tyler.durden/PyKMIP
1
0
Fork 0
mirror of https://github.com/OpenKMIP/PyKMIP.git synced 2025-06-28 17:54:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12 from OpenKMIP/feat/update-register-demo-for-certificate

Browse Source 
Updating demo utilities to support creating Certificates
This commit is contained in:
Peter Hamilton 2015-05-08 16:28:00 -04:00
commit bae6d66e8c
1 changed files with 91 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
kmip/demos/utils.py
View File

@ -17,6 +17,7 @@ from kmip.core.attributes import CryptographicAlgorithm
from kmip.core.attributes import CryptographicLength from kmip.core.attributes import CryptographicLength
from kmip.core.enums import AttributeType from kmip.core.enums import AttributeType
from kmip.core.enums import CertificateTypeEnum
from kmip.core.enums import CryptographicAlgorithm as CryptoAlgorithmEnum from kmip.core.enums import CryptographicAlgorithm as CryptoAlgorithmEnum
from kmip.core.enums import CryptographicUsageMask from kmip.core.enums import CryptographicUsageMask
from kmip.core.enums import ObjectType from kmip.core.enums import ObjectType
@ -31,11 +32,13 @@ from kmip.core.objects import KeyBlock
from kmip.core.objects import KeyMaterial from kmip.core.objects import KeyMaterial
from kmip.core.objects import KeyValue from kmip.core.objects import KeyValue
from kmip.core.secrets import Certificate
from kmip.core.secrets import PrivateKey from kmip.core.secrets import PrivateKey
from kmip.core.secrets import PublicKey from kmip.core.secrets import PublicKey
from kmip.core.secrets import SymmetricKey from kmip.core.secrets import SymmetricKey
from kmip.core.secrets import SecretData from kmip.core.secrets import SecretData
import binascii
import optparse import optparse
import sys import sys
@ -167,7 +170,8 @@ def build_cli_parser(operation):
default="SYMMETRIC_KEY", default="SYMMETRIC_KEY",
dest="type", dest="type",
help=("Type of the object to register. Supported types include: " help=("Type of the object to register. Supported types include: "
"PRIVATE_KEY, PUBLIC_KEY, SYMMETRIC_KEY, SECRET_DATA")) "CERTIFICATE, PRIVATE_KEY, PUBLIC_KEY, SYMMETRIC_KEY, "
"SECRET_DATA"))
elif operation is Operation.QUERY: elif operation is Operation.QUERY:
pass pass
elif operation is Operation.DISCOVER_VERSIONS: elif operation is Operation.DISCOVER_VERSIONS:
@ -179,8 +183,11 @@ def build_cli_parser(operation):
def build_cryptographic_usage_mask(logger, object_type): def build_cryptographic_usage_mask(logger, object_type):
if (object_type == ObjectType.SYMMETRIC_KEY or if object_type == ObjectType.CERTIFICATE:
object_type == ObjectType.SECRET_DATA): flags = [CryptographicUsageMask.ENCRYPT,
CryptographicUsageMask.VERIFY]
elif (object_type == ObjectType.SYMMETRIC_KEY or
object_type == ObjectType.SECRET_DATA):
flags = [CryptographicUsageMask.ENCRYPT, flags = [CryptographicUsageMask.ENCRYPT,
CryptographicUsageMask.DECRYPT] CryptographicUsageMask.DECRYPT]
elif object_type == ObjectType.PUBLIC_KEY: elif object_type == ObjectType.PUBLIC_KEY:
@ -201,7 +208,18 @@ def build_cryptographic_usage_mask(logger, object_type):
def build_object(logger, object_type, key_format_type): def build_object(logger, object_type, key_format_type):
key_value = build_key_value(logger, object_type) if object_type == ObjectType.CERTIFICATE:
value = build_secret_value(logger, object_type)
return Certificate(
certificate_type=CertificateTypeEnum.X_509,
certificate_value=value)
else:
return build_key(logger, object_type, key_format_type)
def build_key(logger, object_type, key_format_type):
key_value = build_secret_value(logger, object_type)
cryptographic_algorithm = build_cryptographic_algorithm( cryptographic_algorithm = build_cryptographic_algorithm(
logger, object_type) logger, object_type)
cryptographic_length = build_cryptographic_length(logger, object_type) cryptographic_length = build_cryptographic_length(logger, object_type)
@ -223,7 +241,7 @@ def build_object(logger, object_type, key_format_type):
return SecretData(secret_data_type=kind, return SecretData(secret_data_type=kind,
key_block=key_block) key_block=key_block)
else: else:
logger.error("Unrecognized object type, could not build object") logger.error("Unrecognized object type, could not build key")
sys.exit() sys.exit()
@ -255,9 +273,62 @@ def build_cryptographic_algorithm(logger, object_type):
sys.exit() sys.exit()
def build_key_value(logger, object_type): def build_secret_value(logger, object_type):
if (object_type == ObjectType.SYMMETRIC_KEY if object_type == ObjectType.CERTIFICATE:
or object_type == ObjectType.SECRET_DATA): # Encoding from Section 13.2 of the KMIP 1.1 Test Cases document.
