def register(self, object_type, template_attribute, secret, credential=None): object_type = attr.ObjectType(object_type) return self._register(object_type=object_type, template_attribute=template_attribute, secret=secret, credential=credential)
def test_get_attributes(self): """ Test that a secret's attributes can be retrieved with proper input. """ result = results.GetAttributesResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid='aaaaaaaa-1111-2222-3333-ffffffffffff', attributes=[ obj.Attribute( attribute_name=obj.Attribute.AttributeName('Name'), attribute_index=obj.Attribute.AttributeIndex(0), attribute_value=attr.Name( name_value=attr.Name.NameValue('Test Name'), name_type=attr.Name.NameType( enums.NameType.UNINTERPRETED_TEXT_STRING))), obj.Attribute( attribute_name=obj.Attribute.AttributeName('Object Type'), attribute_value=attr.ObjectType( enums.ObjectType.SYMMETRIC_KEY)) ]) with ProxyKmipClient() as client: client.proxy.get_attributes.return_value = result result = client.get_attributes( 'aaaaaaaa-1111-2222-3333-ffffffffffff', ['Name', 'Object Type']) client.proxy.get_attributes.assert_called_with( 'aaaaaaaa-1111-2222-3333-ffffffffffff', ['Name', 'Object Type']) self.assertIsInstance(result[0], six.string_types) self.assertIsInstance(result[1], list) for r in result[1]: self.assertIsInstance(r, obj.Attribute)
def read(self, istream): super(CreateRequestPayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.object_type = attributes.ObjectType() self.template_attribute = TemplateAttribute() self.object_type.read(tstream) self.template_attribute.read(tstream) self.is_oversized(tstream) self.validate()
def test_get_secret_symmetric_return_value_invalid_key_value_type(self): sample_secret = self.sample_secret sample_secret.key_block.key_value.key_value = 'invalid_key_value_type' self.secret_store.client.get = mock.create_autospec( proxy.KMIPProxy.get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=sample_secret)) metadata = {kss.KMIPSecretStore.KEY_UUID: 'uuid'} self.assertRaises(secret_store.SecretGeneralException, self.secret_store.get_secret, metadata)
def setUp(self): super(WhenTestingKMIPSecretStore, self).setUp() self.kmipclient_mock = mock.MagicMock(name="KMIP client mock") CONF = cfg.CONF CONF.kmip_plugin.keyfile = None self.credential = None self.secret_store = kss.KMIPSecretStore(CONF) self.secret_store.client = self.kmipclient_mock self.secret_store.credential = self.credential self.sample_secret_features = { 'key_format_type': enums.KeyFormatType.RAW, 'key_value': { 'bytes': bytearray(b'\x00\x00\x00') }, 'cryptographic_algorithm': enums.CryptographicAlgorithm.AES, 'cryptographic_length': 128 } self.sample_secret = secrets.SecretFactory().create_secret( enums.ObjectType.SYMMETRIC_KEY, self.sample_secret_features) self.secret_store.client.create = mock.create_autospec( proxy.KMIPProxy.create, return_value=results.CreateResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.register = mock.create_autospec( proxy.KMIPProxy.register, return_value=results.RegisterResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.destroy = mock.create_autospec( proxy.KMIPProxy.destroy, return_value=results.DestroyResult( contents.ResultStatus(enums.ResultStatus.SUCCESS))) self.secret_store.client.get = mock.create_autospec( proxy.KMIPProxy.get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=self.sample_secret)) self.attribute_factory = attributes.AttributeFactory()
def read(self, istream): super(GetResponsePayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.object_type = attributes.ObjectType() self.unique_identifier = attributes.UniqueIdentifier() self.object_type.read(tstream) self.unique_identifier.read(tstream) secret_type = self.object_type.value self.secret = self.secret_factory.create(secret_type) self.secret.read(tstream) self.is_oversized(tstream) self.validate()
