def test_list_keys(self):
key1 = sym_key.SymmetricKey('AES', 64 * 8, bytes(b'0' * 64))
self.key_mgr.store(self.context, key1)
key2 = sym_key.SymmetricKey('AES', 32 * 8, bytes(b'0' * 32))
self.key_mgr.store(self.context, key2)
keys = self.key_mgr.list(self.context)
self.assertEqual(2, len(keys))
self.assertTrue(key1 in keys)
self.assertTrue(key2 in keys)
for key in keys:
self.assertIsNotNone(key.id)
def test_list_keys_metadata_only(self):
key1 = sym_key.SymmetricKey('AES', 64 * 8, bytes(b'0' * 64))
self.key_mgr.store(self.context, key1)
key2 = sym_key.SymmetricKey('AES', 32 * 8, bytes(b'0' * 32))
self.key_mgr.store(self.context, key2)
keys = self.key_mgr.list(self.context, metadata_only=True)
self.assertEqual(2, len(keys))
bit_length_list = [key1.bit_length, key2.bit_length]
for key in keys:
self.assertTrue(key.is_metadata_only())
self.assertTrue(key.bit_length in bit_length_list)
for key in keys:
self.assertIsNotNone(key.id)
def test_store_key(self):
key_bytes = bytes(binascii.unhexlify('0' * 64))
_key = key.SymmetricKey('AES', len(key_bytes) * 8, key_bytes)
key_id = self.key_mgr.store(self.ctxt, _key)
actual_key = self.key_mgr.get(self.ctxt, key_id)
self.assertEqual(_key, actual_key)
def _generate_key(self, **kwargs):
name = kwargs.get('name', None)
algorithm = kwargs.get('algorithm', 'AES')
key_length = kwargs.get('length', 256)
_hex = self._generate_hex_key(key_length)
return sym_key.SymmetricKey(algorithm, key_length,
bytes(binascii.unhexlify(_hex)), name)
def test_store_and_get_key(self):
secret_key = bytes(b'0' * 64)
_key = sym_key.SymmetricKey('AES', 64 * 8, secret_key)
key_id = self.key_mgr.store(self.context, _key)
actual_key = self.key_mgr.get(self.context, key_id)
self.assertEqual(_key, actual_key)
def test_get_mangled_passphrase(self):
# Confirm that a mangled passphrase is provided as per bug#1633518
unmangled_raw_key = bytes(binascii.unhexlify('0725230b'))
symmetric_key = key.SymmetricKey('AES', len(unmangled_raw_key) * 8,
unmangled_raw_key)
unmangled_encoded_key = symmetric_key.get_encoded()
self.assertEqual(self.encryptor._get_mangled_passphrase(
unmangled_encoded_key), '72523b')
def test_store_key_and_get_metadata(self):
secret_key = bytes(b'0' * 64)
_key = sym_key.SymmetricKey('AES', 64 * 8, secret_key)
key_id = self.key_mgr.store(self.context, _key)
actual_key = self.key_mgr.get(self.context, key_id, metadata_only=True)
self.assertIsNone(actual_key.get_encoded())
self.assertTrue(actual_key.is_metadata_only())
def test_store_with_error(self):
self.mock_barbican.secrets.create = mock.Mock(
side_effect=barbican_exceptions.HTTPClientError('test error'))
secret_key = bytes(b'\x01\x02\xA0\xB3')
key_length = len(secret_key) * 8
_key = sym_key.SymmetricKey('AES', key_length, secret_key)
self.assertRaises(exception.KeyManagerError, self.key_mgr.store,
self.ctxt, _key)
def setUp(self):
super(ConfKeyManagerTestCase, self).setUp()
self.ctxt = context.RequestContext('fake', 'fake')
self.key_mgr = self._create_key_manager()
encoded_key = bytes(binascii.unhexlify(self._hex_key))
self.key = key.SymmetricKey('AES', len(encoded_key) * 8, encoded_key)
self.key_id = self.key_mgr.key_id
def _get_key(self):
if self.conf.key_manager.fixed_key is None:
raise ValueError(
_('config option key_manager.fixed_key is not '
'defined'))
hex_key = self.conf.key_manager.fixed_key
key_bytes = bytes(binascii.unhexlify(hex_key))
return symmetric_key.SymmetricKey('AES', len(key_bytes) * 8, key_bytes)
def test___eq__(self):
self.assertTrue(self.key == self.key)
self.assertTrue(self.key is self.key)
self.assertFalse(self.key is None)
self.assertFalse(None == self.key)
other_key = sym_key.SymmetricKey(self.algorithm, self.bit_length,
self.encoded, self.name)
self.assertTrue(self.key == other_key)
self.assertFalse(self.key is other_key)
def create_key(self, context, algorithm, length, name=None, **kwargs):
"""Creates a symmetric key."""
