This change tweaks the format of operation policy files, renaming
the 'default' section of each policy to 'preset'. This reinforces
the idea that this section of the policy is used only when group-
based access control is disabled. It also removes any ambiguity
between this section of the policy and the actual 'default'
policy built into the server.
This change adds a basic error message that gets raised when
attempting to read an unparseable attribute (i.e., an attribute
that is not supported by the library).
Fixes#429
This change adds client support for setting custom configuration
file paths, allowing users and developers to place their settings
file wherever they want. All client demo scripts have been updated
to support a '-s' flag that can be used to set the configuration
file for the demo. Client unit tests have also been updated to
include this change.
This change adds the request/response payloads for the Rekey
operation. Unit tests are included to cover the new payloads. The
payloads package is also updated to allow direct import of the
Rekey payloads going forward.
Partially addresses #405
This change fixes how the ProxyKmipClient handles cryptographic
usage mask values for the CreateKeyPair operation. Originally,
both Encrypt and Decrypt were set by default for both public and
private keys. This is incorrect behavior for certain algorithms.
Now, only the masks specified by the caller are set on the key
pair.
Fixes#412
This change updates the server, integrating policy file monitoring
and restructuring the engine. The top-level server entity now
handles loading policy files using the PolicyDirectoryMonitor
subprocess. A shared memory dictionary is used to share newly
modified policy data across the session threads managed by the
server and used by the engine. The legacy policy loading code in
the engine has been removed.
Unit tests have been added and modified for both the server and
engine to verify the functionality of these modifications.
This change updates how the server session handles message
processing, adding support for the new authentication plugin
framework. Session unit tests have been updated to account for
this change.
This change adds an implementation of the AttestationCredential
introduced in KMIP 1.2. The underlying Nonce struct is included.
Unit test suites for both objects are provided. Finally, the
Credential struct has also been updated to support the new
credential type.
This change removes the legacy KMIP base class that was originally
used for the KMIPProxy client. The base class simply defined the
KMIP operation methods that the client should support. It has not
been actively used to guide client development for some time and
now just clutters up the code base. The KMIPProxy class has been
updated to remove any reference to this original base class.
This change updates the Authentication object, taking into account
the recent changes made to the Credential object hierarchy. A new
comprehensive unit test suite has been added for the Authentication
object. Usage of the object in the PyKMIP server has also been
updated to reflect these changes.
This change updates the implementation of the Credential objects.
The UsernamePassword and Device credentials are now first-class
objects and, along with the base Credential, have been restructured
to match the current struct style. Comprehensive unit test suites
for each class have been added. Additionally, the credential
factory code and its usage in the KMIPProxy class and associated
test suites have been updated to reflect this change.
This change updates the implementation of the ProtocolVersion
struct, bringing it inline with the current struct style. All
uses of the struct have been updated to reflect these changes,
as have the struct unit tests.
This change updates the PyKMIP server, allowing it to process and
use group-based operation policies. The server still supports the
original operation policy file format, so no immediate difference
should be apparent to users. Future documentation changes will
explain group-based policy files and how they should be used.
This change adds the request payload for the Poll operation. A unit
test suite for the payload is included. The payload can be imported
directly from the payloads package.
This change adds request and response payloads for the ObtainLease
operation. Unit test suites are included for both payloads and
both payloads can be imported directly from the payloads package.
This change adds request and response payloads for the Recover
operation. Unit test suites are included for both payloads and
both payloads can be imported directly from the payloads package.
This change adds request and response payloads for the
GetUsageAllocation operation. Unit test suites are included for
both payloads and both payloads can be imported directly from the
payloads package.
This change adds request and response payloads for the Cancel
operation. Unit test suites are included for both payloads. Both
payloads can be imported directly from the payloads package.
This change removes unused exceptions defined in core/errors.py,
along with the errors.py module itself. The few used items from
this file are migrated over to core/exceptions.py. Any dependent
code is updated, dropping the use of errors.py and adding in the
use of exceptions.py.
This change adds request and response payloads for the Archive
operation. Unit test suites are included for both payloads and
both payloads can be imported directly from the payloads package.
This change fixes violations of E722, the use of except without
specifying an exception type. For now the high-level Exception
class is used as a generic catchall. In the future these cases
will be updated to handle the specific exceptions expected.
This change renames the CertificateTypeEnum enumeration to
CertificateType, matching the naming schemes of all other
enumerations. This is a backwards incompatible change and
will break any scripts or programs that use the current
CertificateTypeEnum name.
This change adds a ProxyKmipClient integration test that verifies
that a wrapped key can be registered with the server and can then
be retrieved, along with all of its key wrapping metadata. Minor
updates to the underlying metadata handling are included.
This change makes several minor updates to different structs
pertaining to key wrapping, allowing these structs to accept and
process dict arguments. Unit tests have been updated to reflect
this change.
This change updates payload management, streamlining the import
process for kmip.core.messages.payloads. Now any request or
response payload is accessible by importing payloads. All code
importing and using individual payload modules has been updated
to use this new approach.
This change adds request and response payloads for the
SignatureVerify operation. Payload factories have been updated to
support SignatureVerify and new unit test suites have been added
to cover the new payload code.
This change adds support for retrieving wrapped keys from the KMIP
server. The only supported key wrapping algorithm currently is
the AES-based NIST Key Wrap algorithm (RFC 3394). MAC/signing is
not supported for key wrapping. Attribute-bundling with the wrapped
key value is not supported. Wrapping of the entire key block TTLV
encoding is not supported. Various additional error cases are
included and checked for.
Unit tests covering the additions to Get are included.
This change updates the Get payloads to reflect current coding
styles. It streamlines payload usage and makes it easier to create
and access payload fields. A new unit test suite dedicated to the
Get payloads is added. Surrounding code in the client/server and
associated utilities and unit tests are updated to reflect these
changes.
This change updates the KeyWrappingData struct to conform with
current library styles. This struct is used with key data to
represent a wrapped key and will be used by future patches to
support key wrapping functionality. Updated unit tests matching
the new additions are included.
This change updates the KeyWrappingSpecification struct to conform
with current library styles. This struct is used for key wrapping
functionality and will be used in future patches. Updated unit
tests matching the new additions are included.
This change updates the MACSignatureKeyInformation struct to
conform with current library styles. This struct is used for key
wrapping functionality and will be leveraged by future patches.
Updated unit tests matching the new additions are included.
This change updates the EncryptionKeyInformation struct to conform
with current library styles. This struct is used for key wrapping
functionality and will be leveraged by future patches. Updated
unit tests matching the new additions are included.
This change adds request/response payloads for the DeriveKey
operation, updating the payload factories to support DeriveKey.
Unit tests for the payloads and payload factories are included.
The inequality operator was also added to the TemplateAttribute
struct to support the DeriveKey payload unit tests; differences
in Python2.7 and 3+ led to comparison failures.
This change adds support for the DerivationParameters struct,
which is needed for DeriveKey support. Unit tests are included to
cover all newly added code.
This change adds request and response payloads for Decrypt
operation, updating the payload factories to support Decrypt
payloads. Unit tests for all new code are included.
This change adds encryption functionality to the cryptographic
engine used by the server. It supports a variety of symmetric
encryption algorithms and block cipher modes. Asymmetric encryption
support will be added in a future patch.
Unit tests and minor updates to surrounding core code are included.
This change adds request and response payloads for the Encrypt
operation, updating the payload factories to support Encrypt
payloads. Unit tests for all new code are included.