def test_get_secret(self, kmip_secret, secret_type, kmip_type, key_format_type, expected_secret, pkcs1_only): self.secret_store.pkcs1_only = pkcs1_only self.secret_store.client.proxy.get = mock.MagicMock( proxy.KMIPProxy().get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(kmip_type), secret=kmip_secret)) uuid = utils.generate_test_uuid(0) metadata = {kss.KMIPSecretStore.KEY_UUID: uuid} secret_dto = self.secret_store.get_secret(secret_type, metadata) self.secret_store.client.proxy.get.assert_called_once_with(uuid) self.assertEqual(secret_store.SecretDTO, type(secret_dto)) self.assertEqual(secret_type, secret_dto.type) self.assertEqual(expected_secret, secret_dto.secret)
def read(self, istream): super(CreateResponsePayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.object_type = attributes.ObjectType() self.unique_identifier = attributes.UniqueIdentifier() self.object_type.read(tstream) self.unique_identifier.read(tstream) if self.is_tag_next(Tags.TEMPLATE_ATTRIBUTE, tstream): self.template_attribute = TemplateAttribute() self.template_attribute.read(tstream) self.is_oversized(tstream) self.validate()
def test_get_secret_symmetric_return_value_key_value_string(self): sample_secret = self.sample_secret sample_secret.key_block.key_value.key_value = (objects.KeyValueString( value=bytearray(b'\x00\x00\x00'))) self.secret_store.client.get = mock.create_autospec( proxy.KMIPProxy.get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=sample_secret)) metadata = {kss.KMIPSecretStore.KEY_UUID: 'uuid'} return_value = self.secret_store.get_secret(metadata) self.assertEqual(secret_store.SecretDTO, type(return_value)) self.assertEqual(secret_store.SecretType.SYMMETRIC, return_value.type) self.assertEqual(return_value.secret, "AAAA")
def read(self, istream): super(RegisterRequestPayload, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.object_type = attributes.ObjectType() self.template_attribute = TemplateAttribute() self.object_type.read(tstream) self.template_attribute.read(tstream) secret_type = self.object_type.value secret = self.secret_factory.create(secret_type) if self.is_tag_next(secret.tag, tstream): self.secret = secret self.secret.read(tstream) self.is_oversized(tstream) self.validate()
def create_attribute_value(self, name, value): # Switch on the name of the attribute if name is enums.AttributeType.UNIQUE_IDENTIFIER: return attributes.UniqueIdentifier(value) elif name is enums.AttributeType.NAME: return self._create_name(value) elif name is enums.AttributeType.OBJECT_TYPE: return attributes.ObjectType(value) elif name is enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM: return attributes.CryptographicAlgorithm(value) elif name is enums.AttributeType.CRYPTOGRAPHIC_LENGTH: return self._create_cryptographic_length(value) elif name is enums.AttributeType.CRYPTOGRAPHIC_PARAMETERS: return self._create_cryptographic_parameters(value) elif name is enums.AttributeType.CRYPTOGRAPHIC_DOMAIN_PARAMETERS: raise NotImplementedError() elif name is enums.AttributeType.CERTIFICATE_TYPE: raise NotImplementedError() elif name is enums.AttributeType.CERTIFICATE_LENGTH: return primitives.Integer(value, enums.Tags.CERTIFICATE_LENGTH) elif name is enums.AttributeType.X_509_CERTIFICATE_IDENTIFIER: raise NotImplementedError() elif name is enums.AttributeType.X_509_CERTIFICATE_SUBJECT: raise NotImplementedError() elif name is enums.AttributeType.X_509_CERTIFICATE_ISSUER: raise NotImplementedError() elif name is enums.AttributeType.CERTIFICATE_IDENTIFIER: raise NotImplementedError() elif name is