def test_store_asymmetric_key_secret_assert_called(self, barbican_type, barbican_key, kmip_type, kmip_key, pkcs1_only): key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048) secret_value = base64.b64encode(barbican_key) secret_dto = secret_store.SecretDTO(barbican_type, secret_value, key_spec, 'content_type') self.secret_store.pkcs1_only = pkcs1_only self.secret_store.store_secret(secret_dto) secret_value = base64.b64decode(secret_value) if not pkcs1_only: secret_value = translations.convert_pem_to_der( secret_value, barbican_type) if kmip_type == enums.ObjectType.PUBLIC_KEY: if pkcs1_only: secret_value = kss.get_public_key_der_pkcs1(secret_value) secret = objects.PublicKey(enums.CryptographicAlgorithm.RSA, 2048, secret_value, enums.KeyFormatType.X_509) else: if pkcs1_only: secret_value = kss.get_private_key_der_pkcs1(secret_value) secret = objects.PrivateKey(enums.CryptographicAlgorithm.RSA, 2048, secret_value, enums.KeyFormatType.PKCS_8) self.secret_store.client.register.assert_called_once_with(secret)
def get_sample_private_key(pkcs1=False): if pkcs1: private_key_value = kss.get_private_key_der_pkcs1( keys.get_private_key_pem()) key_format_type = enums.KeyFormatType.PKCS_1 else: private_key_value = keys.get_private_key_der() key_format_type = enums.KeyFormatType.PKCS_8 return objects.PrivateKey(enums.CryptographicAlgorithm.RSA, 2048, private_key_value, key_format_type)
def test_convert_private_key_pie_to_core(self): """ Test that a Pie private key can be converted into a core private key. """ pie_key = pobjects.PrivateKey(enums.CryptographicAlgorithm.RSA, 2048, self.private_bytes, enums.KeyFormatType.PKCS_8) core_key = self.factory.convert(pie_key) self.assertIsInstance(core_key, secrets.PrivateKey) self._test_core_key(core_key, enums.CryptographicAlgorithm.RSA, 2048, self.private_bytes, enums.KeyFormatType.PKCS_8)
def _get_kmip_secret(self, secret_dto): """Builds a KMIP object from a SecretDTO This is needed for register calls. The Barbican object needs to be converted to KMIP object before it can be stored :param secret_dto: SecretDTO of secret to be stored :returns: KMIP object """ secret_type = secret_dto.type key_spec = secret_dto.key_spec object_type, key_format_type = ( self._map_type_ss_to_kmip(secret_type)) normalized_secret = self._normalize_secret(secret_dto.secret, secret_type) kmip_object = None if object_type == enums.ObjectType.CERTIFICATE: kmip_object = objects.X509Certificate(normalized_secret) elif object_type == enums.ObjectType.OPAQUE_DATA: opaque_type = enums.OpaqueDataType.NONE kmip_object = objects.OpaqueObject(normalized_secret, opaque_type) elif