def setUp(self): super(WhenTestingKMIPSecretStore, self).setUp() self.kmipclient_mock = mock.MagicMock(name="KMIP client mock") CONF = cfg.CONF CONF.kmip_plugin.keyfile = None self.credential = None self.secret_store = kss.KMIPSecretStore(CONF) self.secret_store.client = self.kmipclient_mock self.secret_store.credential = self.credential self.sample_secret_features = { 'key_format_type': enums.KeyFormatType.RAW, 'key_value': { 'bytes': bytearray(b'\x00\x00\x00') }, 'cryptographic_algorithm': enums.CryptographicAlgorithm.AES, 'cryptographic_length': 128 } self.sample_secret = secrets.SecretFactory().create_secret( enums.ObjectType.SYMMETRIC_KEY, self.sample_secret_features) self.secret_store.client.create = mock.create_autospec( proxy.KMIPProxy.create, return_value=results.CreateResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.register = mock.create_autospec( proxy.KMIPProxy.register, return_value=results.RegisterResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.destroy = mock.create_autospec( proxy.KMIPProxy.destroy, return_value=results.DestroyResult( contents.ResultStatus(enums.ResultStatus.SUCCESS))) self.secret_store.client.get = mock.create_autospec( proxy.KMIPProxy.get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=self.sample_secret)) self.attribute_factory = attributes.AttributeFactory()
def test_get(self): """ Test that a secret can be retrieved with proper input. """ # Key encoding obtained from Section 14.2 of the KMIP 1.1 test # documentation. secret = objects.SymmetricKey( enums.CryptographicAlgorithm.AES, 128, (b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E' b'\x0F')) fact = factory.ObjectFactory() result = results.GetResult(contents.ResultStatus( enums.ResultStatus.SUCCESS), uuid=attr.PublicKeyUniqueIdentifier( 'aaaaaaaa-1111-2222-3333-ffffffffffff'), secret=fact.convert(secret)) with ProxyKmipClient() as client: client.proxy.get.return_value = result result = client.get('aaaaaaaa-1111-2222-3333-ffffffffffff') client.proxy.get.assert_called_with( 'aaaaaaaa-1111-2222-3333-ffffffffffff') self.assertIsInstance(result, objects.SymmetricKey) self.assertEqual(result, secret)
def test_mac_on_operation_failure(self): """ Test that a KmipOperationFailure exception is raised when the backend fails to generate MAC. """ uuid = 'aaaaaaaa-1111-2222-3333-ffffffffffff' algorithm = enums.CryptographicAlgorithm.HMAC_SHA256 data = (b'\x00\x01\x02\x03\x04') status = enums.ResultStatus.OPERATION_FAILED reason = enums.ResultReason.GENERAL_FAILURE message = "Test failure message" result = results.OperationResult(contents.ResultStatus(status), contents.ResultReason(reason), contents.ResultMessage(message)) error_msg = str(KmipOperationFailure(status, reason, message)) client = ProxyKmipClient() client.open() client.proxy.mac.return_value = result args = [uuid, algorithm, data] self.assertRaisesRegexp(KmipOperationFailure, error_msg, client.mac, *args)
def test_mac_on_invalid_inputs(self): """ Test that a TypeError exception is raised when wrong type of arguments are given to mac operation. """ uuid = 'aaaaaaaa-1111-2222-3333-ffffffffffff' uuid_invalid = int(123) algorithm = enums.CryptographicAlgorithm.HMAC_SHA256 algorithm_invalid = enums.CryptographicUsageMask.MAC_GENERATE data = (b'\x00\x01\x02\x03\x04') data_invalid = int(123) result = results.MACResult(contents.ResultStatus( enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier(uuid), mac_data=obj.MACData(data)) args = [uuid_invalid, algorithm, data] with ProxyKmipClient() as client: client.proxy.mac.return_value = result self.assertRaises(TypeError, client.mac, *args) args = [uuid, algorithm_invalid, data] with ProxyKmipClient() as client: client.proxy.mac.return_value = result self.assertRaises(TypeError, client.mac, *args) args = [uuid, algorithm, data_invalid] with ProxyKmipClient() as client: client.proxy.mac.return_value = result self.assertRaises(TypeError, client.mac, *args)