enums.AttributeType.CERTIFICATE_SUBJECT: raise NotImplementedError() elif name is enums.AttributeType.CERTIFICATE_ISSUER: raise NotImplementedError() elif name is enums.AttributeType.DIGITAL_SIGNATURE_ALGORITHM: raise NotImplementedError() elif name is enums.AttributeType.DIGEST: return attributes.Digest() elif name is enums.AttributeType.OPERATION_POLICY_NAME: return attributes.OperationPolicyName(value) elif name is enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK: return self._create_cryptographic_usage_mask(value) elif name is enums.AttributeType.LEASE_TIME: return primitives.Interval(value, enums.Tags.LEASE_TIME) elif name is enums.AttributeType.USAGE_LIMITS: raise NotImplementedError() elif name is enums.AttributeType.STATE: return attributes.State(value) elif name is enums.AttributeType.INITIAL_DATE: return primitives.DateTime(value, enums.Tags.INITIAL_DATE) elif name is enums.AttributeType.ACTIVATION_DATE: return primitives.DateTime(value, enums.Tags.ACTIVATION_DATE) elif name is enums.AttributeType.PROCESS_START_DATE: return primitives.DateTime(value, enums.Tags.PROCESS_START_DATE) elif name is enums.AttributeType.PROTECT_STOP_DATE: return primitives.DateTime(value, enums.Tags.PROTECT_STOP_DATE) elif name is enums.AttributeType.DEACTIVATION_DATE: return primitives.DateTime(value, enums.Tags.DEACTIVATION_DATE) elif name is enums.AttributeType.DESTROY_DATE: return primitives.DateTime(value, enums.Tags.DESTROY_DATE) elif name is enums.AttributeType.COMPROMISE_OCCURRENCE_DATE: return primitives.DateTime(value, enums.Tags.COMPROMISE_OCCURRENCE_DATE) elif name is enums.AttributeType.COMPROMISE_DATE: return primitives.DateTime(value, enums.Tags.COMPROMISE_DATE) elif name is enums.AttributeType.REVOCATION_REASON: raise NotImplementedError() elif name is enums.AttributeType.ARCHIVE_DATE: return primitives.DateTime(value, enums.Tags.ARCHIVE_DATE) elif name is enums.AttributeType.OBJECT_GROUP: return self._create_object_group(value) elif name is enums.AttributeType.FRESH: return primitives.Boolean(value, enums.Tags.FRESH) elif name is enums.AttributeType.LINK: raise NotImplementedError() elif name is enums.AttributeType.APPLICATION_SPECIFIC_INFORMATION: return self._create_application_specific_information(value) elif name is enums.AttributeType.CONTACT_INFORMATION: return self._create_contact_information(value) elif name is enums.AttributeType.LAST_CHANGE_DATE: return primitives.DateTime(value, enums.Tags.LAST_CHANGE_DATE) elif name is enums.AttributeType.CUSTOM_ATTRIBUTE: return attributes.CustomAttribute(value) else: if not isinstance(name, str): raise ValueError('Unrecognized attribute type: ' '{0}'.format(name)) elif name.startswith('x-'): # Custom attribute indicated return attributes.CustomAttribute(value)
def create(self, object_type, template_attribute, credential=None): object_type = attr.ObjectType(object_type) return self._create(object_type=object_type, template_attribute=template_attribute, credential=credential)
def setUp(self): super(WhenTestingKMIPSecretStore, self).setUp() self.expected_username = "******" self.expected_password = "******" CONF = kss.CONF CONF.kmip_plugin.username = self.expected_username CONF.kmip_plugin.password = self.expected_password CONF.kmip_plugin.keyfile = None CONF.kmip_plugin.pkcs1_only = False self.secret_store = kss.KMIPSecretStore(CONF) self.credential = self.secret_store.credential self.symmetric_type = secret_store.SecretType.SYMMETRIC self.sample_secret_features = { 'key_format_type': enums.KeyFormatType.RAW, 'key_value': { 'bytes': bytearray(b'\x00\x00\x00') }, 'cryptographic_algorithm': enums.CryptographicAlgorithm.AES, 'cryptographic_length': 128 } self.symmetric_key_uuid = 