def _create_certificate(self, value):
if value:
return Certificate(
certificate_type=value.get('certificate_type'),
certificate_value=value.get('certificate_value'))
else:
return Certificate()
def _test_read(self, stream, certificate_type, certificate_value):
certificate = Certificate()
certificate.read(stream)
if certificate_type is None:
expected = CertificateType()
else:
expected = CertificateType(certificate_type)
observed = certificate.certificate_type
msg = "certificate type encoding mismatch; "
msg += "expected {0}, observed {1}".format(expected, observed)
self.assertEqual(expected, observed)
if certificate_value is None:
expected = CertificateValue()
else:
expected = CertificateValue(certificate_value)
observed = certificate.certificate_value
msg = "certificate value encoding mismatch; "
msg += "expected {0}, observed {1}".format(expected, observed)
self.assertEqual(expected, observed, msg)
def _test_read(self, stream, certificate_type, certificate_value):
certificate = Certificate()
certificate.read(stream)
if certificate_type is None:
expected = CertificateType()
else:
expected = CertificateType(certificate_type)
observed = certificate.certificate_type
msg = "certificate type encoding mismatch; "
msg += "expected {0}, observed {1}".format(expected, observed)
self.assertEqual(expected, observed)
if certificate_value is None:
expected = CertificateValue()
else:
expected = CertificateValue(certificate_value)
observed = certificate.certificate_value
msg = "certificate value encoding mismatch; "
msg += "expected {0}, observed {1}".format(expected, observed)
self.assertEqual(expected, observed, msg)
def test_not_equal_on_not_equal(self):
"""
Test that the inequality operator returns True when comparing two
Certificate objects with different sets of internal data.
"""
a = Certificate(certificate_type=self.certificate_type_a,
certificate_value=self.certificate_value_a)
b = Certificate(certificate_type=self.certificate_type_b,
certificate_value=self.certificate_value_b)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_not_equal_on_equal_and_empty(self):
"""
Test that the inequality operator returns False when comparing two
Certificate objects with no internal data.
"""
a = Certificate(certificate_type=self.certificate_type_a,
certificate_value=self.certificate_value_a)
b = Certificate(certificate_type=self.certificate_type_a,
certificate_value=self.certificate_value_a)
self.assertFalse(a != b)
self.assertFalse(b != a)
def test_equal_on_equal(self):
"""
Test that the equality operator returns True when comparing two
Certificate objects with the same internal data.
"""
a = Certificate(certificate_type=self.certificate_type_b,
certificate_value=self.certificate_value_b)
b = Certificate(certificate_type=self.certificate_type_b,
certificate_value=self.certificate_value_b)
self.assertTrue(a == b)
self.assertTrue(b == a)
def _test_write(self, stream, certificate_type, certificate_value):
certificate = Certificate(certificate_type=certificate_type,
certificate_value=certificate_value)
expected = stream
observed = BytearrayStream()
certificate.write(observed)
msg = "encoding mismatch;\nexpected:\n{0}\nobserved:\n{1}".format(
expected, observed)
self.assertEqual(expected, observed, msg)
def _test_write(self, stream, certificate_type, certificate_value):
certificate = Certificate(
certificate_type=certificate_type,
certificate_value=certificate_value)
expected = stream
observed = BytearrayStream()
certificate.write(observed)
msg = "encoding mismatch;\nexpected:\n{0}\nobserved:\n{1}".format(
expected, observed)
self.assertEqual(expected, observed, msg)
def _get_kmip_secret(self, secret_dto):
"""Builds a KMIP object from a SecretDTO
