An issue with local daylight savings time causes a comparison error in
some locales when checking against a hard-coded expected time string.
The DateTime primitive string representation has been updated to output
only UTC time strings.
Fixes#124
This change removes the use of default logging settings in
kmip.__init__.py as well as the bundled logconfig.ini file. Logging
settings should be set by applications, not by underlying software
libraries. All demos have been updated to set their own logging
settings and to log at appropriate levels.
This change swaps out the in-memory SQLite database for file-based data
storage. SQLAlchemy support for in-memory SQLite storage does not work
across threads. The new storage scheme stores all PyKMIP server data in
/tmp.
This change fixes a bug with the KmipSession connection handling logic
that would terminate the connection before actually receiving a
termination from the client. The corresponding unit tests have been
updated to reflect this fix.
This change adds KmipEngine support to the KmipSession. The session will
now pass on received requests for processing by the engine, handling any
results or errors that occur. The KmipSession test suite has been
updated to reflect this change.
This change adds a simple warning that is triggered whenever the
KMIPServer class is instantiated. It advises the user to use the newer
KmipServer class. The KMIPServer will be removed in a future version of
PyKMIP.
This change adds the KmipServer, the front-end of the KMIP software
server. The KmipServer is in charge of loading configuration settings,
creating all major server components, and serving and managing client
connections. A KmipServerConfig tool is included to handle configuration
settings. Test cases for all new code are included.
When KmipSession instantiated without session name there is error:
File ".../PyKMIP/kmip/services/server/session.py", line 57, in __init__
self._logger = logging.getLogger('.'.join((__name__, name)))
TypeError: sequence item 1: expected str instance, NoneType found
This change adds a policy system that will be used by the KmipEngine to
track and organize rules for individual KMIP attributes. Comparison
operators for the Integer primitive and ProtocolVersion struct are added
to support the AttributePolicy. Tests for all new changes are included.
This change adds a policy system that will be used by the KmipEngine to
track and organize rules for individual KMIP attributes. Comparison
operators for the Integer primitive and ProtocolVersion struct are added
to support the AttributePolicy. Tests for all new changes are included.
This change adds the KmipEngine, the core processing component of the
KmipServer. The KmipEngine contains the KMIP application logic and
handles process request messages by batch. The engine handles logging
and error handling throughout the processing stack.
New server exceptions are added to handle new error cases. A test suite
is included.
This pull request:
- Adds the comparison operators to the following classes:
-- Attribute.AttributeName class
- Fixes bug in the "_create_cryptographic_parameters" function when "None" type parameters are used
- Adds read, write, and comparator unit tests for the Attribute class in the /kmip/core/objects.py file
Signed-off-by: Hadi Esiely <hadi.esiely-barrera@jhuapl.edu>
... to gently indicate the end of request processing
Introduce 'RequestLengthMismatch' exception dedicated for the
unexpected result of 'read' request operation
Unit tests for kmip-protocol
SQLAlchemy requires a unique identifier for classes when using the
join table inheritence strategy. Previous commits were reusing the
object_type attribute of ManagedObject, but this strategy does not
work for classes that are subclasses of an object. This will be the
case for the Certificate object type because one such subclass will be
X509Certificate.
The code for persisting symmetric keys in a database has been added
along with the corresponding unit tests.
The usage mask list for cryptographic objects is stored as an integer bitmask.
The conversion takes place with a new SQLAlchemy type.
Switched ManagedObject value type to VARBINARY. This prevents errors from
occuring when trying to convert to a string.
Added the ORM code to be able to persist OpaqueData in a database.
This added the code to the base class ManagedObject as well. Unit
tests are added to demonstrate the code is working correctly.
This change adds a KmipSession class that manages individual
client/server connections in a thread of execution separate from the
main thread. A test suite is included.
This pull request adds some unit tests for the server failover code that was recently merged.
Signed-off-by: Hadi Esiely <hadi.esiely-barrera@jhuapl.edu>
This change adds KMIP authentication suites, which define the TLS
protocols and cipher suites to use for establishing secure network
connections compliant with the KMIP specification. Test suites are
included.
