From 87575e1a15569ed3e3a266ecc094bfaa4728bc83 Mon Sep 17 00:00:00 2001 From: Peter Hamilton Date: Mon, 19 Jan 2015 09:37:32 -0500 Subject: [PATCH] Adding unit demos This change adds a suite of unit demos which demonstrate how to use individual KMIP client operations. These demos also feature better argument handling, which will eventually be ported to the rest of the demo suite. Some added debug logging is included. --- kmip/demos/create.py | 23 +++-- kmip/demos/units/__init__.py | 0 kmip/demos/units/create.py | 136 ++++++++++++++++++++++++++++ kmip/demos/units/create_key_pair.py | 132 +++++++++++++++++++++++++++ kmip/demos/units/destroy.py | 83 +++++++++++++++++ kmip/demos/units/get.py | 86 ++++++++++++++++++ kmip/demos/units/locate.py | 100 ++++++++++++++++++++ kmip/demos/units/register.py | 135 +++++++++++++++++++++++++++ kmip/demos/utils.py | 125 +++++++++++++++++++++++++ kmip/services/kmip_client.py | 15 +++ kmip/services/results.py | 2 + 11 files changed, 830 insertions(+), 7 deletions(-) create mode 100644 kmip/demos/units/__init__.py create mode 100644 kmip/demos/units/create.py create mode 100644 kmip/demos/units/create_key_pair.py create mode 100644 kmip/demos/units/destroy.py create mode 100644 kmip/demos/units/get.py create mode 100644 kmip/demos/units/locate.py create mode 100644 kmip/demos/units/register.py create mode 100644 kmip/demos/utils.py diff --git a/kmip/demos/create.py b/kmip/demos/create.py index 7dab20d..04b9969 100644 --- a/kmip/demos/create.py +++ b/kmip/demos/create.py @@ -16,6 +16,7 @@ from kmip.core.enums import AttributeType from kmip.core.enums import CredentialType from kmip.core.enums import ObjectType +from kmip.core.enums import ResultStatus from kmip.core.enums import CryptographicAlgorithm from kmip.core.enums import CryptographicUsageMask @@ -33,12 +34,11 @@ if __name__ == '__main__': f_log = os.path.join(os.path.dirname(__file__), '..', 'logconfig.ini') logging.config.fileConfig(f_log) logger = logging.getLogger(__name__) - attribute_factory = AttributeFactory() credential_factory = CredentialFactory() credential_type = CredentialType.USERNAME_AND_PASSWORD - credential_value = {'Username': 'Peter', 'Password': 'abc123'} + credential_value = {'Username': 'user', 'Password': 'abc123'} credential = credential_factory.create_credential(credential_type, credential_value) @@ -54,7 +54,10 @@ if __name__ == '__main__': attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK usage_mask = attribute_factory.create_attribute(attribute_type, mask_flags) - attributes = [algorithm, usage_mask] + attribute_type = AttributeType.CRYPTOGRAPHIC_LENGTH + length = attribute_factory.create_attribute(attribute_type, + 128) + attributes = [algorithm, usage_mask, length] template_attribute = TemplateAttribute(attributes=attributes) result = client.create(object_type, template_attribute, @@ -63,7 +66,13 @@ if __name__ == '__main__': logger.debug('create() result status: {}'.format( result.result_status.enum)) - logger.debug('created object type: {}'.format(result.object_type.enum)) - logger.debug('created UUID: {}'.format(result.uuid.value)) - logger.debug('created template attribute: {}'. - format(result.template_attribute)) + if result.result_status.enum == ResultStatus.SUCCESS: + logger.debug('created object type: {}'.format(result.object_type.enum)) + logger.debug('created UUID: {}'.format(result.uuid.value)) + logger.debug('created template attribute: {}'. + format(result.template_attribute)) + else: + logger.debug('create() result reason: {}'.format( + result.result_reason.enum)) + logger.debug('create() result message: {}'.format( + result.result_message.value)) diff --git a/kmip/demos/units/__init__.py b/kmip/demos/units/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/kmip/demos/units/create.py b/kmip/demos/units/create.py new file mode 100644 index 0000000..f1b6099 --- /dev/null +++ b/kmip/demos/units/create.py @@ -0,0 +1,136 @@ +# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from kmip.core.enums import AttributeType +from kmip.core.enums import CredentialType +from kmip.core.enums import CryptographicAlgorithm +from kmip.core.enums import CryptographicUsageMask +from kmip.core.enums import ObjectType +from kmip.core.enums import Operation +from kmip.core.enums import ResultStatus +from kmip.core.enums import NameType + +from kmip.demos import utils + +from kmip.core.factories.attributes import AttributeFactory +from kmip.core.factories.credentials import CredentialFactory + +from kmip.core.attributes import Name + +from kmip.core.objects import TemplateAttribute +from kmip.core.objects import Attribute + +from kmip.services.kmip_client import KMIPProxy + +import logging +import os +import sys + + +if __name__ == '__main__': + # Build and parse arguments + parser = utils.build_cli_parser(Operation.CREATE) + opts, args = parser.parse_args(sys.argv[1:]) + + username = opts.username + password = opts.password + algorithm = opts.algorithm + length = opts.length + + # Exit early if the arguments are not specified + if algorithm is None: + logging.debug('No algorithm provided, exiting early from demo') + sys.exit() + if length is None: + logging.debug("No key length provided, exiting early from demo") + sys.exit() + + # Build and setup logging and needed factories + f_log = os.path.join(os.path.dirname(__file__), os.pardir, os.pardir, + 'logconfig.ini') + logging.config.fileConfig(f_log) + logger = logging.getLogger(__name__) + + attribute_factory = AttributeFactory() + credential_factory = CredentialFactory() + + # Build the KMIP server account credentials + # TODO (peter-hamilton) Move up into KMIPProxy + if (username is None) and (password is None): + credential = None + else: + credential_type = CredentialType.USERNAME_AND_PASSWORD + credential_value = {'Username': username, + 'Password': password} + credential = credential_factory.create_credential(credential_type, + credential_value) + # Build the client and connect to the server + client = KMIPProxy() + client.open() + + # Build the different object attributes + object_type = ObjectType.SYMMETRIC_KEY + + attribute_type = AttributeType.CRYPTOGRAPHIC_ALGORITHM + algorithm_enum = getattr(CryptographicAlgorithm, algorithm, None) + + if algorithm_enum is None: + logging.debug("{0} not found".format(algorithm)) + logging.debug("Invalid algorithm specified, exiting early from demo") + + client.close() + sys.exit() + + algorithm_obj = attribute_factory.create_attribute(attribute_type, + algorithm_enum) + + mask_flags = [CryptographicUsageMask.ENCRYPT, + CryptographicUsageMask.DECRYPT] + attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK + usage_mask = attribute_factory.create_attribute(attribute_type, + mask_flags) + + attribute_type = AttributeType.CRYPTOGRAPHIC_LENGTH + length_obj = attribute_factory.create_attribute(attribute_type, + length) + name = Attribute.AttributeName('Name') + name_value = Name.NameValue('Test Key') + name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING) + value = Name(name_value=name_value, name_type=name_type) + name = Attribute(attribute_name=name, attribute_value=value) + + attributes = [algorithm_obj, usage_mask, length_obj, name] + template_attribute = TemplateAttribute(attributes=attributes) + + # Create the SYMMETRIC_KEY object + result = client.create(object_type, template_attribute, + credential) + client.close() + + # Display operation results + logger.debug('create() result status: {}'.format( + result.result_status.enum)) + + if result.result_status.enum == ResultStatus.SUCCESS: + logger.debug('created object type: {}'.format( + result.object_type.enum)) + logger.debug('created UUID: {}'.format(result.uuid.value)) + logger.debug('created template attribute: {}'. + format(result.template_attribute)) + else: + logger.debug('create() result reason: {}'.format( + result.result_reason.enum)) + logger.debug('create() result message: {}'.format( + result.result_message.value)) diff --git a/kmip/demos/units/create_key_pair.py b/kmip/demos/units/create_key_pair.py new file mode 