object_type == enums.ObjectType.PRIVATE_KEY: algorithm = self._get_kmip_algorithm(key_spec.alg) length = key_spec.bit_length format_type = enums.KeyFormatType.PKCS_8 kmip_object = objects.PrivateKey( algorithm, length, normalized_secret, format_type) elif object_type == enums.ObjectType.PUBLIC_KEY: algorithm = self._get_kmip_algorithm(key_spec.alg) length = key_spec.bit_length format_type = enums.KeyFormatType.X_509 kmip_object = objects.PublicKey( algorithm, length, normalized_secret, format_type) elif object_type == enums.ObjectType.SYMMETRIC_KEY: algorithm = self._get_kmip_algorithm(key_spec.alg) length = key_spec.bit_length kmip_object = objects.SymmetricKey(algorithm, length, normalized_secret) elif object_type == enums.ObjectType.SECRET_DATA: data_type = enums.SecretDataType.PASSWORD kmip_object = objects.SecretData(normalized_secret, data_type) return kmip_object
def test_private_key_register_get_destroy(self): """ Test that the ProxyKmipClient can register, retrieve, and destroy a private key. """ # Key encoding obtained from Section 13.4 of the KMIP 1.1 test # documentation. key = objects.PrivateKey( enums.CryptographicAlgorithm.RSA, 2048, (b'\x30\x82\x04\xA5\x02\x01\x00\x02\x82\x01\x01\x00\xAB\x7F\x16' b'\x1C\x00\x42\x49\x6C\xCD\x6C\x6D\x4D\xAD\xB9\x19\x97\x34\x35' b'\x35\x77\x76\x00\x3A\xCF\x54\xB7\xAF\x1E\x44\x0A\xFB\x80\xB6' b'\x4A\x87\x55\xF8\x00\x2C\xFE\xBA\x6B\x18\x45\x40\xA2\xD6\x60' b'\x86\xD7\x46\x48\x34\x6D\x75\xB8\xD7\x18\x12\xB2\x05\x38\x7C' b'\x0F\x65\x83\xBC\x4D\x7D\xC7\xEC\x11\x4F\x3B\x17\x6B\x79\x57' b'\xC4\x22\xE7\xD0\x3F\xC6\x26\x7F\xA2\xA6\xF8\x9B\x9B\xEE\x9E' b'\x60\xA1\xD7\xC2\xD8\x33\xE5\xA5\xF4\xBB\x0B\x14\x34\xF4\xE7' b'\x95\xA4\x11\x00\xF8\xAA\x21\x49\x00\xDF\x8B\x65\x08\x9F\x98' b'\x13\x5B\x1C\x67\xB7\x01\x67\x5A\xBD\xBC\x7D\x57\x21\xAA\xC9' b'\xD1\x4A\x7F\x08\x1F\xCE\xC8\x0B\x64\xE8\xA0\xEC\xC8\x29\x53' b'\x53\xC7\x95\x32\x8A\xBF\x70\xE1\xB4\x2E\x7B\xB8\xB7\xF4\xE8' b'\xAC\x8C\x81\x0C\xDB\x66\xE3\xD2\x11\x26\xEB\xA8\xDA\x7D\x0C' b'\xA3\x41\x42\xCB\x76\xF9\x1F\x01\x3D\xA8\x09\xE9\xC1\xB7\xAE' b'\x64\xC5\x41\x30\xFB\xC2\x1D\x80\xE9\xC2\xCB\x06\xC5\xC8\xD7' b'\xCC\xE8\x94\x6A\x9A\xC9\x9B\x1C\x28\x15\xC3\x61\x2A\x29\xA8' b'\x2D\x73\xA1\xF9\x93\x74\xFE\x30\xE5\x49\x51\x66\x2A\x6E\xDA' b'\x29\xC6\xFC\x41\x13\x35\xD5\xDC\x74\x26\xB0\xF6\x05\x02\x03' b'\x01\x00\x01\x02\x82\x01\x00\x3B\x12\x45\x5D\x53\xC1\x81\x65' b'\x16\xC5\x18\x49\x3F\x63\x98\xAA\xFA\x72\xB1\x7D\xFA\x89\x4D' b'\xB8\x88\xA7\xD4\x8C\x0A\x47\xF6\x25\x79\xA4\xE6\x44\xF8\x6D' b'\xA7\x11\xFE\xC8\x50\xCD\xD9\xDB\xBD\x17\xF6\x9A\x44\x3D\x2E' b'\xC1\xDD\x60\xD3\xC6\x18\xFA\x74\xCD\xE5\xFD\xAF\xAB\xD6\xBA' b'\xA2\x6E\xB0\xA3\xAD\xB4\xDE\xF6\x48\x0F\xB1\x21\x8C\xD3\xB0' b'\x83\xE2\x52\xE8\x85\xB6\xF0\x72\x9F\x98\xB2\x14\x4D\x2B\x72' b'\x29\x3E\x1B\x11\xD7\x33\x93\xBC\x41\xF7\x5B\x15\xEE\x3D\x75' b'\x69\xB4\x99\x5E\xD1\xA1\x44\x25\xDA\x43\x19\xB7\xB2\x6B\x0E' b'\x8F\xEF\x17\xC3\x75\x42\xAE\x5C\x6D\x58\x49\xF8\x72\x09\x56' b'\x7F\x39\x25\xA4\x7B\x01\x6D\x56\x48\x59\x71\x7B\xC5\x7F\xCB' b'\x45\x22\xD0\xAA\x49\xCE\x81\x6E\x5B\xE7\xB3\x08\x81\x93\x23' b'\x6E\xC9\xEF\xFF\x14\x08\x58\x04\x5B\x73\xC5\xD7\x9B\xAF\x38' b'\xF7\xC6\x7F\x04\xC5\xDC\xF0\xE3\x80\x6A\xD9\x82\xD1\x25\x90' b'\x58\xC3\x47\x3E\x84\x71\x79\xA8\x78\xF2\xC6\xB3\xBD\x96\x8F' b'\xB9\x9E\xA4\x6E\x91\x85\x89\x2F\x36\x76\xE7\x89\x65\xC2\xAE' b'\xD4\x87\x7B\xA3\x91\x7D\xF0\x7C\x5E\x92\x74\x74\xF1\x9E\x76' b'\x4B\xA6\x1D\xC3\x8D\x63\xBF\x29\x02\x81\x81\x00\xD5\xC6\x9C' b'\x8C\x3C\xDC\x24\x64\x74\x4A\x79\x37\x13\xDA\xFB\x9F\x1D\xBC' b'\x79\x9F\xF9\x64\x23\xFE\xCD\x3C\xBA\x79\x42\x86\xBC\xE9\x20' b'\xF4\xB5\xC1\x83\xF9\x9E\xE9\x02\x8D\xB6\x21\x2C\x62\x77\xC4' b'\xC8\x29\x7F\xCF\xBC\xE7\xF7\xC2\x4C\xA4\xC5\x1F\xC7\x18\x2F' b'\xB8\xF4\x01\x9F\xB1\xD5\x65\x96\x74\xC5\xCB\xE6\xD5\xFA\x99' b'\x20\x51\x34\x17\x60\xCD\x00\x73\x57\x29\xA0\x70\xA9\xE5\x4D' b'\x34\x2B\xEB\xA8\xEF\x47\xEE\x82\xD3\xA0\x1B\x04\xCE\xC4\xA0' b'\x0D\x4D\xDB\x41\xE3\x51\x16\xFC\x22\x1E\x85\x4B\x43\xA6\x96' b'\xC0\xE6\x41\x9B\x1B\x02\x81\x81\x00\xCD\x5E\xA7\x70\x27\x89' b'\x06\x4B\x67\x35\x40\xCB\xFF\x09\x35\x6A\xD8\x0B\xC3\xD5\x92' b'\x81\x2E\xBA\x47\x61\x0B\x9F\xAC\x6A\xEC\xEF\xE2\x2A\xCA\xE4' b'\x38\x45\x9C\xDA\x74\xE5\x96\x53\xD8\x8C\x04\x18\x9D\x34\x39' b'\x9B\xF5\xB1\x4B\x92\x0E\x34\xEF\x38\xA7\xD0\x9F\xE6\x95\x93' b'\x39\x6E\x8F\xE7\x35\xE6\xF0\xA6\xAE\x49\x90\x40\x10\x41\xD8' b'\xA4\x06\xB6\xFD\x86\xA1\x16\x1E\x45\xF9\x5A\x3E\xAA\x5C\x10' b'\x12\xE6\x66\x2E\x44\xF1\x5F\x33\x5A\xC9\x71\xE1\x76\x6B\x2B' b'\xB9\xC9\x85\x10\x99\x74\x14\x1B\x44\xD3\x7E\x1E\x31\x98\x20' b'\xA5\x5F\x02\x81\x81\x00\xB2\x87\x12\x37\xBF\x9F\xAD\x38\xC3' b'\x31\x6A\xB7\x87\x7A\x6A\x86\x80\x63\xE5\x42\xA7\x18\x6D\x43' b'\x1E\x8D\x27\xC1\x9A\xC0\x41\x45\x84\x03\x39\x42\xE9\xFF\x6E' b'\x29\x73\xBB\x7B\x2D\x8B\x0E\x94\xAD\x1E\xE8\x21\x58\x10\x8F' b'\xBC\x86\x64\x51\x7A\x5A\x46\x7F\xB9\x63\x01\x4B\xD5\xDC\xC2' b'\xB4\xFB\x08\x7C\x23\x03\x9D\x11\x92\x0D\xBE\x22\xFD\x9F\x16' b'\xB4\xD8\x9E\x23\x22\x5C\xD4\x55\xAD\xBA\xF3\x2E\xF4\x3F\x18' b'\x58\x64\xA3\x6D\x63\x03\x09\xD6\x85\x3F\x77\x14\xB3\x9A\xAE' b'\x1E\xBE\xE3\x93\x8F\x87\xC2\x70\x7E\x17\x8C\x73\x9F\x9F\x02' b'\x81\x81\x00\x96\x90\xBE\xD1\x4B\x2A\xFA\xA2\x6D\x98\x6D\x59' b'\x22\x31\xEE\x27\xD7\x1D\x49\x06\x5