def setUp(self): super(WhenTestingKMIPSecretStore, self).setUp() self.kmipclient_mock = mock.MagicMock(name="KMIP client mock") CONF = cfg.CONF CONF.kmip_plugin.keyfile = None self.credential = None self.secret_store = kss.KMIPSecretStore(CONF) self.secret_store.client = self.kmipclient_mock self.secret_store.credential = self.credential self.sample_secret_features = { 'key_format_type': enums.KeyFormatType.RAW, 'key_value': { 'bytes': bytearray(b'\x00\x00\x00') }, 'cryptographic_algorithm': enums.CryptographicAlgorithm.AES, 'cryptographic_length': 128 } self.sample_secret = secrets.SecretFactory().create_secret( enums.ObjectType.SYMMETRIC_KEY, self.sample_secret_features) self.secret_store.client.create = mock.create_autospec( proxy.KMIPProxy.create, return_value=results.CreateResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.register = mock.create_autospec( proxy.KMIPProxy.register, return_value=results.RegisterResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.destroy = mock.create_autospec( proxy.KMIPProxy.destroy, return_value=results.DestroyResult( contents.ResultStatus(enums.ResultStatus.SUCCESS))) self.secret_store.client.get = mock.create_autospec( proxy.KMIPProxy.get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=self.sample_secret)) self.attribute_factory = attributes.AttributeFactory()
def test_mac_on_invalid_inputs(self): """ Test that a TypeError exception is raised when wrong type of arguments are given to mac operation. """ uuid = 'aaaaaaaa-1111-2222-3333-ffffffffffff' uuid_invalid = int(123) algorithm = enums.CryptographicAlgorithm.HMAC_SHA256 algorithm_invalid = enums.CryptographicUsageMask.MAC_GENERATE data = (b'\x00\x01\x02\x03\x04') data_invalid = int(123) result = results.MACResult(contents.ResultStatus( enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier(uuid), mac_data=obj.MACData(data)) args = [uuid_invalid, algorithm, data] with ProxyKmipClient() as client: client.proxy.mac.return_value = result self.assertRaises(TypeError, client.mac, *args) args = [uuid, algorithm_invalid, data] with ProxyKmipClient() as client: client.proxy.mac.return_value = result self.assertRaises(TypeError, client.mac, *args) args = [uuid, algorithm, data_invalid] with ProxyKmipClient() as client: client.proxy.mac.return_value = result self.assertRaises(TypeError, client.mac, *args)
def test_create(self): """ Test that a symmetric key can be created with proper inputs and that its UID is returned properly. """ # Create the template to test the create call algorithm = enums.CryptographicAlgorithm.AES length = 256 algorithm_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm) length_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length) mask_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [ enums.CryptographicUsageMask.ENCRYPT, enums.CryptographicUsageMask.DECRYPT ]) attributes = [algorithm_attribute, length_attribute, mask_attribute] template = obj.TemplateAttribute(attributes=attributes) key_id = 'aaaaaaaa-1111-2222-3333-ffffffffffff' status = enums.ResultStatus.SUCCESS result = results.CreateResult(contents.ResultStatus(status), uuid=attr.UniqueIdentifier(key_id)) with ProxyKmipClient() as client: client.proxy.create.return_value = result uid = client.create(algorithm, length) client.proxy.create.assert_called_with( enums.ObjectType.SYMMETRIC_KEY, template) self.assertIsInstance(uid, six.string_types) self.assertEqual(uid, key_id)
def _process_destroy(self, payload): self._logger.info("Processing operation: Destroy") if payload.unique_identifier: unique_identifier = payload.unique_identifier.value else: unique_identifier = self._id_placeholder self._get_object_type(unique_identifier) # TODO (peterhamilton) Process attributes to see if destroy possible # 1. Check object state. If invalid, error out. # 2. Check object deactivation date. If invalid, error out. self._logger.info( "Destroying an object with ID: {0}".format(unique_identifier) ) self._data_session.query(objects.ManagedObject).filter( objects.ManagedObject.unique_identifier == unique_identifier ).delete() response_payload = destroy.DestroyResponsePayload( unique_identifier=attributes.UniqueIdentifier(unique_identifier) ) self._data_session.commit() return response_payload
