mirror of
https://github.com/OpenKMIP/PyKMIP.git
synced 2025-07-23 14:04:33 +02:00
Adding enumerations
This change adds and finalizes the enumerations defined for KMIP 1.1. It updates minor references to enumerations used around the library.
This commit is contained in:
parent
cd85d91a13
commit
7854ba9e0b
@ -184,14 +184,14 @@ class HashingAlgorithm(Enumeration):
|
|||||||
for more information.
|
for more information.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def __init__(self, value=HashingAlgorithmEnum.SHA_256):
|
def __init__(self, value=HashingAlgorithmEnum.SHA256):
|
||||||
"""
|
"""
|
||||||
Construct a HashingAlgorithm object.
|
Construct a HashingAlgorithm object.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
value (HashingAlgorithm): A HashingAlgorithm enumeration value,
|
value (HashingAlgorithm): A HashingAlgorithm enumeration value,
|
||||||
(e.g., HashingAlgorithm.MD5). Optional, defaults to
|
(e.g., HashingAlgorithm.MD5). Optional, defaults to
|
||||||
HashingAlgorithm.SHA_256.
|
HashingAlgorithm.SHA256.
|
||||||
"""
|
"""
|
||||||
super(HashingAlgorithm, self).__init__(
|
super(HashingAlgorithm, self).__init__(
|
||||||
enums.HashingAlgorithm, value, Tags.HASHING_ALGORITHM)
|
enums.HashingAlgorithm, value, Tags.HASHING_ALGORITHM)
|
||||||
@ -473,7 +473,7 @@ class Digest(Struct):
|
|||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def create(cls,
|
def create(cls,
|
||||||
hashing_algorithm=HashingAlgorithmEnum.SHA_256,
|
hashing_algorithm=HashingAlgorithmEnum.SHA256,
|
||||||
digest_value=b'',
|
digest_value=b'',
|
||||||
key_format_type=KeyFormatTypeEnum.RAW):
|
key_format_type=KeyFormatTypeEnum.RAW):
|
||||||
"""
|
"""
|
||||||
@ -482,7 +482,7 @@ class Digest(Struct):
|
|||||||
Args:
|
Args:
|
||||||
hashing_algorithm (HashingAlgorithm): An enumeration representing
|
hashing_algorithm (HashingAlgorithm): An enumeration representing
|
||||||
the hash algorithm used to compute the digest. Optional,
|
the hash algorithm used to compute the digest. Optional,
|
||||||
defaults to HashingAlgorithm.SHA_256.
|
defaults to HashingAlgorithm.SHA256.
|
||||||
digest_value (byte string): The bytes of the digest hash. Optional,
|
digest_value (byte string): The bytes of the digest hash. Optional,
|
||||||
defaults to the empty byte string.
|
defaults to the empty byte string.
|
||||||
key_format_type (KeyFormatType): An enumeration representing the
|
key_format_type (KeyFormatType): An enumeration representing the
|
||||||
|
@ -20,6 +20,15 @@ import enum
|
|||||||
|
|
||||||
|
|
||||||
class AttributeType(enum.Enum):
|
class AttributeType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The name identifier of a managed object attribute.
|
||||||
|
|
||||||
|
The attribute type is the name of a specific attribute that can be
|
||||||
|
associated with a managed object. Every attribute contains this name in
|
||||||
|
addition to the actual attribute value. This enumeration is primarily used
|
||||||
|
to automatically map between attribute object encodings and the actual
|
||||||
|
attribute structures that are used to store the attribute data.
|
||||||
|
"""
|
||||||
UNIQUE_IDENTIFIER = 'Unique Identifier'
|
UNIQUE_IDENTIFIER = 'Unique Identifier'
|
||||||
NAME = 'Name'
|
NAME = 'Name'
|
||||||
OBJECT_TYPE = 'Object Type'
|
OBJECT_TYPE = 'Object Type'
|
||||||
@ -97,8 +106,18 @@ class AuthenticationSuite(enum.Enum):
|
|||||||
TLS12 = 2
|
TLS12 = 2
|
||||||
|
|
||||||
|
|
||||||
# 9.1.1.2
|
|
||||||
class Types(enum.Enum):
|
class Types(enum.Enum):
|
||||||
|
"""
|
||||||
|
The unique identifier of an entity primitive type.
|
||||||
|
|
||||||
|
The type is a unique identifier for every possible primitive KMIP entity
|
||||||
|
defined by the KMIP specification. Every KMIP object is a form of KMIP
|
||||||
|
primitive. The type is the second piece of an object that is encoded and
|
||||||
|
decoded during serialization.
|
||||||
|
|
||||||
|
While not defined by the specification, the DEFAULT tag is used as a
|
||||||
|
default type identifier for testing purposes.
|
||||||
|
"""
|
||||||
DEFAULT = 0x00
|
DEFAULT = 0x00
|
||||||
STRUCTURE = 0x01
|
STRUCTURE = 0x01
|
||||||
INTEGER = 0x02
|
INTEGER = 0x02
|
||||||
@ -112,8 +131,17 @@ class Types(enum.Enum):
|
|||||||
INTERVAL = 0x0A
|
INTERVAL = 0x0A
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.1
|
|
||||||
class Tags(enum.Enum):
|
class Tags(enum.Enum):
|
||||||
|
"""
|
||||||
|
The unique identifier of an entity type.
