def test_delete_secret_server_error_occurs(self):
self.secret_store.client.destroy = mock.MagicMock(
proxy.KMIPProxy().destroy,
return_value=results.DestroyResult(
contents.ResultStatus(enums.ResultStatus.OPERATION_FAILED)))
metadata = {kss.KMIPSecretStore.KEY_UUID: self.symmetric_key_uuid}
self.assertRaises(secret_store.SecretGeneralException,
self.secret_store.delete_secret, metadata)
def test_generate_asymmetric_key_server_error_occurs(self):
self.secret_store.client.create_key_pair = mock.MagicMock(
proxy.KMIPProxy().create_key_pair,
return_value=results.CreateKeyPairResult(
contents.ResultStatus(enums.ResultStatus.OPERATION_FAILED)))
key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048,
'mode')
self.assertRaises(secret_store.SecretGeneralException,
self.secret_store.generate_asymmetric_key, key_spec)
def client(request):
config = request.config.getoption("--config")
client = kmip_client.KMIPProxy(config=config)
client.open()
def finalize():
client.close()
request.addfinalizer(finalize)
request.cls.client = client
def test_get_secret_symmetric_return_value_invalid_key_material_type(self):
sample_secret = self.sample_secret
sample_secret.key_block.key_value.key_material = 'invalid_type'
self.secret_store.client.proxy.get = mock.MagicMock(
proxy.KMIPProxy().get, return_value=results.GetResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY),
secret=sample_secret))
metadata = {kss.KMIPSecretStore.KEY_UUID: self.symmetric_key_uuid}
self.assertRaises(
secret_store.SecretGeneralException,
self.secret_store.get_secret,
self.symmetric_type, metadata)
def test_get_secret(self, kmip_secret, secret_type, kmip_type,
key_format_type, expected_secret, pkcs1_only):
self.secret_store.pkcs1_only = pkcs1_only
self.secret_store.client.proxy.get = mock.MagicMock(
proxy.KMIPProxy().get, return_value=results.GetResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
object_type=attr.ObjectType(kmip_type),
secret=kmip_secret))
uuid = utils.generate_test_uuid(0)
metadata = {kss.KMIPSecretStore.KEY_UUID: uuid}
secret_dto = self.secret_store.get_secret(secret_type, metadata)
self.secret_store.client.proxy.get.assert_called_once_with(uuid)
self.assertEqual(secret_store.SecretDTO, type(secret_dto))
self.assertEqual(secret_type, secret_dto.type)
self.assertEqual(expected_secret, secret_dto.secret)
def test_store_secret_server_error_occurs(self):
self.secret_store.client.register = mock.MagicMock(
proxy.KMIPProxy().register,
return_value=results.RegisterResult(
contents.ResultStatus(enums.ResultStatus.OPERATION_FAILED)))
key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.AES, 128,
'mode')
secret_dto = secret_store.SecretDTO(secret_store.SecretType.SYMMETRIC,
"AAAA",
key_spec,
'content_type',
transport_key=None)
self.assertRaises(secret_store.SecretGeneralException,
self.secret_store.store_secret, secret_dto)
def __init__(self, conf=CONF):
"""Initializes KMIPSecretStore
Creates a dictionary of mappings between SecretStore enum values
and pyKMIP enum values. Initializes the KMIP client with credentials
needed to connect to the KMIP server.