return (
b'\x30\x82\x03\x12\x30\x82\x01\xFA\xA0\x03\x02\x01\x02\x02\x01\x01'
b'\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30'
b'\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D'
b'\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30'
b'\x0C\x06\x03\x55\x04\x0B\x13\x05\x4F\x41\x53\x49\x53\x31\x0D\x30'
b'\x0B\x06\x03\x55\x04\x03\x13\x04\x4B\x4D\x49\x50\x30\x1E\x17\x0D'
b'\x31\x30\x31\x31\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x17\x0D\x32'
b'\x30\x31\x31\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x3B\x31\x0B'
b'\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06'
b'\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30\x0C\x06\x03'
b'\x55\x04\x0B\x13\x05\x4F\x41\x53\x49\x53\x31\x0D\x30\x0B\x06\x03'
b'\x55\x04\x03\x13\x04\x4B\x4D\x49\x50\x30\x82\x01\x22\x30\x0D\x06'
b'\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F'
b'\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x7F\x16\x1C\x00\x42'
b'\x49\x6C\xCD\x6C\x6D\x4D\xAD\xB9\x19\x97\x34\x35\x35\x77\x76\x00'
b'\x3A\xCF\x54\xB7\xAF\x1E\x44\x0A\xFB\x80\xB6\x4A\x87\x55\xF8\x00'
b'\x2C\xFE\xBA\x6B\x18\x45\x40\xA2\xD6\x60\x86\xD7\x46\x48\x34\x6D'
b'\x75\xB8\xD7\x18\x12\xB2\x05\x38\x7C\x0F\x65\x83\xBC\x4D\x7D\xC7'
b'\xEC\x11\x4F\x3B\x17\x6B\x79\x57\xC4\x22\xE7\xD0\x3F\xC6\x26\x7F'
b'\xA2\xA6\xF8\x9B\x9B\xEE\x9E\x60\xA1\xD7\xC2\xD8\x33\xE5\xA5\xF4'
b'\xBB\x0B\x14\x34\xF4\xE7\x95\xA4\x11\x00\xF8\xAA\x21\x49\x00\xDF'
b'\x8B\x65\x08\x9F\x98\x13\x5B\x1C\x67\xB7\x01\x67\x5A\xBD\xBC\x7D'
b'\x57\x21\xAA\xC9\xD1\x4A\x7F\x08\x1F\xCE\xC8\x0B\x64\xE8\xA0\xEC'
b'\xC8\x29\x53\x53\xC7\x95\x32\x8A\xBF\x70\xE1\xB4\x2E\x7B\xB8\xB7'
b'\xF4\xE8\xAC\x8C\x81\x0C\xDB\x66\xE3\xD2\x11\x26\xEB\xA8\xDA\x7D'
b'\x0C\xA3\x41\x42\xCB\x76\xF9\x1F\x01\x3D\xA8\x09\xE9\xC1\xB7\xAE'
b'\x64\xC5\x41\x30\xFB\xC2\x1D\x80\xE9\xC2\xCB\x06\xC5\xC8\xD7\xCC'
b'\xE8\x94\x6A\x9A\xC9\x9B\x1C\x28\x15\xC3\x61\x2A\x29\xA8\x2D\x73'
b'\xA1\xF9\x93\x74\xFE\x30\xE5\x49\x51\x66\x2A\x6E\xDA\x29\xC6\xFC'
b'\x41\x13\x35\xD5\xDC\x74\x26\xB0\xF6\x05\x02\x03\x01\x00\x01\xA3'
b'\x21\x30\x1F\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x04\xE5'
b'\x7B\xD2\xC4\x31\xB2\xE8\x16\xE1\x80\xA1\x98\x23\xFA\xC8\x58\x27'
b'\x3F\x6B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05'
b'\x00\x03\x82\x01\x01\x00\xA8\x76\xAD\xBC\x6C\x8E\x0F\xF0\x17\x21'
b'\x6E\x19\x5F\xEA\x76\xBF\xF6\x1A\x56\x7C\x9A\x13\xDC\x50\xD1\x3F'
b'\xEC\x12\xA4\x27\x3C\x44\x15\x47\xCF\xAB\xCB\x5D\x61\xD9\x91\xE9'
b'\x66\x31\x9D\xF7\x2C\x0D\x41\xBA\x82\x6A\x45\x11\x2F\xF2\x60\x89'
b'\xA2\x34\x4F\x4D\x71\xCF\x7C\x92\x1B\x4B\xDF\xAE\xF1\x60\x0D\x1B'
b'\xAA\xA1\x53\x36\x05\x7E\x01\x4B\x8B\x49\x6D\x4F\xAE\x9E\x8A\x6C'