|
||||||
|
|
||||||
|
The tag is a unique identifier for every possible KMIP entity defined by
|
||||||
|
the KMIP specification. It is the first piece of an object that is encoded
|
||||||
|
and decoded during serialization.
|
||||||
|
|
||||||
|
While not defined by the specification, the DEFAULT tag is used as the
|
||||||
|
default tag for all KMIP primitives.
|
||||||
|
"""
|
||||||
DEFAULT = 0x420000
|
DEFAULT = 0x420000
|
||||||
ACTIVATION_DATE = 0x420001
|
ACTIVATION_DATE = 0x420001
|
||||||
APPLICATION_DATA = 0x420002
|
APPLICATION_DATA = 0x420002
|
||||||
@ -302,22 +330,38 @@ class Tags(enum.Enum):
|
|||||||
X_509_CERTIFICATE_SUBJECT = 0x4200B7
|
X_509_CERTIFICATE_SUBJECT = 0x4200B7
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.1
|
|
||||||
class CredentialType(enum.Enum):
|
class CredentialType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of a credential object.
|
||||||
|
|
||||||
|
The credential type is a required attribute of a credential object. It
|
||||||
|
identifies the format and structure of the value of the credential.
|
||||||
|
"""
|
||||||
USERNAME_AND_PASSWORD = 0x00000001
|
USERNAME_AND_PASSWORD = 0x00000001
|
||||||
DEVICE = 0x00000002
|
DEVICE = 0x00000002
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.2
|
|
||||||
class KeyCompressionType(enum.Enum):
|
class KeyCompressionType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The technique used to compress an elliptic curve public key.
|
||||||
|
|
||||||
|
The key compression type is an attribute of a key block structure. If it
|
||||||
|
is omitted, it is inferred that the related public key is uncompressed.
|
||||||
|
"""
|
||||||
EC_PUBLIC_KEY_TYPE_UNCOMPRESSED = 0x00000001
|
EC_PUBLIC_KEY_TYPE_UNCOMPRESSED = 0x00000001
|
||||||
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_PRIME = 0x00000002
|
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_PRIME = 0x00000002
|
||||||
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_CHAR2 = 0x00000003
|
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_CHAR2 = 0x00000003
|
||||||
EC_PUBLIC_KEY_TYPE_X9_62_HYBRID = 0x00000004
|
EC_PUBLIC_KEY_TYPE_X9_62_HYBRID = 0x00000004
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.3
|
|
||||||
class KeyFormatType(enum.Enum):
|
class KeyFormatType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The format of the key data structure.
|
||||||
|
|
||||||
|
The key format type is a required attribute of a key block structure. It
|
||||||
|
is the differentiating feature that describes the structure of different
|
||||||
|
types of keys.
|
||||||
|
"""
|
||||||
RAW = 0x00000001
|
RAW = 0x00000001
|
||||||
OPAQUE = 0x00000002
|
OPAQUE = 0x00000002
|
||||||
PKCS_1 = 0x00000003
|
PKCS_1 = 0x00000003
|
||||||
@ -339,8 +383,14 @@ class KeyFormatType(enum.Enum):
|
|||||||
TRANSPARENT_ECMQV_PUBLIC_KEY = 0x00000013
|
TRANSPARENT_ECMQV_PUBLIC_KEY = 0x00000013
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.4
|
|
||||||
class WrappingMethod(enum.Enum):
|
class WrappingMethod(enum.Enum):
|
||||||
|
"""
|
||||||
|
The technique used to wrap a secret object.
|
||||||
|
|
||||||
|
The wrapping method is a required attribute of a key wrapping data
|
||||||
|
structure. It indicates how an algorithm is used to conduct the data
|
||||||
|
wrapping.
|
||||||
|
"""
|
||||||
ENCRYPT = 0x00000001
|
ENCRYPT = 0x00000001
|
||||||
MAC_SIGN = 0x00000002
|
MAC_SIGN = 0x00000002
|
||||||
ENCRYPT_THEN_MAC_SIGN = 0x00000003
|
ENCRYPT_THEN_MAC_SIGN = 0x00000003
|
||||||
@ -348,44 +398,130 @@ class WrappingMethod(enum.Enum):
|
|||||||
TR_31 = 0x00000005
|
TR_31 = 0x00000005
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.6
|
class RecommendedCurve(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of algorithm for elliptic curve cryptography.
|
||||||
|
|
||||||
|
The recommended curve defines the algorithm associated with specific
|
||||||
|
classes of asymmetric keys. It is a required attribute of all transparent
|
||||||
|
key structures.
|
||||||
|
"""
|
||||||
|
P_192 = 0x00000001
|
||||||
|
K_163 = 0x00000002
|
||||||
|
B_163 = 0x00000003
|
||||||
|
P_224 = 0x00000004
|
||||||
|
K_233 = 0x00000005
|
||||||
|
B_233 = 0x00000006
|
||||||
|
P_256 = 0x00000007
|
||||||
|
K_283 = 0x00000008
|
||||||
|
B_283 = 0x00000009
|
||||||
|
P_384 = 0x0000000A
|
||||||
|
K_409 = 0x0000000B
|
||||||
|
B_409 = 0x0000000C
|
||||||
|
P_521 = 0x0000000D
|
||||||
|
K_571 = 0x0000000E
|
||||||
|
B_571 = 0x0000000F
|
||||||
|
|
||||||
|
|
||||||
class CertificateTypeEnum(enum.Enum):
|
class CertificateTypeEnum(enum.Enum):
|
||||||
"""
|
"""
|
||||||
The type of a Certificate Managed Object.
