def setUp(self):
super(TestRekeyKeyPairResponsePayload, self).setUp()
self.uuid = '00000000-0000-0000-0000-000000000000'
self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier(
self.uuid)
self.public_key_uuid = attributes.PublicKeyUniqueIdentifier(self.uuid)
self.empty_private_key_uuid = attributes.PrivateKeyUniqueIdentifier('')
self.empty_public_key_uuid = attributes.PublicKeyUniqueIdentifier('')
self.private_key_template_attribute = \
objects.PrivateKeyTemplateAttribute()
self.public_key_template_attribute = \
objects.PublicKeyTemplateAttribute()
self.encoding_empty = utils.BytearrayStream((
b'\x42\x00\x7C\x01\x00\x00\x00\x10\x42\x00\x66\x07\x00\x00\x00\x00'
b'\x42\x00\x6F\x07\x00\x00\x00\x00'))
self.encoding_full = utils.BytearrayStream((
b'\x42\x00\x7C\x01\x00\x00\x00\x70\x42\x00\x66\x07\x00\x00\x00\x24'
b'\x30\x30\x30\x30\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30'
b'\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x30\x30\x30\x30'
b'\x30\x30\x30\x30\x00\x00\x00\x00\x42\x00\x6F\x07\x00\x00\x00\x24'
b'\x30\x30\x30\x30\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30'
b'\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x30\x30\x30\x30'
b'\x30\x30\x30\x30\x00\x00\x00\x00\x42\x00\x65\x01\x00\x00\x00\x00'
b'\x42\x00\x6E\x01\x00\x00\x00\x00'))
def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0):
super(RekeyKeyPairRequestPayload, self).read(istream,
kmip_version=kmip_version)
tstream = BytearrayStream(istream.read(self.length))
if self.is_tag_next(enums.Tags.PRIVATE_KEY_UNIQUE_IDENTIFIER, tstream):
self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier()
self.private_key_uuid.read(tstream, kmip_version=kmip_version)
if self.is_tag_next(enums.Tags.OFFSET, tstream):
self.offset = misc.Offset()
self.offset.read(tstream, kmip_version=kmip_version)
if self.is_tag_next(enums.Tags.COMMON_TEMPLATE_ATTRIBUTE, tstream):
self.common_template_attribute = objects.CommonTemplateAttribute()
self.common_template_attribute.read(tstream,
kmip_version=kmip_version)
if self.is_tag_next(enums.Tags.PRIVATE_KEY_TEMPLATE_ATTRIBUTE,
tstream):
self.private_key_template_attribute = \
objects.PrivateKeyTemplateAttribute()
self.private_key_template_attribute.read(tstream,
kmip_version=kmip_version)
if self.is_tag_next(enums.Tags.PUBLIC_KEY_TEMPLATE_ATTRIBUTE, tstream):
self.public_key_template_attribute = \
objects.PublicKeyTemplateAttribute()
self.public_key_template_attribute.read(tstream,
kmip_version=kmip_version)
self.is_oversized(tstream)
self.validate()
def test_create_key_pair_with_key_names(self):
"""
Test that an asymmetric key pair can be created with proper inputs,
specifically testing that the private / public names are correctly
sent with the request
"""
# Create the template to test the create key pair call
algorithm = enums.CryptographicAlgorithm.RSA
length = 2048
algorithm_attribute = self.attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm)
length_attribute = self.attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length)
mask_attribute = self.attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [
enums.CryptographicUsageMask.ENCRYPT,
enums.CryptographicUsageMask.DECRYPT
])
private_name_attribute = self.attribute_factory.create_attribute(
enums.AttributeType.NAME, "private")
public_name_attribute = self.attribute_factory.create_attribute(
enums.AttributeType.NAME, "public")
pair_attributes = [
algorithm_attribute, length_attribute, mask_attribute
]
template = obj.CommonTemplateAttribute(attributes=pair_attributes)
private_template = obj.PrivateKeyTemplateAttribute(
names=[private_name_attribute])
public_template = obj.PublicKeyTemplateAttribute(
names=[public_name_attribute])
status = enums.ResultStatus.SUCCESS
result = results.CreateKeyPairResult(
contents.ResultStatus(status),
public_key_uuid=attr.PublicKeyUniqueIdentifier(
'aaaaaaaa-1111-2222-3333-ffffffffffff'),
private_key_uuid=attr.PrivateKeyUniqueIdentifier(
'ffffffff-3333-2222-1111-aaaaaaaaaaaa'))
with ProxyKmipClient() as client:
client.proxy.create_key_pair.return_value = result
public_uid, private_uid = client.create_key_pair(
enums.CryptographicAlgorithm.RSA,
2048,
public_name="public",
private_name="private")
kwargs = {
'common_template_attribute': template,
'private_key_template_attribute': private_template,
'public_key_template_attribute': public_template
}
client.proxy.create_key_pair.assert_called_with(**kwargs)
def test_create_key_pair(self):
"""
Test that an asymmetric key pair can be created with proper inputs
and that the UIDs of the public and private keys are returned
properly.