def test_get_attributes(self): """ Test that a secret's attributes can be retrieved with proper input. """ result = results.GetAttributesResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid='aaaaaaaa-1111-2222-3333-ffffffffffff', attributes=[ obj.Attribute( attribute_name=obj.Attribute.AttributeName('Name'), attribute_index=obj.Attribute.AttributeIndex(0), attribute_value=attr.Name( name_value=attr.Name.NameValue('Test Name'), name_type=attr.Name.NameType( enums.NameType.UNINTERPRETED_TEXT_STRING))), obj.Attribute( attribute_name=obj.Attribute.AttributeName('Object Type'), attribute_value=attr.ObjectType( enums.ObjectType.SYMMETRIC_KEY)) ]) with ProxyKmipClient() as client: client.proxy.get_attributes.return_value = result result = client.get_attributes( 'aaaaaaaa-1111-2222-3333-ffffffffffff', ['Name', 'Object Type']) client.proxy.get_attributes.assert_called_with( 'aaaaaaaa-1111-2222-3333-ffffffffffff', ['Name', 'Object Type']) self.assertIsInstance(result[0], six.string_types) self.assertIsInstance(result[1], list) for r in result[1]: self.assertIsInstance(r, obj.Attribute)
def test_register_on_operation_failure(self): """ Test that a KmipOperationFailure exception is raised when the backend fails to register a key. """ status = enums.ResultStatus.OPERATION_FAILED reason = enums.ResultReason.GENERAL_FAILURE message = "Test failure message" result = results.OperationResult(contents.ResultStatus(status), contents.ResultReason(reason), contents.ResultMessage(message)) error_msg = str(KmipOperationFailure(status, reason, message)) # Key encoding obtained from Section 14.2 of the KMIP 1.1 test # documentation. key_value = ( b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E' b'\x0F') key = objects.SymmetricKey(enums.CryptographicAlgorithm.AES, 128, key_value) client = ProxyKmipClient() client.open() client.proxy.register.return_value = result args = [key] self.assertRaisesRegexp(KmipOperationFailure, error_msg, client.register, *args)
def test_create(self): """ Test that a symmetric key can be created with proper inputs and that its UID is returned properly. """ # Create the template to test the create call algorithm = enums.CryptographicAlgorithm.AES length = 256 algorithm_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm) length_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length) mask_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [ enums.CryptographicUsageMask.ENCRYPT, enums.CryptographicUsageMask.DECRYPT ]) attributes = [algorithm_attribute, length_attribute, mask_attribute] template = obj.TemplateAttribute(attributes=attributes) key_id = 'aaaaaaaa-1111-2222-3333-ffffffffffff' status = enums.ResultStatus.SUCCESS result = results.CreateResult(contents.ResultStatus(status), uuid=attr.UniqueIdentifier(key_id)) with ProxyKmipClient() as client: client.proxy.create.return_value = result uid = client.create(algorithm, length) client.proxy.create.assert_called_with( enums.ObjectType.SYMMETRIC_KEY, template) self.assertIsInstance(uid, six.string_types) self.assertEqual(uid, key_id)
def test_delete_secret_server_error_occurs(self): self.secret_store.client.destroy = mock.MagicMock( proxy.KMIPProxy().destroy, return_value=results.DestroyResult( contents.ResultStatus(enums.ResultStatus.OPERATION_FAILED))) metadata = {kss.KMIPSecretStore.KEY_UUID: self.symmetric_key_uuid} self.assertRaises(secret_store.SecretGeneralException, self.secret_store.delete_secret, metadata)
def test_delete_secret_error_occurs(self): self.secret_store.client.destroy = mock.create_autospec( proxy.KMIPProxy.destroy, return_value=results.DestroyResult( contents.ResultStatus(enums.ResultStatus.OPERATION_FAILED))) metadata = {kss.KMIPSecretStore.KEY_UUID: 'uuid'} self.assertRaises(secret_store.SecretGeneralException, self.secret_store.delete_secret, metadata)
