def __init__(self, conf=CONF): """Initializes KMIPSecretStore Creates a dictionary of mappings between SecretStore enum values and pyKMIP enum values. Initializes the KMIP client with credentials needed to connect to the KMIP server. """ super(KMIPSecretStore, self).__init__() self.valid_alg_dict = { ss.KeyAlgorithm.AES: { KMIPSecretStore.VALID_BIT_LENGTHS: [128, 192, 256], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.AES}, ss.KeyAlgorithm.DES: { KMIPSecretStore.VALID_BIT_LENGTHS: [56], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.DES}, ss.KeyAlgorithm.DESEDE: { KMIPSecretStore.VALID_BIT_LENGTHS: [56, 64, 112, 128, 168, 192], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.TRIPLE_DES} } if conf.kmip_plugin.keyfile is not None: self._validate_keyfile_permissions(conf.kmip_plugin.keyfile) credential_type = credentials.CredentialType.USERNAME_AND_PASSWORD credential_value = {'Username': conf.kmip_plugin.username, 'Password': conf.kmip_plugin.password} self.credential = credentials.CredentialFactory().create_credential( credential_type, credential_value) self.client = kmip_client.KMIPProxy( host=conf.kmip_plugin.host, port=int(conf.kmip_plugin.port), ssl_version=conf.kmip_plugin.ssl_version, ca_certs=conf.kmip_plugin.ca_certs, certfile=conf.kmip_plugin.certfile, keyfile=conf.kmip_plugin.keyfile, username=conf.kmip_plugin.username, password=conf.kmip_plugin.password)
def __init__(self, conf=CONF): """Initializes KMIPSecretStore Creates a dictionary of mappings between SecretStore enum values and pyKMIP enum values. Initializes the KMIP client with credentials needed to connect to the KMIP server. """ super(KMIPSecretStore, self).__init__() self.valid_alg_dict = { ss.KeyAlgorithm.AES: { KMIPSecretStore.VALID_BIT_LENGTHS: [128, 192, 256], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.AES }, ss.KeyAlgorithm.DES: { KMIPSecretStore.VALID_BIT_LENGTHS: [56], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.DES }, ss.KeyAlgorithm.DESEDE: { KMIPSecretStore.VALID_BIT_LENGTHS: [56, 64, 112, 128, 168, 192], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.TRIPLE_DES }, ss.KeyAlgorithm.DSA: { KMIPSecretStore.VALID_BIT_LENGTHS: [1024, 2048, 3072], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.DSA }, ss.KeyAlgorithm.HMACSHA1: { KMIPSecretStore.VALID_BIT_LENGTHS: [], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.HMAC_SHA1 }, ss.KeyAlgorithm.HMACSHA256: { KMIPSecretStore.VALID_BIT_LENGTHS: [], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.HMAC_SHA256 }, ss.KeyAlgorithm.HMACSHA384: { KMIPSecretStore.VALID_BIT_LENGTHS: [], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.HMAC_SHA384 }, ss.KeyAlgorithm.HMACSHA512: { KMIPSecretStore.VALID_BIT_LENGTHS: [], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.HMAC_SHA512 }, ss.KeyAlgorithm.RSA: { KMIPSecretStore.VALID_BIT_LENGTHS: [1024, 2048, 3072, 4096], KMIPSecretStore.KMIP_ALGORITHM_ENUM: enums.CryptographicAlgorithm.RSA }, } self.pkcs1_only = conf.kmip_plugin.pkcs1_only if self.pkcs1_only: LOG.debug("KMIP secret store only supports PKCS#1") del self.valid_alg_dict[ss.KeyAlgorithm.DSA] self.kmip_barbican_alg_map = { enums.CryptographicAlgorithm.AES: ss.KeyAlgorithm.AES, enums.CryptographicAlgorithm.DES: ss.KeyAlgorithm.DES, enums.CryptographicAlgorithm.TRIPLE_DES: ss.KeyAlgorithm.DESEDE, enums.CryptographicAlgorithm.DSA: ss.KeyAlgorithm.DSA, enums.CryptographicAlgorithm.HMAC_SHA1: ss.KeyAlgorithm.HMACSHA1, enums.CryptographicAlgorithm.HMAC_SHA256: ss.KeyAlgorithm.HMACSHA256, enums.CryptographicAlgorithm.HMAC_SHA384: ss.KeyAlgorithm.HMACSHA384, enums.CryptographicAlgorithm.HMAC_SHA512: ss.KeyAlgorithm.HMACSHA512, enums.CryptographicAlgorithm.RSA: ss.KeyAlgorithm.RSA } if conf.kmip_plugin.keyfile is not None: self._validate_keyfile_permissions(conf.kmip_plugin.keyfile) if (conf.kmip_plugin.username is None) and (conf.kmip_plugin.password is None): self.credential = None else: credential_type = credentials.CredentialType.USERNAME_AND_PASSWORD credential_value = { 'Username': conf.kmip_plugin.username, 'Password': conf.kmip_plugin.password } self.credential = ( credentials.CredentialFactory().create_credential( credential_type, credential_value)) config = conf.kmip_plugin self.client = client.ProxyKmipClient(hostname=config.host, port=config.port, cert=config.certfile, key=config.keyfile, ca=config.ca_certs, ssl_version=config.ssl_version, username=config.username, password=config.password)