|
The type of a certificate managed object.
|
||||||
|
|
||||||
For more information, see Section 2.2.1 of the KMIP 1.1 specification.
|
The certificate type identifies the format of a certificate. It can be
|
||||||
|
specified when creating or registering a certificate managed object.
|
||||||
"""
|
"""
|
||||||
X_509 = 0x00000001
|
X_509 = 0x00000001
|
||||||
PGP = 0x00000002
|
PGP = 0x00000002
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.8
|
class DigitalSignatureAlgorithm(enum.Enum):
|
||||||
|
"""
|
||||||
|
The algorithm used to create a digital signature.
|
||||||
|
|
||||||
|
The digital signature algorithm is an attribute associated with a
|
||||||
|
cryptographically signed object, usually a certificate. It can be
|
||||||
|
specified when registering a new managed object and is often managed
|
||||||
|
directly by the storage backend.
|
||||||
|
"""
|
||||||
|
MD2_WITH_RSA = 0x00000001
|
||||||
|
MD5_WITH_RSA = 0x00000002
|
||||||
|
SHA1_WITH_RSA = 0x00000003
|
||||||
|
SHA224_WITH_RSA = 0x00000004
|
||||||
|
SHA256_WITH_RSA = 0x00000005
|
||||||
|
SHA384_WITH_RSA = 0x00000006
|
||||||
|
SHA512_WITH_RSA = 0x00000007
|
||||||
|
RSASSA_PSS = 0x00000008
|
||||||
|
DSA_WITH_SHA1 = 0x00000009
|
||||||
|
DSA_WITH_SHA224 = 0x0000000A
|
||||||
|
DSA_WITH_SHA256 = 0x0000000B
|
||||||
|
ECDSA_WITH_SHA1 = 0x0000000C
|
||||||
|
ECDSA_WITH_SHA224 = 0x0000000D
|
||||||
|
ECDSA_WITH_SHA256 = 0x0000000E
|
||||||
|
ECDSA_WITH_SHA384 = 0x0000000F
|
||||||
|
ECDSA_WITH_SHA512 = 0x00000010
|
||||||
|
|
||||||
|
|
||||||
class SplitKeyMethod(enum.Enum):
|
class SplitKeyMethod(enum.Enum):
|
||||||
|
"""
|
||||||
|
The computation used to create a split key managed object.
|
||||||
|
|
||||||
|
The split key method is a required attribute of a split key managed object,
|
||||||
|
indicating how the parts of the split key were generated from the original
|
||||||
|
source secret. It is only used when working with split keys.
|
||||||
|
"""
|
||||||
XOR = 0x00000001
|
XOR = 0x00000001
|
||||||
POLYNOMIAL_SHARING_GF = 0x00000002
|
POLYNOMIAL_SHARING_GF = 0x00000002
|
||||||
POLYNOMIAL_SHARING_PRIME_FIELD = 0x00000003
|
POLYNOMIAL_SHARING_PRIME_FIELD = 0x00000003
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.9
|
|
||||||
class SecretDataType(enum.Enum):
|
class SecretDataType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of a secret data value.
|
||||||
|
|
||||||
|
The secret data type indicates how to decode or interpret the value of a
|
||||||
|
secret object. It is a required attribute of a secret data managed object.
|
||||||
|
"""
|
||||||
PASSWORD = 0x00000001
|
PASSWORD = 0x00000001
|
||||||
SEED = 0x00000002
|
SEED = 0x00000002
|
||||||
|
|
||||||
# 9.1.3.2.10
|
|
||||||
class OpaqueDataType(enum.Enum):
|
class OpaqueDataType(enum.Enum):
|
||||||
NONE = 0x80000000 # Not defined by the standard, but we need something.
|
"""
|
||||||
# The standard does say that values starting 0x8xxxxxx
|
The type of an opaque data value.
|
||||||
# are considered extensions
|
|
||||||
|
The opaque data type is a custom value indicating how to decode or
|
||||||
|
interpret the value of an opaque object. Unlike all other enumerations,
|
||||||
|
the KMIP specification does not define any default opaque data types,
|
||||||
|
instead leaving the usage and definition up to the extension system
|
||||||
|
supported by a KMIP provider.
|
||||||
|
|
||||||
|
While not defined in the standard, the default type NONE is provided so
|
||||||
|
that basic opaque objects can still be defined, independent of a specific
|
||||||
|
vendor implementation. By definition as an extension, all opaque data type
|
||||||
|
enumeration values start with 0x80.
|
||||||
|
"""
|
||||||
|
NONE = 0x80000000
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.11
|
|
||||||
class NameType(enum.Enum):
|
class NameType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of a managed object name string.
|
||||||
|
|
||||||
|
The name type defines the format of a given name attribute value. Names
|
||||||
|
are common attributes for all managed objects.
|
||||||
|
"""
|
||||||
UNINTERPRETED_TEXT_STRING = 0x00000001
|
UNINTERPRETED_TEXT_STRING = 0x00000001
|
||||||
URI = 0x00000002
|
URI = 0x00000002
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.12
|
|
||||||
class ObjectType(enum.Enum):
|
class ObjectType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of a managed object.
