def _get_kmip_secret(self, secret_dto): """Builds a KMIP object from a SecretDTO This is needed for register calls. The Barbican object needs to be converted to KMIP object before it can be stored :param secret_dto: SecretDTO of secret to be stored :returns: KMIP object """ secret_type = secret_dto.type object_type, key_format_type = (self._map_type_ss_to_kmip(secret_type)) normalized_secret = self._normalize_secret(secret_dto.secret, secret_type) kmip_object = None if object_type == enums.ObjectType.CERTIFICATE: kmip_object = Certificate( certificate_type=enums.CertificateTypeEnum.X_509, certificate_value=normalized_secret) elif object_type == enums.ObjectType.OPAQUE_DATA: opaque_type = Opaque.OpaqueDataType(enums.OpaqueDataType.NONE) opaque_value = Opaque.OpaqueDataValue(normalized_secret) kmip_object = Opaque(opaque_type, opaque_value) elif (object_type == enums.ObjectType.SYMMETRIC_KEY or object_type == enums.ObjectType.SECRET_DATA or object_type == enums.ObjectType.PRIVATE_KEY or object_type == enums.ObjectType.PUBLIC_KEY): key_material = KeyMaterial(normalized_secret) key_value = KeyValue(key_material) key_spec = secret_dto.key_spec algorithm = None if key_spec.alg is not None: algorithm_name = self._map_algorithm_ss_to_kmip( key_spec.alg.lower()) algorithm = CryptographicAlgorithm(algorithm_name) bit_length = None if key_spec.bit_length is not None: bit_length = CryptographicLength(key_spec.bit_length) key_block = KeyBlock( key_format_type=misc.KeyFormatType(key_format_type), key_compression_type=None, key_value=key_value, cryptographic_algorithm=algorithm, cryptographic_length=bit_length, key_wrapping_data=None) if object_type == enums.ObjectType.SYMMETRIC_KEY: kmip_object = SymmetricKey(key_block) elif object_type == enums.ObjectType.PRIVATE_KEY: kmip_object = PrivateKey(key_block) elif object_type == enums.ObjectType.PUBLIC_KEY: kmip_object = PublicKey(key_block) elif object_type == enums.ObjectType.SECRET_DATA: kind = SecretData.SecretDataType(enums.SecretDataType.PASSWORD) return SecretData(secret_data_type=kind, key_block=key_block) return kmip_object
def test_store_opaque_secret_assert_called(self): key_spec = secret_store.KeySpec(None, None, None) opaque = ('\x00\x01\x02\x03\x04\x05\x06\x07') secret_dto = secret_store.SecretDTO(secret_store.SecretType.OPAQUE, base64.b64encode(opaque), key_spec, 'content_type', transport_key=None) self.secret_store.store_secret(secret_dto) self.secret_store.client.proxy.register.assert_called_once_with( enums.ObjectType.OPAQUE_DATA, mock.ANY, mock.ANY) proxy = self.secret_store.client.proxy register_call_args, _ = proxy.register.call_args actual_secret = register_call_args[2] self.assertEqual(Opaque.OpaqueDataType(enums.OpaqueDataType.NONE), actual_secret.opaque_data_type) self.assertEqual(Opaque.OpaqueDataValue(opaque), actual_secret.opaque_data_value)
def test_store_opaque_secret_assert_called(self): key_spec = secret_store.KeySpec(None, None, None) opaque = ('\x00\x01\x02\x03\x04\x05\x06\x07') secret_dto = secret_store.SecretDTO(secret_store.SecretType.OPAQUE, base64.b64encode(opaque), key_spec, 'content_type', transport_key=None) self.secret_store.store_secret(secret_dto) self.secret_store.client.register.assert_called_once_with( object_type=enums.ObjectType.OPAQUE_DATA, template_attribute=mock.ANY, secret=mock.ANY, credential=self.credential) _, register_call_kwargs = self.secret_store.client.register.call_args actual_secret = register_call_kwargs.get('secret') self.assertEqual(Opaque.OpaqueDataType(enums.OpaqueDataType.NONE), actual_secret.opaque_data_type) self.assertEqual(Opaque.OpaqueDataValue(opaque), actual_secret.opaque_data_value)
