From 0bfbb1a982f3c214e584e84a0103321a6f89d9f7 Mon Sep 17 00:00:00 2001
From: Peter Hamilton <peter.allen.hamilton@gmail.com>
Date: Sat, 30 Sep 2017 17:03:47 -0400
Subject: [PATCH] Add a ProxyKmipClient integration test for getting wrapped
 keys

This change adds an integration test for the ProxyKmipClient that
verifies that Get can be used with a key wrapping specification
to retrieve a key cryptographically wrapped with another key.
---
 .../services/test_proxykmipclient.py          | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/kmip/tests/integration/services/test_proxykmipclient.py b/kmip/tests/integration/services/test_proxykmipclient.py
index 8d06c50..3a0812a 100644
--- a/kmip/tests/integration/services/test_proxykmipclient.py
+++ b/kmip/tests/integration/services/test_proxykmipclient.py
@@ -56,6 +56,50 @@ class TestProxyKmipClientIntegration(testtools.TestCase):
             self.assertRaises(
                 exceptions.KmipOperationFailure, self.client.destroy, uid)
 
+    def test_create_get_wrapped_destroy(self):
+        """
+        Test that the ProxyKmipClient can create keys, retrieve a wrapped key,
+        and then destroy the keys for cleanup.
+        """
+        key_id = self.client.create(enums.CryptographicAlgorithm.AES, 256)
+        wrapping_id = self.client.create(
+            enums.CryptographicAlgorithm.AES,
+            256,
+            cryptographic_usage_mask=[
+                enums.CryptographicUsageMask.WRAP_KEY,
+                enums.CryptographicUsageMask.UNWRAP_KEY,
+                enums.CryptographicUsageMask.ENCRYPT,
+                enums.CryptographicUsageMask.DECRYPT
+            ]
+        )
+
+        self.client.activate(wrapping_id)
+
+        unwrapped_key = self.client.get(key_id)
+        wrapped_key = self.client.get(
+            key_id,
+            key_wrapping_specification={
+                'wrapping_method': enums.WrappingMethod.ENCRYPT,
+                'encryption_key_information': {
+                    'unique_identifier': wrapping_id,
+                    'cryptographic_parameters': {
+                        'block_cipher_mode':
+                            enums.BlockCipherMode.NIST_KEY_WRAP
+                    }
+                },
+                'encoding_option': enums.EncodingOption.NO_ENCODING
+            }
+        )
+
+        self.assertNotEqual(unwrapped_key.value, wrapped_key.value)
+
+        self.client.revoke(
+            enums.RevocationReasonCode.CESSATION_OF_OPERATION,
+            wrapping_id
+        )
+        self.client.destroy(key_id)
+        self.client.destroy(wrapping_id)
+
     def test_symmetric_key_register_get_destroy(self):
         """
         Test that the ProxyKmipClient can register, retrieve, and destroy a