100644 index 0000000..4a09ffd --- /dev/null +++ b/kmip/demos/units/create_key_pair.py @@ -0,0 +1,132 @@ +# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from kmip.core.enums import AttributeType +from kmip.core.enums import CredentialType +from kmip.core.enums import CryptographicAlgorithm +from kmip.core.enums import Operation +from kmip.core.enums import ResultStatus +from kmip.core.enums import NameType + +from kmip.demos import utils + +from kmip.core.factories.attributes import AttributeFactory +from kmip.core.factories.credentials import CredentialFactory + +from kmip.core.attributes import Name + +from kmip.core.objects import CommonTemplateAttribute +from kmip.core.objects import PrivateKeyTemplateAttribute +from kmip.core.objects import PublicKeyTemplateAttribute +from kmip.core.objects import Attribute + +from kmip.services.kmip_client import KMIPProxy + +import logging +import os +import sys + + +if __name__ == '__main__': + # Build and parse arguments + parser = utils.build_cli_parser(Operation.CREATE_KEY_PAIR) + opts, args = parser.parse_args(sys.argv[1:]) + + username = opts.username + password = opts.password + algorithm = opts.algorithm + length = opts.length + + # Exit early if the arguments are not specified + if algorithm is None: + logging.debug('No algorithm provided, exiting early from demo') + sys.exit() + if length is None: + logging.debug("No key length provided, exiting early from demo") + sys.exit() + + attribute_type = AttributeType.CRYPTOGRAPHIC_ALGORITHM + algorithm_enum = getattr(CryptographicAlgorithm, algorithm, None) + + if algorithm_enum is None: + logging.debug("{0} not found".format(algorithm)) + logging.debug("Invalid algorithm specified, exiting early from demo") + sys.exit() + + # Build and setup logging and needed factories + f_log = os.path.join(os.path.dirname(__file__), os.pardir, os.pardir, + 'logconfig.ini') + logging.config.fileConfig(f_log) + logger = logging.getLogger(__name__) + + attribute_factory = AttributeFactory() + credential_factory = CredentialFactory() + + # Build the KMIP server account credentials + # TODO (peter-hamilton) Move up into KMIPProxy + if (username is None) and (password is None): + credential = None + else: + credential_type = CredentialType.USERNAME_AND_PASSWORD + credential_value = {'Username': username, + 'Password': password} + credential = credential_factory.create_credential(credential_type, + credential_value) + # Build the client and connect to the server + client = KMIPProxy() + client.open() + + algorithm_obj = attribute_factory.create_attribute(attribute_type, + algorithm_enum) + + attribute_type = AttributeType.CRYPTOGRAPHIC_LENGTH + length_obj = attribute_factory.create_attribute(attribute_type, + length) + + name = Attribute.AttributeName('Name') + name_value = Name.NameValue('Test Key') + name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING) + value = Name(name_value=name_value, name_type=name_type) + name = Attribute(attribute_name=name, attribute_value=value) + + attributes = [algorithm_obj, length_obj, name] + common = CommonTemplateAttribute(attributes=attributes) + private = PrivateKeyTemplateAttribute(attributes=attributes) + public = PublicKeyTemplateAttribute(attributes=attributes) + + # Create the SYMMETRIC_KEY object + result = client.create_key_pair(common_template_attribute=common, + private_key_template_attribute=private, + public_key_template_attribute=public) + client.close() + + # Display operation results + logger.debug('create_key_pair() result status: {}'.format( + result.result_status.enum)) + + if result.result_status.enum == ResultStatus.SUCCESS: + logger.debug('created private key UUID: {}'.format( + result.private_key_uuid)) + logger.debug('created public key UUID: {}'.format( + result.public_key_uuid)) + logger.debug('created private key template attribute: {}'.format( + result.private_key_template_attribute)) + logger.debug('created public key template attribute: {}'.format( + result.public_key_template_attribute)) + else: + logger.debug('create() result reason: {}'.format( + result.result_reason.enum)) + logger.debug('create() result message: {}'.format( + result.result_message.value)) diff --git a/kmip/demos/units/destroy.py b/kmip/demos/units/destroy.py new file mode 100644 index 0000000..40b81e4 --- /dev/null +++ b/kmip/demos/units/destroy.py @@ -0,0 +1,83 @@ +# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from kmip.core.enums import CredentialType +from kmip.core.enums import Operation +from kmip.core.enums import ResultStatus + +from kmip.core.factories.attributes import AttributeFactory +from kmip.core.factories.credentials import CredentialFactory + +from kmip.demos import utils + +from kmip.services.kmip_client import KMIPProxy + +import logging +import os +import sys + + +if __name__ == '__main__': + # Build and parse arguments + parser = utils.build_cli_parser(Operation.DESTROY) + opts, args = parser.parse_args(sys.argv[1:]) + + username = opts.username + password = opts.password + uuid = opts.uuid + + # Exit early if the UUID is not specified + if uuid is None: + logging.debug('No UUID provided, exiting early from demo') + sys.exit() + + # Build and setup logging and needed factories + f_log = os.path.join(os.path.dirname(__file__), os.pardir, os.pardir, + 'logconfig.ini') + logging.config.fileConfig(f_log) + logger = logging.getLogger(__name__) + + attribute_factory = AttributeFactory() + credential_factory = CredentialFactory() + + # Build the KMIP server account credentials + # TODO (peter-hamilton) Move up into KMIPProxy + if (username is None) and (password is None): + credential = None + else: + credential_type = CredentialType.USERNAME_AND_PASSWORD + credential_value = {'Username': username, + 'Password': password} + credential = credential_factory.create_credential(credential_type, + credential_value) + # Build the client and connect to the server + client = KMIPProxy() + client.open() + + # Destroy the SYMMETRIC_KEY object + result = client.destroy(uuid, credential) + client.close() + + # Display operation results + logger.debug('destroy() result status: {}'.format( + result.result_status.enum)) + + if result.result_status.enum == ResultStatus.SUCCESS: + logger.debug('destroyed UUID: {}'.format(result.uuid.value)) + else: + logger.debug('destroy() result reason: {}'.format( + result.result_reason.enum)) + logger.debug('destroy() result message: {}'.format( + result.result_message.value)) diff --git a/kmip/demos/units/get.py b/kmip/demos/units/get.py new file mode 100644 index 0000000..53559d6 --- /dev/null +++ b/kmip/demos/units/get.py @@ -0,0 +1,86 @@ +# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from kmip.core.enums import CredentialType +from kmip.core.enums import Operation +from kmip.core.enums import ResultStatus + +from kmip.core.factories.attributes import AttributeFactory +from kmip.core.factories.credentials import CredentialFactory + +from kmip.demos import utils + +from kmip.services.kmip_client import KMIPProxy + +import logging +import os +import sys + + +if __name__ == '__main__': + # Build and parse arguments + parser = utils.build_cli_parser(Operation.GET) + opts, args = parser.parse_args(sys.argv[1:]) + + username = opts.username + password = opts.password + uuid = opts.uuid + + # Exit early if the UUID is not specified + if uuid is None: + logging.debug('No UUID provided, exiting early from demo') + sys.exit() + + # Build and setup logging and needed factories + f_log = os.path.join(os.path.dirname(__file__), os.pardir, os.pardir, + 'logconfig.ini') + logging.config.fileConfig(f_log) + logger = logging.getLogger(__name__) + + attribute_factory = AttributeFactory() + credential_factory = CredentialFactory() + + # Build the KMIP server account credentials + # TODO (peter-hamilton) Move up into KMIPProxy + if (username is None) and (password is None): + credential = None + else: + credential_type = CredentialType.USERNAME_AND_PASSWORD + credential_value = {'Username': username, + 'Password': password} + credential = credential_factory.create_credential(credential_type, + credential_value) + # Build the client and connect to the server + client = KMIPProxy() + client.open() + + # Retrieve the SYMMETRIC_KEY object + result = client.get(uuid, credential) + client.close() + + # Display operation results + logger.debug('get() result status: {}'.format( + result.result_status.enum)) + + if result.result_status.enum == ResultStatus.SUCCESS: + logger.debug('retrieved object type: {}'.format( + result.object_type.enum)) + logger.debug('retrieved UUID: {}'.format(result.uuid.value)) + logger.debug('retrieved secret: {}'.format(result.secret)) + else: + logger.debug('get() result reason: {}'.format( + result.result_reason.enum)) + logger.debug('get() result message: {}'.format( + result.result_message.value)) diff --git a/kmip/demos/units/locate.py b/kmip/demos/units/locate.py new file mode 100644 index 0000000..8ac2635 --- /dev/null +++ b/kmip/demos/units/locate.py @@ -0,0 +1,100 @@ +# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from kmip.core.enums import CredentialType +from kmip.core.enums import NameType +from kmip.core.enums import Operation +from kmip.core.enums import ResultStatus + +from kmip.core.attributes import Name + +from kmip.core.factories.attributes import AttributeFactory +from kmip.core.factories.credentials import CredentialFactory + +from kmip.core.objects import Attribute + +from kmip.demos import utils + +from kmip.services.kmip_client import KMIPProxy + +import logging +import os +import sys + + +if __name__ == '__main__': + # Build and parse arguments + parser = utils.build_cli_parser(Operation.LOCATE) + opts, args = parser.parse_args(sys.argv[1:]) + + username = opts.username + password = opts.password + name = opts.name + + # Exit early if the UUID is not specified + if name is None: + logging.debug('No name provided, exiting early from demo') + sys.exit() + + # Build and setup logging and needed factories + f_log = os.path.join(os.path.dirname(__file__), os.pardir, os.pardir, + 'logconfig.ini') + logging.config.fileConfig(f_log) + logger = logging.getLogger(__name__) + + attribute_factory = AttributeFactory() + credential_factory = CredentialFactory() + + # Build the KMIP server account credentials + # TODO (peter-hamilton) Move up into KMIPProxy + if (username is None) and (password is None): + credential = None + else: + credential_type = CredentialType.USERNAME_AND_PASSWORD + credential_value = {'Username': username, + 'Password': password} + credential = credential_factory.create_credential(credential_type, + credential_value) + # Build the client and connect to the server + client = KMIPProxy() + client.open() + + # Build name attribute + # TODO (peter-hamilton) Push this into the AttributeFactory + attribute_name = Attribute.AttributeName('Name') + name_value = Name.NameValue(name) + name_type = Name.NameType(NameType.UNINTERPRETED_TEXT_STRING) + value = Name.create(name_value=name_value, name_type=name_type) + name_obj = Attribute(attribute_name=attribute_name, attribute_value=value) + attributes = [name_obj] + + # Locate UUID of specified SYMMETRIC_KEY object + result = client.locate(attributes=attributes, + credential=credential) + client.close() + + # Display operation results + logger.debug('locate() result status: {}'.format( + result.result_status.enum)) + + if result.result_status.enum == ResultStatus.SUCCESS: + logger.debug('located UUIDs:') + for uuid in result.uuids: + logging.debug('{0}'.format(uuid)) + else: + logger.debug('get() result reason: {}'.format( + result.result_reason.enum)) + logger.debug('get() result message: {}'.format( + result.result_message.value)) diff --git a/kmip/demos/units/register.py b/kmip/demos/units/register.py new file mode 100644 index 0000000..c2a40ab --- /dev/null +++ b/kmip/demos/units/register.py @@ -0,0 +1,135 @@ +# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from kmip.core.enums import AttributeType +from kmip.core.enums import CredentialType +from kmip.core.enums import CryptographicAlgorithm +from kmip.core.enums import CryptographicUsageMask +from kmip.core.enums import KeyFormatType +from kmip.core.enums import ObjectType +from kmip.core.enums import Operation +from kmip.core.enums import ResultStatus + +from kmip.core.factories.attributes import AttributeFactory +from kmip.core.factories.credentials import CredentialFactory +from kmip.core.factories.secrets import SecretFactory + +from kmip.core.objects import TemplateAttribute + +from kmip.demos import utils + +from kmip.services.kmip_client import KMIPProxy + +import logging +import os +import sys + + +if __name__ == '__main__': + # Build and parse arguments + parser = utils.build_cli_parser(Operation.REGISTER) + opts, args = parser.parse_args(sys.argv[1:]) + + username = opts.username + password = opts.password + algorithm = opts.algorithm + length = opts.length + + # Exit early if the arguments are not specified + if algorithm is None: + logging.debug('No algorithm provided, exiting early from demo') + sys.exit() + if length is None: + logging.debug("No key length provided, exiting early from demo") + sys.exit() + + # Build and setup logging and needed factories + f_log = os.path.join(os.path.dirname(__file__), os.pardir, os.pardir, + 'logconfig.ini') + logging.config.fileConfig(f_log) + logger = logging.getLogger(__name__) + + attribute_factory = AttributeFactory() + credential_factory = CredentialFactory() + secret_factory = SecretFactory() + + # Build the KMIP server account credentials + # TODO (peter-hamilton) Move up into KMIPProxy + if (username is None) and (password is None): + credential = None + else: + credential_type = CredentialType.USERNAME_AND_PASSWORD + credential_value = {'Username': username, + 'Password': password} + credential = credential_factory.create_credential(credential_type, + credential_value) + # Build the client and connect to the server + client = KMIPProxy() + client.open() + + # Build the different object attributes + object_type = ObjectType.SYMMETRIC_KEY + + attribute_type = AttributeType.CRYPTOGRAPHIC_ALGORITHM + algorithm_enum = getattr(CryptographicAlgorithm, algorithm, None) + + if algorithm_enum is None: + logging.debug("{0} not found".format(algorithm)) + logging.debug("Invalid algorithm specified, exiting early from demo") + + client.close() + sys.exit() + + mask_flags = [CryptographicUsageMask.ENCRYPT, + CryptographicUsageMask.DECRYPT] + attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK + usage_mask = attribute_factory.create_attribute(attribute_type, + mask_flags) + attributes = [usage_mask] + template_attribute = TemplateAttribute(attributes=attributes) + + secret_features = {} + + key_format_type = KeyFormatType.RAW + secret_features.update([('key_format_type', key_format_type)]) + + # TODO (peter-hamilton) Replace with calls to crypto libraries + key_data = {'bytes': bytearray(b'\x00\x00\x00\x00\x00\x00\x00\x00' + b'\x00\x00\x00\x00\x00\x00\x00\x00')} + + secret_features.update([('key_value', key_data)]) + secret_features.update([('cryptographic_algorithm', algorithm_enum)]) + secret_features.update([('cryptographic_length', length)]) + + secret = secret_factory.create_secret(object_type, secret_features) + + # Register the SYMMETRIC_KEY object + result = client.register(object_type, template_attribute, secret, + credential) + client.close() + + # Display operation results + logger.debug('register() result status: {}'.format( + result.result_status.enum)) + + if result.result_status.enum == ResultStatus.SUCCESS: + logger.debug('registered UUID: {}'.format(result.uuid.value)) + logger.debug('registered template attribute: {}'. + format(result.template_attribute)) + else: + logger.debug('register() result reason: {}'.format( + result.result_reason.enum)) + logger.debug('register() result message: {}'.format( + result.result_message.value)) diff --git a/kmip/demos/utils.py b/kmip/demos/utils.py new file mode 100644 index 0000000..5fc30b2 --- /dev/null +++ b/kmip/demos/utils.py @@ -0,0 +1,125 @@ +# Copyright (c) 2015 The Johns Hopkins