def test_opaque_data_register_get_destroy(self): """ Tests that opaque objects can be properly registered, retrieved, and destroyed """ opaque_obj_type = ObjectType.OPAQUE_DATA opaque_obj_data_type = OpaqueObject.OpaqueDataType(OpaqueDataType.NONE) name = Attribute.AttributeName('Name') opaque_obj_name = 'Integration Test - Register-Get-Destroy Opaque Data' opaque_obj_name_value = Name.NameValue(opaque_obj_name) name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING) opaque_obj_value = Name(name_value=opaque_obj_name_value, name_type=name_type) opaque_obj_name_attr = Attribute(attribute_name=name, attribute_value=opaque_obj_value) opaque_obj_attributes = [opaque_obj_name_attr] opaque_obj_template_attribute = TemplateAttribute( attributes=opaque_obj_attributes) opaque_obj_data = OpaqueObject.OpaqueDataValue(( b'\x30\x82\x03\x12\x30\x82\x01\xFA\xA0\x03\x02\x01\x02\x02\x01\x01' b'\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30' b'\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D' b'\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30' )) opaque_obj = OpaqueObject(opaque_data_type=opaque_obj_data_type, opaque_data_value=opaque_obj_data) opaque_obj_result = self.client.register(opaque_obj_type, opaque_obj_template_attribute, opaque_obj, credential=None) self._check_result_status(opaque_obj_result, ResultStatus, ResultStatus.SUCCESS) self._check_uuid(opaque_obj_result.uuid.value, str) # Check that the returned key bytes match what was provided opaque_obj_uuid = opaque_obj_result.uuid.value opaque_obj_result = self.client.get(uuid=opaque_obj_uuid, credential=None) self._check_result_status(opaque_obj_result, ResultStatus, ResultStatus.SUCCESS) self._check_object_type(opaque_obj_result.object_type.value, ObjectType, ObjectType.OPAQUE_DATA) self._check_uuid(opaque_obj_result.uuid.value, str) # Check the secret type opaque_obj_secret = opaque_obj_result.secret opaque_obj_secret_expected = OpaqueObject self.assertIsInstance(opaque_obj_secret, opaque_obj_secret_expected) opaque_obj_material = opaque_obj_result.secret.opaque_data_value.value expected = opaque_obj_data.value self.assertEqual(expected, opaque_obj_material) self.logger.debug('Destroying opaque object: ' + opaque_obj_name + '\nWith " "UUID: ' + opaque_obj_result.uuid.value) opaque_obj_result = self.client.destroy(opaque_obj_result.uuid.value) self._check_result_status(opaque_obj_result, ResultStatus, ResultStatus.SUCCESS) self._check_uuid(opaque_obj_result.uuid.value, str) # Verify the secret was destroyed opaque_obj_result_destroyed_result = self.client.get( uuid=opaque_obj_uuid, credential=None) self._check_result_status(opaque_obj_result_destroyed_result, ResultStatus, ResultStatus.OPERATION_FAILED) expected = ResultReason opaque_obj_observed = \ type(opaque_obj_result_destroyed_result.result_reason.value) self.assertEqual(expected, opaque_obj_observed)
def _create_opaque_data(self, value): if value: kind = OpaqueObject.OpaqueDataType(value.get("opaque_data_type")) data = OpaqueObject.OpaqueDataValue(value.get("opaque_data_value")) return OpaqueObject(kind, data) return OpaqueObject()
def get_sample_opaque_secret(): opaque_type = Opaque.OpaqueDataType(enums.OpaqueDataType.NONE) opaque_value = Opaque.OpaqueDataValue(base64.b64decode( utils.get_symmetric_key())) return Opaque(opaque_type, opaque_value)