def test_credential_None(self): CONF = kss.CONF CONF.kmip_plugin.username = None CONF.kmip_plugin.password = None CONF.kmip_plugin.keyfile = None secret_store = kss.KMIPSecretStore(CONF) self.assertIsNone(secret_store.credential)
def setUp(self): super(WhenTestingKMIPSecretStore, self).setUp() self.expected_username = "******" self.expected_password = "******" CONF = kss.CONF CONF.kmip_plugin.username = self.expected_username CONF.kmip_plugin.password = self.expected_password CONF.kmip_plugin.keyfile = None CONF.kmip_plugin.pkcs1_only = False # get the latest protocol that SSL supports protocol_dict = ssl.__dict__.get('_PROTOCOL_NAMES') latest_protocol = protocol_dict.get(max(protocol_dict.keys())) if not latest_protocol.startswith('PROTOCOL_'): latest_protocol = 'PROTOCOL_' + latest_protocol CONF.kmip_plugin.ssl_version = latest_protocol self.secret_store = kss.KMIPSecretStore(CONF) self.credential = self.secret_store.credential self.symmetric_type = secret_store.SecretType.SYMMETRIC self.sample_secret_features = { 'key_format_type': enums.KeyFormatType.RAW, 'key_value': { 'bytes': bytearray(b'\x00\x00\x00') }, 'cryptographic_algorithm': enums.CryptographicAlgorithm.AES, 'cryptographic_length': 128 } self.symmetric_key_uuid = 'dde870ad-cea3-41a3-9bb9-e8ab579a2f91' self.public_key_uuid = 'cb908abb-d363-4d9f-8ef2-5e84d27dd25c' self.private_key_uuid = '2d4c0544-4ec6-45b7-81cd-b23c75744eac' self.sample_secret = get_sample_symmetric_key() self.secret_store.client.open = mock.MagicMock( spec=client.ProxyKmipClient.open) self.secret_store.client.close = mock.MagicMock( spec=client.ProxyKmipClient.close) self.secret_store.client.create = mock.MagicMock( return_value=self.symmetric_key_uuid) self.secret_store.client.create_key_pair = mock.MagicMock( return_value=(self.public_key_uuid, self.private_key_uuid)) self.secret_store.client.register = mock.MagicMock( return_value='uuid') self.secret_store.client.destroy = mock.MagicMock( return_value=None) self.secret_store.client.get = mock.MagicMock( return_value=self.sample_secret)
def test_checks_keyfile_permissions(self): config = {'return_value': True} func = ("barbican.plugin.kmip_secret_store." "KMIPSecretStore._validate_keyfile_permissions") with mock.patch(func, **config) as m: CONF = kss.CONF CONF.kmip_plugin.keyfile = '/some/path' kss.KMIPSecretStore(CONF) self.assertEqual(1, len(m.mock_calls))
def setUp(self): super(WhenTestingKMIPSecretStore, self).setUp() self.kmipclient_mock = mock.MagicMock(name="KMIP client mock") CONF = cfg.CONF CONF.kmip_plugin.keyfile = None self.credential = None self.secret_store = kss.KMIPSecretStore(CONF) self.secret_store.client = self.kmipclient_mock self.secret_store.credential = self.credential self.sample_secret_features = { 'key_format_type': enums.KeyFormatType.RAW, 'key_value': { 'bytes': bytearray(b'\x00\x00\x00') }, 'cryptographic_algorithm': enums.CryptographicAlgorithm.AES, 'cryptographic_length': 128 } self.sample_secret = secrets.SecretFactory().create_secret( enums.ObjectType.SYMMETRIC_KEY, self.sample_secret_features) self.secret_store.client.create = mock.create_autospec( proxy.KMIPProxy.create, return_value=results.CreateResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.register = mock.create_autospec( proxy.KMIPProxy.register, return_value=results.RegisterResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.destroy = mock.create_autospec( proxy.KMIPProxy.destroy, return_value=results.DestroyResult( contents.ResultStatus(enums.ResultStatus.SUCCESS))) self.secret_store.client.get = mock.create_autospec( proxy.KMIPProxy.get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=self.sample_secret)) self.attribute_factory = attributes.AttributeFactory()
def test_get_plugin_name(self): CONF = kss.CONF CONF.kmip_plugin.plugin_name = "Test KMIP Plugin" secret_store = kss.KMIPSecretStore(CONF) self.assertEqual("Test KMIP Plugin", secret_store.get_plugin_name())
def test_enable_tlsv1_config_option(self): ssl_version = "PROTOCOL_TLSv1" CONF = kss.CONF CONF.kmip_plugin.ssl_version = ssl_version kss.KMIPSecretStore(CONF) self.assertEqual(ssl_version, CONF.kmip_plugin.ssl_version)
def test_enable_pkcs1_only_config_option(self): CONF = kss.CONF CONF.kmip_plugin.pkcs1_only = True secret_store = kss.KMIPSecretStore(CONF) self.assertTrue(secret_store.pkcs1_only)
def setUp(self): super(WhenTestingKMIPSecretStore, self).setUp() self.expected_username = "******" self.expected_password = "******" CONF = kss.CONF CONF.kmip_plugin.username = self.expected_username CONF.kmip_plugin.password = self.expected_password CONF.kmip_plugin.keyfile = None CONF.kmip_plugin.pkcs1_only = False self.secret_store = kss.KMIPSecretStore(CONF) self.credential = self.secret_store.credential self.symmetric_type = secret_store.SecretType.SYMMETRIC self.sample_secret_features = { 'key_format_type': enums.KeyFormatType.RAW, 'key_value': { 'bytes': bytearray(b'\x00\x00\x00') }, 'cryptographic_algorithm': enums.CryptographicAlgorithm.AES, 'cryptographic_length': 128 } self.symmetric_key_uuid = 'dde870ad-cea3-41a3-9bb9-e8ab579a2f91' self.public_key_uuid = 'cb908abb-d363-4d9f-8ef2-5e84d27dd25c' self.private_key_uuid = '2d4c0544-4ec6-45b7-81cd-b23c75744eac' self.sample_secret = get_sample_symmetric_key() self.secret_store.client.proxy.open = mock.MagicMock( proxy.KMIPProxy().open) self.secret_store.client.proxy.close = mock.MagicMock( proxy.KMIPProxy().close) self.secret_store.client.proxy.create = mock.MagicMock( proxy.KMIPProxy().create, return_value=results.CreateResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier( self.symmetric_key_uuid))) self.secret_store.client.proxy.create_key_pair = mock.MagicMock( proxy.KMIPProxy().create_key_pair, return_value=results.CreateKeyPairResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), private_key_uuid=attr.UniqueIdentifier(self.private_key_uuid), public_key_uuid=attr.UniqueIdentifier(self.public_key_uuid))) self.secret_store.client.proxy.register = mock.MagicMock( proxy.KMIPProxy().register, return_value=results.RegisterResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.proxy.destroy = mock.MagicMock( proxy.KMIPProxy().destroy, return_value=results.DestroyResult( contents.ResultStatus(enums.ResultStatus.SUCCESS))) self.secret_store.client.proxy.get = mock.MagicMock( proxy.KMIPProxy().get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=self.sample_secret)) self.attribute_factory = attributes.AttributeFactory()
def test_enable_tlsv12_config_option(self): ssl.PROTOCOL_TLSv1_2 = 5 CONF = kss.CONF secret_store = kss.KMIPSecretStore(CONF) self.assertTrue(secret_store) self.assertEqual(CONF.kmip_plugin.ssl_version, 'PROTOCOL_TLSv1_2')