University/Applied Physics Laboratory +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from kmip.core.enums import Operation + +import optparse + + +def build_cli_parser(operation): + # Build the argument parser and setup expected options + parser = optparse.OptionParser( + usage="%prog [options]", + description="Run KMIP client {0} operation".format(operation.name)) + + parser.add_option( + "-u", + "--username", + action="store", + type="str", + default=None, + dest="username", + help="Username for KMIP server account") + parser.add_option( + "-p", + "--password", + action="store", + type="str", + default=None, + dest="password", + help="Password for KMIP server account") + + if operation is Operation.CREATE: + parser.add_option( + "-a", + "--algorithm", + action="store", + type="str", + default=None, + dest="algorithm", + help="Encryption algorithm for the secret (e.g., AES)") + parser.add_option( + "-l", + "--length", + action="store", + type="int", + default=None, + dest="length", + help="Key length in bits (e.g., 128, 256)") + elif operation is Operation.CREATE_KEY_PAIR: + parser.add_option( + "-a", + "--algorithm", + action="store", + type="str", + default=None, + dest="algorithm", + help="Encryption algorithm for the secret (e.g., AES)") + parser.add_option( + "-l", + "--length", + action="store", + type="int", + default=None, + dest="length", + help="Key length in bits (e.g., 128, 256)") + elif operation is Operation.DESTROY: + parser.add_option( + "-i", + "--uuid", + action="store", + type="str", + default=None, + dest="uuid", + help="UUID of secret to delete from the KMIP server") + elif operation is Operation.GET: + parser.add_option( + "-i", + "--uuid", + action="store", + type="str", + default=None, + dest="uuid", + help="UUID of secret to retrieve from the KMIP server") + elif operation is Operation.LOCATE: + parser.add_option( + "-n", + "--name", + action="store", + type="str", + default=None, + dest="name", + help="Name of secret to retrieve from the KMIP server") + elif operation is Operation.REGISTER: + parser.add_option( + "-a", + "--algorithm", + action="store", + type="str", + default=None, + dest="algorithm", + help="Encryption algorithm for the secret (e.g., AES)") + parser.add_option( + "-l", + "--length", + action="store", + type="int", + default=None, + dest="length", + help="Key length in bits (e.g., 128, 256)") + else: + raise ValueError("unrecognized operation: {0}".format(operation)) + + return parser diff --git a/kmip/services/kmip_client.py b/kmip/services/kmip_client.py index 4283169..678ed58 100644 --- a/kmip/services/kmip_client.py +++ b/kmip/services/kmip_client.py @@ -81,6 +81,21 @@ class KMIPProxy(KMIP): def open(self): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + + self.logger.debug("KMIPProxy keyfile: {0}".format(self.keyfile)) + self.logger.debug("KMIPProxy certfile: {0}".format(self.certfile)) + self.logger.debug( + "KMIPProxy cert_reqs: {0} (CERT_REQUIRED: {1})".format( + self.cert_reqs, ssl.CERT_REQUIRED)) + self.logger.debug( + "KMIPProxy ssl_version: {0} (PROTOCOL_SSLv23: {1})".format( + self.ssl_version, ssl.PROTOCOL_SSLv23)) + self.logger.debug("KMIPProxy ca_certs: {0}".format(self.ca_certs)) + self.logger.debug("KMIPProxy do_handshake_on_connect: {0}".format( + self.do_handshake_on_connect)) + self.logger.debug("KMIPProxy suppress_ragged_eofs: {0}".format( + self.suppress_ragged_eofs)) + self.socket = ssl.wrap_socket( sock, keyfile=self.keyfile, diff --git a/kmip/services/results.py b/kmip/services/results.py index a0a9a76..84479af 100644 --- a/kmip/services/results.py +++ b/kmip/services/results.py @@ -71,6 +71,8 @@ class CreateKeyPairResult(OperationResult): public_key_uuid=None, private_key_template_attribute=None, public_key_template_attribute=None): + super(CreateKeyPairResult, self).__init__( + result_status, result_reason, result_message) self.private_key_uuid = private_key_uuid self.public_key_uuid = public_key_uuid self.private_key_template_attribute = private_key_template_attribute