def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0): """ Read the data encoding the RevokeRequestPayload object and decode it into its constituent parts. Args: istream (Stream): A data stream containing encoded object data, supporting a read method; usually a BytearrayStream object. kmip_version (KMIPVersion): An enumeration defining the KMIP version with which the object will be decoded. Optional, defaults to KMIP 1.0. """ super(RevokeRequestPayload, self).read(istream, kmip_version=kmip_version) tstream = BytearrayStream(istream.read(self.length)) self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream, kmip_version=kmip_version) self.revocation_reason = objects.RevocationReason() self.revocation_reason.read(tstream, kmip_version=kmip_version) if self.is_tag_next(enums.Tags.COMPROMISE_OCCURRENCE_DATE, tstream): self.compromise_occurrence_date = primitives.DateTime( tag=enums.Tags.COMPROMISE_OCCURRENCE_DATE) self.compromise_occurrence_date.read(tstream, kmip_version=kmip_version) self.is_oversized(tstream) self.validate()
def _mac(self, unique_identifier=None, cryptographic_parameters=None, data=None, credential=None): operation = Operation(OperationEnum.MAC) req_pl = mac.MACRequestPayload( unique_identifier=attr.UniqueIdentifier(unique_identifier), cryptographic_parameters=cryptographic_parameters, data=objects.Data(data)) batch_item = messages.RequestBatchItem(operation=operation, request_payload=req_pl) message = self._build_request_message(credential, [batch_item]) self._send_message(message) message = messages.ResponseMessage() data = self._receive_message() message.read(data) batch_items = message.batch_items batch_item = batch_items[0] payload = batch_item.response_payload if payload is None: payload_unique_identifier = None payload_mac_data = None else: payload_unique_identifier = payload.unique_identifier payload_mac_data = payload.mac_data result = MACResult(batch_item.result_status, batch_item.result_reason, batch_item.result_message, payload_unique_identifier, payload_mac_data) return result
def setUp(self): super(TestMACResponsePayload, self).setUp() self.unique_identifier = attributes.UniqueIdentifier(value='1') self.mac_data = objects.MACData(value=( b'\x99\x8b\x55\x59\x90\x9b\x85\x87\x5b\x90\x63\x13\x12\xbb\x32\x9f' b'\x6a\xc4\xed\x97\x6e\xac\x99\xe5\x21\x53\xc4\x19\x28\xf2\x2a\x5b' b'\xef\x79\xa4\xbe\x05\x3b\x31\x49\x19\xe0\x75\x23\xb9\xbe\xc8\x23' b'\x35\x60\x7e\x49\xba\xa9\x7e\xe0\x9e\x6b\x3d\x55\xf4\x51\xff\x7c' )) self.encoding_full = utils.BytearrayStream(( b'\x42\x00\x7c\x01\x00\x00\x00\x58\x42\x00\x94\x07\x00\x00\x00\x01' b'\x31\x00\x00\x00\x00\x00\x00\x00\x42\x00\xc6\x08\x00\x00\x00\x40' b'\x99\x8b\x55\x59\x90\x9b\x85\x87\x5b\x90\x63\x13\x12\xbb\x32\x9f' b'\x6a\xc4\xed\x97\x6e\xac\x99\xe5\x21\x53\xc4\x19\x28\xf2\x2a\x5b' b'\xef\x79\xa4\xbe\x05\x3b\x31\x49\x19\xe0\x75\x23\xb9\xbe\xc8\x23' b'\x35\x60\x7e\x49\xba\xa9\x7e\xe0\x9e\x6b\x3d\x55\xf4\x51\xff\x7c' )) self.encoding_no_unique_identifier = utils.BytearrayStream(( b'\x42\x00\x7c\x01\x00\x00\x00\x48\x42\x00\xc6\x08\x00\x00\x00\x40' b'\x99\x8b\x55\x59\x90\x9b\x85\x87\x5b\x90\x63\x13\x12\xbb\x32\x9f' b'\x6a\xc4\xed\x97\x6e\xac\x99\xe5\x21\x53\xc4\x19\x28\xf2\x2a\x5b' b'\xef\x79\xa4\xbe\x05\x3b\x31\x49\x19\xe0\x75\x23\xb9\xbe\xc8\x23' b'\x35\x60\x7e\x49\xba\xa9\x7e\xe0\x9e\x6b\x3d\x55\xf4\x51\xff\x7c' )) self.encoding_no_mac_data = utils.BytearrayStream(( b'\x42\x00\x7c\x01\x00\x00\x00\x10\x42\x00\x94\x07\x00\x00\x00\x01' b'\x31\x00\x00\x00\x00\x00\x00\x00'))