"""
# Create the template to test the create key pair call
algorithm = enums.CryptographicAlgorithm.RSA
length = 2048
algorithm_attribute = self.attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM, algorithm)
length_attribute = self.attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_LENGTH, length)
mask_attribute = self.attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, [
enums.CryptographicUsageMask.ENCRYPT,
enums.CryptographicUsageMask.DECRYPT
])
attributes = [algorithm_attribute, length_attribute, mask_attribute]
template = obj.CommonTemplateAttribute(attributes=attributes)
status = enums.ResultStatus.SUCCESS
result = results.CreateKeyPairResult(
contents.ResultStatus(status),
public_key_uuid=attr.PublicKeyUniqueIdentifier(
'aaaaaaaa-1111-2222-3333-ffffffffffff'),
private_key_uuid=attr.PrivateKeyUniqueIdentifier(
'ffffffff-3333-2222-1111-aaaaaaaaaaaa'))
with ProxyKmipClient() as client:
client.proxy.create_key_pair.return_value = result
public_uid, private_uid = client.create_key_pair(
enums.CryptographicAlgorithm.RSA, 2048)
kwargs = {
'common_template_attribute': template,
'private_key_template_attribute': None,
'public_key_template_attribute': None
}
client.proxy.create_key_pair.assert_called_with(**kwargs)
self.assertIsInstance(public_uid, six.string_types)
self.assertIsInstance(private_uid, six.string_types)
def setUp(self):
super(TestRekeyKeyPairRequestPayload, self).setUp()
self.uuid = '00000000-0000-0000-0000-000000000000'
self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier(
self.uuid)
self.offset = misc.Offset(0)
self.common_template_attribute = objects.CommonTemplateAttribute()
self.private_key_template_attribute = \
objects.PrivateKeyTemplateAttribute()
self.public_key_template_attribute = \
objects.PublicKeyTemplateAttribute()
self.encoding_empty = utils.BytearrayStream((
b'\x42\x00\x79\x01\x00\x00\x00\x00'))
self.encoding_full = utils.BytearrayStream((
b'\x42\x00\x79\x01\x00\x00\x00\x58\x42\x00\x66\x07\x00\x00\x00\x24'
b'\x30\x30\x30\x30\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30'
b'\x30\x30\x2d\x30\x30\x30\x30\x2d\x30\x30\x30\x30\x30\x30\x30\x30'
b'\x30\x30\x30\x30\x00\x00\x00\x00\x42\x00\x58\x0A\x00\x00\x00\x04'
b'\x00\x00\x00\x00\x00\x00\x00\x00\x42\x00\x1F\x01\x00\x00\x00\x00'
b'\x42\x00\x65\x01\x00\x00\x00\x00\x42\x00\x6E\x01\x00\x00\x00\x00'
))
def __init__(self,
private_key_uuid=None,
public_key_uuid=None,
private_key_template_attribute=None,
public_key_template_attribute=None):
super(CreateKeyPairResponsePayload,
self).__init__(Tags.RESPONSE_PAYLOAD)
# Private and public UUIDs are required so make defaults as backup
if private_key_uuid is None:
self.private_key_uuid = attributes.PrivateKeyUniqueIdentifier('')
else:
self.private_key_uuid = private_key_uuid
if public_key_uuid is None:
self.public_key_uuid = attributes.PublicKeyUniqueIdentifier('')
else:
self.public_key_uuid = public_key_uuid
self.private_key_template_attribute = private_key_template_attribute
self.public_key_template_attribute = public_key_template_attribute
self.validate()
def _process_create_key_pair(self, payload):
self._logger.info("Processing operation: CreateKeyPair")
algorithm = None
length = None
# Process attribute sets
public_key_attributes = {}
private_key_attributes = {}
common_attributes = {}
if payload.public_key_template_attribute:
public_key_attributes = self._process_template_attribute(
payload.public_key_template_attribute)
if payload.private_key_template_attribute:
private_key_attributes = self._process_template_attribute(
payload.private_key_template_attribute)
if payload.common_template_attribute:
common_attributes = self._process_template_attribute(
payload.common_template_attribute)
# Propagate common attributes if not overridden by the public/private
# attribute sets
for key, value in six.iteritems(common_attributes):
if key not in public_key_attributes.keys():
public_key_attributes.update([(key, value)])
if key not in private_key_attributes.keys():
private_key_attributes.update([(key, value)])