This is needed for register calls. The Barbican object needs to be
converted to KMIP object before it can be stored
:param secret_dto: SecretDTO of secret to be stored
:returns: KMIP object
"""
secret_type = secret_dto.type
object_type, key_format_type = (self._map_type_ss_to_kmip(secret_type))
normalized_secret = self._normalize_secret(secret_dto.secret,
secret_type)
kmip_object = None
if object_type == enums.ObjectType.CERTIFICATE:
kmip_object = Certificate(
certificate_type=enums.CertificateTypeEnum.X_509,
certificate_value=normalized_secret)
elif object_type == enums.ObjectType.OPAQUE_DATA:
opaque_type = Opaque.OpaqueDataType(enums.OpaqueDataType.NONE)
opaque_value = Opaque.OpaqueDataValue(normalized_secret)
kmip_object = Opaque(opaque_type, opaque_value)
elif (object_type == enums.ObjectType.SYMMETRIC_KEY
or object_type == enums.ObjectType.SECRET_DATA
or object_type == enums.ObjectType.PRIVATE_KEY
or object_type == enums.ObjectType.PUBLIC_KEY):
key_material = KeyMaterial(normalized_secret)
key_value = KeyValue(key_material)
key_spec = secret_dto.key_spec
algorithm = None
if key_spec.alg is not None:
algorithm_name = self._map_algorithm_ss_to_kmip(
key_spec.alg.lower())
algorithm = CryptographicAlgorithm(algorithm_name)
bit_length = None
if key_spec.bit_length is not None:
bit_length = CryptographicLength(key_spec.bit_length)
key_block = KeyBlock(
key_format_type=misc.KeyFormatType(key_format_type),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=algorithm,
cryptographic_length=bit_length,
key_wrapping_data=None)
if object_type == enums.ObjectType.SYMMETRIC_KEY:
kmip_object = SymmetricKey(key_block)
elif object_type == enums.ObjectType.PRIVATE_KEY:
kmip_object = PrivateKey(key_block)
elif object_type == enums.ObjectType.PUBLIC_KEY:
kmip_object = PublicKey(key_block)
elif object_type == enums.ObjectType.SECRET_DATA:
kind = SecretData.SecretDataType(enums.SecretDataType.PASSWORD)
return SecretData(secret_data_type=kind, key_block=key_block)
return kmip_object
def build_object(logger, object_type, key_format_type):
if object_type == ObjectType.CERTIFICATE:
value = build_secret_value(logger, object_type)
return Certificate(certificate_type=CertificateTypeEnum.X_509,
certificate_value=value)
else:
return build_key(logger, object_type, key_format_type)
def test_not_equal_on_type_mismatch(self):
"""
Test that the inequality operator returns True when comparing a
Certificate object with a non-Certificate object.
"""
a = Certificate(certificate_type=self.certificate_type_a,
certificate_value=self.certificate_value_a)
b = "invalid"
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_str(self):
"""
Test that the string representation of a Certificate object is
formatted properly.
"""
certificate = Certificate(certificate_type=self.certificate_type_b,
certificate_value=self.certificate_value_b)
expected = str(self.certificate_value_b)
observed = str(certificate)
msg = "expected:\n{0}\nobserved:\n{1}".format(expected, observed)
self.assertEqual(expected, observed, msg)
def test_repr(self):
"""
Test that the representation of a Certificate object with data is
formatted properly.
"""
certificate = Certificate(certificate_type=self.certificate_type_b,
certificate_value=self.certificate_value_b)
certificate_type = "certificate_type={0}".format(
str(self.certificate_type_b))
certificate_value = "certificate_value=b'{0}'".format(
str(self.certificate_value_b))
expected = "Certificate({0}, {1})".format(certificate_type,
certificate_value)
observed = repr(certificate)
msg = "\nexpected:\n{0}\nobserved:\n{1}".format(expected, observed)
self.assertEqual(expected, observed, msg)
def test_cert_register_get_destroy(self):
"""
Tests that certificates are properly registered, retrieved,
and destroyed.
