             b'\x0F'))
        fact = factory.ObjectFactory()

        result = results.GetResult(contents.ResultStatus(
            enums.ResultStatus.SUCCESS),
                                   uuid=attr.PublicKeyUniqueIdentifier(
                                       'aaaaaaaa-1111-2222-3333-ffffffffffff'),
                                   secret=fact.convert(secret))

        with ProxyKmipClient() as client:
            client.proxy.get.return_value = result

            result = client.get('aaaaaaaa-1111-2222-3333-ffffffffffff')
            client.proxy.get.assert_called_with(
                'aaaaaaaa-1111-2222-3333-ffffffffffff')
            self.assertIsInstance(result, objects.SymmetricKey)
            self.assertEqual(result, secret)
Ejemplo n.º 3
0
    def test_create_key_pair_with_key_names(self):
        """
        Test that an asymmetric key pair can be created with proper inputs,
        specifically testing that the private / public names are correctly
        sent with the request
        """
        # Create the template to test the create key pair call
        algorithm = enums.CryptographicAlgorithm.RSA
        length = 2048
        algorithm_attribute = self.attribute_factory.create_attribute(
            enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm)
        length_attribute = self.attribute_factory.create_attribute(
            enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length)
        mask_attribute = self.attribute_factory.create_attribute(
            enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [
                enums.CryptographicUsageMask.ENCRYPT,
                enums.CryptographicUsageMask.DECRYPT
            ])

        private_name_attribute = self.attribute_factory.create_attribute(
            enums.AttributeType.NAME, "private")
        public_name_attribute = self.attribute_factory.create_attribute(
            enums.AttributeType.NAME, "public")

        pair_attributes = [
            algorithm_attribute, length_attribute, mask_attribute
        ]

        template = obj.CommonTemplateAttribute(attributes=pair_attributes)
        private_template = obj.PrivateKeyTemplateAttribute(
            names=[private_name_attribute])
        public_template = obj.PublicKeyTemplateAttribute(
            names=[public_name_attribute])

        status = enums.ResultStatus.SUCCESS
        result = results.CreateKeyPairResult(
            contents.ResultStatus(status),
            public_key_uuid=attr.PublicKeyUniqueIdentifier(
                'aaaaaaaa-1111-2222-3333-ffffffffffff'),
            private_key_uuid=attr.PrivateKeyUniqueIdentifier(
                'ffffffff-3333-2222-1111-aaaaaaaaaaaa'))

        with ProxyKmipClient() as client:
            client.proxy.create_key_pair.return_value = result

            public_uid, private_uid = client.create_key_pair(
                enums.CryptographicAlgorithm.RSA,
                2048,
                public_name="public",
                private_name="private")

            kwargs = {
                'common_template_attribute': template,
                'private_key_template_attribute': private_template,
                'public_key_template_attribute': public_template
            }
            client.proxy.create_key_pair.assert_called_with(**kwargs)
Ejemplo n.º 4
0
    def test_create_key_pair(self):
        """
        Test that an asymmetric key pair can be created with proper inputs
        and that the UIDs of the public and private keys are returned
        properly.
        """
        # Create the template to test the create key pair call
        algorithm = enums.CryptographicAlgorithm.RSA
        length = 2048
        algorithm_attribute = self.attribute_factory.create_attribute(
            enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm)
        length_attribute = self.attribute_factory.create_attribute(
            enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length)
        mask_attribute = self.attribute_factory.create_attribute(
            enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [
                enums.CryptographicUsageMask.ENCRYPT,
                enums.CryptographicUsageMask.DECRYPT
            ])

        attributes = [algorithm_attribute, length_attribute, mask_attribute]
        template = obj.CommonTemplateAttribute(attributes=attributes)

        status = enums.ResultStatus.SUCCESS
        result = results.CreateKeyPairResult(
            contents.ResultStatus(status),
            public_key_uuid=attr.PublicKeyUniqueIdentifier(
                'aaaaaaaa-1111-2222-3333-ffffffffffff'),
            private_key_uuid=attr.PrivateKeyUniqueIdentifier(
                'ffffffff-3333-2222-1111-aaaaaaaaaaaa'))

        with ProxyKmipClient() as client:
            client.proxy.create_key_pair.return_value = result

            public_uid, private_uid = client.create_key_pair(
                enums.CryptographicAlgorithm.RSA, 2048)

            kwargs = {
                'common_template_attribute': template,
                'private_key_template_attribute': None,
                'public_key_template_attribute': None
            }
            client.proxy.create_key_pair.assert_called_with(**kwargs)
            self.assertIsInstance(public_uid, six.string_types)
            self.assertIsInstance(private_uid, six.string_types)
Ejemplo n.º 5
0
    def test_register(self):
        """
        Test that the client can register a key.
        """
        key = objects.SymmetricKey(
            enums.CryptographicAlgorithm.AES, 128,
            (b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E'
             b'\x0F'))

        result = results.RegisterResult(
            contents.ResultStatus(enums.ResultStatus.SUCCESS),
            uuid=attr.PublicKeyUniqueIdentifier(
                'aaaaaaaa-1111-2222-3333-ffffffffffff'))

        with ProxyKmipClient() as client:
            client.proxy.register.return_value = result
            uid = client.register(key)
            self.assertTrue(client.proxy.register.called)
            self.assertIsInstance(uid, six.string_types)
Ejemplo n.º 6
0
    def __init__(self,
                 private_key_uuid=None,
                 public_key_uuid=None,
                 private_key_template_attribute=None,
                 public_key_template_attribute=None):
        super(CreateKeyPairResponsePayload,
              self).__init__(Tags.RESPONSE_PAYLOAD)