This change add a simple warning that is triggered whenever Python
2.6 is used with PyKMIP. It simply advises the user to use a newer
version of Python. For now, Python 2.6 can still be used with
PyKMIP.
This update includes several new features:
* Add support for the GetAttributeList operation
* Add integration with Travis CI, Codecov/Coveralls, and Bandit
* Add client/server failover support using multiple IP addresses
* Add additional attribute unit tests
* Update implementations of KMIP primitives
* Reorganize server code to prepare for refactoring
* Remove use of exec when handling library version numbers
* Remove broken server script
This feature enables the PyKMIP library to switch between KMIP service provider
hosts in the event one of them is unavailable. To list more than than one host,
include all necessary host IP addresses separated by commas in the "host" field
in the pykmip.conf file.
Signed-off-by: Hadi Esiely <hadi.esiely-barrera@jhuapl.edu>
This change creates a new subpackage under services, server, which now
holds all of the software server related code. References to different
pieces of the server code base are updated accordingly.
This change updates the Enumeration primitive, adding a fresh
implementation and documentation. An updated unit test suite for the
primitive is included. Numerous changes to Enumeration usage across the
library are also included to comply with the updated implementation.
This change adds support for the GetAttributeList operation to the
ProxyKmipClient. It updates the Pie client API and provides a demo
showing how to use the operation. All relevant test suites are updated
accordingly.
This change updates the DateTime primitive, adding documentation and
Python string operator support. A new unit test suite for the primitive
is included.
This change adds support for the GetAttributeList operation to the
KMIPProxy client. It adds a new result object for the operation along
with an integration test demonstrating how the operation can be used.
Client unit test cases are also included.
This change adds support for multiple configuration file storage
locations, including the user's home directory and /etc. The preferred
configuration file name is now pykmip.conf. The original name,
kmipconfig.ini, will continue to be supported for legacy installations.
This change fixes various bugs with the original BigInteger
implementation, adding in a working version of the primitive. A full
unit test suite is included.
This change updates the LongInteger primitive, improving class
documentation, adding standard Python operators, cleaning up the
original implementation, and expanding the corresponding unit test suite
to address the modifications.
This change adds a new pytest marker, ignore. It is used to silently
skip the software server integration test suite, which is now broken
from a recent ssl update. A pytest ini configuration file is also added
to register the new marker.
This change updates the AttributeValue factory, removing and
streamlining code. Support for several basic primitive attributes are
added in addition to a redesigned test suite for the factory.
This change splits the original set of primitive object test suites into
separate modules. Minor refactoring to account for structure changes is
included.
This change adds request and response payloads for the GetAttributeList
operation. It updates the payload factories to support these new objects
and updates and adds all associated or required test suites. A new
exception is also included that is thrown by objects attempting to parse
invalid KMIP encodings.
This update includes several new features and bug fixes:
* Add the official Pie API for a simpler KMIP interface
* Add the ProxyKmipClient implementation of the Pie API
* Add key, secret, and opaque objects to the Pie object hierarchy
* Add unit demos for all ProxyKmipClient operations
* Add complete unit and integration test suites for the Pie package
* Add KMIPProxy client support for the Activate and Revoke operations
* Add KMIPProxy client connection timeout support
* Add KMIPProxy integration tests for asymm. key/secret/opaque objects
* Add improved request error logging for the KMIPServer
* Update README with more information about the clients and Pie API
* Remove AUTHORS in favor of Git commit history
* Fix bug with dangling file handle when setting __version__
* Fix bug with dangling socket connection upon client destruction
This change adds two examples showing how to use opaque objects with the
ProxyKmipClient. The first is a unit demo showing how to register an
opaque object using the register operation of the ProxyKmipClient. The
second is an integration test showing how to register, get, and destroy
an opaque object using the ProxyKmipClient.
This change adds two examples showing how to use secret data with the
ProxyKmipClient. The first is a unit demo showing how to register a
secret using the register operation of the ProxyKmipClient. The second
is an integration test showing how to register, get, and destroy a
secret using the ProxyKmipClient.