def test_create_key_pair_with_key_names(self): """ Test that an asymmetric key pair can be created with proper inputs, specifically testing that the private / public names are correctly sent with the request """ # Create the template to test the create key pair call algorithm = enums.CryptographicAlgorithm.RSA length = 2048 algorithm_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm) length_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length) mask_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [ enums.CryptographicUsageMask.ENCRYPT, enums.CryptographicUsageMask.DECRYPT ]) private_name_attribute = self.attribute_factory.create_attribute( enums.AttributeType.NAME, "private") public_name_attribute = self.attribute_factory.create_attribute( enums.AttributeType.NAME, "public") pair_attributes = [ algorithm_attribute, length_attribute, mask_attribute ] template = obj.CommonTemplateAttribute(attributes=pair_attributes) private_template = obj.PrivateKeyTemplateAttribute( names=[private_name_attribute]) public_template = obj.PublicKeyTemplateAttribute( names=[public_name_attribute]) status = enums.ResultStatus.SUCCESS result = results.CreateKeyPairResult( contents.ResultStatus(status), public_key_uuid=attr.PublicKeyUniqueIdentifier( 'aaaaaaaa-1111-2222-3333-ffffffffffff'), private_key_uuid=attr.PrivateKeyUniqueIdentifier( 'ffffffff-3333-2222-1111-aaaaaaaaaaaa')) with ProxyKmipClient() as client: client.proxy.create_key_pair.return_value = result public_uid, private_uid = client.create_key_pair( enums.CryptographicAlgorithm.RSA, 2048, public_name="public", private_name="private") kwargs = { 'common_template_attribute': template, 'private_key_template_attribute': private_template, 'public_key_template_attribute': public_template } client.proxy.create_key_pair.assert_called_with(**kwargs)
def test_generate_symmetric_key_error_occurs(self): self.secret_store.client.create = mock.create_autospec( proxy.KMIPProxy.create, return_value=results.CreateResult( contents.ResultStatus(enums.ResultStatus.OPERATION_FAILED))) key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.AES, 128, 'mode') self.assertRaises(secret_store.SecretGeneralException, self.secret_store.generate_symmetric_key, key_spec)
def test_generate_asymmetric_key_server_error_occurs(self): self.secret_store.client.create_key_pair = mock.MagicMock( proxy.KMIPProxy().create_key_pair, return_value=results.CreateKeyPairResult( contents.ResultStatus(enums.ResultStatus.OPERATION_FAILED))) key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048, 'mode') self.assertRaises(secret_store.SecretGeneralException, self.secret_store.generate_asymmetric_key, key_spec)
def test_handle_message_loop(self, request_mock): """ Test that the correct logging and error handling occurs during the message handling loop. """ data = utils.BytearrayStream() # Build a response and use it as a dummy processing result. batch_item = messages.ResponseBatchItem( result_status=contents.ResultStatus(enums.ResultStatus.SUCCESS), result_reason=contents.ResultReason( enums.ResultReason.OBJECT_ARCHIVED), result_message=contents.ResultMessage("Test message.")) batch_items = [batch_item] header = messages.ResponseHeader( protocol_version=contents.ProtocolVersion(1, 0), time_stamp=contents.TimeStamp(int(time.time())), batch_count=contents.BatchCount(len(batch_items))) message = messages.ResponseMessage(response_header=header, batch_items=batch_items) kmip_engine = engine.KmipEngine() kmip_engine._logger = mock.MagicMock() kmip_session = session.KmipSession(kmip_engine, None, 'name') kmip_session._engine = mock.MagicMock() kmip_session._get_client_identity = mock.MagicMock() kmip_session._get_client_identity.return_value = 'test' kmip_session._engine.process_request = mock.MagicMock( return_value=(message, kmip_session._max_response_size)) kmip_session._logger = mock.MagicMock() kmip_session._connection = mock.MagicMock() kmip_session._connection.shared_ciphers = mock.MagicMock( return_value=[('AES128-SHA256', 'TLSv1/SSLv3', 128), ('AES256-SHA256', 'TLSv1/SSLv3', 256)]) kmip_session._connection.cipher = mock.MagicMock( return_value=('AES128-SHA256', 'TLSv1/SSLv3', 128)) kmip_session._receive_request = mock.MagicMock(return_value=data) kmip_session._send_response = mock.MagicMock() kmip_session._handle_message_loop() kmip_session._receive_request.assert_called_once_with() kmip_session._logger.info.assert_not_called() kmip_session._logger.debug.assert_any_call( "Possible session ciphers: 2") kmip_session._logger.debug.assert_any_call( ('AES128-SHA256', 'TLSv1/SSLv3', 128)) kmip_session._logger.debug.assert_any_call( ('AES256-SHA256', 'TLSv1/SSLv3', 256)) kmip_session._logger.debug.assert_any_call( "Session cipher selected: {0}".format( ('AES128-SHA256', 'TLSv1/SSLv3', 128))) kmip_session._logger.warning.assert_not_called() kmip_session._logger.exception.assert_not_called() self.assertTrue(kmip_session._send_response.called)
