def setUp(self):
super(TestKMIPClientIntegration, self).setUp()
self.attr_factory = AttributeFactory()
self.cred_factory = CredentialFactory()
self.secret_factory = SecretFactory()
# Set up the KMIP server process
path = os.path.join(os.path.dirname(__file__), os.path.pardir, 'utils',
'server.py')
self.server = Popen(
['python', '{0}'.format(path), '-p', '{0}'.format(self.KMIP_PORT)],
stderr=sys.stdout)
time.sleep(self.STARTUP_TIME)
if self.server.poll() is not None:
raise KMIPServerSuicideError(self.server.pid)
# Set up and open the client proxy; shutdown the server if open fails
try:
self.client = KMIPProxy(port=self.KMIP_PORT,
ca_certs=self.CA_CERTS_PATH)
self.client.open()
except Exception as e:
self._shutdown_server()
raise e
def setUp(self):
super(TestKMIPClient, self).setUp()
self.attr_factory = AttributeFactory()
self.cred_factory = CredentialFactory()
self.secret_factory = SecretFactory()
self.client = KMIPProxy()
KMIP_PORT = 9090
CA_CERTS_PATH = os.path.normpath(os.path.join(os.path.dirname(
os.path.abspath(__file__)), '../utils/certs/server.crt'))
self.mock_client = KMIPProxy(host="IP_ADDR_1, IP_ADDR_2",
port=KMIP_PORT, ca_certs=CA_CERTS_PATH)
self.mock_client.socket = mock.MagicMock()
self.mock_client.socket.connect = mock.MagicMock()
self.mock_client.socket.close = mock.MagicMock()
def setUp(self):
super(TestClientProfileInformation, self).setUp()
self.client = KMIPProxy()
self.conformance_clauses = [ConformanceClause.DISCOVER_VERSIONS]
self.authentication_suites = [AuthenticationSuite.BASIC]
self.client.conformance_clauses = self.conformance_clauses
self.client.authentication_suites = self.authentication_suites
def __init__(self,
hostname=None,
port=None,
cert=None,
key=None,
ca=None,
ssl_version=None,
username=None,
password=None,
config='client'):
"""
Construct a ProxyKmipClient.
Args:
hostname (string): The host or IP address of a KMIP appliance.
Optional, defaults to None.
port (int): The port number used to establish a connection to a
KMIP appliance. Usually 5696 for KMIP applications. Optional,
defaults to None.
cert (string): The path to the client's certificate. Optional,
defaults to None.
key (string): The path to the key for the client's certificate.
Optional, defaults to None.
ca (string): The path to the CA certificate used to verify the
server's certificate. Optional, defaults to None.
ssl_version (string): The name of the ssl version to use for the
connection. Example: 'PROTOCOL_SSLv23'. Optional, defaults to
None.
username (string): The username of the KMIP appliance account to
use for operations. Optional, defaults to None.
password (string): The password of the KMIP appliance account to
use for operations. Optional, defaults to None.
config (string): The name of a section in the PyKMIP configuration
file. Use to load a specific set of configuration settings from
the configuration file, instead of specifying them manually.
Optional, defaults to the default client section, 'client'.
"""
self.logger = logging.getLogger()
self.attribute_factory = attributes.AttributeFactory()
self.object_factory = factory.ObjectFactory()
# TODO (peter-hamilton) Consider adding validation checks for inputs.
self.proxy = KMIPProxy(host=hostname,
port=port,
certfile=cert,
keyfile=key,
ca_certs=ca,
ssl_version=ssl_version,
username=username,
password=password,
config=config)
# TODO (peter-hamilton) Add a multiprocessing lock for synchronization.
self._is_open = False
def test_close(self):
"""
Test that calling close on the client works as expected.
"""
c = KMIPProxy(host="IP_ADDR_1, IP_ADDR_2", port=9090, ca_certs=None)
c.socket = mock.MagicMock()
c_socket = c.socket
c.socket.shutdown.assert_not_called()
c.socket.close.assert_not_called()
c.close()
self.assertEqual(None, c.socket)
c_socket.shutdown.assert_called_once_with(socket.SHUT_RDWR)
c_socket.close.assert_called_once()
def test_close_with_shutdown_error(self):
"""
Test that calling close on an unconnected client does not trigger an
exception.
"""
c = KMIPProxy(host="IP_ADDR_1, IP_ADDR_2", port=9090, ca_certs=None)
c.socket = mock.MagicMock()
c_socket = c.socket
c.socket.shutdown.side_effect = OSError
c.socket.shutdown.assert_not_called()
c.socket.close.assert_not_called()
c.close()
self.assertEqual(None, c.socket)
c_socket.shutdown.assert_called_once_with(socket.SHUT_RDWR)
c_socket.close.assert_not_called()
logger = utils.build_console_logger(logging.INFO)
# Build and parse arguments
parser = utils.build_cli_parser(Operation.REVOKE)
opts, args = parser.parse_args(sys.argv[1:])
config = opts.config
uuid = opts.uuid
# Exit early if the UUID is not specified
if uuid is None:
logger.error('No UUID provided, exiting early from demo')
sys.exit()
# Build the client and connect to the server
client = KMIPProxy(config=config, config_file=opts.config_file)
client.open()
# Activate the object
result = client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uuid,
'Demo revocation message')
client.close()
# Display operation results
logger.info('revoke() result status: {0}'.format(
result.result_status.value))
if result.result_status.value == ResultStatus.SUCCESS:
logger.info('revoked UUID: {0}'.format(result.unique_identifier.value))
else:
logger.info('revoke() result reason: {0}'.format(
sys.exit()
attribute_factory = AttributeFactory()
credential_factory = CredentialFactory()
# Build the KMIP server account credentials
# TODO (peter-hamilton) Move up into KMIPProxy
if (username is None) and (password is None):
credential = None
else:
credential_type = CredentialType.USERNAME_AND_PASSWORD
credential_value = {'Username': username, 'Password': password}
credential = credential_factory.create_credential(
credential_type, credential_value)
# Build the client and connect to the server
client = KMIPProxy(config=config)
client.open()
algorithm_obj = attribute_factory.create_attribute(attribute_type,
algorithm_enum)
name_value = Name.NameValue(name)
name = Attribute.AttributeName('Name')
name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING)
value = Name(name_value=name_value, name_type=name_type)
name = Attribute(attribute_name=name, attribute_value=value)
name = Attribute.AttributeName('Cryptographic Usage Mask')
value = CryptographicUsageMask(UsageMaskEnum.ENCRYPT.value
| UsageMaskEnum.DECRYPT.value)
usage_mask = Attribute(attribute_name=name, attribute_value=value)
from kmip.core.factories import attributes
from kmip.pie import factory
from kmip.pie import objects
from kmip.services.kmip_client import KMIPProxy
import logging
logging.basicConfig()
#Note : cert is the external entry point, key is the client key signed by the root ca, ca is the root ca
# Open client
client = KMIPProxy(host='ukc-ep',
port=5696,
certfile='/certs/kmip-client.crt',
keyfile='/certs/kmip-client.key',
ca_certs='/certs/ukc_root_ca.pem')
client.open()
# Locate
result = client.locate()
status = result.result_status.value
if status == enums.ResultStatus.SUCCESS:
print("Locate succeeded , UIDS : ")
for uuid in result.uuids:
print(" " + uuid)
else:
reason = result.result_reason.value
message = result.result_message.value
from kmip.services.kmip_client import KMIPProxy km = KMIPProxy() km.open()
