def test_ciphers(self): suite = auth.BasicAuthenticationSuite() ciphers = suite.ciphers self.assertIsInstance(ciphers, str) cipher_string = ':'.join(( 'AES128-SHA', 'DES-CBC3-SHA', 'AES256-SHA', 'DHE-DSS-DES-CBC3-SHA', 'DHE-RSA-DES-CBC3-SHA', 'DH-DSS-AES128-SHA', 'DH-RSA-AES128-SHA', 'DHE-DSS-AES128-SHA', 'DHE-RSA-AES128-SHA', 'DH-RSA-AES256-SHA', 'DHE-DSS-AES256-SHA', 'DHE-RSA-AES256-SHA', )) self.assertEqual(cipher_string, ciphers)
def test_protocol(self): suite = auth.BasicAuthenticationSuite() protocol = suite.protocol self.assertIsInstance(protocol, int) self.assertEqual(ssl.PROTOCOL_TLSv1, suite.protocol)
def __init__(self, hostname=None, port=None, certificate_path=None, key_path=None, ca_path=None, auth_suite=None, config_path='/etc/pykmip/server.conf', log_path='/var/log/pykmip/server.log', policy_path=None, enable_tls_client_auth=None, tls_cipher_suites=None, logging_level=None, live_policies=False, database_path=None): """ Create a KmipServer. Settings are loaded initially from the configuration file located at config_path, if specified. All other configuration options listed below, if specified, will override the settings loaded from the configuration file. A rotating file logger will be set up with the base log file located at log_path. The server itself will handle rotating the log files as the logs grow. The server process must have permission to read/write to the specified log directory. The main KmipEngine request processor is created here, along with all information required to manage KMIP client connections and sessions. Args: hostname (string): The host address the server will be bound to (e.g., '127.0.0.1'). Optional, defaults to None. port (int): The port number the server will be bound to (e.g., 5696). Optional, defaults to None. certificate_path (string): The path to the server certificate file (e.g., '/etc/pykmip/certs/server.crt'). Optional, defaults to None. key_path (string): The path to the server certificate key file (e.g., '/etc/pykmip/certs/server.key'). Optional, defaults to None. ca_path (string): The path to the certificate authority (CA) certificate file (e.g., '/etc/pykmip/certs/ca.crt'). Optional, defaults to None. auth_suite (string): A string value indicating the type of authentication suite to use for establishing TLS connections. Accepted values are: 'Basic', 'TLS1.2'. Optional, defaults to None. config_path (string): The path to the server configuration file (e.g., '/etc/pykmip/server.conf'). Optional, defaults to '/etc/pykmip/server.conf'. log_path (string): The path to the base server log file (e.g., '/var/log/pykmip/server.log'). Optional, defaults to '/var/log/pykmip/server.log'. policy_path (string): The path to the filesystem directory containing PyKMIP server operation policy JSON files. Optional, defaults to None. enable_tls_client_auth (boolean): A boolean indicating if the TLS certificate client auth flag should be required for client certificates when establishing a new client session. Optional, defaults to None. tls_cipher_suites (string): A comma-delimited list of cipher suite names (e.g., TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_ 128_CBC_SHA256), indicating which specific cipher suites should be used by the server when establishing a TLS connection with a client. Optional, defaults to None. If None, the default set of TLS cipher suites will be used. logging_level (string): A logging level enumeration defined by the logging package (e.g., DEBUG, INFO). Sets the base logging level for the server. All log messages logged at this level or higher in criticality will be logged. All log messages lower in criticality will not be logged. Optional, defaults to None. live_policies (boolean): A boolean indicating if the operation policy directory should be actively monitored to autoload any policy changes while the server is running. Optional, defaults to False. database_path (string): The path to the server's SQLite database file. Optional, defaults to None. """ self._logger = logging.getLogger('kmip.server') self._setup_logging(log_path) self.config = config.KmipServerConfig() self._setup_configuration(config_path, hostname, port, certificate_path, key_path, ca_path, auth_suite, policy_path, enable_tls_client_auth, tls_cipher_suites, logging_level, database_path) self.live_policies = live_policies self.policies = {} self._logger.setLevel(self.config.settings.get('logging_level')) cipher_suites = self.config.settings.get('tls_cipher_suites') if self.config.settings.get('auth_suite') == 'TLS1.2': self.auth_suite = auth.TLS12AuthenticationSuite(cipher_suites) else: self.auth_suite = auth.BasicAuthenticationSuite(cipher_suites) self._session_id = 1 self._is_serving = False
def test_init(self): auth.BasicAuthenticationSuite()
def __init__(self, hostname=None, port=None, certificate_path=None, key_path=None, ca_path=None, auth_suite=None, config_path='/etc/pykmip/server.conf', log_path='/var/log/pykmip/server.log', policy_path=None): """ Create a KmipServer. Settings are loaded initially from the configuration file located at config_path, if specified. All other configuration options listed below, if specified, will override the settings loaded from the configuration file. A rotating file logger will be set up with the base log file located at log_path. The server itself will handle rotating the log files as the logs grow. The server process must have permission to read/write to the specified log directory. The main KmipEngine request processor is created here, along with all information required to manage KMIP client connections and sessions. Args: hostname (string): The host address the server will be bound to (e.g., '127.0.0.1'). Optional, defaults to None. port (int): The port number the server will be bound to (e.g., 5696). Optional, defaults to None. certificate_path (string): The path to the server certificate file (e.g., '/etc/pykmip/certs/server.crt'). Optional, defaults to None. key_path (string): The path to the server certificate key file (e.g., '/etc/pykmip/certs/server.key'). Optional, defaults to None. ca_path (string): The path to the certificate authority (CA) certificate file (e.g., '/etc/pykmip/certs/ca.crt'). Optional, defaults to None. auth_suite (string): A string value indicating the type of authentication suite to use for establishing TLS connections. Accepted values are: 'Basic', 'TLS1.2'. Optional, defaults to None. config_path (string): The path to the server configuration file (e.g., '/etc/pykmip/server.conf'). Optional, defaults to '/etc/pykmip/server.conf'. log_path (string): The path to the base server log file (e.g., '/var/log/pykmip/server.log'). Optional, defaults to '/var/log/pykmip/server.log'. policy_path (string): The path to the filesystem directory containing PyKMIP server operation policy JSON files. Optional, defaults to None. """ self._logger = logging.getLogger('kmip.server') self._setup_logging(log_path) self.config = config.KmipServerConfig() self._setup_configuration(config_path, hostname, port, certificate_path, key_path, ca_path, auth_suite, policy_path) if self.config.settings.get('auth_suite') == 'TLS1.2': self.auth_suite = auth.TLS12AuthenticationSuite() else: self.auth_suite = auth.BasicAuthenticationSuite() self._engine = engine.KmipEngine( self.config.settings.get('policy_path')) self._session_id = 1 self._is_serving = False