def setUp(self): super(TestRekeyKeyPairResponsePayload, self).setUp() self.uuid = '00000000-0000-0000-0000-000000000000' self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier( self.uuid) self.public_key_uuid = attributes.PublicKeyUniqueIdentifier(self.uuid) self.empty_private_key_uuid = attributes.PrivateKeyUniqueIdentifier('') self.empty_public_key_uuid = attributes.PublicKeyUniqueIdentifier('') self.private_key_template_attribute = \ objects.PrivateKeyTemplateAttribute() self.public_key_template_attribute = \ objects.PublicKeyTemplateAttribute() self.encoding_empty = utils.BytearrayStream(( b'\x42\x00\x7C\x01\x00\x00\x00\x10\x42\x00\x66\x07\x00\x00\x00\x00' b'\x42\x00\x6F\x07\x00\x00\x00\x00')) self.encoding_full = utils.BytearrayStream(( b'\x42\x00\x7C\x01\x00\x00\x00\x70\x42\x00\x66\x07\x00\x00\x00\x24' b'\x30\x30\x30\x30\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30' b'\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x30\x30\x30\x30' b'\x30\x30\x30\x30\x00\x00\x00\x00\x42\x00\x6F\x07\x00\x00\x00\x24' b'\x30\x30\x30\x30\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30' b'\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x30\x30\x30\x30' b'\x30\x30\x30\x30\x00\x00\x00\x00\x42\x00\x65\x01\x00\x00\x00\x00' b'\x42\x00\x6E\x01\x00\x00\x00\x00'))
def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0): super(RekeyKeyPairRequestPayload, self).read(istream, kmip_version=kmip_version) tstream = BytearrayStream(istream.read(self.length)) if self.is_tag_next(enums.Tags.PRIVATE_KEY_UNIQUE_IDENTIFIER, tstream): self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier() self.private_key_uuid.read(tstream, kmip_version=kmip_version) if self.is_tag_next(enums.Tags.OFFSET, tstream): self.offset = misc.Offset() self.offset.read(tstream, kmip_version=kmip_version) if self.is_tag_next(enums.Tags.COMMON_TEMPLATE_ATTRIBUTE, tstream): self.common_template_attribute = objects.CommonTemplateAttribute() self.common_template_attribute.read(tstream, kmip_version=kmip_version) if self.is_tag_next(enums.Tags.PRIVATE_KEY_TEMPLATE_ATTRIBUTE, tstream): self.private_key_template_attribute = \ objects.PrivateKeyTemplateAttribute() self.private_key_template_attribute.read(tstream, kmip_version=kmip_version) if self.is_tag_next(enums.Tags.PUBLIC_KEY_TEMPLATE_ATTRIBUTE, tstream): self.public_key_template_attribute = \ objects.PublicKeyTemplateAttribute() self.public_key_template_attribute.read(tstream, kmip_version=kmip_version) self.is_oversized(tstream) self.validate()
def test_create_key_pair_with_key_names(self): """ Test that an asymmetric key pair can be created with proper inputs, specifically testing that the private / public names are correctly sent with the request """ # Create the template to test the create key pair call algorithm = enums.CryptographicAlgorithm.RSA length = 2048 algorithm_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm) length_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length) mask_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [ enums.CryptographicUsageMask.ENCRYPT, enums.CryptographicUsageMask.DECRYPT ]) private_name_attribute = self.attribute_factory.create_attribute( enums.AttributeType.NAME, "private") public_name_attribute = self.attribute_factory.create_attribute( enums.AttributeType.NAME, "public") pair_attributes = [ algorithm_attribute, length_attribute, mask_attribute ] template = obj.CommonTemplateAttribute(attributes=pair_attributes) private_template = obj.PrivateKeyTemplateAttribute( names=[private_name_attribute]) public_template = obj.PublicKeyTemplateAttribute( names=[public_name_attribute]) status = enums.ResultStatus.SUCCESS result = results.CreateKeyPairResult( contents.ResultStatus(status), public_key_uuid=attr.PublicKeyUniqueIdentifier( 'aaaaaaaa-1111-2222-3333-ffffffffffff'), private_key_uuid=attr.PrivateKeyUniqueIdentifier( 'ffffffff-3333-2222-1111-aaaaaaaaaaaa')) with ProxyKmipClient() as client: client.proxy.create_key_pair.return_value = result public_uid, private_uid = client.create_key_pair( enums.CryptographicAlgorithm.RSA, 2048, public_name="public", private_name="private") kwargs = { 'common_template_attribute': template, 'private_key_template_attribute': private_template, 'public_key_template_attribute': public_template } client.proxy.create_key_pair.assert_called_with(**kwargs)