This change adds two examples showing how to use certificates with the
ProxyKmipClient. The first is a unit demo showing how to register a
certificate using the register operation of the ProxyKmipClient. The
second is an integration test showing how to register, get, and destroy
a certificate using the ProxyKmipClient.
This change adds an OpaqueObject class to the Pie object hierarchy. A
unit test suite covering the class is included, as are updates to the
Pie object factory and associated tests.
This change adds a SecretData class to the Pie object hierarchy. A unit
test suite covering the class is provided, as are updates to the Pie
object factory and associated tests.
This change adds certificate objects to the Pie object hierarchy,
specifically a generic Certificate class and an X509Certificate
subclass. Unit test suites covering both classes are included. The Pie
object factory is also updated to support Pie and core certificate
conversion.
This change adds a new suite of unit demos for the new Pie
ProxyKmipClient. The demos show how to create the ProxyKmipClient and
how to use all of its primary operations. Demo utilities are updated to
support the new suite.
This change adds an integration test suite for the new Pie
ProxyKmipClient, which tests basic CRUD operations for symmetric and
asymmetric keys. An additional pytest fixture is included for the new
client.
This change adds the Pie ProxyKmipClient, which provides a simplified
version of the original KMIP interface and which wraps the original
client. The ProxyKmipClient supports basic CRUD operations for
symmetric, public, and private keys. A unit test suite for the client is
included.
This change adds an abstract base class defining the client interface
for all future PyKMIP clients. Required arguments for different
operations are explicitly specified. A basic sanity unit test suite is
included.
This change adds an ObjectFactory for the Pie object hierarchy. It
provides easy translation to and from Pie objects to the original core
object hierarchy. The factory is only used by the new Pie client and
should never be used outside of this context. A unit test suite for the
factory is included.
This change makes some minor updates to the Pie key object hierarchy. It
fixes the key subclasses to inherit from Key directly. It adds in
support for the key format type attribute, which is required for
low-level key encoding. It also improves repr and str functionality by
using binascii.hexlify to represent the key values. The corresponding
test suites are updated accordingly to reflect these changes.
This change adds support for a customizable timeout option for the KMIP
client. The client will stop attempting connections or operations once
the timeout is exceeded instead of waiting for the default system
timeout. The default timeouts is 30 seconds.
This change adds SymmetricKey to the Pie object hierarchy along with a
test suite and updates to the other classes and test suites composing
the Pie interface.
This change adds a unit demo for the Revoke operation. The operation
accepts a UID of the KMIP managed object that needs to be revoked, in
addition to a revocation code and message explaining why revocation
needs to occur.
This change adds a unit demo for the Activate operation. The operation
accepts the UID of a KMIP managed object that needs to be activated for
future use.
This update includes several new features and bug fixes:
* Add the core ManagedObject class hierarchy for the new Pie API
* Add updated Boolean primitive implementation and test suite
* Add integration tests for symmetric key creation and registration
* Update demo and client logging to log at the INFO level by default
* Update README with improved testing instructions
* Fix bug causing enumerations to be encoded as signed integers
* Fix bug with mismatched EncodingOption tag
* Fix bug with relative path use for version number handling
* Fix bug with Integer primitive breaking on valid long integer values
This change fixes a bug with the Integer primitive that caused it to
break when accepting long integer values. As long as the long integer
value can be represented by a signed 32-bit integer, it is considered
valid. Test cases have been added to check for this condition and the
validation routine for Integer has been updated to raise appropriate
errors.
This change fixes the use of relative paths used to fetch the PyKMIP
library version number in kmip/__init__.py and setup.py. The absolute
path of the file is now dynamically generated and used instead. Tests
are included to verify that the __version__ attribute is set properly.
This change adds two additional abstract base classes for the Pie
ManagedObject object hierarchy: CryptographicObject and Key. Test suites
are provided for each base class, using a dummy subclass of each for
testing. The object test suite package structure is also modified to
collect all ManagedObject subclass tests in one package.