# Confirm context is provided, if not raise forbidden
if not context:
msg = _("User is not authorized to use key manager.")
raise exception.Forbidden(msg)
key_id = uuid.uuid4().hex
key_value = os.urandom(length or 32)
key = sym_key.SymmetricKey(algorithm, length or 32, key_value, key_id,
name or int(time.time()))
return self._store_key_value(key_id, key)
def setUp(self):
super(MigrationKeyManagerTestCase, self).setUp()
# Create fake context (actual contents doesn't matter).
self.ctxt = mock.Mock()
fixed_key_bytes = bytes(binascii.unhexlify(self.fixed_key))
fixed_key_length = len(fixed_key_bytes) * 8
self.fixed_key_secret = key.SymmetricKey('AES',
fixed_key_length,
fixed_key_bytes)
self.fixed_key_id = '00000000-0000-0000-0000-000000000000'
self.other_key_id = "d152fa13-2b41-42ca-a934-6c21566c0f40"
def get(self, context, managed_object_id):
if managed_object_id == self.fixed_key_id:
LOG.debug("Processing request for secret associated"
" with fixed_key key ID")
if context is None:
raise exception.Forbidden()
key_bytes = bytes(binascii.unhexlify(self.fixed_key))
secret = symmetric_key.SymmetricKey(
'AES',
len(key_bytes) * 8, key_bytes)
else:
secret = super(MigrationKeyManager,
self).get(context, managed_object_id)
return secret
def create_key(self, context, algorithm, length, name=None, **kwargs):
"""Creates a symmetric key."""
if length % 8:
msg = _("Length must be multiple of 8.")
raise ValueError(msg)
key_id = uuid.uuid4().hex
key_value = os.urandom((length or 256) // 8)
key = sym_key.SymmetricKey(algorithm,
length or 256,
key_value,
key_id,
name or int(time.time()))
return self._store_key_value(key_id, key)
def test_store_key(self):
# Create Key to store
secret_key = bytes(b'\x01\x02\xA0\xB3')
key_length = len(secret_key) * 8
_key = sym_key.SymmetricKey('AES', key_length, secret_key)
# Define the return values
secret = mock.Mock()
self.create.return_value = secret
secret.store.return_value = self.secret_ref
# Store the Key
returned_uuid = self.key_mgr.store(self.ctxt, _key)
self.create.assert_called_once_with(algorithm='AES',
bit_length=key_length,
name=None,
payload=secret_key,
secret_type='symmetric')
self.assertEqual(self.key_id, returned_uuid)
def test___ne___encoded(self):
different_encoded = self.encoded * 2
other_key = sym_key.SymmetricKey(self.algorithm, self.bit_length,
different_encoded, self.name)
self.assertTrue(self.key != other_key)
def test___ne___algorithm(self):
other_key = sym_key.SymmetricKey('DES', self.bit_length, self.encoded,
self.name)
self.assertTrue(self.key != other_key)
def _create_key(self):
return sym_key.SymmetricKey(self.algorithm, self.bit_length,
self.encoded, self.name)
def _get_test_symmetric_key():
key_bytes = bytes(utils.get_symmetric_key())
bit_length = 128
key = symmetric_key.SymmetricKey('AES', bit_length, key_bytes)
return key
def _get_key(self):
key_bytes = bytes(binascii.unhexlify(self._hex_key))
return key.SymmetricKey('AES', len(key_bytes) * 8, key_bytes)
def test_is_only_metadata(self):
k = sym_key.SymmetricKey(self.algorithm, self.bit_length, None,
self.name, self.created)
self.assertTrue(k.is_metadata_only())
def test___ne___name(self):
other_key = sym_key.SymmetricKey(self.algorithm, self.bit_length,
self.encoded, 'other key')
self.assertTrue(self.key != other_key)
def test_store_key_invalid(self):
encoded = bytes(binascii.unhexlify('0' * 64))
inverse_key = key.SymmetricKey('AES', len(encoded) * 8, encoded)
self.assertRaises(exception.KeyManagerError, self.key_mgr.store,
self.ctxt, inverse_key)
def fake__get_key(context, passphrase):
raw = bytes(binascii.unhexlify(passphrase))
symmetric_key = key.SymmetricKey('AES', len(raw) * 8, raw)
return symmetric_key
def fake__get_key(context):
raw = bytes(binascii.unhexlify('0' * 32))
symmetric_key = key.SymmetricKey('AES', len(raw) * 8, raw)
return symmetric_key
def test_get_created_none(self):
created = None
key = sym_key.SymmetricKey(self.algorithm, self.bit_length,
self.encoded, self.name, created)
self.assertEqual(created, key.created)
