This test is meant to intentionally trigger an exception in the cryptography library
by creating a CMAC with a non-block cipher algorithm, IDEA.
That doesn't work any more because IDEA is now treated as a block cipher algorithm.
To fix this, we now use the ARC4 algorithm instead,
which does trigger the expected exception.
I'm not *entirely* sure what's going on here, but it seems that when we
do something like
obj = OpaqueObject(...)
Session = sessionmaker(...)
session = Session()
...
session.add(obj)
session.commit()
the primary key (and maybe some foreign relations?) aren't automatically
populated on `obj` following the commit, and will attempt to lazy-load
on next reference. Since expire_on_commit defaults to True, the session
attached to `obj` (which is no longer the `session` in locals!) is closed
out when we later do
session = Session()
get_obj = session.query(OpaqueObject).filter(
ManagedObject.unique_identifier == obj.unique_identifier).one()
leading to a DetachedInstanceError.
There seem to be a few different ways we can fix this:
* Set expire_on_commit=False so the old session is still useful for the
lazy-loading.
* Re-use the same session instead of creating a new one.
* Explicitly refresh added objects post-commit.
Generally prefer the first one; there's some prior art to follow in
services/server/test_engine.py. Curiously, that same file runs into
trouble despite already setting expire_on_commit=False -- so do the
explicit refresh, on the assumption that there was a reason we went to
the trouble of creating a fresh session.
Closes#649
This change adds integration tests for the client and server for
the Modify and DeleteAttribute operations, proving they work in
tandem. Minor bug fixes in the client are included to enable
correct test execution.
Partially implements #547
This changes fixes a minor bug with proper attribute index range
checking in the server implementation of ModifyAttribute. A corner
case that previously slipped through index checking and testing
has been closed. An existing unit test has been modified to fix
this bug.
Partially implements #547
This change updates the request and response payload factories to
add support for the Set, Modify, and DeleteAttribute payloads.
Unit tests have been added to cover the changes.
Partially implements #547
This change adds ModifyAttribute operation support to the PyKMIP
server, including additional attribute policy functionality to
check for certain attribute characteristics that preclude
ModifyAttribute operation functionality. New unit tests have been
added to cover these changes.
Partially implements #547
This change adds ModifyAttribute support to the ProxyKmipClient,
leveraging the new generic request capability in the underlying
KMIPProxy client. New unit tests have been added to cover the new
client additions.
Partially implements #547
This change adds SetAttribute support to the ProxyKmipClient,
leveraging the new generic request capability in the underlying
KMIPProxy client. New unit tests have been added to cover the new
client additions.
Partially implements #547
This change adds SetAttribute operation support to the PyKMIP
server, including additional attribute policy functionality to
check for certain attribute characteristics that preclude
SetAttribute operation functionality. Specifically, the operation
cannot set the value of any multivalued attribute nor the value
of any attribute not modifiable by the client. New unit tests
have been added to cover these changes.
Partially implements #547
This change adds support for the Sensitive attribute, adding it to
the attribute factory, the SQLAlchemy object hierarchy, and to the
server attribute handling methods. The intent is to use this new
attribute to test the new SetAttribute and ModifyAttribute
operations coming in future commits. Unit tests have been added
and modified to support the new additions.
This change adds support for the ModifyAttribute operation in the
form of request and response payload structures. These will be used
in future updates to the client and server to fully support the
ModifyAttribute operation. A new unit test suite has been added to
cover the new changes.
Partially Implements #547
This change adds support for the SetAttribute operation in the
form of request and response payload structures. These will be used
in future updates to the client and server to fully support the
SetAttribute operation. A new unit test suite has been added to
cover the new changes.
Partially Implements #547
This change adds support for the NewAttribute structure added
in KMIP 2.0. The NewAttribute structure is a basic container
structure that contains a single attribute instance for use by
attribute operations. A new unit test suite has been added to cover
the new additions.
Partially implements #547
This change adds DeleteAttribute support to the ProxyKmipClient,
leveraging the new generic request capability in the underlying
KMIPProxy client. Going forward all new attribute support will
leverage the new request capability and older supported operations
will be migrated to use it as well, with the ultimate vision
being a final merger of the two client classes into one easy to
use architecture. New unit tests have been added to cover the new
client additions.
Partially implements #547
This change adds DeleteAttribute operation support to the PyKMIP
server, supporting functionality unique to KMIP 1.0 - 1.4 and the
newer KMIP 2.0. Due to the current list of attributes supported
by the server, only multivalued attributes can currently be
deleted from a stored KMIP object. Over a dozen unit tests have
been added to verify the functionality of the new additions.
Partially implements #547
This change adds support for the DeleteAttribute operation in the
form of request and response payload structures. These will be used
in a future updates by the client and server to fully support the
DeleteAttribute operation. A new unit test suite has been added to
cover the new changes.
Partially implements #547
This change adds support for the CurrentAttribute structure added
in KMIP 2.0. The CurrentAttribute structure is a basic container
structure that contains a single attribute instance for use by
attribute operations. A new unit test suite has been added to cover
the new additions.
Partially implements #547
This change adds integration tests that verify that objects can
be found by Locate when filtering off of the new ObjectGroup and
ApplicationSpecificInformation attributes. Some minor tweaks to
the database attribute models are included to simplify usage.
This change ObjectGroup attribute support to the server, allowing
for the storage and retrieval of the new attribute in addition to
object filtering based on its value. New unit tests have been
added to cover the new changes.