B\xD2\xBA\x1F\x78\x15\x7E' b'\x20\x22\x98\x81\xFD\x9D\x23\x22\x7D\x0F\x84\x79\xEA\xEF\xA9' b'\x22\xFD\x75\xD5\xB1\x6B\x1A\x56\x1F\xA6\x68\x0B\x04\x0C\xA0' b'\xBD\xCE\x65\x0B\x23\xB9\x17\xA4\xB1\xBB\x79\x83\xA7\x4F\xAD' b'\x70\xE1\xC3\x05\xCB\xEC\x2B\xFF\x1A\x85\xA7\x26\xA1\xD9\x02' b'\x60\xE4\xF1\x08\x4F\x51\x82\x34\xDC\xD3\xFE\x77\x0B\x95\x20' b'\x21\x5B\xD5\x43\xBB\x6A\x41\x17\x71\x87\x54\x67\x6A\x34\x17' b'\x16\x66\xA7\x9F\x26\xE7\x9C\x14\x9C\x5A\xA1\x02\x81\x81\x00' b'\xA0\xC9\x85\xA0\xA0\xA7\x91\xA6\x59\xF9\x97\x31\x13\x4C\x44' b'\xF3\x7B\x2E\x52\x0A\x2C\xEA\x35\x80\x0A\xD2\x72\x41\xED\x36' b'\x0D\xFD\xE6\xE8\xCA\x61\x4F\x12\x04\x7F\xD0\x8B\x76\xAC\x4D' b'\x13\xC0\x56\xA0\x69\x9E\x2F\x98\xA1\xCA\xC9\x10\x11\x29\x4D' b'\x71\x20\x8F\x4A\xBA\xB3\x3B\xA8\x7A\xA0\x51\x7F\x41\x5B\xAC' b'\xA8\x8D\x6B\xAC\x00\x60\x88\xFA\x60\x1D\x34\x94\x17\xE1\xF0' b'\xC9\xB2\x3A\xFF\xA4\xD4\x96\x61\x8D\xBC\x02\x49\x86\xED\x69' b'\x0B\xBB\x7B\x02\x57\x68\xFF\x9D\xF8\xAC\x15\x41\x6F\x48\x9F' b'\x81\x29\xC3\x23\x41\xA8\xB4\x4F'), enums.KeyFormatType.PKCS_8) uid = self.client.register(key) self.assertIsInstance(uid, six.string_types) try: result = self.client.get(uid) self.assertIsInstance(result, objects.PrivateKey) self.assertEqual(result, key, "expected {0}\nobserved {1}".format(result, key)) finally: self.client.destroy(uid) self.assertRaises(exceptions.KmipOperationFailure, self.client.get, uid) self.assertRaises(exceptions.KmipOperationFailure, self.client.destroy, uid)
b'\x20\x22\x98\x81\xFD\x9D\x23\x22\x7D\x0F\x84\x79\xEA\xEF\xA9\x22' b'\xFD\x75\xD5\xB1\x6B\x1A\x56\x1F\xA6\x68\x0B\x04\x0C\xA0\xBD\xCE' b'\x65\x0B\x23\xB9\x17\xA4\xB1\xBB\x79\x83\xA7\x4F\xAD\x70\xE1\xC3' b'\x05\xCB\xEC\x2B\xFF\x1A\x85\xA7\x26\xA1\xD9\x02\x60\xE4\xF1\x08' b'\x4F\x51\x82\x34\xDC\xD3\xFE\x77\x0B\x95\x20\x21\x5B\xD5\x43\xBB' b'\x6A\x41\x17\x71\x87\x54\x67\x6A\x34\x17\x16\x66\xA7\x9F\x26\xE7' b'\x9C\x14\x9C\x5A\xA1\x02\x81\x81\x00\xA0\xC9\x85\xA0\xA0\xA7\x91' b'\xA6\x59\xF9\x97\x31\x13\x4C\x44\xF3\x7B\x2E\x52\x0A\x2C\xEA\x35' b'\x80\x0A\xD2\x72\x41\xED\x36\x0D\xFD\xE6\xE8\xCA\x61\x4F\x12\x04' b'\x7F\xD0\x8B\x76\xAC\x4D\x13\xC0\x56\xA0\x69\x9E\x2F\x98\xA1\xCA' b'\xC9\x10\x11\x29\x4D\x71\x20\x8F\x4A\xBA\xB3\x3B\xA8\x7A\xA0\x51' b'\x7F\x41\x5B\xAC\xA8\x8D\x6B\xAC\x00\x60\x88\xFA\x60\x1D\x34\x94' b'\x17\xE1\xF0\xC9\xB2\x3A\xFF\xA4\xD4\x96\x61\x8D\xBC\x02\x49\x86' b'\xED\x69\x0B\xBB\x7B\x02\x57\x68\xFF\x9D\xF8\xAC\x15\x41\x6F\x48' b'\x9F\x81\x29\xC3\x23\x41\xA8\xB4\x4F') format_type = enums.KeyFormatType.PKCS_1 usage_mask = [enums.CryptographicUsageMask.SIGN] name = 'Demo Private Key' key = objects.PrivateKey(algorithm, length, value, format_type, usage_mask, name) # Build the client and connect to the server with client.ProxyKmipClient(config=config) as client: try: uid = client.register(key) logger.info("Successfully registered private key with ID: " "{0}".format(uid)) except Exception as e: logger.error(e)
