def create_kek_datum(project=None, plugin_name="plugin", session=None): kek_datum = models.KEKDatum() kek_datum.plugin_name = plugin_name kek_datum.project_id = project.id kek_datum_repo = repositories.get_kek_datum_repository() kek_datum_repo.create_from(kek_datum, session=session) return kek_datum
def find_or_create_kek_datum(self, tenant, plugin_name, suppress_exception=False, session=None): """Find or create a KEK datum instance.""" kek_datum = None session = self.get_session(session) # TODO(jfwood): Reverse this...attempt insert first, then get on fail. try: query = session.query(models.KEKDatum) \ .filter_by(tenant_id=tenant.id) \ .filter_by(plugin_name=plugin_name) \ .filter_by(active=True) \ .filter_by(deleted=False) kek_datum = query.one() except sa_orm.exc.NoResultFound: kek_datum = models.KEKDatum() kek_datum.kek_label = "tenant-{0}-key-{1}".format( tenant.keystone_id, uuid.uuid4()) kek_datum.tenant_id = tenant.id kek_datum.plugin_name = plugin_name kek_datum.status = models.States.ACTIVE self.save(kek_datum) return kek_datum
def test_bind_kek_metadata_without_existing_key(self): with mock.patch.object(self.plugin.pkcs11, 'generate_wrapped_kek'): kek_datum = models.KEKDatum() dto = plugin_import.KEKMetaDTO(kek_datum) dto = self.plugin.bind_kek_metadata(dto) self.assertEqual(dto.algorithm, "AES") self.assertEqual(dto.bit_length, 256) self.assertEqual(dto.mode, "CBC")
def setUp(self): super(TestSecretStoreBase, self).setUp() self.patchers = [] # List of patchers utilized in this test class. self.project_id = '12345' self.content_type = 'application/octet-stream' self.content_encoding = 'base64' self.secret = base64.b64encode(b'secret') self.decrypted_secret = b'decrypted_secret' self.cypher_text = b'cypher_text' self.kek_meta_extended = 'kek-meta-extended' self.spec_aes = secret_store.KeySpec('AES', 64, 'CBC') self.spec_rsa = secret_store.KeySpec('RSA', 1024, passphrase='changeit') self.project_model = mock.MagicMock() self.project_model.id = 'project-model-id' self.project_model.external_id = self.project_id self.secret_dto = secret_store.SecretDTO( secret_store.SecretType.OPAQUE, self.secret, secret_store.KeySpec(), self.content_type) self.response_dto = base.ResponseDTO( self.cypher_text, kek_meta_extended=self.kek_meta_extended) self.private_key_dto = base.ResponseDTO(self.cypher_text) self.public_key_dto = base.ResponseDTO(self.cypher_text) self.passphrase_dto = base.ResponseDTO(self.cypher_text) self.kek_meta_project_model = models.KEKDatum() self.kek_meta_project_model.plugin_name = 'plugin-name' self.kek_meta_project_model.kek_label = 'kek-meta-label' self.kek_meta_project_model.algorithm = 'kek-meta-algo' self.kek_meta_project_model.bit_length = 1024 self.kek_meta_project_model.mode = 'kek=meta-mode' self.kek_meta_project_model.plugin_meta = 'kek-meta-plugin-meta' self.encrypted_datum_model = models.EncryptedDatum() self.encrypted_datum_model.kek_meta_project = ( self.kek_meta_project_model) self.encrypted_datum_model.cypher_text = base64.b64encode( b'cypher_text') self.encrypted_datum_model.content_type = 'content_type' self.encrypted_datum_model.kek_meta_extended = 'extended_meta' self.secret_model = models.Secret({ 'algorithm': 'myalg', 'bit_length': 1024, 'mode': 'mymode' }) self.secret_model.id = 'secret-model-id' self.secret_model.encrypted_data = [self.encrypted_datum_model] self.context = store_crypto.StoreCryptoContext( secret_model=self.secret_model, project_model=self.project_model, content_type=self.content_type)
def test_bind_kek_metadata_with_existing_key(self): kek_datum = models.KEKDatum() dto = plugin_import.KEKMetaDTO(kek_datum) dto.plugin_meta = '{}' dto = self.plugin.bind_kek_metadata(dto) self.assertEqual(0, self.pkcs11.generate_key.call_count) self.assertEqual(0, self.pkcs11.wrap_key.call_count) self.assertEqual(0, self.pkcs11.compute_hmac.call_count)
def test_bind_kek_metadata_without_existing_key(self): kek_datum = models.KEKDatum() dto = plugin_import.KEKMetaDTO(kek_datum) dto = self.plugin.bind_kek_metadata(dto) self.assertEqual('AES', dto.algorithm) self.assertEqual(256, dto.bit_length) self.assertEqual('CBC', dto.mode) self.assertEqual(2, self.pkcs11.get_key_handle.call_count) self.assertEqual(1, self.pkcs11.generate_key.call_count) self.assertEqual(1, self.pkcs11.wrap_key.call_count) self.assertEqual(1, self.pkcs11.compute_hmac.call_count)
def find_or_create_kek_datum(self, project, plugin_name, suppress_exception=False, session=None): """Find or create a KEK datum instance.""" if not plugin_name: raise exception.BarbicanException( u._('Tried to register crypto plugin with null or empty ' 'name.')) kek_datum = None session = self.get_session(session) # TODO(jfwood): Reverse this...attempt insert first, then get on fail. try: query = session.query(models.KEKDatum) query = query.filter_by(project_id=project.id, plugin_name=plugin_name, active=True, deleted=False) kek_datum = query.one() except sa_orm.exc.NoResultFound: kek_datum = models.KEKDatum() kek_datum.kek_label = "project-{0}-key-{1}".format( project.external_id, uuid.uuid4()) kek_datum.project_id = project.id kek_datum.plugin_name = plugin_name kek_datum.status = models.States.ACTIVE self.save(kek_datum) return kek_datum