|
||||||
|
|
||||||
|
The object type is a common attribute to all managed objects. It can be
|
||||||
|
set or specified upon object creation but is immutable once finalized. The
|
||||||
|
type can be used as a filter to locate sets of managed objects.
|
||||||
|
"""
|
||||||
CERTIFICATE = 0x00000001
|
CERTIFICATE = 0x00000001
|
||||||
SYMMETRIC_KEY = 0x00000002
|
SYMMETRIC_KEY = 0x00000002
|
||||||
PUBLIC_KEY = 0x00000003
|
PUBLIC_KEY = 0x00000003
|
||||||
@ -396,8 +532,15 @@ class ObjectType(enum.Enum):
|
|||||||
OPAQUE_DATA = 0x00000008
|
OPAQUE_DATA = 0x00000008
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.13
|
|
||||||
class CryptographicAlgorithm(enum.Enum):
|
class CryptographicAlgorithm(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of algorithm used for a cryptographic operation.
|
||||||
|
|
||||||
|
The cryptographic algorithm is a common attribute for cryptographic managed
|
||||||
|
objects and is used in various cryptographic structures and operations. It
|
||||||
|
is commonly specified during creation or registration of a cryptographic
|
||||||
|
object.
|
||||||
|
"""
|
||||||
DES = 0x00000001
|
DES = 0x00000001
|
||||||
TRIPLE_DES = 0x00000002 # '3DES' is invalid syntax
|
TRIPLE_DES = 0x00000002 # '3DES' is invalid syntax
|
||||||
AES = 0x00000003
|
AES = 0x00000003
|
||||||
@ -425,8 +568,14 @@ class CryptographicAlgorithm(enum.Enum):
|
|||||||
TWOFISH = 0x00000019
|
TWOFISH = 0x00000019
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.14
|
|
||||||
class BlockCipherMode(enum.Enum):
|
class BlockCipherMode(enum.Enum):
|
||||||
|
"""
|
||||||
|
The mode dictating block processing in a cryptographic algorithm.
|
||||||
|
|
||||||
|
The block cipher mode is one of several features that make up a set of
|
||||||
|
cryptographic parameters, which can be used to describe all cryptographic
|
||||||
|
managed objects.
|
||||||
|
"""
|
||||||
CBC = 0x00000001
|
CBC = 0x00000001
|
||||||
ECB = 0x00000002
|
ECB = 0x00000002
|
||||||
PCBC = 0x00000003
|
PCBC = 0x00000003
|
||||||
@ -446,37 +595,56 @@ class BlockCipherMode(enum.Enum):
|
|||||||
X9_102_AKW2 = 0x00000011
|
X9_102_AKW2 = 0x00000011
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.15
|
|
||||||
class PaddingMethod(enum.Enum):
|
class PaddingMethod(enum.Enum):
|
||||||
NONE = 0x00000001
|
"""
|
||||||
OAEP = 0x00000002
|
The type of padding technique used with a cryptographic algorithm.
|
||||||
PKCS5 = 0x00000003
|
|
||||||
SSL3 = 0x00000004
|
The padding method is one of several features that make up a set of
|
||||||
ZEROS = 0x00000005
|
cryptographic parameters, which can be used to describe all cryptographic
|
||||||
ANSI_X9_23 = 0x00000006
|
managed objects.
|
||||||
ISO_10126 = 0x00000007
|
"""
|
||||||
PKCS1_V_1_5 = 0x00000008
|
NONE = 0x00000001
|
||||||
X9_31 = 0x00000009
|
OAEP = 0x00000002
|
||||||
PSS = 0x0000000A
|
PKCS5 = 0x00000003
|
||||||
|
SSL3 = 0x00000004
|
||||||
|
ZEROS = 0x00000005
|
||||||
|
ANSI_X923 = 0x00000006
|
||||||
|
ISO_10126 = 0x00000007
|
||||||
|
PKCS1_V15 = 0x00000008
|
||||||
|
X9_31 = 0x00000009
|
||||||
|
PSS = 0x0000000A
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.16
|
|
||||||
class HashingAlgorithm(enum.Enum):
|
class HashingAlgorithm(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of algorithm used to generate a cryptographic hash.
|
||||||
|
|
||||||
|
The hashing algorithm is one of several features that make up a set of
|
||||||
|
cryptographic parameters, which can be used to describe all cryptographic
|
||||||
|
managed objects. It is also a required digest attribute, defining the
|
||||||
|
algorithm used to create the digest value.
|
||||||
|
"""
|
||||||
MD2 = 0x00000001
|
MD2 = 0x00000001
|
||||||
MD4 = 0x00000002
|
MD4 = 0x00000002
|
||||||
MD5 = 0x00000003
|
MD5 = 0x00000003
|
||||||
SHA_1 = 0x00000004
|
SHA1 = 0x00000004
|
||||||
SHA_224 = 0x00000005
|
SHA224 = 0x00000005
|
||||||
SHA_256 = 0x00000006
|
SHA256 = 0x00000006
|
||||||
SHA_384 = 0x00000007
|
SHA384 = 0x00000007
|
||||||
SHA_512 = 0x00000008
|
SHA512 = 0x00000008
|
||||||
RIPEMD_160 = 0x00000009
|
RIPEMD_160 = 0x00000009
|
||||||
TIGER = 0x0000000A
|
TIGER = 0x0000000A
|
||||||
WHIRLPOOL = 0x0000000B
|
WHIRLPOOL = 0x0000000B
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.17
|
|
||||||
class KeyRoleType(enum.Enum):
|
class KeyRoleType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The position a cryptographic managed object holds in a cryptosystem.
