def setUp(self): super(TestKMIPClientIntegration, self).setUp() self.attr_factory = AttributeFactory() self.cred_factory = CredentialFactory() self.secret_factory = SecretFactory() # Set up the KMIP server process path = os.path.join(os.path.dirname(__file__), os.path.pardir, 'utils', 'server.py') self.server = Popen( ['python', '{0}'.format(path), '-p', '{0}'.format(self.KMIP_PORT)], stderr=sys.stdout) time.sleep(self.STARTUP_TIME) if self.server.poll() is not None: raise KMIPServerSuicideError(self.server.pid) # Set up and open the client proxy; shutdown the server if open fails try: self.client = KMIPProxy(port=self.KMIP_PORT, ca_certs=self.CA_CERTS_PATH) self.client.open() except Exception as e: self._shutdown_server() raise e
def setUp(self): super(TestKMIPClient, self).setUp() self.attr_factory = AttributeFactory() self.cred_factory = CredentialFactory() self.secret_factory = SecretFactory() self.client = KMIPProxy() KMIP_PORT = 9090 CA_CERTS_PATH = os.path.normpath(os.path.join(os.path.dirname( os.path.abspath(__file__)), '../utils/certs/server.crt')) self.mock_client = KMIPProxy(host="IP_ADDR_1, IP_ADDR_2", port=KMIP_PORT, ca_certs=CA_CERTS_PATH) self.mock_client.socket = mock.MagicMock() self.mock_client.socket.connect = mock.MagicMock() self.mock_client.socket.close = mock.MagicMock()
def setUp(self): super(TestClientProfileInformation, self).setUp() self.client = KMIPProxy() self.conformance_clauses = [ConformanceClause.DISCOVER_VERSIONS] self.authentication_suites = [AuthenticationSuite.BASIC] self.client.conformance_clauses = self.conformance_clauses self.client.authentication_suites = self.authentication_suites
def __init__(self, hostname=None, port=None, cert=None, key=None, ca=None, ssl_version=None, username=None, password=None, config='client'): """ Construct a ProxyKmipClient. Args: hostname (string): The host or IP address of a KMIP appliance. Optional, defaults to None. port (int): The port number used to establish a connection to a KMIP appliance. Usually 5696 for KMIP applications. Optional, defaults to None. cert (string): The path to the client's certificate. Optional, defaults to None. key (string): The path to the key for the client's certificate. Optional, defaults to None. ca (string): The path to the CA certificate used to verify the server's certificate. Optional, defaults to None. ssl_version (string): The name of the ssl version to use for the connection. Example: 'PROTOCOL_SSLv23'. Optional, defaults to None. username (string): The username of the KMIP appliance account to use for operations. Optional, defaults to None. password (string): The password of the KMIP appliance account to use for operations. Optional, defaults to None. config (string): The name of a section in the PyKMIP configuration file. Use to load a specific set of configuration settings from the configuration file, instead of specifying them manually. Optional, defaults to the default client section, 'client'. """ self.logger = logging.getLogger() self.attribute_factory = attributes.AttributeFactory() self.object_factory = factory.ObjectFactory() # TODO (peter-hamilton) Consider adding validation checks for inputs. self.proxy = KMIPProxy(host=hostname, port=port, certfile=cert, keyfile=key, ca_certs=ca, ssl_version=ssl_version, username=username, password=password, config=config) # TODO (peter-hamilton) Add a multiprocessing lock for synchronization. self._is_open = False
def test_close(self): """ Test that calling close on the client works as expected. """ c = KMIPProxy(host="IP_ADDR_1, IP_ADDR_2", port=9090, ca_certs=None) c.socket = mock.MagicMock() c_socket = c.socket c.socket.shutdown.assert_not_called() c.socket.close.assert_not_called() c.close() self.assertEqual(None, c.socket) c_socket.shutdown.assert_called_once_with(socket.SHUT_RDWR) c_socket.close.assert_called_once()
def test_close_with_shutdown_error(self): """ Test that calling close on an unconnected client does not trigger an exception. """ c = KMIPProxy(host="IP_ADDR_1, IP_ADDR_2", port=9090, ca_certs=None) c.socket = mock.MagicMock() c_socket = c.socket c.socket.shutdown.side_effect = OSError c.socket.shutdown.assert_not_called() c.socket.close.assert_not_called() c.close() self.assertEqual(None, c.socket) c_socket.shutdown.assert_called_once_with(socket.SHUT_RDWR) c_socket.close.assert_not_called()
logger = utils.build_console_logger(logging.INFO) # Build and parse arguments parser = utils.build_cli_parser(Operation.REVOKE) opts, args = parser.parse_args(sys.argv[1:]) config = opts.config uuid = opts.uuid # Exit early if the UUID is not specified if uuid is None: logger.error('No UUID provided, exiting early from demo') sys.exit() # Build the client and connect to the server client = KMIPProxy(config=config, config_file=opts.config_file) client.open() # Activate the object result = client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uuid, 'Demo revocation message') client.close() # Display operation results logger.info('revoke() result status: {0}'.format( result.result_status.value)) if result.result_status.value == ResultStatus.SUCCESS: logger.info('revoked UUID: {0}'.format(result.unique_identifier.value)) else: logger.info('revoke() result reason: {0}'.format(
sys.exit() attribute_factory = AttributeFactory() credential_factory = CredentialFactory() # Build the KMIP server account credentials # TODO (peter-hamilton) Move up into KMIPProxy if (username is None) and (password is None): credential = None else: credential_type = CredentialType.USERNAME_AND_PASSWORD credential_value = {'Username': username, 'Password': password} credential = credential_factory.create_credential( credential_type, credential_value) # Build the client and connect to the server client = KMIPProxy(config=config) client.open() algorithm_obj = attribute_factory.create_attribute(attribute_type, algorithm_enum) name_value = Name.NameValue(name) name = Attribute.AttributeName('Name') name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING) value = Name(name_value=name_value, name_type=name_type) name = Attribute(attribute_name=name, attribute_value=value) name = Attribute.AttributeName('Cryptographic Usage Mask') value = CryptographicUsageMask(UsageMaskEnum.ENCRYPT.value | UsageMaskEnum.DECRYPT.value) usage_mask = Attribute(attribute_name=name, attribute_value=value)
from kmip.core.factories import attributes from kmip.pie import factory from kmip.pie import objects from kmip.services.kmip_client import KMIPProxy import logging logging.basicConfig() #Note : cert is the external entry point, key is the client key signed by the root ca, ca is the root ca # Open client client = KMIPProxy(host='ukc-ep', port=5696, certfile='/certs/kmip-client.crt', keyfile='/certs/kmip-client.key', ca_certs='/certs/ukc_root_ca.pem') client.open() # Locate result = client.locate() status = result.result_status.value if status == enums.ResultStatus.SUCCESS: print("Locate succeeded , UIDS : ") for uuid in result.uuids: print(" " + uuid) else: reason = result.result_reason.value message = result.result_message.value
from kmip.services.kmip_client import KMIPProxy km = KMIPProxy() km.open()