def _init(self): self.project_id = 'projectid1234' self.external_project_id = 'keystone1234' self.name = 'name1234' secret_id = utils.generate_test_valid_uuid() datum_id = "iddatum1" kek_id = "idkek1" self.secret_algorithm = "AES" self.secret_bit_length = 256 self.secret_mode = "CBC" self.kek_project = models.KEKDatum() self.kek_project.id = kek_id self.kek_project.active = True self.kek_project.bind_completed = False self.kek_project.kek_label = "kek_label" self.datum = models.EncryptedDatum() self.datum.id = datum_id self.datum.secret_id = secret_id self.datum.kek_id = kek_id self.datum.kek_meta_project = self.kek_project self.datum.content_type = "text/plain" self.datum.cypher_text = "aaaa" # base64 value. self.secret = create_secret(id_ref=secret_id, name=self.name, algorithm=self.secret_algorithm, bit_length=self.secret_bit_length, mode=self.secret_mode, encrypted_datum=self.datum, content_type=self.datum.content_type) self.secret.secret_acls = [] self.secret.project = mock.MagicMock() self.secret.project.external_id = self.external_project_id # Set up mocked project self.project = models.Project() self.project.id = self.project_id self.project.external_id = self.external_project_id # Set up mocked project repo self.project_repo = mock.MagicMock() self.project_repo.get.return_value = self.project self.project_repo.find_by_external_project_id.return_value = ( self.project) self.setup_project_repository_mock(self.project_repo) # Set up mocked secret repo self.secret_repo = mock.Mock() self.secret_repo.get = mock.Mock(return_value=self.secret) self.secret_repo.get_secret_by_id = mock.Mock(return_value=self.secret) self.secret_repo.delete_entity_by_id = mock.Mock(return_value=None) self.setup_secret_repository_mock(self.secret_repo) # Set up mocked encrypted datum repo self.datum_repo = mock.MagicMock() self.datum_repo.create_from.return_value = None self.setup_encrypted_datum_repository_mock(self.datum_repo) # Set up mocked kek datum repo self.setup_kek_datum_repository_mock() # Set up mocked secret meta repo self.secret_meta_repo = mock.MagicMock() self.secret_meta_repo.get_metadata_for_secret.return_value = None self.setup_secret_meta_repository_mock(self.secret_meta_repo) # Set up mocked transport key self.transport_key_model = models.TransportKey("default_plugin", "my transport key") # Set up mocked transport key repo self.transport_key_repo = mock.MagicMock() self.transport_key_repo.get.return_value = self.transport_key_model self.setup_transport_key_repository_mock(self.transport_key_repo) self.transport_key_id = 'tkey12345'
def _init(self, payload=b'not-encrypted', payload_content_type='text/plain', payload_content_encoding=None): self.name = 'name' self.payload = payload self.payload_content_type = payload_content_type self.payload_content_encoding = payload_content_encoding self.secret_algorithm = 'AES' self.secret_bit_length = 256 self.secret_mode = 'CBC' self.secret_req = { 'name': self.name, 'algorithm': self.secret_algorithm, 'bit_length': self.secret_bit_length, 'creator_id': None, 'mode': self.secret_mode } if payload: self.secret_req['payload'] = payload if payload_content_type: self.secret_req['payload_content_type'] = payload_content_type if payload_content_encoding: self.secret_req['payload_content_encoding'] = ( payload_content_encoding) # Set up mocked project self.external_project_id = 'keystone1234' self.project_entity_id = 'tid1234' self.project = models.Project() self.project.id = self.project_entity_id self.project.external_id = self.external_project_id # Set up mocked project repo self.project_repo = mock.MagicMock() self.project_repo.find_by_external_project_id.return_value = ( self.project) self.setup_project_repository_mock(self.project_repo) # Set up mocked secret self.secret = models.Secret() self.secret.id = utils.generate_test_valid_uuid() # Set up mocked secret repo self.secret_repo = mock.MagicMock() self.secret_repo.create_from.return_value = self.secret self.setup_secret_repository_mock(self.secret_repo) # Set up mocked encrypted datum repo self.datum_repo = mock.MagicMock() self.datum_repo.create_from.return_value = None self.setup_encrypted_datum_repository_mock(self.datum_repo) # Set up mocked kek datum self.kek_datum = models.KEKDatum() self.kek_datum.kek_label = "kek_label" self.kek_datum.bind_completed = False self.kek_datum.algorithm = '' self.kek_datum.bit_length = 0 self.kek_datum.mode = '' self.kek_datum.plugin_meta = '' # Set up mocked kek datum repo self.kek_repo = mock.MagicMock() self.kek_repo.find_or_create_kek_datum.return_value = self.kek_datum self.setup_kek_datum_repository_mock(self.kek_repo) # Set up mocked secret meta repo self.setup_secret_meta_repository_mock() # Set up mocked transport key self.transport_key = models.TransportKey('default_plugin_name', 'XXXABCDEF') self.transport_key_id = 'tkey12345' self.tkey_url = hrefs.convert_transport_key_to_href( self.transport_key.id) # Set up mocked transport key self.setup_transport_key_repository_mock()
def _do_create_instance(self): return models.KEKDatum()