objects.PrivateKey( enums.CryptographicAlgorithm.RSA, 1024, (b'\x30\x82\x02\x76\x02\x01\x00\x30\x0d\x06\x09\x2a\x86' b'\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x04\x82\x02\x60' b'\x30\x82\x02\x5c\x02\x01\x00\x02\x81\x81\x00\xc0\x0f' b'\x0b\x0a\xc5\x72\x36\x81\x71\x6c\x59\xd7\x14\x42\x31' b'\x6a\xb9\xb2\x32\xd8\x91\x65\xab\xaa\x54\xab\xf7\x6a' b'\xdc\xe4\x5c\x9c\x91\x8f\x0c\x90\xa7\x48\x9f\x65\x9c' b'\x3f\xc9\x80\xcb\x51\x05\xf9\x11\x9a\xa2\x13\xd9\x15' b'\x39\x8b\x97\xe8\xf5\xf0\x8b\xa0\xf8\xe5\x34\x47\x2a' b'\xea\x87\xdf\x64\x2a\x16\x5f\xd0\x85\xf5\x8a\x60\xed' b'\x97\xcd\x2b\x96\x72\x04\xf5\xd0\x99\x6a\x53\x90\xc2' b'\xd0\xdf\x38\xa8\x9e\x61\xd0\xb7\x46\xe8\x4e\x48\x7d' b'\x37\x85\x2f\xaf\xba\x70\x06\x31\x07\x65\x13\xb7\x78' b'\xd2\x25\x34\x30\x2c\xf7\x4c\x9e\x17\x02\x03\x01\x00' b'\x01\x02\x81\x80\x16\xc6\xb1\xec\x89\x15\xce\x58\xf3' b'\x76\x82\x00\xfb\xaa\x0d\xea\x36\x33\x67\xcc\x3f\x11' b'\xeb\x95\xbb\x8c\xd9\x3e\x97\x0b\x8d\xe0\x13\x72\xff' b'\x6e\x78\x28\x28\x9f\x08\x34\x98\x54\xe9\xc7\xa6\x09' b'\xaf\x88\xc3\x07\xcf\x8a\xb0\xd4\x59\x23\x8b\x67\x07' b'\x68\x03\x9c\x16\x3d\xa1\xc9\x00\xf3\x31\x0a\x38\x0b' b'\x76\x89\x8d\xb1\x86\x03\xaf\x81\xcb\x47\x37\xd0\x9f' b'\x1c\x99\x6e\xb6\xb9\x7f\x1c\x8a\x07\x88\xb2\x9b\x2b' b'\xc3\xb5\x93\xfd\xfc\x23\x6f\x31\xfb\xf0\xc7\xc1\x83' b'\x86\x6a\x05\xc0\x9a\xfa\x79\x7e\xe3\x02\x80\x06\xa6' b'\x3a\x81\x02\x41\x00\xe8\x06\x53\x54\x96\x8d\xa1\x35' b'\xdf\xf8\x1a\x69\xd1\xbf\x53\x52\xd6\x4f\xe3\xd5\xef' b'\x6d\x31\xd1\x51\xee\x89\x09\x62\x9b\xab\x5b\xfc\x87' b'\xeb\xa7\x22\x1f\x99\x90\x00\x18\xe7\xa5\x78\xe9\x90' b'\xae\xd9\xed\xa4\x25\x91\x11\x0f\x0d\xb1\x1c\xd0\xc4' b'\xbf\x7d\x43\xa7\x02\x41\x00\xd3\xe7\x82\xe9\x84\x59' b'\xff\x1e\x9a\x16\x98\xd3\xaa\xbd\x9f\xae\x56\x52\xe5' b'\x2a\x78\x95\xb1\x61\x27\xc0\xd3\x59\x76\xef\x33\xfd' b'\xc8\xdf\x20\xf8\x79\x92\x90\xe6\x11\x88\xf6\x3b\xd6' b'\xd4\xcc\x43\xc4\x0c\x21\xa0\xec\x29\x68\x6f\x29\xc3' b'\xcb\x58\xa2\x0f\xe0\x11\x02\x40\x38\xd5\x5b\xd2\x0b' b'\x72\xb3\xbb\x53\x9a\x1d\x36\x30\x67\x72\x0c\x87\x6c' b'\x58\x3d\x8e\x01\x2c\x43\xbe\x92\xf4\x44\x35\x40\x36' b'\x50\x38\xe2\x3e\x49\xd9\x24\xee\x63\x84\x72\x95\x43' b'\x46\x03\xc8\x29\xdc\x3d\xc6\x88\x61\x29\x51\x8b\xa4' b'\x07\x8f\xe7\xb1\x94\x08\x5f\x02\x41\x00\xb0\x28\x08' b'\x43\x39\xfc\x5a\xc2\x44\xd4\x3e\x2d\xd0\x05\x9d\x06' b'\x1f