This change fixes how the ProxyKmipClient handles cryptographic
usage mask values for the CreateKeyPair operation. Originally,
both Encrypt and Decrypt were set by default for both public and
private keys. This is incorrect behavior for certain algorithms.
Now, only the masks specified by the caller are set on the key
pair.
Fixes#412
This change updates the ProxyKmipClient support for the DeriveKey
operation, now allowing the caller to specify a list of
CryptographicUsageMask enumerations to set on the newly derived
key.
Fixes#417
This change adds Check operation support to the ProxyKmipClient.
The client unit test suite has been updated to cover the new code.
Partially addresses #405
This change fixes a bug with the ProxyKmipClient handling of
cryptographic parameters, specifically handling the case where
no cryptographic parameters are provided for an operation method
call. When no parameters are specified, None is now correctly
propagated through to request handling. A client unit test has
been added to cover this fix.
Fixes#406
This change removes the redundant KmipClient API class from the
pie package. The ProxyKmipClient is the main client going forward
and there is no need for a generic API against which to develop
new clients. If this is needed in the future, it is trivial to
restore.
This change renames the CertificateTypeEnum enumeration to
CertificateType, matching the naming schemes of all other
enumerations. This is a backwards incompatible change and
will break any scripts or programs that use the current
CertificateTypeEnum name.
This change updates the KMIP object model to support explicitly
storing key wrapping data attributes. Key wrapping data is treated
externally as a dictionary and is stored as individual fields in
the back end. Various unit tests have been updated and added to
support these additions.
This change updates the ProxyKmipClient, allowing Get operation
calls to retrieve wrapped keys by providing key wrapping
specification information with the request. Unit tests have been
added and updated to reflect this change.
This change updates ProxyKmipClient support for the CreateKeyPair
operation, adding in optional arguments allowing the user to
specify the cryptographic usage masks for the public and private
keys that will be created. Unit tests have been added to cover
this change.
This change updates the ProxyKmipClient close method, allowing
it to be called without error even when the client connection is
not open. The client unit tests have been updated to reflect this.
This change adds Encrypt operation support to the KMIPProxy and
ProxyKmipClient clients, including unit tests to cover the new
functionality.
Extensive documentation has been added to the header comments for
the new client methods detailing the expected input parameters and
return values. This approach should be followed for all new client
additions going forward.
This change fixes a bug in the ProxyKmipClient, specifically in
the register method. The client would create attributes for the
object to register, regardless if those attributes were set on
the object. This could cause attribute value overwrites, deleting
valid default values with empty values. This change adds checks
to ensure these attributes are not created with the request if
they are not set on the object. The client unit tests have been
updated to reflect this change.
This change adds support for the GetAttributes operation to the
PyKMIP clients. Demo scripts showing how to use the new operation
will be included in a future update. Client test cases have been
added and updated to reflect the new operation.
The ProxyKmipClient now allows you to optionally provide a name
when performing a `Create` or a `Create Key Pair`. If not specified,
the name is excluded from the request.
* For `create`, users specify `name`
* For `create_key_pair`, users specify `private_name` and `public_name`
Resolves#208
This change adds operation policy name support to the pie client,
allowing you to optionally specify the policy name when creating
new symmetric keys and asymmetric key pairs. The operation policy
name can also be set on any pie object and will be sent with the
corresponding register request for new objects. Tests for these
additions are included.
The code for persisting symmetric keys in a database has been added
along with the corresponding unit tests.
The usage mask list for cryptographic objects is stored as an integer bitmask.
The conversion takes place with a new SQLAlchemy type.
Switched ManagedObject value type to VARBINARY. This prevents errors from
occuring when trying to convert to a string.
Added the ORM code to be able to persist OpaqueData in a database.
This added the code to the base class ManagedObject as well. Unit
tests are added to demonstrate the code is working correctly.
This change updates the Enumeration primitive, adding a fresh
implementation and documentation. An updated unit test suite for the
primitive is included. Numerous changes to Enumeration usage across the
library are also included to comply with the updated implementation.
This change adds support for the GetAttributeList operation to the
ProxyKmipClient. It updates the Pie client API and provides a demo
showing how to use the operation. All relevant test suites are updated
accordingly.
This change adds an OpaqueObject class to the Pie object hierarchy. A
unit test suite covering the class is included, as are updates to the
Pie object factory and associated tests.
This change adds a SecretData class to the Pie object hierarchy. A unit
test suite covering the class is provided, as are updates to the Pie
object factory and associated tests.
This change adds certificate objects to the Pie object hierarchy,
specifically a generic Certificate class and an X509Certificate
subclass. Unit test suites covering both classes are included. The Pie
object factory is also updated to support Pie and core certificate
conversion.
This change adds the Pie ProxyKmipClient, which provides a simplified
version of the original KMIP interface and which wraps the original
client. The ProxyKmipClient supports basic CRUD operations for
symmetric, public, and private keys. A unit test suite for the client is
included.
This change adds an abstract base class defining the client interface
for all future PyKMIP clients. Required arguments for different
operations are explicitly specified. A basic sanity unit test suite is
included.
This change adds an ObjectFactory for the Pie object hierarchy. It
provides easy translation to and from Pie objects to the original core
object hierarchy. The factory is only used by the new Pie client and
should never be used outside of this context. A unit test suite for the
factory is included.