b'\x1D\xA9\xAE\xB6\xCB\xC9\x60\xCB\xF2\xFA\xE7\x7F\x58\x7E\xC4\xBB'
b'\x28\x20\x45\x33\x88\x45\xB8\x8D\xD9\xAE\xEA\x53\xE4\x82\xA3\x6E'
b'\x73\x4E\x4F\x5F\x03\xB9\xD0\xDF\xC4\xCA\xFC\x6B\xB3\x4E\xA9\x05'
b'\x3E\x52\xBD\x60\x9E\xE0\x1E\x86\xD9\xB0\x9F\xB5\x11\x20\xC1\x98'
b'\x34\xA9\x97\xB0\x9C\xE0\x8D\x79\xE8\x13\x11\x76\x2F\x97\x4B\xB1'
b'\xC8\xC0\x91\x86\xC4\xD7\x89\x33\xE0\xDB\x38\xE9\x05\x08\x48\x77'
b'\xE1\x47\xC7\x8A\xF5\x2F\xAE\x07\x19\x2F\xF1\x66\xD1\x9F\xA9\x4A'
b'\x11\xCC\x11\xB2\x7E\xD0\x50\xF7\xA2\x7F\xAE\x13\xB2\x05\xA5\x74'
b'\xC4\xEE\x00\xAA\x8B\xD6\x5D\x0D\x70\x57\xC9\x85\xC8\x39\xEF\x33'
b'\x6A\x44\x1E\xD5\x3A\x53\xC6\xB6\xB6\x96\xF1\xBD\xEB\x5F\x7E\xA8'
b'\x11\xEB\xB2\x5A\x7F\x86')
elif (object_type == ObjectType.SYMMETRIC_KEY or
object_type == ObjectType.SECRET_DATA):
return ( return (
b'\x30\x82\x02\x76\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7' b'\x30\x82\x02\x76\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7'
b'\x0D\x01\x01\x01\x05\x00\x04\x82\x02\x60\x30\x82\x02\x5C\x02\x01' b'\x0D\x01\x01\x01\x05\x00\x04\x82\x02\x60\x30\x82\x02\x5C\x02\x01'
@ -324,7 +395,7 @@ def build_key_value(logger, object_type):
b'\x18\x90\xEC\x1C\x86\x19\xE8\x7A\x2B\xD3\x8F\x9D\x03\xB3\x7F\xAC' b'\x18\x90\xEC\x1C\x86\x19\xE8\x7A\x2B\xD3\x8F\x9D\x03\xB3\x7F\xAC'
b'\x74\x2E\xFB\x74\x8C\x78\x85\x94\x2C\x39') b'\x74\x2E\xFB\x74\x8C\x78\x85\x94\x2C\x39')
else: else:
logger.error("Unrecognized object type, could not build key value") logger.error("Unrecognized object type, could not build secret value")
sys.exit() sys.exit()
@ -370,7 +441,9 @@ def log_attribute_list(logger, attributes):
def log_secret(logger, secret_type, secret_value): def log_secret(logger, secret_type, secret_value):
if secret_type is ObjectType.PRIVATE_KEY: if secret_type is ObjectType.CERTIFICATE:
log_certificate(logger, secret_value)
elif secret_type is ObjectType.PRIVATE_KEY:
log_private_key(logger, secret_value) log_private_key(logger, secret_value)
elif secret_type is ObjectType.PUBLIC_KEY: elif secret_type is ObjectType.PUBLIC_KEY:
log_public_key(logger, secret_value) log_public_key(logger, secret_value)
@ -378,6 +451,14 @@ def log_secret(logger, secret_type, secret_value):
logger.info('generic secret: {0}'.format(secret_value)) logger.info('generic secret: {0}'.format(secret_value))
def log_certificate(logger, certificate):
logger.info('certificate:')
logger.info('* certificate type: {0}'.format(
certificate.certificate_type))
logger.info('* certificate value: {0}'.format(
binascii.hexlify(certificate.certificate_value.value)))
def log_public_key(logger, public_key): def log_public_key(logger, public_key):
key_block = public_key.key_block key_block = public_key.key_block