def _destroy(self, unique_identifier=None, credential=None): operation = Operation(OperationEnum.DESTROY) uuid = None if unique_identifier is not None: uuid = attr.UniqueIdentifier(unique_identifier) payload = destroy.DestroyRequestPayload(unique_identifier=uuid) batch_item = messages.RequestBatchItem(operation=operation, request_payload=payload) message = self._build_request_message(credential, [batch_item]) self._send_message(message) message = messages.ResponseMessage() data = self._receive_message() message.read(data) batch_items = message.batch_items batch_item = batch_items[0] payload = batch_item.response_payload if payload is None: payload_unique_identifier = None else: payload_unique_identifier = payload.unique_identifier result = DestroyResult(batch_item.result_status, batch_item.result_reason, batch_item.result_message, payload_unique_identifier) return result
def read(self, istream): super(DestroyResponsePayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream) self.is_oversized(tstream) self.validate()
def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0): super(DestroyResponsePayload, self).read(istream, kmip_version=kmip_version) tstream = BytearrayStream(istream.read(self.length)) self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream, kmip_version=kmip_version) self.is_oversized(tstream) self.validate()
def read(self, istream): super(DestroyRequestPayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) if self.is_tag_next(Tags.UNIQUE_IDENTIFIER, tstream): self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream) self.is_oversized(tstream) self.validate()
def _get(self, unique_identifier=None, key_format_type=None, key_compression_type=None, key_wrapping_specification=None, credential=None): operation = Operation(OperationEnum.GET) uuid = None kft = None kct = None kws = None if unique_identifier is not None: uuid = attr.UniqueIdentifier(unique_identifier) if key_format_type is not None: kft = get.GetRequestPayload.KeyFormatType(key_format_type.value) if key_compression_type is not None: kct = key_compression_type kct = get.GetRequestPayload.KeyCompressionType(kct) if key_wrapping_specification is not None: kws = objects.KeyWrappingSpecification(key_wrapping_specification) req_pl = get.GetRequestPayload(unique_identifier=uuid, key_format_type=kft, key_compression_type=kct, key_wrapping_specification=kws) batch_item = messages.RequestBatchItem(operation=operation, request_payload=req_pl) message = self._build_request_message(credential, [batch_item]) self._send_message(message) message = messages.ResponseMessage() data = self._receive_message() message.read(data) batch_items = message.batch_items batch_item = batch_items[0] payload = batch_item.response_payload if payload is None: payload_unique_identifier = None payload_object_type = None payload_secret = None else: payload_unique_identifier = payload.unique_identifier payload_object_type = payload.object_type payload_secret = payload.secret result = GetResult(batch_item.result_status, batch_item.result_reason, batch_item.result_message, payload_object_type, payload_unique_identifier, payload_secret) return result
def setUp(self): super(TestActivateRequestPayload, self).setUp() self.uuid = attributes.UniqueIdentifier( '668eff89-3010-4258-bc0e-8c402309c746') self.encoding_a = utils.BytearrayStream(( b'\x42\x00\x79\x01\x00\x00\x00\x30\x42\x00\x94\x07\x00\x00\x00\x24' b'\x36\x36\x38\x65\x66\x66\x38\x39\x2D\x33\x30\x31\x30\x2D\x34\x32' b'\x35\x38\x2D\x62\x63\x30\x65\x2D\x38\x63\x34\x30\x32\x33\x30\x39' b'\x63\x37\x34\x36\x00\x00\x00\x00'))
def read(self, istream): super(LocateResponsePayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) while self.is_tag_next(Tags.UNIQUE_IDENTIFIER, tstream): ui = attributes.UniqueIdentifier() ui.read(tstream) self.unique_identifiers.append(ui) self.is_oversized(tstream) self.validate()