|
||||||
|
|
||||||
|
The key role type is one of several features that make up a set of
|
||||||
|
cryptographic parameters, which can be used to describe all cryptographic
|
||||||
|
managed objects. The set of key role types is defined by ANSI X9 TR-31.
|
||||||
|
"""
|
||||||
BDK = 0x00000001
|
BDK = 0x00000001
|
||||||
CVK = 0x00000002
|
CVK = 0x00000002
|
||||||
DEK = 0x00000003
|
DEK = 0x00000003
|
||||||
@ -500,8 +668,116 @@ class KeyRoleType(enum.Enum):
|
|||||||
PVKOTH = 0x00000015
|
PVKOTH = 0x00000015
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.24
|
class State(enum.Enum):
|
||||||
|
"""
|
||||||
|
The mode a managed object is currently in.
|
||||||
|
|
||||||
|
The state is a common attribute of managed objects. It defines how a
|
||||||
|
managed object can be used and can change as different operations are
|
||||||
|
enacted upon the object. It is set dynamically by a server and is only
|
||||||
|
queryable by a client.
|
||||||
|
"""
|
||||||
|
PRE_ACTIVE = 0x00000001
|
||||||
|
ACTIVE = 0x00000002
|
||||||
|
DEACTIVATED = 0x00000003
|
||||||
|
COMPROMISED = 0x00000004
|
||||||
|
DESTROYED = 0x00000005
|
||||||
|
DESTROYED_COMPROMISED = 0x00000006
|
||||||
|
|
||||||
|
|
||||||
|
class RevocationReasonCode(enum.Enum):
|
||||||
|
"""
|
||||||
|
A code number used to designate why a managed object was revoked.
|
||||||
|
|
||||||
|
The revocation reason code is used, in conjunction with a revocation
|
||||||
|
message, to record why revocation occurred for a managed object. Revocation
|
||||||
|
involves a state change in the associated managed object and is usually
|
||||||
|
carried out explicitly using the revoke operation.
|
||||||
|
"""
|
||||||
|
UNSPECIFIED = 0x00000001
|
||||||
|
KEY_COMPROMISE = 0x00000002
|
||||||
|
CA_COMPROMISE = 0x00000003
|
||||||
|
AFFILIATION_CHANGED = 0x00000004
|
||||||
|
SUPERSEDED = 0x00000005
|
||||||
|
CESSATION_OF_OPERATION = 0x00000006
|
||||||
|
PRIVILEGE_WITHDRAWN = 0x00000007
|
||||||
|
|
||||||
|
|
||||||
|
class LinkType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of linkage between two managed objects.
|
||||||
|
|
||||||
|
The link type is a common attribute of managed objects. It is used to show
|
||||||
|
relationships between different objects, like between a public/private key
|
||||||
|
pair, or between a certificate and its public key. A managed object can
|
||||||
|
have multiple links associated with it and links themselves can be created
|
||||||
|
dynamically by the server and by the client upon or after object creation.
|
||||||
|
The link type can also be used as a filter to locate sets of managed
|
||||||
|
objects.
|
||||||
|
"""
|
||||||
|
CERTIFICATE_LINK = 0x00000101
|
||||||
|
PUBLIC_KEY_LINK = 0x00000102
|
||||||
|
PRIVATE_KEY_LINK = 0x00000103
|
||||||
|
DERIVATION_BASE_OBJECT_LINK = 0x00000104
|
||||||
|
DERIVED_KEY_LINK = 0x00000105
|
||||||
|
REPLACEMENT_OBJECT_LINK = 0x00000106
|
||||||
|
REPLACED_OBJECT_LINK = 0x00000107
|
||||||
|
|
||||||
|
|
||||||
|
class DerivationMethod(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of computation used to derive a new cryptographic object.
|
||||||
|
|
||||||
|
The derivation method is used to select a specific algorithm that will be
|
||||||
|
used, in conjunction with an existing managed object, to generate a new
|
||||||
|
key or secret data object. It is used exclusively with the derive key
|
||||||
|
operation.
|
||||||
|
"""
|
||||||
|
PBKDF2 = 0x00000001
|
||||||
|
HASH = 0x00000002
|
||||||
|
HMAC = 0x00000003
|
||||||
|
ENCRYPT = 0x00000004
|
||||||
|
NIST800_108_C = 0x00000005
|
||||||
|
NIST800_108_F = 0x00000006
|
||||||
|
NIST800_108_DPI = 0x00000007
|
||||||
|
|
||||||
|
|
||||||
|
class CertificateRequestType(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of a certificate request issued for certification.
|
||||||
|
|
||||||
|
The certificate request type is used when certifying or re-certifying a
|
||||||
|
specific certificate request. It can be omitted from the process if the
|
||||||
|
type information is included in an associated request template attribute.
