def test_store_opaque_secret_assert_called(self):
key_spec = secret_store.KeySpec(None, None, None)
opaque = base64.b64encode(b'\x00\x01\x02\x03\x04\x05\x06\x07')
secret_dto = secret_store.SecretDTO(secret_store.SecretType.OPAQUE,
opaque,
key_spec,
'content_type',
transport_key=None)
self.secret_store.store_secret(secret_dto)
self.secret_store.client.register.assert_called_once_with(
objects.OpaqueObject(base64.b64decode(opaque),
enums.OpaqueDataType.NONE))
def test_convert_opaque_object_pie_to_core(self):
"""
Test that a Pie opaque object can be converted into a core opaque
object.
"""
pie_obj = pobjects.OpaqueObject(self.opaque_bytes,
enums.OpaqueDataType.NONE)
core_obj = self.factory.convert(pie_obj)
self.assertIsInstance(core_obj, secrets.OpaqueObject)
opaque_type = core_obj.opaque_data_type.value
self.assertEqual(enums.OpaqueDataType.NONE, opaque_type)
value = core_obj.opaque_data_value.value
self.assertEqual(self.opaque_bytes, value)
def _get_kmip_secret(self, secret_dto):
"""Builds a KMIP object from a SecretDTO
This is needed for register calls. The Barbican object needs to be
converted to KMIP object before it can be stored
:param secret_dto: SecretDTO of secret to be stored
:returns: KMIP object
"""
secret_type = secret_dto.type
key_spec = secret_dto.key_spec
object_type, key_format_type = (
self._map_type_ss_to_kmip(secret_type))
normalized_secret = self._normalize_secret(secret_dto.secret,
secret_type)
kmip_object = None
if object_type == enums.ObjectType.CERTIFICATE:
kmip_object = objects.X509Certificate(normalized_secret)
elif object_type == enums.ObjectType.OPAQUE_DATA:
opaque_type = enums.OpaqueDataType.NONE
kmip_object = objects.OpaqueObject(normalized_secret,
opaque_type)
elif object_type == enums.ObjectType.PRIVATE_KEY:
algorithm = self._get_kmip_algorithm(key_spec.alg)
length = key_spec.bit_length
format_type = enums.KeyFormatType.PKCS_8
kmip_object = objects.PrivateKey(
algorithm, length, normalized_secret, format_type)
elif object_type == enums.ObjectType.PUBLIC_KEY:
algorithm = self._get_kmip_algorithm(key_spec.alg)
length = key_spec.bit_length
format_type = enums.KeyFormatType.X_509
kmip_object = objects.PublicKey(
algorithm, length, normalized_secret, format_type)
elif object_type == enums.ObjectType.SYMMETRIC_KEY:
algorithm = self._get_kmip_algorithm(key_spec.alg)
length = key_spec.bit_length
kmip_object = objects.SymmetricKey(algorithm, length,
normalized_secret)
elif object_type == enums.ObjectType.SECRET_DATA:
data_type = enums.SecretDataType.PASSWORD
kmip_object = objects.SecretData(normalized_secret, data_type)
return kmip_object
def test_opaque_object_register_get_destroy(self):
"""
Test that the ProxyKmipClient can register, retrieve, and destroy an
opaque object.
"""
# Object encoding obtained from Section 3.1.5 of the KMIP 1.1 test
# documentation.
obj = objects.OpaqueObject(
b'\x53\x65\x63\x72\x65\x74\x50\x61\x73\x73\x77\x6F\x72\x64',
enums.OpaqueDataType.NONE)
uid = self.client.register(obj)
self.assertIsInstance(uid, six.string_types)
try:
result = self.client.get(uid)
self.assertIsInstance(result, objects.OpaqueObject)
self.assertEqual(result, obj,
"expected {0}\nobserved {1}".format(result, obj))
finally:
self.client.destroy(uid)
self.assertRaises(exceptions.KmipOperationFailure, self.client.get,
uid)
self.assertRaises(exceptions.KmipOperationFailure,
self.client.destroy, uid)
def get_sample_opaque_secret():
return objects.OpaqueObject(base64.b64decode(utils.get_symmetric_key()),
enums.OpaqueDataType.NONE)
def _build_pie_opaque_object(self, obj):
opaque_type = obj.opaque_data_type.value
value = obj.opaque_data_value.value
return pobjects.OpaqueObject(value, opaque_type)
import sys
from kmip.core import enums
from kmip.demos import utils
from kmip.pie import client
from kmip.pie import objects
if __name__ == '__main__':
logger = utils.build_console_logger(logging.INFO)
parser = utils.build_cli_parser()
opts, args = parser.parse_args(sys.argv[1:])
config = opts.config
value = b'\x53\x65\x63\x72\x65\x74\x50\x61\x73\x73\x77\x6F\x72\x64'
opaque_type = enums.OpaqueDataType.NONE
name = 'Demo Opaque Object'
obj = objects.OpaqueObject(value, opaque_type, name)
# Build the client and connect to the server
with client.ProxyKmipClient(config=config) as client:
try:
uid = client.register(obj)
logger.info("Successfully registered opaque object with ID: "
"{0}".format(uid))
except Exception as e:
logger.error(e)