def _process_register(self, payload): self._logger.info("Processing operation: Register") object_type = payload.object_type.value template_attribute = payload.template_attribute if self._object_map.get(object_type) is None: name = object_type.name raise exceptions.InvalidField( "The {0} object type is not supported.".format(''.join( [x.capitalize() for x in name.split('_')]))) if payload.secret: secret = payload.secret else: # TODO (peterhamilton) It is possible to register 'empty' secrets # like Private Keys. For now, that feature is not supported. raise exceptions.InvalidField( "Cannot register a secret in absentia.") object_attributes = {} if template_attribute: object_attributes = self._process_template_attribute( template_attribute) managed_object_factory = factory.ObjectFactory() managed_object = managed_object_factory.convert(secret) managed_object.names = [] self._set_attributes_on_managed_object(managed_object, object_attributes) # TODO (peterhamilton) Set additional server-only attributes. managed_object._owner = self._client_identity self._data_session.add(managed_object) # NOTE (peterhamilton) SQLAlchemy will *not* assign an ID until # commit is called. This makes future support for UNDO problematic. self._data_session.commit() self._logger.info("Registered a {0} with ID: {1}".format( ''.join([x.capitalize() for x in object_type.name.split('_')]), managed_object.unique_identifier)) response_payload = register.RegisterResponsePayload( unique_identifier=attributes.UniqueIdentifier( str(managed_object.unique_identifier))) self._id_placeholder = str(managed_object.unique_identifier) return response_payload
def read(self, istream): super(RegisterResponsePayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream) if self.is_tag_next(Tags.TEMPLATE_ATTRIBUTE, tstream): self.template_attribute = TemplateAttribute() self.template_attribute.read(tstream) self.is_oversized(tstream) self.validate()
def __init__(self, unique_identifier=None): """ Construct a RevokeResponsePayload object. Args: unique_identifier (UniqueIdentifier): The UUID of a managed cryptographic object. """ super(RevokeResponsePayload, self).__init__() if unique_identifier is None: self.unique_identifier = attributes.UniqueIdentifier() else: self.unique_identifier = unique_identifier self.validate()
def read(self, istream): super(KeyInformation, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream) if self.is_tag_next(Tags.CRYPTOGRAPHIC_PARAMETERS, tstream): self.cryptographic_parameters = CryptographicParameters() self.cryptographic_parameters.read(tstream) self.is_oversized(tstream) self.validate()
def __init__(self, unique_identifier=None): """ Construct a ActivateResponsePayload object. Args: unique_identifier (UniqueIdentifier): The UUID of a managed cryptographic object. """ super(ActivateResponsePayload, self).__init__(tag=enums.Tags.RESPONSE_PAYLOAD) if unique_identifier is None: self.unique_identifier = attributes.UniqueIdentifier() else: self.unique_identifier = unique_identifier self.validate()
def read(self, istream): """ Read the data encoding the RevokeResponsePayload object and decode it into its constituent parts. Args: istream (Stream): A data stream containing encoded object data, supporting a read method; usually a BytearrayStream object. """ super(RevokeResponsePayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream) self.is_oversized(tstream) self.validate()
def read(self, istream): super(GetResponsePayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.object_type = attributes.ObjectType() self.unique_identifier = attributes.UniqueIdentifier() self.object_type.read(tstream) self.unique_identifier.read(tstream) secret_type = self.object_type.value self.secret = self.secret_factory.create(secret_type) self.secret.read(tstream) self.is_oversized(tstream) self.validate()
def test_mac(self): """ Test the MAC client with proper input. """ uuid = 'aaaaaaaa-1111-2222-3333-ffffffffffff' algorithm = enums.CryptographicAlgorithm.HMAC_SHA256 data = (b'\x00\x01\x02\x03\x04') result = results.MACResult(contents.ResultStatus( enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier(uuid), mac_data=obj.MACData(data)) with ProxyKmipClient() as client: client.proxy.mac.return_value = result uid, mac_data = client.mac(uuid, algorithm, data) self.assertEqual(uid, uuid) self.assertEqual(mac_data, data)