|
||||||
|
"""
|
||||||
|
CRMF = 0x00000001
|
||||||
|
PKCS_10 = 0x00000002
|
||||||
|
PEM = 0x00000003
|
||||||
|
PGP = 0x00000004
|
||||||
|
|
||||||
|
|
||||||
|
class ValidityIndicator(enum.Enum):
|
||||||
|
"""
|
||||||
|
The result of validating a chain of certificates.
|
||||||
|
|
||||||
|
The validity indicator is used by a server to indicate if a chain of
|
||||||
|
certificate objects and references was correctly validated. It can
|
||||||
|
represent success, failure, or an unknown state if the server did not know
|
||||||
|
how to validate the certificate chain.
|
||||||
|
"""
|
||||||
|
VALID = 0x00000001
|
||||||
|
INVALID = 0x00000002
|
||||||
|
UNKNOWN = 0x00000003
|
||||||
|
|
||||||
|
|
||||||
class QueryFunction(enum.Enum):
|
class QueryFunction(enum.Enum):
|
||||||
|
"""
|
||||||
|
A flag representing a specific set of server-specific information.
|
||||||
|
|
||||||
|
The query function is used to uniquely identifying what server-specific
|
||||||
|
information should be returned by a query request. A list of these flags
|
||||||
|
are used exclusively by the request payload for the query operation.
|
||||||
|
"""
|
||||||
QUERY_OPERATIONS = 0x00000001
|
QUERY_OPERATIONS = 0x00000001
|
||||||
QUERY_OBJECTS = 0x00000002
|
QUERY_OBJECTS = 0x00000002
|
||||||
QUERY_SERVER_INFORMATION = 0x00000003
|
QUERY_SERVER_INFORMATION = 0x00000003
|
||||||
@ -509,8 +785,43 @@ class QueryFunction(enum.Enum):
|
|||||||
QUERY_EXTENSION_LIST = 0x00000005
|
QUERY_EXTENSION_LIST = 0x00000005
|
||||||
QUERY_EXTENSION_MAP = 0x00000006
|
QUERY_EXTENSION_MAP = 0x00000006
|
||||||
|
|
||||||
# 9.1.3.2.27
|
|
||||||
|
class CancellationResult(enum.Enum):
|
||||||
|
"""
|
||||||
|
The final result of cancelling an operation.
|
||||||
|
|
||||||
|
The cancellation result is used by a server to indicate how a cancelled
|
||||||
|
operation was handled. It is used exclusively in the response payload for
|
||||||
|
the cancel operation.
|
||||||
|
"""
|
||||||
|
CANCELED = 0x00000001
|
||||||
|
UNABLE_TO_CANCEL = 0x00000002
|
||||||
|
COMPLETED = 0x00000003
|
||||||
|
FAILED = 0x00000004
|
||||||
|
UNAVAILABLE = 0x00000005
|
||||||
|
|
||||||
|
|
||||||
|
class PutFunction(enum.Enum):
|
||||||
|
"""
|
||||||
|
The flag indicating the context of an object push to the client.
|
||||||
|
|
||||||
|
The put function defines if an object being pushed to a client is a new
|
||||||
|
object or if it is a replacement for an object already retrieved by the
|
||||||
|
client. It is used exclusively in the put operation message payload.
|
||||||
|
"""
|
||||||
|
NEW = 0x00000001
|
||||||
|
REPLACE = 0x00000002
|
||||||
|
|
||||||
|
|
||||||
class Operation(enum.Enum):
|
class Operation(enum.Enum):
|
||||||
|
"""
|
||||||
|
The identifier of an action supported by the KMIP specification.
|
||||||
|
|
||||||
|
The operation defines what actions should be taken with the data provided
|
||||||
|
in the operation payload. It is required to decode the data provided in
|
||||||
|
each message payload. It is included in each request or response batch
|
||||||
|
item.
|
||||||
|
"""
|
||||||
CREATE = 0x00000001
|
CREATE = 0x00000001
|
||||||
CREATE_KEY_PAIR = 0x00000002
|
CREATE_KEY_PAIR = 0x00000002
|
||||||
REGISTER = 0x00000003
|
REGISTER = 0x00000003
|
||||||
@ -543,16 +854,29 @@ class Operation(enum.Enum):
|
|||||||
DISCOVER_VERSIONS = 0x0000001E
|
DISCOVER_VERSIONS = 0x0000001E
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.28
|
|
||||||
class ResultStatus(enum.Enum):
|
class ResultStatus(enum.Enum):
|
||||||
|
"""
|
||||||
|
The final status of an operation.
|
||||||
|
|
||||||
|
The result status is used to indicate whether an operation completed
|
||||||
|
successfully or failed during processing. It is included in each response
|
||||||
|
batch item for a response.
|
||||||
|
"""
|
||||||
SUCCESS = 0x00000000
|
SUCCESS = 0x00000000
|
||||||
OPERATION_FAILED = 0x00000001
|
OPERATION_FAILED = 0x00000001
|
||||||
OPERATION_PENDING = 0x00000002
|
OPERATION_PENDING = 0x00000002
|
||||||
OPERATION_UNDONE = 0x00000003
|
OPERATION_UNDONE = 0x00000003
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.29
|
|
||||||
class ResultReason(enum.Enum):
|
class ResultReason(enum.Enum):
|
||||||
|
"""
|
||||||
|
A predefined explanation for a failure or partial success of an operation.
