def destroy(self, uid): """ Destroy a managed object stored by a KMIP appliance. Args: uid (string): The unique ID of the managed object to destroy. Returns: None Raises: ClientConnectionNotOpen: if the client connection is unusable KmipOperationFailure: if the operation result is a failure TypeError: if the input argument is invalid """ # Check input if not isinstance(uid, six.string_types): raise TypeError("uid must be a string") # Verify that operations can be given at this time if not self._is_open: raise exceptions.ClientConnectionNotOpen() # Destroy the managed object and handle the results result = self.proxy.destroy(uid) status = result.result_status.value if status == enums.ResultStatus.SUCCESS: return else: reason = result.result_reason.value message = result.result_message.value raise exceptions.KmipOperationFailure(status, reason, message)
def get(self, uid): """ Get a managed object from a KMIP appliance. Args: uid (string): The unique ID of the managed object to retrieve. Returns: ManagedObject: The retrieved managed object object. Raises: ClientConnectionNotOpen: if the client connection is unusable KmipOperationFailure: if the operation result is a failure TypeError: if the input argument is invalid """ # Check input if not isinstance(uid, six.string_types): raise TypeError("uid must be a string") # Verify that operations can be given at this time if not self._is_open: raise exceptions.ClientConnectionNotOpen() # Get the managed object and handle the results result = self.proxy.get(uid) status = result.result_status.value if status == enums.ResultStatus.SUCCESS: managed_object = self.object_factory.convert(result.secret) return managed_object else: reason = result.result_reason.value message = result.result_message.value raise exceptions.KmipOperationFailure(status, reason, message)
def get_attribute_list(self, uid=None): """ Get the names of the attributes associated with a managed object. If the uid is not specified, the appliance will use the ID placeholder by default. Args: uid (string): The unique ID of the managed object with which the retrieved attribute names should be associated. Optional, defaults to None. """ # Check input if uid is not None: if not isinstance(uid, six.string_types): raise TypeError("uid must be a string") # Verify that operations can be given at this time if not self._is_open: raise exceptions.ClientConnectionNotOpen() # Get the list of attribute names for a managed object. result = self.proxy.get_attribute_list(uid) status = result.result_status.value if status == enums.ResultStatus.SUCCESS: attribute_names = sorted(result.names) return attribute_names else: reason = result.result_reason.value message = result.result_message.value raise exceptions.KmipOperationFailure(status, reason, message)
def register(self, managed_object): """ Register a managed object with a KMIP appliance. Args: managed_object (ManagedObject): A managed object to register. An instantiatable subclass of ManagedObject from the Pie API. Returns: string: The uid of the newly registered managed object. Raises: ClientConnectionNotOpen: if the client connection is unusable KmipOperationFailure: if the operation result is a failure TypeError: if the input argument is invalid """ # Check input if not isinstance(managed_object, pobjects.ManagedObject): raise TypeError("managed object must be a Pie ManagedObject") # Verify that operations can be given at this time if not self._is_open: raise exceptions.ClientConnectionNotOpen() # Extract and create attributes object_attributes = list() if hasattr(managed_object, 'cryptographic_usage_masks'): if managed_object.cryptographic_usage_masks is not None: mask_attribute = self.attribute_factory.create_attribute( enums.AttributeType.CRYPTOGRAPHIC_USAGE_MASK, managed_object.cryptographic_usage_masks) object_attributes.append(mask_attribute) if hasattr(managed_object, 'operation_policy_name'): if managed_object.operation_policy_name is not None: opn_attribute = self.attribute_factory.create_attribute( enums.AttributeType.OPERATION_POLICY_NAME, managed_object.operation_policy_name) object_attributes.append(opn_attribute) template = cobjects.TemplateAttribute(attributes=object_attributes) object_type = managed_object.object_type # Register the managed object and handle the results secret = self.object_factory.convert(managed_object) result = self.proxy.register(object_type, template, secret) status = result.result_status.value if status == enums.ResultStatus.SUCCESS: uid = result.uuid.value return uid else: reason = result.result_reason.value message = result.result_message.value raise exceptions.KmipOperationFailure(status, reason, message)