This change adds ManagedObject, the abstract base class of the
simplified KMIP object hierarchy. It defines a set of attributes common
to all KMIP objects and registers placeholder methods to be implemented
by all subclasses. A basic test suite is included, using a dummy
ManagedObject subclass for testing.
This change adds a test case that verifies a fix for a bug with how
Enumerations were encoded as signed instead of unsigned integers. The
validation check for Enumerations has also been updated to be more
concise.
This change updates various logging statements for the KMIP client and
demo suites, ensuring that the default logging level for the library is
at the INFO level and that all demo logging is at the INFO level.
Enumerations are to be encoded as four byte unsigned integers. They
were previously being sent as signed integers. This caused failures
when trying to transmit values that are extensions. Extensions contain
the value 8 hex in the first nibble of the first byte.
This change adds a top-level version module to hold the version
definition for the library. This is then used in both kmip/__init__.py
and setup.py, allowing version inspection on import of the library and
automatic syncing of the version across the project.
This change adds a primitives test package to the unit test suite to
contain future test suites for primitive testing. The current primitives
test suite has been moved to this new package.
This change removes the original top-level set of demo scripts in
kmip/demos in favor of the functioning and up-to-date unit demo scripts
located in kmip/demos/units.
This change removes all references to self.__class__. In object
hierarchies with multiple levels of inheritance, using self.__class__
can cause an infinite loop when resolving references to parent classes.
This change adds a pytest config argument, allowing the integration test
suite to be run with the client configured with a specific section from
the PyKMIP configuration file. A simple integration test class is added
to demonstrate how to use the client created using the config argument.
To run the integration test suite with a specific configuration, use:
$ tox -e integration -- --config <config-section>
where <config-section> is the name of the config file section to use for
the PyKMIP client.
This change reorganizes the test suite, splitting it into two separate
test suites, one for unit tests and one for integration tests. The tox
configuration is also updated to reflect this change. Invoking tox now
runs the unit tests by default. A separate tox environment is used to
run the integration tests.
This change updates the unit demo utilities, adding in support for the
creation, registration, and retrieval of X.509 Certificate objects.
Support includes an example encoding of a Certificate as well as updated
logging routines to display retrieved Certificate data.
This change polishes and reorganizes the implementation of the
Certificate managed object and its required subclasses. It adds in
documentation and test suites for all modified classes and updates the
SecretFactory to support creating default Certificate objects.
Secret Data (2.2.7) can now be registered
Opaque Object (2.2.8) can now be registered
This required the adding of a NONE type to the OpaqueDataType enum
with the value of 0. This is not indicated by the standard but we
needed some value to satisfy response decoding.
Also fixed get demo
This has been tested vs a HP Atalla ESKM HSM
This change updates the client with the KMIP profile information of the
conformance clauses and authentication suites that the client supports.
Several new methods are added to the client, allowing for the retrieval
and basic predicate querying of the profile data. A new test suite has
also been added to test this new capability.
This change updates the Register unit demo, adding support for the
registration of different types of secret objects. The changes required
to support this include implementation updates to the KeyValue backing
objects.
This change updates the Get unit demo, adding support for:
* the additional display of key-related objects
* the passing of more arguments to the client (e.g., KeyFormatType)
* the retrieval of Public/PrivateKeys
This change updates the CreateKeyPair demo, adding the following items:
* a name option for specifying the name of the key pair to create
* a CryptographicUsageMask attribute sent with the CreateKeyPair request
* enhanced attribute logging for private/public key template attributes
This change updates the KMIP client to support the custom selection of
client configuration options. This makes it easy to dynamically create
clients that connect to different backends. All unit demos have been
updated to support this feature.
This change adds support for the Query operation, including updates to
the KMIP client and core object libraries, the KMIP client and core unit
test suites, and a Query unit demo.
This change updates the various Application attributes, adding inline
documentation, and reorganizing the different related test suites. Minor
updates to supporting primitive objects are included.
This change adds support for the DiscoverVersions operation, including
updates to the KMIP client, the client and KMIP core test suites, and a
DiscoverVersions unit demo.
This change adds support for the ReKeyKeyPair operation, adding in
required KMIP objects and updating the KMIP client. Minor changes to the
server are included in preparation for future changes. The unit test
suite has been updated accordingly.