        # Private and public UUIDs are required so make defaults as backup
        if private_key_uuid is None:
            self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier('')
        else:
            self.private_key_uuid = private_key_uuid

        if public_key_uuid is None:
            self.public_key_uuid = attributes.PublicKeyUniqueIdentifier('')
        else:
            self.public_key_uuid = public_key_uuid

        self.private_key_template_attribute = private_key_template_attribute
        self.public_key_template_attribute = public_key_template_attribute

        self.validate()
Ejemplo n.º 7
0
    def _process_create_key_pair(self, payload):
        self._logger.info("Processing operation: CreateKeyPair")

        algorithm = None
        length = None

        # Process attribute sets
        public_key_attributes = {}
        private_key_attributes = {}
        common_attributes = {}
        if payload.public_key_template_attribute:
            public_key_attributes = self._process_template_attribute(
                payload.public_key_template_attribute)
        if payload.private_key_template_attribute:
            private_key_attributes = self._process_template_attribute(
                payload.private_key_template_attribute)
        if payload.common_template_attribute:
            common_attributes = self._process_template_attribute(
                payload.common_template_attribute)

        # Propagate common attributes if not overridden by the public/private
        # attribute sets
        for key, value in six.iteritems(common_attributes):
            if key not in public_key_attributes.keys():
                public_key_attributes.update([(key, value)])
            if key not in private_key_attributes.keys():
                private_key_attributes.update([(key, value)])

        # Error check for required attributes.
        public_algorithm = public_key_attributes.get('Cryptographic Algorithm')
        if public_algorithm:
            public_algorithm = public_algorithm.value
        else:
            raise exceptions.InvalidField(
                "The cryptographic algorithm must be specified as an "
                "attribute for the public key.")

        public_length = public_key_attributes.get('Cryptographic Length')
        if public_length:
            public_length = public_length.value
        else:
            # TODO (peterhamilton) The cryptographic length is technically not
            # required per the spec. Update the CryptographyEngine to accept a
            # None length, allowing it to pick the length dynamically. Default
            # to the strongest key size allowed for the algorithm type.
            raise exceptions.InvalidField(
                "The cryptographic length must be specified as an attribute "
                "for the public key.")

        public_usage_mask = public_key_attributes.get(
            'Cryptographic Usage Mask')
        if public_usage_mask is None:
            raise exceptions.InvalidField(
                "The cryptographic usage mask must be specified as an "
                "attribute for the public key.")

        private_algorithm = private_key_attributes.get(
            'Cryptographic Algorithm')
        if private_algorithm:
            private_algorithm = private_algorithm.value
        else:
            raise exceptions.InvalidField(
                "The cryptographic algorithm must be specified as an "
                "attribute for the private key.")

        private_length = private_key_attributes.get('Cryptographic Length')
        if private_length:
            private_length = private_length.value
        else:
            # TODO (peterhamilton) The cryptographic length is technically not
            # required per the spec. Update the CryptographyEngine to accept a
            # None length, allowing it to pick the length dynamically. Default
            # to the strongest key size allowed for the algorithm type.
            raise exceptions.InvalidField(
                "The cryptographic length must be specified as an attribute "
                "for the private key.")

        private_usage_mask = private_key_attributes.get(
            'Cryptographic Usage Mask')
        if private_usage_mask is None:
            raise exceptions.InvalidField(
                "The cryptographic usage mask must be specified as an "
                "attribute for the private key.")

        if public_algorithm == private_algorithm:
            algorithm = public_algorithm
        else:
            raise exceptions.InvalidField(
                "The public and private key algorithms must be the same.")

        if public_length == private_length:
            length = public_length
        else:
            raise exceptions.InvalidField(
                "The public and private key lengths must be the same.")

        public, private = self._cryptography_engine.create_asymmetric_key_pair(
            algorithm, length)

        public_key = objects.PublicKey(algorithm, length, public.get('value'),
                                       public.get('format'))
        private_key = objects.PrivateKey(algorithm, length,
                                         private.get('value'),
                                         private.get('format'))
        public_key.names = []
        private_key.names = []

        self._set_attributes_on_managed_object(public_key,
                                               public_key_attributes)
        self._set_attributes_on_managed_object(private_key,
                                               private_key_attributes)

        # TODO (peterhamilton) Set additional server-only attributes.
        public_key._owner = self._client_identity
        private_key._owner = self._client_identity

        self._data_session.add(public_key)
        self._data_session.add(private_key)

        # NOTE (peterhamilton) SQLAlchemy will *not* assign an ID until
        # commit is called. This makes future support for UNDO problematic.
        self._data_session.commit()

        self._logger.info("Created a PublicKey with ID: {0}".format(
            public_key.unique_identifier))
        self._logger.info("Created a PrivateKey with ID: {0}".format(
            private_key.unique_identifier))

        response_payload = create_key_pair.CreateKeyPairResponsePayload(
            private_key_uuid=attributes.PrivateKeyUniqueIdentifier(
                str(private_key.unique_identifier)),
            public_key_uuid=attributes.PublicKeyUniqueIdentifier(
                str(public_key.unique_identifier)))

        self._id_placeholder = str(private_key.unique_identifier)
        return response_payload