def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0): super(ResponseBatchItem, self).read( istream, kmip_version=kmip_version ) tstream = BytearrayStream(istream.read(self.length)) # Read the batch item operation if it is present if self.is_tag_next(Tags.OPERATION, tstream): self.operation = contents.Operation() self.operation.read(tstream, kmip_version=kmip_version) # Read the unique batch item ID if it is present if self.is_tag_next(Tags.UNIQUE_BATCH_ITEM_ID, tstream): self.unique_batch_item_id = contents.UniqueBatchItemID() self.unique_batch_item_id.read(tstream, kmip_version=kmip_version) # Read the batch item result status self.result_status = contents.ResultStatus() self.result_status.read(tstream, kmip_version=kmip_version) # Read the batch item result reason if it is present if self.is_tag_next(Tags.RESULT_REASON, tstream): self.result_reason = contents.ResultReason() self.result_reason.read(tstream, kmip_version=kmip_version) # Read the batch item result message if it is present if self.is_tag_next(Tags.RESULT_MESSAGE, tstream): self.result_message = contents.ResultMessage() self.result_message.read(tstream, kmip_version=kmip_version) # Read the batch item asynchronous correlation value if it is present if self.is_tag_next(Tags.ASYNCHRONOUS_CORRELATION_VALUE, tstream): self.async_correlation_value = AsynchronousCorrelationValue() self.async_correlation_value.read( tstream, kmip_version=kmip_version ) if (self.operation is not None): # Dynamically create the response payload class that belongs to the # operation expected = self.payload_factory.create(self.operation.value) if self.is_tag_next(expected.tag, tstream): self.response_payload = expected self.response_payload.read(tstream, kmip_version=kmip_version) # Read the message extension if it is present if self.is_tag_next(Tags.MESSAGE_EXTENSION, tstream): self.message_extension = contents.MessageExtension() self.message_extension.read(tstream, kmip_version=kmip_version) self.is_oversized(tstream) self.validate()
def test_destroy(self): """ Test that the client can destroy a secret. """ status = enums.ResultStatus.SUCCESS result = results.OperationResult(contents.ResultStatus(status)) with ProxyKmipClient() as client: client.proxy.destroy.return_value = result result = client.destroy('aaaaaaaa-1111-2222-3333-ffffffffffff') client.proxy.destroy.assert_called_with( 'aaaaaaaa-1111-2222-3333-ffffffffffff') self.assertEqual(None, result)
def test_get_secret_symmetric_return_value_invalid_key_value_type(self): sample_secret = self.sample_secret sample_secret.key_block.key_value.key_value = 'invalid_key_value_type' self.secret_store.client.get = mock.create_autospec( proxy.KMIPProxy.get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=sample_secret)) metadata = {kss.KMIPSecretStore.KEY_UUID: 'uuid'} self.assertRaises(secret_store.SecretGeneralException, self.secret_store.get_secret, metadata)
def test_get_secret(self, kmip_secret, secret_type, kmip_type, key_format_type, expected_secret, pkcs1_only): self.secret_store.pkcs1_only = pkcs1_only self.secret_store.client.proxy.get = mock.MagicMock( proxy.KMIPProxy().get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(kmip_type), secret=kmip_secret)) uuid = utils.generate_test_uuid(0) metadata = {kss.KMIPSecretStore.KEY_UUID: uuid} secret_dto = self.secret_store.get_secret(secret_type, metadata) self.secret_store.client.proxy.get.assert_called_once_with(uuid) self.assertEqual(secret_store.SecretDTO, type(secret_dto)) self.assertEqual(secret_type, secret_dto.type) self.assertEqual(expected_secret, secret_dto.secret)