"""
super(KMIPSecretStore, self).__init__()
self.valid_alg_dict = {
ss.KeyAlgorithm.AES: {
KMIPSecretStore.VALID_BIT_LENGTHS: [128, 192, 256],
KMIPSecretStore.KMIP_ALGORITHM_ENUM:
enums.CryptographicAlgorithm.AES},
ss.KeyAlgorithm.DES: {
KMIPSecretStore.VALID_BIT_LENGTHS: [56],
KMIPSecretStore.KMIP_ALGORITHM_ENUM:
enums.CryptographicAlgorithm.DES},
ss.KeyAlgorithm.DESEDE: {
KMIPSecretStore.VALID_BIT_LENGTHS:
[56, 64, 112, 128, 168, 192],
KMIPSecretStore.KMIP_ALGORITHM_ENUM:
enums.CryptographicAlgorithm.TRIPLE_DES}
}
if conf.kmip_plugin.keyfile is not None:
self._validate_keyfile_permissions(conf.kmip_plugin.keyfile)
credential_type = credentials.CredentialType.USERNAME_AND_PASSWORD
credential_value = {'Username': conf.kmip_plugin.username,
'Password': conf.kmip_plugin.password}
self.credential = credentials.CredentialFactory().create_credential(
credential_type,
credential_value)
self.client = kmip_client.KMIPProxy(
host=conf.kmip_plugin.host,
port=int(conf.kmip_plugin.port),
ssl_version=conf.kmip_plugin.ssl_version,
ca_certs=conf.kmip_plugin.ca_certs,
certfile=conf.kmip_plugin.certfile,
keyfile=conf.kmip_plugin.keyfile,
username=conf.kmip_plugin.username,
password=conf.kmip_plugin.password)
attribute_factory = AttributeFactory()
credential_factory = CredentialFactory()
# Build the KMIP server account credentials
# TODO (peter-hamilton) Move up into KMIPProxy
if (username is None) and (password is None):
credential = None
else:
credential_type = enums.CredentialType.USERNAME_AND_PASSWORD
credential_value = {"Username": username, "Password": password}
credential = credential_factory.create_credential(
credential_type, credential_value)
# Build the client and connect to the server
client = kmip_client.KMIPProxy(config=config, config_file=opts.config_file)
client.open()
# Build attributes if any are specified
attributes = []
if name:
attributes.append(
attribute_factory.create_attribute(enums.AttributeType.NAME, name))
for initial_date in initial_dates:
try:
t = time.strptime(initial_date)
except ValueError:
logger.error(
"Invalid initial date provided: {}".format(initial_date))
logger.info("Date values should be formatted like this: "
"'Tue Jul 23 18:39:01 2019'")
def setUp(self):
super(WhenTestingKMIPSecretStore, self).setUp()
self.expected_username = "******"
self.expected_password = "******"
CONF = kss.CONF
CONF.kmip_plugin.username = self.expected_username
CONF.kmip_plugin.password = self.expected_password
CONF.kmip_plugin.keyfile = None
CONF.kmip_plugin.pkcs1_only = False
self.secret_store = kss.KMIPSecretStore(CONF)
self.credential = self.secret_store.credential
self.symmetric_type = secret_store.SecretType.SYMMETRIC
self.sample_secret_features = {
'key_format_type': enums.KeyFormatType.RAW,
'key_value': {
'bytes': bytearray(b'\x00\x00\x00')
},
'cryptographic_algorithm': enums.CryptographicAlgorithm.AES,
'cryptographic_length': 128
}
self.symmetric_key_uuid = 'dde870ad-cea3-41a3-9bb9-e8ab579a2f91'
self.public_key_uuid = 'cb908abb-d363-4d9f-8ef2-5e84d27dd25c'
self.private_key_uuid = '2d4c0544-4ec6-45b7-81cd-b23c75744eac'
self.sample_secret = get_sample_symmetric_key()
self.secret_store.client.proxy.open = mock.MagicMock(
proxy.KMIPProxy().open)
self.secret_store.client.proxy.close = mock.MagicMock(
proxy.KMIPProxy().close)
self.secret_store.client.proxy.create = mock.MagicMock(
proxy.KMIPProxy().create, return_value=results.CreateResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
uuid=attr.UniqueIdentifier(
self.symmetric_key_uuid)))
self.secret_store.client.proxy.create_key_pair = mock.MagicMock(
proxy.KMIPProxy().create_key_pair,
return_value=results.CreateKeyPairResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
private_key_uuid=attr.UniqueIdentifier(self.private_key_uuid),
public_key_uuid=attr.UniqueIdentifier(self.public_key_uuid)))
self.secret_store.client.proxy.register = mock.MagicMock(
proxy.KMIPProxy().register, return_value=results.RegisterResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
uuid=attr.UniqueIdentifier('uuid')))
self.secret_store.client.proxy.destroy = mock.MagicMock(
proxy.KMIPProxy().destroy, return_value=results.DestroyResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS)))
self.secret_store.client.proxy.get = mock.MagicMock(
proxy.KMIPProxy().get, return_value=results.GetResult(
contents.ResultStatus(enums.ResultStatus.SUCCESS),
object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY),
secret=self.sample_secret))
self.attribute_factory = attributes.AttributeFactory()