\xca\xff\xa9\x43\xdf\x25\x3b\x20\x02\x03\x70\x9f' b'\x17\x91\x40\x0b\x49\xba\x2d\xf5\x5a\xab\x4c\x27\x0d' b'\x95\xac\xff\x15\x9d\xcd\x43\xdf\xd5\xe0\xe2\x12\x36' b'\x38\x1b\x1f\x22\x1f\x47\x72\x2d\x11\x02\x40\x20\x9b' b'\x55\xb5\x2d\xce\x33\x45\xed\x29\x2a\x95\xa2\x2b\x03' b'\xa4\x2b\xd3\x75\x8d\xe6\xa1\x24\x0d\x5a\xc4\xe2\x96' b'\x80\x90\x74\xc3\x8d\xaf\x17\x69\x4d\x70\x1d\x62\xaf' b'\x79\x94\xfe\x74\xd3\x7b\x40\x0c\x60\x36\xde\x2c\x51' b'\x4a\x66\x66\x73\x10\x9f\xd7\x86\x7f\x70'), enums.KeyFormatType.PKCS_8, masks=[enums.CryptographicUsageMask.SIGN]))
def _process_create_key_pair(self, payload): self._logger.info("Processing operation: CreateKeyPair") algorithm = None length = None # Process attribute sets public_key_attributes = {} private_key_attributes = {} common_attributes = {} if payload.public_key_template_attribute: public_key_attributes = self._process_template_attribute( payload.public_key_template_attribute) if payload.private_key_template_attribute: private_key_attributes = self._process_template_attribute( payload.private_key_template_attribute) if payload.common_template_attribute: common_attributes = self._process_template_attribute( payload.common_template_attribute) # Propagate common attributes if not overridden by the public/private # attribute sets for key, value in six.iteritems(common_attributes): if key not in public_key_attributes.keys(): public_key_attributes.update([(key, value)]) if key not in private_key_attributes.keys(): private_key_attributes.update([(key, value)]) # Error check for required attributes. public_algorithm = public_key_attributes.get('Cryptographic Algorithm') if public_algorithm: public_algorithm = public_algorithm.value else: raise exceptions.InvalidField( "The cryptographic algorithm must be specified as an " "attribute for the public key.") public_length = public_key_attributes.get('Cryptographic Length') if public_length: public_length = public_length.value else: # TODO (peterhamilton) The cryptographic length is technically not # required per the spec. Update the CryptographyEngine to accept a # None length, allowing it to pick the length dynamically. Default # to the strongest key size allowed for the algorithm type. raise exceptions.InvalidField( "The cryptographic length must be specified as an attribute " "for the public key.") public_usage_mask = public_key_attributes.get( 'Cryptographic Usage Mask') if public_usage_mask is None: raise exceptions.InvalidField( "The cryptographic usage mask must be specified as an " "attribute for the public key.") private_algorithm = private_key_attributes.get( 'Cryptographic Algorithm') if