This change adds a suite of unit demos which demonstrate how to use
individual KMIP client operations. These demos also feature better
argument handling, which will eventually be ported to the rest of the
demo suite. Some added debug logging is included.
This change adds support for the CreateKeyPair operation, adding in
required KMIP attributes and objects and updating the KMIP client. Minor
changes to the server are also made in preparation for future changes.
The unit test suite has been updated accordingly.
This change adds a set of payload factories to the factory suite, which
handle the construction of default request/response payload objects for
KMIP operations. These factories replace the use of payload operation
dictionaries for dynamic payload object lookup. A payload factory test
suite and minor logging tweaks are included.
This change adds the OperationPolicyName attribute, extending support to
the AttributeValueFactory. Test cases are included for the creation
process for both the factory and the individual attribute.
This change is primarily a reorganization of the message payload code
originally found in kmip/core/messages/operations.py. The code from that
module has been moved to a new package, kmip.core.messages.payloads, and
split into separate modules according to each supported KMIP operation.
The surrounding KMIP codebase has been updated to use the new package
structure and a placeholder test suite has been put in place for future
tests. This change does NOT include test cases as these would primarily
be a refactoring from the current test suite found in
kmip/tests/core/messages/test_messages.py and that work has not been
done yet.
This change updates the unit test suite, adding the initial test case
framework for factory tests. The attributes test suite is also updated,
replacing pass statements with skip calls.
This change adds the server key and cert files from kmip/demos/certs to
the MANIFEST.in and setup.py files. These files are being added to
resolve missing file issues when using the default config values.
In cases where a user is instantiating a KMIPClient and passing
ca_cert=None an exception will be raised with newer versions of
Python(2.7.8+). This exception is based on the missing server.crt file
that is specified in the default configuration.
Likewise, when instantiating a KMIPServer with keyfile=None or
certfile=None the default values will be used. This will also cause an
exception with newer versions of Python.
Although it may be unlikely that an end user would instantiate these
classes without providing cert and key files, there are cases(namely
testing) where it is acceptable to pass None values for these files. In
these cases the files should be present to allow proper execution.
Changes
* adding server.crt and server.key to MANIFEST.in and setup.py
* correcting mismatched default values for KMIPServer certfile and
keyfile
This change adds support for the six library, specifically for handling
portions of the code that are sensitive to differences between Python
2.* and 3.*.
This change adds username and password configuration options to the
client section of the configuration file. These options are used to
create KMIP Credential objects for authenticating connections to a KMIP
appliance.
The KMIP proxy now uses these options when handling operation calls. If
no credential is provided, the proxy will automatically create one from
the config file. If either the username or the password is unspecified,
an error is generated. If neither are specified, no credential is
created. Only username/password credentials are currently supported.
The KMIP proxy test suite now includes test cases covering this
functionality.
Adds a configuration file to allow users to modify settings for the
client and server. The configured settings can be overridden by
directly passing values when a kmip server or client is initialized.
Additionally, if the config file or config options are not found,
pre-set default values will be used.
This change includes several new features to PyKMIP, including:
* support for Python 3.3 and 3.4
* support for KMIP client/server SSL connections
* removal of all Thrift library dependencies
This changes adds the final modifications needed for release v0.0.1 of
the PyKMIP library.
Packaging and licensing files are updated with current information and
some minor file restructuring is done to ensure test suite integrity.
This implementation supports version 1.1 of the KMIP spec. The
library supports the following operations for SymmetricKey objects:
create
register
get
destroy
This contains the basic items for repository. The basic files and directories
were created to layout the repository structure.
Created a simple KMIP client and server. This was generated using the thrift
library. This version only tests the thrift framework. It does not adhere to
the spec.
Peter Hamilton
Peter
Viktor Tarasov
Hadi Esiely
Nathan Reller
Spencer Jackson
Felix Engelmann
sedukull
Tim Kelsey
Kelvin Ly
Nate
Michael McCune
Wyllys Ingersoll
Kaitlin Farr
Wyllys Ingersoll