"""
# properties copied from test case example :
# http://docs.oasis-open.org/kmip/testcases/v1.1/cn01/kmip-testcases-v1.1-cn01.html#_Toc333488807
cert_obj_type = ObjectType.CERTIFICATE
mask_flags = [
CryptographicUsageMask.SIGN, CryptographicUsageMask.VERIFY
]
attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK
usage_mask = self.attr_factory.create_attribute(
attribute_type, mask_flags)
name = Attribute.AttributeName('Name')
cert_name = 'Integration Test - Register-Get-Destroy Certificate'
cert_name_value = Name.NameValue(cert_name)
name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING)
cert_value = Name(name_value=cert_name_value, name_type=name_type)
cert_name_attr = Attribute(attribute_name=name,
attribute_value=cert_value)
cert_attributes = [usage_mask, cert_name_attr]
cert_template_attribute = TemplateAttribute(attributes=cert_attributes)
cert_format_type = CertificateTypeEnum.X_509
cert_data = (
b'\x30\x82\x03\x12\x30\x82\x01\xFA\xA0\x03\x02\x01\x02\x02\x01\x01'
b'\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30'
b'\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D'
b'\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30'
b'\x0C\x06\x03\x55\x04\x0B\x13\x05\x4F\x41\x53\x49\x53\x31\x0D\x30'
b'\x0B\x06\x03\x55\x04\x03\x13\x04\x4B\x4D\x49\x50\x30\x1E\x17\x0D'
b'\x31\x30\x31\x31\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x17\x0D\x32'
b'\x30\x31\x31\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x3B\x31\x0B'
b'\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06'
b'\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30\x0C\x06\x03'
b'\x55\x04\x0B\x13\x05\x4F\x41\x53\x49\x53\x31\x0D\x30\x0B\x06\x03'
b'\x55\x04\x03\x13\x04\x4B\x4D\x49\x50\x30\x82\x01\x22\x30\x0D\x06'
b'\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F'
b'\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x7F\x16\x1C\x00\x42'
b'\x49\x6C\xCD\x6C\x6D\x4D\xAD\xB9\x19\x97\x34\x35\x35\x77\x76\x00'
b'\x3A\xCF\x54\xB7\xAF\x1E\x44\x0A\xFB\x80\xB6\x4A\x87\x55\xF8\x00'
b'\x2C\xFE\xBA\x6B\x18\x45\x40\xA2\xD6\x60\x86\xD7\x46\x48\x34\x6D'
b'\x75\xB8\xD7\x18\x12\xB2\x05\x38\x7C\x0F\x65\x83\xBC\x4D\x7D\xC7'
b'\xEC\x11\x4F\x3B\x17\x6B\x79\x57\xC4\x22\xE7\xD0\x3F\xC6\x26\x7F'
b'\xA2\xA6\xF8\x9B\x9B\xEE\x9E\x60\xA1\xD7\xC2\xD8\x33\xE5\xA5\xF4'
b'\xBB\x0B\x14\x34\xF4\xE7\x95\xA4\x11\x00\xF8\xAA\x21\x49\x00\xDF'
b'\x8B\x65\x08\x9F\x98\x13\x5B\x1C\x67\xB7\x01\x67\x5A\xBD\xBC\x7D'
b'\x57\x21\xAA\xC9\xD1\x4A\x7F\x08\x1F\xCE\xC8\x0B\x64\xE8\xA0\xEC'
b'\xC8\x29\x53\x53\xC7\x95\x32\x8A\xBF\x70\xE1\xB4\x2E\x7B\xB8\xB7'
b'\xF4\xE8\xAC\x8C\x81\x0C\xDB\x66\xE3\xD2\x11\x26\xEB\xA8\xDA\x7D'
b'\x0C\xA3\x41\x42\xCB\x76\xF9\x1F\x01\x3D\xA8\x09\xE9\xC1\xB7\xAE'
b'\x64\xC5\x41\x30\xFB\xC2\x1D\x80\xE9\xC2\xCB\x06\xC5\xC8\xD7\xCC'
b'\xE8\x94\x6A\x9A\xC9\x9B\x1C\x28\x15\xC3\x61\x2A\x29\xA8\x2D\x73'
b'\xA1\xF9\x93\x74\xFE\x30\xE5\x49\x51\x66\x2A\x6E\xDA\x29\xC6\xFC'