def create(self, algorithm, length, operation_policy_name=None, name=None): """ Create a symmetric key on a KMIP appliance. Args: algorithm (CryptographicAlgorithm): An enumeration defining the algorithm to use to generate the symmetric key. length (int): The length in bits for the symmetric key. operation_policy_name (string): The name of the operation policy to use for the new symmetric key. Optional, defaults to None name (string): The name to give the key. Optional, defaults to None Returns: string: The uid of the newly created symmetric key. Raises: ClientConnectionNotOpen: if the client connection is unusable KmipOperationFailure: if the operation result is a failure TypeError: if the input arguments are invalid """ # Check inputs if not isinstance(algorithm, enums.CryptographicAlgorithm): raise TypeError( "algorithm must be a CryptographicAlgorithm enumeration") elif not isinstance(length, six.integer_types) or length <= 0: raise TypeError("length must be a positive integer") # Verify that operations can be given at this time if not self._is_open: raise exceptions.ClientConnectionNotOpen() # Create the template containing the attributes common_attributes = self._build_common_attributes( operation_policy_name) key_attributes = self._build_key_attributes(algorithm, length) key_attributes.extend(common_attributes) if name: key_attributes.extend(self._build_name_attribute(name)) template = cobjects.TemplateAttribute(attributes=key_attributes) # Create the symmetric key and handle the results result = self.proxy.create(enums.ObjectType.SYMMETRIC_KEY, template) status = result.result_status.value if status == enums.ResultStatus.SUCCESS: uid = result.uuid.value return uid else: reason = result.result_reason.value message = result.result_message.value raise exceptions.KmipOperationFailure(status, reason, message)
def mac(self, data, uid=None, algorithm=None): """ Get the message authentication code for data. Args: data (string): The data to be MACed. uid (string): The unique ID of the managed object that is the key to use for the MAC operation. algorithm (CryptographicAlgorithm): An enumeration defining the algorithm to use to generate the MAC. Returns: string: The unique ID of the managed object that is the key to use for the MAC operation. string: The data MACed Raises: ClientConnectionNotOpen: if the client connection is unusable KmipOperationFailure: if the operation result is a failure TypeError: if the input arguments are invalid """ # Check inputs if not isinstance(data, six.binary_type): raise TypeError("data must be bytes") if uid is not None: if not isinstance(uid, six.string_types): raise TypeError("uid must be a string") if algorithm is not None: if not isinstance(algorithm, enums.CryptographicAlgorithm): raise TypeError( "algorithm must be a CryptographicAlgorithm enumeration") # Verify that operations can be given at this time if not self._is_open: raise exceptions.ClientConnectionNotOpen() parameters_attribute = CryptographicParameters( cryptographic_algorithm=CryptographicAlgorithm(algorithm)) # Get the message authentication code and handle the results result = self.proxy.mac(data, uid, parameters_attribute) status = result.result_status.value if status == enums.ResultStatus.SUCCESS: uid = result.uuid.value mac_data = result.mac_data.value return uid, mac_data else: reason = result.result_reason.value message = result.result_message.value raise exceptions.KmipOperationFailure(status, reason, message)
def close(self): """ Close the client connection. Raises: ClientConnectionNotOpen: if the client connection is not open Exception: if an error occurs while trying to close the connection """ if not self._is_open: raise exceptions.ClientConnectionNotOpen() else: try: self.proxy.close() self._is_open = False except Exception as e: self.logger.exception("could not close client connection", e) raise e
def create_key_pair(self, algorithm, length): """ Create an asymmetric key pair on a KMIP appliance. Args: algorithm (CryptographicAlgorithm): An enumeration defining the algorithm to use to generate the key pair. length (int): The length in bits for the key pair. Returns: string: The uid of the newly created public key. string: The uid of the newly created private key. Raises: ClientConnectionNotOpen: if the client connection is unusable KmipOperationFailure: if the operation result is a failure TypeError: if the input arguments are invalid """ # Check inputs if not isinstance(algorithm, enums.CryptographicAlgorithm): raise TypeError( "algorithm must be a CryptographicAlgorithm enumeration") elif not isinstance(length, six.integer_types) or length <= 0: raise TypeError("length must be a positive integer") # Verify that operations can be given at this time if not self._is_open: raise exceptions.ClientConnectionNotOpen() # Create the template containing the attributes attributes = self._build_key_attributes(algorithm, length) template = cobjects.CommonTemplateAttribute(attributes=attributes) # Create the asymmetric key pair and handle the results result = self.proxy.create_key_pair(common_template_attribute=template) status = result.result_status.value if status == enums.ResultStatus.SUCCESS: public_uid = result.public_key_uuid.value private_uid = result.private_key_uuid.value return public_uid, private_uid else: reason = result.result_reason.value message = result.result_message.value raise exceptions.KmipOperationFailure(status, reason, message)