This change adds a new SQLAlchemy object to the database model
representing the ObjectGroup attribute. The new object is linked
to the base ManagedObject object, allowing ObjectGroup attributes
to be associated with any managed object. A new unit test suite
has been added to verify the new object functionality and to
confirm that the object can be stored and retrieved from an
in-memory database.
This change updates the attribute factory, replacing the custom
ObjectGroup class with the proper usage of the TextString
primitive. ObjectGroup attribute usage and testing has been
updated across the library to reflect this change.
This change adds ApplicationSpecificInformation attribute support
to the server, allowing for the storage and retrieval of the new
attribute in addition to object filtering based on its value. New
unit tests have been added to cover the new changes.
This change adds a new SQLAlchemy object to the database model
representing the ApplicationSpecificInformation attribute. The
new object is linked to the base ManagedObject object, allowing
ApplicationSpecificInformation attributes to be associated with
any managed object. This also represents how KMIP attributes
should be supported going forward. A new unit test suite has
been added to verify the new object functionality and to confirm
that the object can be stored and retrieved from an in-memory
database.
This change updates the ApplicationSpecificInformation attribute
implementation to reflect modern library style. Property methods
have been added alongside tighter read/write error checking. The
unit tests for the attribute have been updated to reflect all of
the new changes.
This change adds integration tests that test registering,
retrieving, and destroying SplitKey objects with the server.
Minor updates are included for the client and server to ensure
that SplitKey operations function as expected.
Partially implements #545
This change adds conversion utilities for SplitKey objects,
allowing for conversions between the Pie and Core object spaces.
The server is also updated to recognize the new Pie SplitKey
object. Unit tests have been added and tweaked to accommodate
these changes.
Partially implements #545
This change adds a SQLAlchemy-based implementation of the SplitKey
object that will be used by the ProxyKmipClient and PyKMIP server
to store SplitKeys. A new unit test suite is included that checks
object fields and verifies it can be persisted to and retrieved
from an in-memory SQLAlchemy-managed database.
Partially implements #545
This change updates encoding support for SplitKey objects, bringing
it up-to-date with the modern conventions used in the rest of the
library. A new unit test suite has been added to cover the new
functionality.
Partially implements #545
This change fixes a bug with how key pair names are handled by the
ProxyKmipClient. The original implementation stored key pair names
in the 'names' field of the various template attributes used to
define the key pair attributes. However, the 'names' field is
meant for the names of existing template objects that should be
used as another source for attribute values. Before KMIP 2.0
support was added, this worked because attributes and names were
encoded the same way and were interpreted by the server correctly.
The addition of KMIP 2.0 drops the 'names' field when handling
template attributes, dropping the names from being sent to the
server when creating new key pairs. This change fixes this and
updates relevant client unit tests to detect this error in the
future.
Fixes#560
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Certificate Type. Unit tests and integration tests have
been added to test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Certificate Type filtering. Simply use the
"--certificate-type" flag to specify a Certificate Type
enumeration values for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Usage Masks. Unit tests and integration tests have
been added to test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Cryptographic Usage Mask filtering. Simply use the
"--cryptographic-usage-mask" flag to specify one or more
Cryptographic Usage Mask enumeration values for the Locate script
to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects using the offset and maximum item
constraints. The offset constraint tells the server how many
matching items should be skipped before results are returned. The
maximum items constraint tells the server how many matching items
should be returned. Unit tests and integration tests have been
added to test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support offset and maximum item filtering. Simply use the
"--offset-items" and "--maximum-items" flags to specify offset and
maximum item values for the Locate script to filter on.
Fixes#562
This change fixes a bug in the server engine unit tests that
check the debug logs for Locate filtering on the Initial Date
attribute. Specifically, time.asctime does not use the default
'%d' notation for stringifying numerical day values. This change
updates the string notation to match the format produced by
time.asctime.
Impacts #572
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's Operation
Policy Name. Unit tests and integration tests have been added to
test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Operation Policy Name filtering. Simply use the
"--operation-policy-name" flag to specify an Operation Policy Name
string value for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's Unique
Identifier. Unit tests and integration tests have been added to
test and verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Unique Identifier filtering. Simply use the
"--unique-identifier" flag to specify a Unique Identifier string
value for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Length. If an object's type does not support the
Cryptographic Length attribute, the object is not a match. Unit
tests and integration tests have been added to test and verify
the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Cryptographic Length filtering. Simply use the
"--cryptographic-length" flag to specify a Cryptographic Length
integer value for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Algorithm. If an object's type does not support the
Cryptographic Algorithm attribute, that object is not a match.
Unit tests and integration tests have been added to test and
verify the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Cryptographic Algorithm filtering. Simply use the
"--cryptographic-algorithm" flag to specify a Cryptographic
Algorithm enumeration for the Locate script to filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's Object Type.
Unit tests and integration tests have been added to test and verify
the correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support Object Type filtering. Simply use the "--object-type" flag
to specify an Object Type enumeration for the Locate script to
filter on.
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's State. Unit
tests and integration tests have been added to test and verify the
correctness of this feature.
Additionally, the Locate demo scripts have also been updated to
support State filtering. Simply use the "--state" flag to specify
a State enumeration for the Locate script to filter on.
justin-h-loi
arp102
Konstantin Trushin
Grace Lombardi
Karthikeyan Singaravelan
Tim Burke
Peter Hamilton
oleksiys