'dde870ad-cea3-41a3-9bb9-e8ab579a2f91' self.public_key_uuid = 'cb908abb-d363-4d9f-8ef2-5e84d27dd25c' self.private_key_uuid = '2d4c0544-4ec6-45b7-81cd-b23c75744eac' self.sample_secret = get_sample_symmetric_key() self.secret_store.client.proxy.open = mock.MagicMock( proxy.KMIPProxy().open) self.secret_store.client.proxy.close = mock.MagicMock( proxy.KMIPProxy().close) self.secret_store.client.proxy.create = mock.MagicMock( proxy.KMIPProxy().create, return_value=results.CreateResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier( self.symmetric_key_uuid))) self.secret_store.client.proxy.create_key_pair = mock.MagicMock( proxy.KMIPProxy().create_key_pair, return_value=results.CreateKeyPairResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), private_key_uuid=attr.UniqueIdentifier(self.private_key_uuid), public_key_uuid=attr.UniqueIdentifier(self.public_key_uuid))) self.secret_store.client.proxy.register = mock.MagicMock( proxy.KMIPProxy().register, return_value=results.RegisterResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), uuid=attr.UniqueIdentifier('uuid'))) self.secret_store.client.proxy.destroy = mock.MagicMock( proxy.KMIPProxy().destroy, return_value=results.DestroyResult( contents.ResultStatus(enums.ResultStatus.SUCCESS))) self.secret_store.client.proxy.get = mock.MagicMock( proxy.KMIPProxy().get, return_value=results.GetResult( contents.ResultStatus(enums.ResultStatus.SUCCESS), object_type=attr.ObjectType(enums.ObjectType.SYMMETRIC_KEY), secret=self.sample_secret)) self.attribute_factory = attributes.AttributeFactory()
def _process_get(self, payload): self._logger.info("Processing operation: Get") unique_identifier = self._id_placeholder if payload.unique_identifier: unique_identifier = payload.unique_identifier.value key_format_type = None if payload.key_format_type: key_format_type = payload.key_format_type.value if payload.key_compression_type: raise exceptions.KeyCompressionTypeNotSupported( "Key compression is not supported.") if payload.key_wrapping_specification: raise exceptions.PermissionDenied("Key wrapping is not supported.") # TODO (peterhamilton) Process key wrapping information # 1. Error check wrapping keys for accessibility and usability object_type = self._get_object_type(unique_identifier) managed_object = self._data_session.query(object_type).filter( object_type.unique_identifier == unique_identifier).one() # Determine if the request should be carried out under the object's # operation policy. If not, feign ignorance of the object. is_allowed = self._is_allowed_by_operation_policy( managed_object.operation_policy_name, self._client_identity, managed_object._owner, managed_object._object_type, enums.Operation.GET) if not is_allowed: raise exceptions.ItemNotFound( "Could not locate object: {0}".format(unique_identifier)) if key_format_type: if not hasattr(managed_object, 'key_format_type'): raise exceptions.KeyFormatTypeNotSupported( "Key format is not applicable to the specified object.") # TODO (peterhamilton) Convert key to desired format if possible if key_format_type != managed_object.key_format_type: raise exceptions.KeyFormatTypeNotSupported( "Key format conversion from {0} to {1} is " "unsupported.".format(managed_object.key_format_type.name, key_format_type.name)) object_type = managed_object.object_type.name self._logger.info("Getting a {0} with ID: {1}".format( ''.join([x.capitalize() for x in object_type.split('_')]), managed_object.unique_identifier)) core_secret = self._build_core_object(managed_object) response_payload = get.GetResponsePayload( object_type=attributes.ObjectType(managed_object._object_type), unique_identifier=attributes.UniqueIdentifier(unique_identifier), secret=core_secret) return response_payload