def test_create_key_pair(self): """ Test that an asymmetric key pair can be created with proper inputs and that the UIDs of the public and private keys are returned properly. """ # Create the template to test the create key pair call algorithm = enums.CryptographicAlgorithm.RSA length = 2048 algorithm_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm) length_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length) mask_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [ enums.CryptographicUsageMask.ENCRYPT, enums.CryptographicUsageMask.DECRYPT ]) attributes = [algorithm_attribute, length_attribute, mask_attribute] template = obj.CommonTemplateAttribute(attributes=attributes) status = enums.ResultStatus.SUCCESS result = results.CreateKeyPairResult( contents.ResultStatus(status), public_key_uuid=attr.PublicKeyUniqueIdentifier( 'aaaaaaaa-1111-2222-3333-ffffffffffff'), private_key_uuid=attr.PrivateKeyUniqueIdentifier( 'ffffffff-3333-2222-1111-aaaaaaaaaaaa')) with ProxyKmipClient() as client: client.proxy.create_key_pair.return_value = result public_uid, private_uid = client.create_key_pair( enums.CryptographicAlgorithm.RSA, 2048) kwargs = { 'common_template_attribute': template, 'private_key_template_attribute': None, 'public_key_template_attribute': None } client.proxy.create_key_pair.assert_called_with(**kwargs) self.assertIsInstance(public_uid, six.string_types) self.assertIsInstance(private_uid, six.string_types)
def setUp(self): super(TestRekeyKeyPairRequestPayload, self).setUp() self.uuid = '00000000-0000-0000-0000-000000000000' self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier( self.uuid) self.offset = misc.Offset(0) self.common_template_attribute = objects.CommonTemplateAttribute() self.private_key_template_attribute = \ objects.PrivateKeyTemplateAttribute() self.public_key_template_attribute = \ objects.PublicKeyTemplateAttribute() self.encoding_empty = utils.BytearrayStream(( b'\x42\x00\x79\x01\x00\x00\x00\x00')) self.encoding_full = utils.BytearrayStream(( b'\x42\x00\x79\x01\x00\x00\x00\x58\x42\x00\x66\x07\x00\x00\x00\x24' b'\x30\x30\x30\x30\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30' b'\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x30\x30\x30\x30' b'\x30\x30\x30\x30\x00\x00\x00\x00\x42\x00\x58\x0A\x00\x00\x00\x04' b'\x00\x00\x00\x00\x00\x00\x00\x00\x42\x00\x1F\x01\x00\x00\x00\x00' b'\x42\x00\x65\x01\x00\x00\x00\x00\x42\x00\x6E\x01\x00\x00\x00\x00' ))
def __init__(self, private_key_uuid=None, public_key_uuid=None, private_key_template_attribute=None, public_key_template_attribute=None): super(CreateKeyPairResponsePayload, self).__init__(Tags.RESPONSE_PAYLOAD) # Private and public UUIDs are required so make defaults as backup if private_key_uuid is None: self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier('') else: self.private_key_uuid = private_key_uuid if public_key_uuid is None: self.public_key_uuid = attributes.PublicKeyUniqueIdentifier('') else: self.public_key_uuid = public_key_uuid self.private_key_template_attribute = private_key_template_attribute self.public_key_template_attribute = public_key_template_attribute self.validate()
def _process_create_key_pair(self, payload): self._logger.info("Processing operation: CreateKeyPair") algorithm = None length = None # Process attribute sets public_key_attributes = {} private_key_attributes = {} common_attributes = {} if payload.public_key_template_attribute: public_key_attributes = self._process_template_attribute( payload.public_key_template_attribute) if payload.private_key_template_attribute: private_key_attributes = self._process_template_attribute( payload.private_key_template_attribute) if payload.common_template_attribute: common_attributes = self._process_template_attribute( payload.common_template_attribute) # Propagate