def test_get_secret_symmetric_return_value_key_value_string(self): sample_secret = self.sample_secret sample_secret.key_block.key_value.key_value = (objects.KeyValueString( value=bytearray(b'\x00\x00\x00'))) self.secret_store.client.get = mock.create_autospec( proxy.KMIPProxy.get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=sample_secret)) metadata = {kss.KMIPSecretStore.KEY_UUID: 'uuid'} return_value = self.secret_store.get_secret(metadata) self.assertEqual(secret_store.SecretDTO, type(return_value)) self.assertEqual(secret_store.SecretType.SYMMETRIC, return_value.type) self.assertEqual(return_value.secret, "AAAA")
def test_store_secret_server_error_occurs(self): self.secret_store.client.register = mock.MagicMock( proxy.KMIPProxy().register, return_value=results.RegisterResult( contents.ResultStatus(enums.ResultStatus.OPERATION_FAILED))) key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.AES, 128, 'mode') secret_dto = secret_store.SecretDTO(secret_store.SecretType.SYMMETRIC, "AAAA", key_spec, 'content_type', transport_key=None) self.assertRaises(secret_store.SecretGeneralException, self.secret_store.store_secret, secret_dto)
def test_create_key_pair(self): """ Test that an asymmetric key pair can be created with proper inputs and that the UIDs of the public and private keys are returned properly. """ # Create the template to test the create key pair call algorithm = enums.CryptographicAlgorithm.RSA length = 2048 algorithm_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm) length_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length) mask_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [ enums.CryptographicUsageMask.ENCRYPT, enums.CryptographicUsageMask.DECRYPT ]) attributes = [algorithm_attribute, length_attribute, mask_attribute] template = obj.CommonTemplateAttribute(attributes=attributes) status = enums.ResultStatus.SUCCESS result = results.CreateKeyPairResult( contents.ResultStatus(status), public_key_uuid=attr.PublicKeyUniqueIdentifier( 'aaaaaaaa-1111-2222-3333-ffffffffffff'), private_key_uuid=attr.PrivateKeyUniqueIdentifier( 'ffffffff-3333-2222-1111-aaaaaaaaaaaa')) with ProxyKmipClient() as client: client.proxy.create_key_pair.return_value = result public_uid, private_uid = client.create_key_pair( enums.CryptographicAlgorithm.RSA, 2048) kwargs = { 'common_template_attribute': template, 'private_key_template_attribute': None, 'public_key_template_attribute': None } client.proxy.create_key_pair.assert_called_with(**kwargs) self.assertIsInstance(public_uid, six.string_types) self.assertIsInstance(private_uid, six.string_types)
def test_mac(self): """ Test the MAC client with proper input. """ uuid = 'aaaaaaaa-1111-2222-3333-ffffffffffff' algorithm = enums.CryptographicAlgorithm.HMAC_SHA256 data = (b'\x00\x01\x02\x03\x04') result = results.MACResult(contents.ResultStatus( enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier(uuid), mac_data=obj.MACData(data)) with ProxyKmipClient() as client: client.proxy.mac.return_value = result uid, mac_data = client.mac(uuid, algorithm, data) self.assertEqual(uid, uuid) self.assertEqual(mac_data, data)
def test_register(self): """ Test that the client can register a key. """ key = objects.SymmetricKey( enums.CryptographicAlgorithm.AES, 128, (b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E' b'\x0F')) result = results.RegisterResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.PublicKeyUniqueIdentifier( 'aaaaaaaa-1111-2222-3333-ffffffffffff')) with ProxyKmipClient() as client: client.proxy.register.return_value = result uid = client.register(key) self.assertTrue(client.proxy.register.called) self.assertIsInstance(uid, six.string_types)