# Error check for required attributes.
public_algorithm = public_key_attributes.get('Cryptographic Algorithm')
if public_algorithm:
public_algorithm = public_algorithm.value
else:
raise exceptions.InvalidField(
"The cryptographic algorithm must be specified as an "
"attribute for the public key.")
public_length = public_key_attributes.get('Cryptographic Length')
if public_length:
public_length = public_length.value
else:
# TODO (peterhamilton) The cryptographic length is technically not
# required per the spec. Update the CryptographyEngine to accept a
# None length, allowing it to pick the length dynamically. Default
# to the strongest key size allowed for the algorithm type.
raise exceptions.InvalidField(
"The cryptographic length must be specified as an attribute "
"for the public key.")
public_usage_mask = public_key_attributes.get(
'Cryptographic Usage Mask')
if public_usage_mask is None:
raise exceptions.InvalidField(
"The cryptographic usage mask must be specified as an "
"attribute for the public key.")
private_algorithm = private_key_attributes.get(
'Cryptographic Algorithm')
if private_algorithm:
private_algorithm = private_algorithm.value
else:
raise exceptions.InvalidField(
"The cryptographic algorithm must be specified as an "
"attribute for the private key.")
private_length = private_key_attributes.get('Cryptographic Length')
if private_length:
private_length = private_length.value
else:
# TODO (peterhamilton) The cryptographic length is technically not
# required per the spec. Update the CryptographyEngine to accept a
# None length, allowing it to pick the length dynamically. Default
# to the strongest key size allowed for the algorithm type.
raise exceptions.InvalidField(
"The cryptographic length must be specified as an attribute "
"for the private key.")
private_usage_mask = private_key_attributes.get(
'Cryptographic Usage Mask')
if private_usage_mask is None:
raise exceptions.InvalidField(
"The cryptographic usage mask must be specified as an "
"attribute for the private key.")
if public_algorithm == private_algorithm:
algorithm = public_algorithm
else:
raise exceptions.InvalidField(
"The public and private key algorithms must be the same.")
if public_length == private_length:
length = public_length
else:
raise exceptions.InvalidField(
"The public and private key lengths must be the same.")
public, private = self._cryptography_engine.create_asymmetric_key_pair(
algorithm, length)
public_key = objects.PublicKey(algorithm, length, public.get('value'),
public.get('format'))
private_key = objects.PrivateKey(algorithm, length,
private.get('value'),
private.get('format'))
public_key.names = []
private_key.names = []
self._set_attributes_on_managed_object(public_key,
public_key_attributes)
self._set_attributes_on_managed_object(private_key,
private_key_attributes)
# TODO (peterhamilton) Set additional server-only attributes.
public_key._owner = self._client_identity
private_key._owner = self._client_identity
self._data_session.add(public_key)
self._data_session.add(private_key)
# NOTE (peterhamilton) SQLAlchemy will *not* assign an ID until
# commit is called. This makes future support for UNDO problematic.
self._data_session.commit()
self._logger.info("Created a PublicKey with ID: {0}".format(
public_key.unique_identifier))
self._logger.info("Created a PrivateKey with ID: {0}".format(
private_key.unique_identifier))
response_payload = create_key_pair.CreateKeyPairResponsePayload(
private_key_uuid=attributes.PrivateKeyUniqueIdentifier(
str(private_key.unique_identifier)),
public_key_uuid=attributes.PublicKeyUniqueIdentifier(
str(public_key.unique_identifier)))
self._id_placeholder = str(private_key.unique_identifier)
return response_payload