def _process_activate(self, payload): self._logger.info("Processing operation: Activate") if payload.unique_identifier: unique_identifier = payload.unique_identifier.value else: unique_identifier = self._id_placeholder object_type = self._get_object_type(unique_identifier) managed_object = self._data_session.query(object_type).filter( object_type.unique_identifier == unique_identifier).one() # Determine if the request should be carried out under the object's # operation policy. If not, feign ignorance of the object. is_allowed = self._is_allowed_by_operation_policy( managed_object.operation_policy_name, self._client_identity, managed_object._owner, managed_object._object_type, enums.Operation.ACTIVATE) if not is_allowed: raise exceptions.ItemNotFound( "Could not locate object: {0}".format(unique_identifier)) object_type = managed_object._object_type if not hasattr(managed_object, 'state'): raise exceptions.IllegalOperation( "An {0} object has no state and cannot be activated.".format( ''.join([ x.capitalize() for x in object_type.name.split('_') ]))) if managed_object.state != enums.State.PRE_ACTIVE: raise exceptions.PermissionDenied( "The object state is not pre-active and cannot be activated.") managed_object.state = enums.State.ACTIVE self._data_session.commit() response_payload = activate.ActivateResponsePayload( unique_identifier=attributes.UniqueIdentifier(unique_identifier)) return response_payload
def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0): super(MACResponsePayload, self).read(istream, kmip_version=kmip_version) tstream = BytearrayStream(istream.read(self.length)) if self.is_tag_next(Tags.UNIQUE_IDENTIFIER, tstream): self._unique_identifier = attributes.UniqueIdentifier() self._unique_identifier.read(tstream, kmip_version=kmip_version) else: raise exceptions.InvalidKmipEncoding( "expected mac response unique identifier not found") if self.is_tag_next(Tags.MAC_DATA, tstream): self._mac_data = MACData() self._mac_data.read(tstream, kmip_version=kmip_version) else: raise exceptions.InvalidKmipEncoding( "expected mac response mac data not found") self.is_oversized(tstream)
def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0): """ Read the data encoding the ActivateRequestPayload object and decode it into its constituent parts. Args: istream (Stream): A data stream containing encoded object data, supporting a read method; usually a BytearrayStream object. kmip_version (KMIPVersion): An enumeration defining the KMIP version with which the object will be decoded. Optional, defaults to KMIP 1.0. """ super(ActivateRequestPayload, self).read(istream, kmip_version=kmip_version) tstream = BytearrayStream(istream.read(self.length)) self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream, kmip_version=kmip_version) self.is_oversized(tstream) self.validate()
def test_create_with_name(self): """ Test that a symmetric key can be created with proper inputs, specifically testing that the name is correctly sent with the request. """ # Create the template to test the create call algorithm = enums.CryptographicAlgorithm.AES length = 256 algorithm_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm) length_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length) mask_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [ enums.CryptographicUsageMask.ENCRYPT, enums.CryptographicUsageMask.DECRYPT ]) key_name = "symmetrickey" name_attribute = self.attribute_factory.create_attribute( enums.AttributeType.NAME, key_name) key_attributes = [ algorithm_attribute, length_attribute, mask_attribute, name_attribute ] template = obj.TemplateAttribute(attributes=key_attributes) key_id = 'aaaaaaaa-1111-2222-3333-ffffffffffff' status = enums.ResultStatus.SUCCESS result = results.CreateResult(contents.ResultStatus(status), uuid=attr.UniqueIdentifier(key_id)) with ProxyKmipClient() as client: client.proxy.create.return_value = result client.create(algorithm, length, name=key_name) client.proxy.create.assert_called_with( enums.ObjectType.SYMMETRIC_KEY, template)