private_algorithm: private_algorithm = private_algorithm.value else: raise exceptions.InvalidField( "The cryptographic algorithm must be specified as an " "attribute for the private key.") private_length = private_key_attributes.get('Cryptographic Length') if private_length: private_length = private_length.value else: # TODO (peterhamilton) The cryptographic length is technically not # required per the spec. Update the CryptographyEngine to accept a # None length, allowing it to pick the length dynamically. Default # to the strongest key size allowed for the algorithm type. raise exceptions.InvalidField( "The cryptographic length must be specified as an attribute " "for the private key.") private_usage_mask = private_key_attributes.get( 'Cryptographic Usage Mask') if private_usage_mask is None: raise exceptions.InvalidField( "The cryptographic usage mask must be specified as an " "attribute for the private key.") if public_algorithm == private_algorithm: algorithm = public_algorithm else: raise exceptions.InvalidField( "The public and private key algorithms must be the same.") if public_length == private_length: length = public_length else: raise exceptions.InvalidField( "The public and private key lengths must be the same.") public, private = self._cryptography_engine.create_asymmetric_key_pair( algorithm, length) public_key = objects.PublicKey(algorithm, length, public.get('value'), public.get('format')) private_key = objects.PrivateKey(algorithm, length, private.get('value'), private.get('format')) public_key.names = [] private_key.names = [] self._set_attributes_on_managed_object(public_key, public_key_attributes) self._set_attributes_on_managed_object(private_key, private_key_attributes) # TODO (peterhamilton) Set additional server-only attributes. public_key._owner = self._client_identity private_key._owner = self._client_identity self._data_session.add(public_key) self._data_session.add(private_key) # NOTE (peterhamilton) SQLAlchemy will *not* assign an ID until # commit is called. This makes future support for UNDO problematic. self._data_session.commit() self._logger.info("Created a PublicKey with ID: {0}".format( public_key.unique_identifier)) self._logger.info("Created a PrivateKey with ID: {0}".format( private_key.unique_identifier)) response_payload = create_key_pair.CreateKeyPairResponsePayload( private_key_uuid=attributes.PrivateKeyUniqueIdentifier( str(private_key.unique_identifier)), public_key_uuid=attributes.PublicKeyUniqueIdentifier( str(public_key.unique_identifier))) self._id_placeholder = str(private_key.unique_identifier) return response_payload