def revoke(self, revocation_reason, uid=None, revocation_message=None, compromise_occurrence_date=None): """ Revoke a managed object stored by a KMIP appliance. Args: revocation_reason (RevocationReasonCode): An enumeration indicating the revocation reason. uid (string): The unique ID of the managed object to revoke. Optional, defaults to None. revocation_message (string): A message regarding the revocation. Optional, defaults to None. compromise_occurrence_date (int): An integer, the number of seconds since the epoch, which will be converted to the Datetime when the managed object was first believed to be compromised. Optional, defaults to None. Returns: None Raises: ClientConnectionNotOpen: if the client connection is unusable KmipOperationFailure: if the operation result is a failure TypeError: if the input argument is invalid """ # Check input if not isinstance(revocation_reason, enums.RevocationReasonCode): raise TypeError( "revocation_reason must be a RevocationReasonCode enumeration") if uid is not None: if not isinstance(uid, six.string_types): raise TypeError("uid must be a string") if revocation_message is not None: if not isinstance(revocation_message, six.string_types): raise TypeError("revocation_message must be a string") if compromise_occurrence_date is not None: if not isinstance(compromise_occurrence_date, six.integer_types): raise TypeError( "compromise_occurrence_date must be an integer") compromise_occurrence_date = primitives.DateTime( compromise_occurrence_date, enums.Tags.COMPROMISE_OCCURRENCE_DATE) # Verify that operations can be given at this time if not self._is_open: raise exceptions.ClientConnectionNotOpen() # revoke the managed object and handle the results result = self.proxy.revoke(revocation_reason, uid, revocation_message, compromise_occurrence_date) status = result.result_status.value if status == enums.ResultStatus.SUCCESS: return else: reason = result.result_reason.value message = result.result_message.value raise exceptions.KmipOperationFailure(status, reason, message)
def locate(self, maximum_items=None, storage_status_mask=None, object_group_member=None, attributes=None): """ Search for managed objects, depending on the attributes specified in the request. Args: maximum_items (integer): Maximum number of object identifiers the server MAY return. storage_status_mask (integer): A bit mask that indicates whether on-line or archived objects are to be searched. object_group_member (ObjectGroupMember): An enumeration that indicates the object group member type. attributes (list): Attributes the are REQUIRED to match those in a candidate object. Returns: list: The Unique Identifiers of the located objects Raises: ClientConnectionNotOpen: if the client connection is unusable KmipOperationFailure: if the operation result is a failure TypeError: if the input arguments are invalid """ # Check inputs if maximum_items is not None: if not isinstance(maximum_items, six.integer_types): raise TypeError("maximum_items must be an integer") if storage_status_mask is not None: if not isinstance(storage_status_mask, six.integer_types): raise TypeError("storage_status_mask must be an integer") if object_group_member is not None: if not isinstance(object_group_member, enums.ObjectGroupMember): raise TypeError( "object_group_member must be a ObjectGroupMember" "enumeration") if attributes is not None: if not isinstance(attributes, list) or \ all(isinstance(item, cobjects.Attribute) for item in attributes) is False: raise TypeError("attributes must be a list of attributes") # Verify that operations can be given at this time if not self._is_open: raise exceptions.ClientConnectionNotOpen() # Search for managed objects and handle the results result = self.proxy.locate(maximum_items, storage_status_mask, object_group_member, attributes) status = result.result_status.value if status == enums.ResultStatus.SUCCESS: uids = [uuid.value for uuid in result.uuids] return uids else: reason = result.result_reason.value message = result.result_message.value raise exceptions.KmipOperationFailure(status, reason, message)