def test_create_with_name(self): """ Test that a symmetric key can be created with proper inputs, specifically testing that the name is correctly sent with the request. """ # Create the template to test the create call algorithm = enums.CryptographicAlgorithm.AES length = 256 algorithm_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm) length_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length) mask_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [ enums.CryptographicUsageMask.ENCRYPT, enums.CryptographicUsageMask.DECRYPT ]) key_name = "symmetrickey" name_attribute = self.attribute_factory.create_attribute( enums.AttributeType.NAME, key_name) key_attributes = [ algorithm_attribute, length_attribute, mask_attribute, name_attribute ] template = obj.TemplateAttribute(attributes=key_attributes) key_id = 'aaaaaaaa-1111-2222-3333-ffffffffffff' status = enums.ResultStatus.SUCCESS result = results.CreateResult(contents.ResultStatus(status), uuid=attr.UniqueIdentifier(key_id)) with ProxyKmipClient() as client: client.proxy.create.return_value = result client.create(algorithm, length, name=key_name) client.proxy.create.assert_called_with( enums.ObjectType.SYMMETRIC_KEY, template)
def test_destroy_on_operation_failure(self): """ Test that a KmipOperationFailure exception is raised when the backend fails to destroy a secret. """ status = enums.ResultStatus.OPERATION_FAILED reason = enums.ResultReason.GENERAL_FAILURE message = "Test failure message" result = results.OperationResult(contents.ResultStatus(status), contents.ResultReason(reason), contents.ResultMessage(message)) error_msg = str(KmipOperationFailure(status, reason, message)) client = ProxyKmipClient() client.open() client.proxy.destroy.return_value = result args = ['id'] self.assertRaisesRegexp(KmipOperationFailure, error_msg, client.destroy, *args)
def test_get_attribute_list_on_operation_failure(self): """ Test that a KmipOperationFailure exception is raised when the backend fails to retrieve the attribute names of a managed object. """ status = enums.ResultStatus.OPERATION_FAILED reason = enums.ResultReason.GENERAL_FAILURE message = "Test failure message" result = results.OperationResult(contents.ResultStatus(status), contents.ResultReason(reason), contents.ResultMessage(message)) error_msg = str(KmipOperationFailure(status, reason, message)) client = ProxyKmipClient() client.open() client.proxy.get_attribute_list.return_value = result args = ['id'] self.assertRaisesRegexp(KmipOperationFailure, error_msg, client.get_attribute_list, *args)
def test_create_key_pair_on_operation_failure(self): """ Test that a KmipOperationFailure exception is raised when the backend fails to create an asymmetric key pair. """ status = enums.ResultStatus.OPERATION_FAILED reason = enums.ResultReason.GENERAL_FAILURE message = "Test failure message" result = results.OperationResult(contents.ResultStatus(status), contents.ResultReason(reason), contents.ResultMessage(message)) error_msg = str(KmipOperationFailure(status, reason, message)) client = ProxyKmipClient() client.open() client.proxy.create_key_pair.return_value = result args = [enums.CryptographicAlgorithm.RSA, 2048] self.assertRaisesRegexp(KmipOperationFailure, error_msg, client.create_key_pair, *args)
def test_handle_message_loop(self, request_mock): """ Test that the correct logging and error handling occurs during the message handling loop. """ data = utils.BytearrayStream() # Build a response and use it as a dummy processing result. batch_item = messages.ResponseBatchItem( result_status=contents.ResultStatus(enums.ResultStatus.SUCCESS), result_reason=contents.ResultReason( enums.ResultReason.OBJECT_ARCHIVED), result_message=contents.ResultMessage("Test message.")) batch_items = [batch_item] header = messages.ResponseHeader( protocol_version=contents.ProtocolVersion.create(1, 0), time_stamp=contents.TimeStamp(int(time.time())), batch_count=contents.BatchCount(len(batch_items))) message = messages.ResponseMessage(response_header=header, batch_items=batch_items) kmip_engine = engine.KmipEngine() kmip_engine._logger = mock.MagicMock() kmip_session = session.KmipSession(kmip_engine, None, 'name') kmip_session._engine = mock.MagicMock() kmip_session._engine.process_request = mock.MagicMock( return_value=(message, kmip_session._max_response_size)) kmip_session._logger = mock.MagicMock() kmip_session._connection = mock.MagicMock() kmip_session._receive_request = mock.MagicMock(return_value=data) kmip_session._send_response = mock.MagicMock() kmip_session._handle_message_loop() kmip_session._receive_request.assert_called_once_with() kmip_session._logger.info.assert_not_called() kmip_session._logger.warning.assert_not_called() kmip_session._logger.exception.assert_not_called() self.assertTrue(kmip_session._send_response.called)