common attributes if not overridden by the public/private # attribute sets for key, value in six.iteritems(common_attributes): if key not in public_key_attributes.keys(): public_key_attributes.update([(key, value)]) if key not in private_key_attributes.keys(): private_key_attributes.update([(key, value)]) # Error check for required attributes. public_algorithm = public_key_attributes.get('Cryptographic Algorithm') if public_algorithm: public_algorithm = public_algorithm.value else: raise exceptions.InvalidField( "The cryptographic algorithm must be specified as an " "attribute for the public key.") public_length = public_key_attributes.get('Cryptographic Length') if public_length: public_length = public_length.value else: # TODO (peterhamilton) The cryptographic length is technically not # required per the spec. Update the CryptographyEngine to accept a # None length, allowing it to pick the length dynamically. Default # to the strongest key size allowed for the algorithm type. raise exceptions.InvalidField( "The cryptographic length must be specified as an attribute " "for the public key.") public_usage_mask = public_key_attributes.get( 'Cryptographic Usage Mask') if public_usage_mask is None: raise exceptions.InvalidField( "The cryptographic usage mask must be specified as an " "attribute for the public key.") private_algorithm = private_key_attributes.get( 'Cryptographic Algorithm') if private_algorithm: private_algorithm = private_algorithm.value else: raise exceptions.InvalidField( "The cryptographic algorithm must be specified as an " "attribute for the private key.") private_length = private_key_attributes.get('Cryptographic Length') if private_length: private_length = private_length.value else: # TODO (peterhamilton) The cryptographic length is technically not # required per the spec. Update the CryptographyEngine to accept a # None length, allowing it to pick the length dynamically. Default # to the strongest key size allowed for the algorithm type. raise exceptions.InvalidField( "The cryptographic length must be specified as an attribute " "for the private key.") private_usage_mask = private_key_attributes.get( 'Cryptographic Usage Mask') if private_usage_mask is None: raise exceptions.InvalidField( "The cryptographic usage mask must be specified as an " "attribute for the private key.") if public_algorithm == private_algorithm: algorithm = public_algorithm else: raise exceptions.InvalidField( "The public and private key algorithms must be the same.") if public_length == private_length: length = public_length else: raise exceptions.InvalidField( "The public and private key lengths must be the same.") public, private = self._cryptography_engine.create_asymmetric_key_pair( algorithm, length) public_key = objects.PublicKey(algorithm, length, public.get('value'), public.get('format')) private_key = objects.PrivateKey(algorithm, length, private.get('value'), private.get('format')) public_key.names = [] private_key.names = [] self._set_attributes_on_managed_object(public_key, public_key_attributes) self._set_attributes_on_managed_object(private_key, private_key_attributes) # TODO (peterhamilton) Set additional server-only attributes. public_key._owner = self._client_identity private_key._owner = self._client_identity self._data_session.add(public_key) self._data_session.add(private_key) # NOTE (peterhamilton) SQLAlchemy will *not* assign an ID until # commit is called. This makes future support for UNDO problematic. self._data_session.commit() self._logger.info("Created a PublicKey with ID: {0}".format( public_key.unique_identifier)) self._logger.info("Created a PrivateKey with ID: {0}".format( private_key.unique_identifier)) response_payload = create_key_pair.CreateKeyPairResponsePayload( private_key_uuid=attributes.PrivateKeyUniqueIdentifier( str(private_key.unique_identifier)), public_key_uuid=attributes.PublicKeyUniqueIdentifier( str(public_key.unique_identifier))) self._id_placeholder = str(private_key.unique_identifier) return response_payload