b'\x41\x13\x35\xD5\xDC\x74\x26\xB0\xF6\x05\x02\x03\x01\x00\x01\xA3'
b'\x21\x30\x1F\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x04\xE5'
b'\x7B\xD2\xC4\x31\xB2\xE8\x16\xE1\x80\xA1\x98\x23\xFA\xC8\x58\x27'
b'\x3F\x6B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05'
b'\x00\x03\x82\x01\x01\x00\xA8\x76\xAD\xBC\x6C\x8E\x0F\xF0\x17\x21'
b'\x6E\x19\x5F\xEA\x76\xBF\xF6\x1A\x56\x7C\x9A\x13\xDC\x50\xD1\x3F'
b'\xEC\x12\xA4\x27\x3C\x44\x15\x47\xCF\xAB\xCB\x5D\x61\xD9\x91\xE9'
b'\x66\x31\x9D\xF7\x2C\x0D\x41\xBA\x82\x6A\x45\x11\x2F\xF2\x60\x89'
b'\xA2\x34\x4F\x4D\x71\xCF\x7C\x92\x1B\x4B\xDF\xAE\xF1\x60\x0D\x1B'
b'\xAA\xA1\x53\x36\x05\x7E\x01\x4B\x8B\x49\x6D\x4F\xAE\x9E\x8A\x6C'
b'\x1D\xA9\xAE\xB6\xCB\xC9\x60\xCB\xF2\xFA\xE7\x7F\x58\x7E\xC4\xBB'
b'\x28\x20\x45\x33\x88\x45\xB8\x8D\xD9\xAE\xEA\x53\xE4\x82\xA3\x6E'
b'\x73\x4E\x4F\x5F\x03\xB9\xD0\xDF\xC4\xCA\xFC\x6B\xB3\x4E\xA9\x05'
b'\x3E\x52\xBD\x60\x9E\xE0\x1E\x86\xD9\xB0\x9F\xB5\x11\x20\xC1\x98'
b'\x34\xA9\x97\xB0\x9C\xE0\x8D\x79\xE8\x13\x11\x76\x2F\x97\x4B\xB1'
b'\xC8\xC0\x91\x86\xC4\xD7\x89\x33\xE0\xDB\x38\xE9\x05\x08\x48\x77'
b'\xE1\x47\xC7\x8A\xF5\x2F\xAE\x07\x19\x2F\xF1\x66\xD1\x9F\xA9\x4A'
b'\x11\xCC\x11\xB2\x7E\xD0\x50\xF7\xA2\x7F\xAE\x13\xB2\x05\xA5\x74'
b'\xC4\xEE\x00\xAA\x8B\xD6\x5D\x0D\x70\x57\xC9\x85\xC8\x39\xEF\x33'
b'\x6A\x44\x1E\xD5\x3A\x53\xC6\xB6\xB6\x96\xF1\xBD\xEB\x5F\x7E\xA8'
b'\x11\xEB\xB2\x5A\x7F\x86')
cert_obj = Certificate(cert_format_type, cert_data)
cert_result = self.client.register(cert_obj_type,
cert_template_attribute,
cert_obj,
credential=None)
self._check_result_status(cert_result, ResultStatus,
ResultStatus.SUCCESS)
self._check_uuid(cert_result.uuid.value, str)
# Check that the returned key bytes match what was provided
cert_uuid = cert_result.uuid.value
cert_result = self.client.get(uuid=cert_uuid, credential=None)
self._check_result_status(cert_result, ResultStatus,
ResultStatus.SUCCESS)
self._check_object_type(cert_result.object_type.value, ObjectType,
ObjectType.CERTIFICATE)
self._check_uuid(cert_result.uuid.value, str)
# Check the secret type
cert_secret = cert_result.secret
cert_secret_expected = Certificate
self.assertIsInstance(cert_secret, cert_secret_expected)
cert_material = cert_result.secret.certificate_value.value
expected = cert_data
self.assertEqual(expected, cert_material)
self.logger.debug('Destroying cert: ' + cert_name +
'\nWith " "UUID: ' + cert_result.uuid.value)
cert_result = self.client.destroy(cert_result.uuid.value)
self._check_result_status(cert_result, ResultStatus,
ResultStatus.SUCCESS)
self._check_uuid(cert_result.uuid.value, str)
# Verify the secret was destroyed
cert_result_destroyed_result = self.client.get(uuid=cert_uuid,
credential=None)
self._check_result_status(cert_result_destroyed_result, ResultStatus,
ResultStatus.OPERATION_FAILED)
expected = ResultReason
cert_observed = type(cert_result_destroyed_result.result_reason.value)
self.assertEqual(expected, cert_observed)