|
||||||
|
|
||||||
|
The result reason is used to provide additional information on the result
|
||||||
|
status of an operation. It is most often used upon operation failure but
|
||||||
|
may be used with other result states. The reason is included in each
|
||||||
|
response batch item for a response.
|
||||||
|
"""
|
||||||
ITEM_NOT_FOUND = 0x00000001
|
ITEM_NOT_FOUND = 0x00000001
|
||||||
RESPONSE_TOO_LARGE = 0x00000002
|
RESPONSE_TOO_LARGE = 0x00000002
|
||||||
AUTHENTICATION_NOT_SUCCESSFUL = 0x00000003
|
AUTHENTICATION_NOT_SUCCESSFUL = 0x00000003
|
||||||
@ -574,22 +898,66 @@ class ResultReason(enum.Enum):
|
|||||||
GENERAL_FAILURE = 0x00000100
|
GENERAL_FAILURE = 0x00000100
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.30
|
|
||||||
class BatchErrorContinuationOption(enum.Enum):
|
class BatchErrorContinuationOption(enum.Enum):
|
||||||
|
"""
|
||||||
|
An error setting used to control the processing of batch items.
|
||||||
|
|
||||||
|
The batch error continuation option defines how the client wants the
|
||||||
|
server to handle batch item processing in the event of an operation
|
||||||
|
failure. The option is set in the request header of a request.
|
||||||
|
"""
|
||||||
CONTINUE = 0x00000001
|
CONTINUE = 0x00000001
|
||||||
STOP = 0x00000002
|
STOP = 0x00000002
|
||||||
UNDO = 0x00000003
|
UNDO = 0x00000003
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.2.32
|
class UsageLimitsUnit(enum.Enum):
|
||||||
|
"""
|
||||||
|
A unit of measure for a usage limit on a cryptographic managed object.
|
||||||
|
|
||||||
|
The usage limits unit defines what type of data to which a usage limit
|
||||||
|
applies. It is used primarily in a usage limit attribute and is typically
|
||||||
|
set during object creation or registration.
|
||||||
|
"""
|
||||||
|
BYTE = 0x00000001
|
||||||
|
OBJECT = 0x00000002
|
||||||
|
|
||||||
|
|
||||||
class EncodingOption(enum.Enum):
|
class EncodingOption(enum.Enum):
|
||||||
|
"""
|
||||||
|
The type of encoding used for a wrapped managed object.
|
||||||
|
|
||||||
|
The encoding option is used in both key wrapping specifications and key
|
||||||
|
wrapping data. It defines how the wrapped object was encoded so that it
|
||||||
|
can be correctly parsed once unwrapped.
|
||||||
|
"""
|
||||||
NO_ENCODING = 0x00000001
|
NO_ENCODING = 0x00000001
|
||||||
TTLV_ENCODING = 0x00000002
|
TTLV_ENCODING = 0x00000002
|
||||||
|
|
||||||
|
|
||||||
# 9.1.3.3
|
class ObjectGroupMember(enum.Enum):
|
||||||
# 9.1.3.3.1
|
"""
|
||||||
|
The group member state of a managed object.
|
||||||
|
|
||||||
|
The object group member reflects the freshness of a managed object. If a
|
||||||
|
managed object has never left the appliance, it is considered fresh. The
|
||||||
|
object group member can be used as a filter to locate sets of managed
|
||||||
|
objects.
|
||||||
|
"""
|
||||||
|
GROUP_MEMBER_FRESH = 0x00000001
|
||||||
|
GROUP_MEMBER_DEFAULT = 0x00000002
|
||||||
|
|
||||||
|
|
||||||
class CryptographicUsageMask(enum.Enum):
|
class CryptographicUsageMask(enum.Enum):
|
||||||
|
"""
|
||||||
|
A mask identifying a usage case for a cryptographic managed object.
|
||||||
|
|
||||||
|
The cryptographic usage mask is an attribute associated with cryptographic
|
||||||
|
managed objects. It is a bit mask made from one or more of the enumeration
|
||||||
|
values, combined via logical-or. The mask is often specified during object
|
||||||
|
creation or registration and can also be used as a filter to locate sets
|
||||||
|
of managed objects.
|
||||||
|
"""
|
||||||
SIGN = 0x00000001
|
SIGN = 0x00000001
|
||||||
VERIFY = 0x00000002
|
VERIFY = 0x00000002
|
||||||
ENCRYPT = 0x00000004
|
ENCRYPT = 0x00000004
|
||||||
@ -611,21 +979,14 @@ class CryptographicUsageMask(enum.Enum):
|
|||||||
TRANSLATE_WRAP = 0x00040000
|
TRANSLATE_WRAP = 0x00040000
|
||||||
TRANSLATE_UNWRAP = 0x00080000
|
TRANSLATE_UNWRAP = 0x00080000
|
||||||
|
|
||||||
# 9.1.3.2.33
|
|
||||||
class ObjectGroupMember(enum.Enum):
|
|
||||||
GROUP_MEMBER_FRESH = 0x00000001
|
|
||||||
GROUP_MEMBER_DEFAULT = 0x00000002
|
|
||||||
|
|
||||||
# 9.1.3.3.2
|
|
||||||
class StorageStatusMask(enum.Enum):
|
class StorageStatusMask(enum.Enum):
|
||||||
|
"""
|
||||||
|
A mask identifying a possible storage state for a managed object.
