def test_store_opaque_secret_assert_called(self): key_spec = secret_store.KeySpec(None, None, None) opaque = base64.b64encode(b'\x00\x01\x02\x03\x04\x05\x06\x07') secret_dto = secret_store.SecretDTO(secret_store.SecretType.OPAQUE, opaque, key_spec, 'content_type', transport_key=None) self.secret_store.store_secret(secret_dto) self.secret_store.client.register.assert_called_once_with( objects.OpaqueObject(base64.b64decode(opaque), enums.OpaqueDataType.NONE))
def test_convert_opaque_object_pie_to_core(self): """ Test that a Pie opaque object can be converted into a core opaque object. """ pie_obj = pobjects.OpaqueObject(self.opaque_bytes, enums.OpaqueDataType.NONE) core_obj = self.factory.convert(pie_obj) self.assertIsInstance(core_obj, secrets.OpaqueObject) opaque_type = core_obj.opaque_data_type.value self.assertEqual(enums.OpaqueDataType.NONE, opaque_type) value = core_obj.opaque_data_value.value self.assertEqual(self.opaque_bytes, value)
def _get_kmip_secret(self, secret_dto): """Builds a KMIP object from a SecretDTO This is needed for register calls. The Barbican object needs to be converted to KMIP object before it can be stored :param secret_dto: SecretDTO of secret to be stored :returns: KMIP object """ secret_type = secret_dto.type key_spec = secret_dto.key_spec object_type, key_format_type = ( self._map_type_ss_to_kmip(secret_type)) normalized_secret = self._normalize_secret(secret_dto.secret, secret_type) kmip_object = None if object_type == enums.ObjectType.CERTIFICATE: kmip_object = objects.X509Certificate(normalized_secret) elif object_type == enums.ObjectType.OPAQUE_DATA: opaque_type = enums.OpaqueDataType.NONE kmip_object = objects.OpaqueObject(normalized_secret, opaque_type) elif object_type == enums.ObjectType.PRIVATE_KEY: algorithm = self._get_kmip_algorithm(key_spec.alg) length = key_spec.bit_length format_type = enums.KeyFormatType.PKCS_8 kmip_object = objects.PrivateKey( algorithm, length, normalized_secret, format_type) elif object_type == enums.ObjectType.PUBLIC_KEY: algorithm = self._get_kmip_algorithm(key_spec.alg) length = key_spec.bit_length format_type = enums.KeyFormatType.X_509 kmip_object = objects.PublicKey( algorithm, length, normalized_secret, format_type) elif object_type == enums.ObjectType.SYMMETRIC_KEY: algorithm = self._get_kmip_algorithm(key_spec.alg) length = key_spec.bit_length kmip_object = objects.SymmetricKey(algorithm, length, normalized_secret) elif object_type == enums.ObjectType.SECRET_DATA: data_type = enums.SecretDataType.PASSWORD kmip_object = objects.SecretData(normalized_secret, data_type) return kmip_object
def test_opaque_object_register_get_destroy(self): """ Test that the ProxyKmipClient can register, retrieve, and destroy an opaque object. """ # Object encoding obtained from Section 3.1.5 of the KMIP 1.1 test # documentation. obj = objects.OpaqueObject( b'\x53\x65\x63\x72\x65\x74\x50\x61\x73\x73\x77\x6F\x72\x64', enums.OpaqueDataType.NONE) uid = self.client.register(obj) self.assertIsInstance(uid, six.string_types) try: result = self.client.get(uid) self.assertIsInstance(result, objects.OpaqueObject) self.assertEqual(result, obj, "expected {0}\nobserved {1}".format(result, obj)) finally: self.client.destroy(uid) self.assertRaises(exceptions.KmipOperationFailure, self.client.get, uid) self.assertRaises(exceptions.KmipOperationFailure, self.client.destroy, uid)
def get_sample_opaque_secret(): return objects.OpaqueObject(base64.b64decode(utils.get_symmetric_key()), enums.OpaqueDataType.NONE)
def _build_pie_opaque_object(self, obj): opaque_type = obj.opaque_data_type.value value = obj.opaque_data_value.value return pobjects.OpaqueObject(value, opaque_type)
import sys from kmip.core import enums from kmip.demos import utils from kmip.pie import client from kmip.pie import objects if __name__ == '__main__': logger = utils.build_console_logger(logging.INFO) parser = utils.build_cli_parser() opts, args = parser.parse_args(sys.argv[1:]) config = opts.config value = b'\x53\x65\x63\x72\x65\x74\x50\x61\x73\x73\x77\x6F\x72\x64' opaque_type = enums.OpaqueDataType.NONE name = 'Demo Opaque Object' obj = objects.OpaqueObject(value, opaque_type, name) # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: try: uid = client.register(obj) logger.info("Successfully registered opaque object with ID: " "{0}".format(uid)) except Exception as e: logger.error(e)