def _process_destroy(self, payload): self._logger.info("Processing operation: Destroy") if payload.unique_identifier: unique_identifier = payload.unique_identifier.value else: unique_identifier = self._id_placeholder object_type = self._get_object_type(unique_identifier) # TODO (peterhamilton) Process attributes to see if destroy possible # 1. Check object state. If invalid, error out. # 2. Check object deactivation date. If invalid, error out. managed_object = self._data_session.query(object_type).filter( object_type.unique_identifier == unique_identifier).one() # Determine if the request should be carried out under the object's # operation policy. If not, feign ignorance of the object. is_allowed = self._is_allowed_by_operation_policy( managed_object.operation_policy_name, self._client_identity, managed_object._owner, managed_object._object_type, enums.Operation.DESTROY) if not is_allowed: raise exceptions.ItemNotFound( "Could not locate object: {0}".format(unique_identifier)) self._logger.info( "Destroying an object with ID: {0}".format(unique_identifier)) self._data_session.query(objects.ManagedObject).filter( objects.ManagedObject.unique_identifier == unique_identifier).delete() response_payload = destroy.DestroyResponsePayload( unique_identifier=attributes.UniqueIdentifier(unique_identifier)) self._data_session.commit() return response_payload
def read(self, istream): super(GetRequestPayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) if self.is_tag_next(Tags.UNIQUE_IDENTIFIER, tstream): self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream) if self.is_tag_next(Tags.KEY_FORMAT_TYPE, tstream): self.key_format_type = GetRequestPayload.KeyFormatType() self.key_format_type.read(tstream) if self.is_tag_next(Tags.KEY_COMPRESSION_TYPE, tstream): self.key_compression_type = GetRequestPayload.KeyCompressionType() self.key_compression_type.read(tstream) if self.is_tag_next(Tags.KEY_WRAPPING_SPECIFICATION, tstream): self.key_wrapping_specification = KeyWrappingSpecification() self.key_wrapping_specification.read(tstream) self.is_oversized(tstream) self.validate()
def _revoke(self, unique_identifier=None, revocation_code=None, revocation_message=None, credential=None): operation = Operation(OperationEnum.REVOKE) reason = objects.RevocationReason(code=revocation_code, message=revocation_message) uuid = None if unique_identifier is not None: uuid = attr.UniqueIdentifier(unique_identifier) payload = revoke.RevokeRequestPayload( unique_identifier=uuid, revocation_reason=reason, compromise_date=None) # TODO(tim-kelsey): sort out date handling batch_item = messages.RequestBatchItem(operation=operation, request_payload=payload) message = self._build_request_message(credential, [batch_item]) self._send_message(message) message = messages.ResponseMessage() data = self._receive_message() message.read(data) batch_items = message.batch_items batch_item = batch_items[0] payload = batch_item.response_payload if payload is None: payload_unique_identifier = None else: payload_unique_identifier = payload.unique_identifier result = RevokeResult(batch_item.result_status, batch_item.result_reason, batch_item.result_message, payload_unique_identifier) return result
def read(self, istream): super(MACRequestPayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) if self.is_tag_next(Tags.UNIQUE_IDENTIFIER, tstream): self.unique_identifier = attributes.UniqueIdentifier() self.unique_identifier.read(tstream) if self.is_tag_next(Tags.CRYPTOGRAPHIC_PARAMETERS, tstream): self.cryptographic_parameters = \ attributes.CryptographicParameters() self.cryptographic_parameters.read(tstream) if self.is_tag_next(Tags.DATA, tstream): self.data = Data() self.data.read(tstream) else: raise exceptions.InvalidKmipEncoding( "expected mac request data not found" ) self.is_oversized(tstream)