def build_error_response(self, version, reason, message): """ Build a simple ResponseMessage with a single error result. Args: version (ProtocolVersion): The protocol version the response should be addressed with. reason (ResultReason): An enumeration classifying the type of error occurred. message (str): A string providing additional information about the error. Returns: ResponseMessage: The simple ResponseMessage containing a single error result. """ batch_item = messages.ResponseBatchItem( result_status=contents.ResultStatus( enums.ResultStatus.OPERATION_FAILED), result_reason=contents.ResultReason(reason), result_message=contents.ResultMessage(message)) return self._build_response(version, [batch_item])
def test_get_attribute_list(self): """ Test that the attribute names of a managed object can be retrieved with proper input. """ uid = 'b4faee10-aa2a-4446-8ad4-0881f3422959' attribute_names = [ 'Cryptographic Length', 'Cryptographic Algorithm', 'State', 'Digest', 'Lease Time', 'Initial Date', 'Unique Identifier', 'Name', 'Cryptographic Usage Mask', 'Object Type', 'Contact Information', 'Last Change Date' ] result = results.GetAttributeListResult(contents.ResultStatus( enums.ResultStatus.SUCCESS), uid=uid, names=attribute_names) with ProxyKmipClient() as client: client.proxy.get_attribute_list.return_value = result result = client.get_attribute_list(uid) client.proxy.get_attribute_list.assert_called_with(uid) self.assertIsInstance(result, list) six.assertCountEqual(self, attribute_names, result)
def setUp(self): super(WhenTestingKMIPSecretStore, self).setUp() self.expected_username = "******" self.expected_password = "******" CONF = kss.CONF CONF.kmip_plugin.username = self.expected_username CONF.kmip_plugin.password = self.expected_password CONF.kmip_plugin.keyfile = None CONF.kmip_plugin.pkcs1_only = False self.secret_store = kss.KMIPSecretStore(CONF) self.credential = self.secret_store.credential self.symmetric_type = secret_store.SecretType.SYMMETRIC self.sample_secret_features = { 'key_format_type': enums.KeyFormatType.RAW, 'key_value': { 'bytes': bytearray(b'\x00\x00\x00') }, 'cryptographic_algorithm': enums.CryptographicAlgorithm.AES, 'cryptographic_length': 128 } self.symmetric_key_uuid = 'dde870ad-cea3-41a3-9bb9-e8ab579a2f91' self.public_key_uuid = 'cb908abb-d363-4d9f-8ef2-5e84d27dd25c' self.private_key_uuid = '2d4c0544-4ec6-45b7-81cd-b23c75744eac' self.sample_secret = get_sample_symmetric_key() self.secret_store.client.proxy.open = mock.MagicMock( proxy.KMIPProxy().open) self.secret_store.client.proxy.close = mock.MagicMock( proxy.KMIPProxy().close) self.secret_store.client.proxy.create = mock.MagicMock( proxy.KMIPProxy().create, return_value=results.CreateResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier( self.symmetric_key_uuid))) self.secret_store.client.proxy.create_key_pair = mock.MagicMock( proxy.KMIPProxy().create_key_pair, return_value=results.CreateKeyPairResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), private_key_uuid=attr.UniqueIdentifier(self.private_key_uuid), public_key_uuid=attr.UniqueIdentifier(self.public_key_uuid))) self.secret_store.client.proxy.register = mock.MagicMock( proxy.KMIPProxy().register, return_value=results.RegisterResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.proxy.destroy = mock.MagicMock( proxy.KMIPProxy().destroy, return_value=results.DestroyResult( contents.ResultStatus(enums.ResultStatus.SUCCESS))) self.secret_store.client.proxy.get = mock.MagicMock( proxy.KMIPProxy().get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=self.sample_secret)) self.attribute_factory = attributes.AttributeFactory()