def get_key(self, ctxt, key_id, payload_content_type='application/octet-stream'): """Retrieves the specified key. :param ctxt: contains information of the user and the environment for the request (cinder/context.py) :param key_id: the UUID of the key to retrieve :param payload_content_type: The format/type of the secret data :return: SymmetricKey representation of the key :throws Exception: if key retrieval fails """ try: secret_ref = self._create_secret_ref(key_id, barbican_client) secret = self._get_secret(ctxt, secret_ref) secret_data = self._get_secret_data(secret, payload_content_type) if payload_content_type == 'application/octet-stream': # convert decoded string to list of unsigned ints for each byte key_data = array.array('B', base64.b64decode(secret_data)).tolist() else: key_data = secret_data key = keymgr_key.SymmetricKey(secret.algorithm, key_data) return key except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_("Error getting key: %s"), (e))
def test_store_key(self): secret_key = array.array('B', ('0' * 64).decode('hex')).tolist() _key = keymgr_key.SymmetricKey('AES', secret_key) key_id = self.key_mgr.store_key(self.ctxt, _key) actual_key = self.key_mgr.get_key(self.ctxt, key_id) self.assertEqual(_key, actual_key)
def copy_key(self, ctxt, key_id): """Copies (i.e., clones) a key stored by barbican. :param ctxt: contains information of the user and the environment for the request (cinder/context.py) :param key_id: the UUID of the key to copy :return: the UUID of the key copy :throws Exception: if key copying fails """ barbican_client = self._get_barbican_client(ctxt) try: secret_ref = self._create_secret_ref(key_id, barbican_client) secret = self._get_secret(ctxt, secret_ref) con_type = secret.content_types['default'] secret_data = self._get_secret_data(secret, payload_content_type=con_type) key = keymgr_key.SymmetricKey(secret.algorithm, secret_data) copy_uuid = self.store_key(ctxt, key, secret.expiration, secret.name, con_type, 'base64', secret.algorithm, secret.bit_length, secret.mode, True) return copy_uuid except Exception as e: with excutils.save_and_reraise_exception(): LOG.error(_("Error copying key: %s"), (e))
def setUp(self): super(ConfKeyManagerTestCase, self).setUp() self.ctxt = context.RequestContext('fake', 'fake') self.key_id = '00000000-0000-0000-0000-000000000000' encoded = array.array('B', self._hex_key.decode('hex')).tolist() self.key = key.SymmetricKey('AES', encoded)
def test_store_key_plaintext(self): # Create the plaintext key secret_key_text = "This is a test text key." _key = keymgr_key.SymmetricKey('AES', secret_key_text) # Store the Key self.key_mgr.store_key(self.ctxt, _key, payload_content_type='text/plain', payload_content_encoding=None) self.store.assert_called_once_with('Cinder Volume Key', secret_key_text, 'text/plain', None, 'AES', 256, 'CBC', None)
def test_store_key_base64(self): # Create Key to store secret_key = array.array('B', [0x01, 0x02, 0xA0, 0xB3]).tolist() _key = keymgr_key.SymmetricKey('AES', secret_key) # Define the return value self.store.return_value = self.secret_ref # Store the Key returned_uuid = self.key_mgr.store_key(self.ctxt, _key, bit_length=32) self.store.assert_called_once_with('Cinder Volume Key', 'AQKgsw==', 'application/octet-stream', 'base64', 'AES', 32, 'CBC', None) self.assertEqual(returned_uuid, self.key_id)
def create_key(self, ctxt, **kwargs): """Creates a key. This implementation returns a UUID for the created key. A NotAuthorized exception is raised if the specified context is None. """ if ctxt is None: raise exception.NotAuthorized() # generate the key key_length = kwargs.get('key_length', 256) # hex digit => 4 bits hex_string = utils.generate_password(length=key_length / 4, symbolgroups='0123456789ABCDEF') _bytes = array.array('B', hex_string.decode('hex')).tolist() _key = key.SymmetricKey('AES', _bytes) return self.store_key(ctxt, _key)
def _generate_key(self, **kwargs): _hex = self._generate_hex_key(**kwargs) return key.SymmetricKey('AES', array.array('B', _hex.decode('hex')).tolist())
def test_store_key_invalid(self): encoded = self.key.get_encoded() inverse_key = key.SymmetricKey('AES', [~b for b in encoded]) self.assertRaises(exception.KeyManagerError, self.key_mgr.store_key, self.ctxt, inverse_key)
def _create_key(self): return key.SymmetricKey(self.algorithm, self.encoded)
def _generate_key(self, **kwargs): _hex = self._generate_hex_key(**kwargs) key_bytes = array.array('B', binascii.unhexlify(_hex)).tolist() return key.SymmetricKey('AES', key_bytes)