|
||||||
|
|
||||||
|
The storage state mask is a filter option used to locate sets of managed
|
||||||
|
objects. It is a bit mask made from one or more of the enumeration values,
|
||||||
|
combined via logical-or.
|
||||||
|
"""
|
||||||
ONLINE_STORAGE = 0x00000001
|
ONLINE_STORAGE = 0x00000001
|
||||||
ARCHIVAL_STORAGE = 0x00000002
|
ARCHIVAL_STORAGE = 0x00000002
|
||||||
|
|
||||||
class RevocationReasonCode(enum.Enum):
|
|
||||||
UNSPECIFIED = 0x00000001
|
|
||||||
KEY_COMPROMISE = 0x00000002
|
|
||||||
CA_COMPROMISE = 0x00000003
|
|
||||||
AFFILIATION_CHANGED = 0x00000004
|
|
||||||
SUPERSEDED = 0x00000005
|
|
||||||
CESSATION_OF_OPERATION = 0x00000006
|
|
||||||
PRIVILEGE_WITHDRAWN = 0x00000007
|
|
||||||
|
@ -35,11 +35,11 @@ class TestDigest(TestCase):
|
|||||||
super(TestDigest, self).setUp()
|
super(TestDigest, self).setUp()
|
||||||
|
|
||||||
self.hashing_algorithm_a = HashingAlgorithm(
|
self.hashing_algorithm_a = HashingAlgorithm(
|
||||||
HashingAlgorithmEnum.SHA_256)
|
HashingAlgorithmEnum.SHA256)
|
||||||
self.hashing_algorithm_b = HashingAlgorithm(
|
self.hashing_algorithm_b = HashingAlgorithm(
|
||||||
HashingAlgorithmEnum.SHA_256)
|
HashingAlgorithmEnum.SHA256)
|
||||||
self.hashing_algorithm_c = HashingAlgorithm(
|
self.hashing_algorithm_c = HashingAlgorithm(
|
||||||
HashingAlgorithmEnum.SHA_256)
|
HashingAlgorithmEnum.SHA256)
|
||||||
|
|
||||||
self.digest_value_a = DigestValue(b'')
|
self.digest_value_a = DigestValue(b'')
|
||||||
self.digest_value_b = DigestValue(
|
self.digest_value_b = DigestValue(
|
||||||
@ -413,7 +413,7 @@ class TestDigest(TestCase):
|
|||||||
with no arguments.
|
with no arguments.
|
||||||
"""
|
"""
|
||||||
digest = Digest.create()
|
digest = Digest.create()
|
||||||
hashing_algorithm = HashingAlgorithmEnum.SHA_256
|
hashing_algorithm = HashingAlgorithmEnum.SHA256
|
||||||
digest_value = b''
|
digest_value = b''
|
||||||
key_format_type = KeyFormatTypeEnum.RAW
|
key_format_type = KeyFormatTypeEnum.RAW
|
||||||
|
|
||||||
|
@ -67,9 +67,9 @@ class TestAttributeValueFactory(testtools.TestCase):
|
|||||||
"""
|
"""
|
||||||
value = {
|
value = {
|
||||||
'block_cipher_mode': enums.BlockCipherMode.NIST_KEY_WRAP,
|
'block_cipher_mode': enums.BlockCipherMode.NIST_KEY_WRAP,
|
||||||
'padding_method': enums.PaddingMethod.ANSI_X9_23,
|
'padding_method': enums.PaddingMethod.ANSI_X923,
|
||||||
'key_role_type': enums.KeyRoleType.KEK,
|
'key_role_type': enums.KeyRoleType.KEK,
|
||||||
'hashing_algorithm': enums.HashingAlgorithm.SHA_512}
|
'hashing_algorithm': enums.HashingAlgorithm.SHA512}
|
||||||
params = self.factory.create_attribute_value(
|
params = self.factory.create_attribute_value(
|
||||||
enums.AttributeType.CRYPTOGRAPHIC_PARAMETERS, value)
|
enums.AttributeType.CRYPTOGRAPHIC_PARAMETERS, value)
|
||||||
|
|
||||||
@ -81,14 +81,14 @@ class TestAttributeValueFactory(testtools.TestCase):
|
|||||||
params.block_cipher_mode)
|
params.block_cipher_mode)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
attributes.CryptographicParameters.PaddingMethod(
|
attributes.CryptographicParameters.PaddingMethod(
|
||||||
enums.PaddingMethod.ANSI_X9_23),
|
enums.PaddingMethod.ANSI_X923),
|
||||||
params.padding_method)
|
params.padding_method)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
attributes.CryptographicParameters.KeyRoleType(
|
attributes.CryptographicParameters.KeyRoleType(
|
||||||
enums.KeyRoleType.KEK),
|
enums.KeyRoleType.KEK),
|
||||||
params.key_role_type)
|
params.key_role_type)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
attributes.HashingAlgorithm(enums.HashingAlgorithm.SHA_512),
|
attributes.HashingAlgorithm(enums.HashingAlgorithm.SHA512),
|
||||||
params.hashing_algorithm)
|
params.hashing_algorithm)
|
||||||
|
|
||||||
def test_create_cryptographic_domain_parameters(self):
|
def test_create_cryptographic_domain_parameters(self):
|
||||||
|
Loading…
x
Reference in New Issue
Block a user