This change updates ProxyKmipClient support for the CreateKeyPair
operation, adding in optional arguments allowing the user to
specify the cryptographic usage masks for the public and private
keys that will be created. Unit tests have been added to cover
this change.
This change updates the ProxyKmipClient close method, allowing
it to be called without error even when the client connection is
not open. The client unit tests have been updated to reflect this.
This change simplifies how the ProxyKmipClient enforces the open
connection check on operation method calls. Each operation method
is now wrapped with an is_connected decorator which handles the
connection check. All old in-method connection checks have been
removed.
This change adds Encrypt operation support to the KMIPProxy and
ProxyKmipClient clients, including unit tests to cover the new
functionality.
Extensive documentation has been added to the header comments for
the new client methods detailing the expected input parameters and
return values. This approach should be followed for all new client
additions going forward.
This change updates the CryptographicParameters struct, removing the
primitive class wrappers that it used to use for attribute values
and replacing them with struct properties that internally manage the
primitive objects directly. This gutting and regutting necessitates
cascading changes to every part of the library that used these
internal primitive class wrappers, including unit tests, client and
client tests, and attribute factory handlers. All of these have been
updated to reflect the correct usage of the CryptographicParameters
struct.
This change also adds in additional attribute members for the
CryptographicParameters struct to bring it up to spec with KMIP 1.2.
This change loosens the input requirements for ProxyKmipClient
operations that accept a secret UID. Operations like Get and
Destroy used to require a string value but are allowed in the
KMIP specification to take no value at all. This change updates
the ProxyKmipClient to properly reflect the specification. The
underlying KMIPProxy client is mostly unchanged.
Closes#261
This change updates the server and managed object set to support
the InitialDate attribute. The InitialDate is set when the Create,
CreateKeyPair, and Register operations are invoked and can be
listed and retrieved with the GetAttributeList and GetAttributes
operations respectively. The server unit tests have been updated
to reflect these changes.
This change updates the polymorphic identity used by
X509Certificate objects. The original identity was already used by
the base Certificate object, causing sqlalchemy to raise a warning
when used. This change resolves the identity reassignment and
prevents the warning from being displayed.
This change fixes a bug in the ProxyKmipClient, specifically in
the register method. The client would create attributes for the
object to register, regardless if those attributes were set on
the object. This could cause attribute value overwrites, deleting
valid default values with empty values. This change adds checks
to ensure these attributes are not created with the request if
they are not set on the object. The client unit tests have been
updated to reflect this change.
This change adds support for the GetAttributes operation to the
PyKMIP clients. Demo scripts showing how to use the new operation
will be included in a future update. Client test cases have been
added and updated to reflect the new operation.
The ProxyKmipClient now allows you to optionally provide a name
when performing a `Create` or a `Create Key Pair`. If not specified,
the name is excluded from the request.
* For `create`, users specify `name`
* For `create_key_pair`, users specify `private_name` and `public_name`
Resolves#208
This change adds support for the Activate operation to the server,
including additional server unit tests, a new IllegalOperation
exception, and updated state attribute support in Pie objects.
Fixes#186
This change adds enforcement of KMIP operation policies to the
server engine, specifically to the Get and Destroy operations.
Explicit object ownership is enforced as a result, with ownership
now a tracked internal server property of managed objects. Tests
for this new functionality are included.
This change adds operation policy name support to the pie client,
allowing you to optionally specify the policy name when creating
new symmetric keys and asymmetric key pairs. The operation policy
name can also be set on any pie object and will be sent with the
corresponding register request for new objects. Tests for these
additions are included.
This change fixes a bug with the Pie object table definitions used by
SQLAlchemy to store managed objects and attributes for the PyKMIP
software server. While primary keys are specified for all tables, they
do not by default auto-increment with SQLAlchemy/SQLite, causing
collisions and uniqueness constraint violations when bulk testing with
the server. Add an explicit SQLite auto-increment tag to each table
prevents this from happening.
SQLAlchemy requires a unique identifier for classes when using the
join table inheritence strategy. Previous commits were reusing the
object_type attribute of ManagedObject, but this strategy does not
work for classes that are subclasses of an object. This will be the
case for the Certificate object type because one such subclass will be
X509Certificate.
The code for persisting symmetric keys in a database has been added
along with the corresponding unit tests.
The usage mask list for cryptographic objects is stored as an integer bitmask.
The conversion takes place with a new SQLAlchemy type.
Switched ManagedObject value type to VARBINARY. This prevents errors from
occuring when trying to convert to a string.
Added the ORM code to be able to persist OpaqueData in a database.
This added the code to the base class ManagedObject as well. Unit
tests are added to demonstrate the code is working correctly.
This change updates the Enumeration primitive, adding a fresh
implementation and documentation. An updated unit test suite for the
primitive is included. Numerous changes to Enumeration usage across the
library are also included to comply with the updated implementation.
This change adds support for the GetAttributeList operation to the
ProxyKmipClient. It updates the Pie client API and provides a demo
showing how to use the operation. All relevant test suites are updated
accordingly.
This change adds an OpaqueObject class to the Pie object hierarchy. A
unit test suite covering the class is included, as are updates to the
Pie object factory and associated tests.
This change adds a SecretData class to the Pie object hierarchy. A unit
test suite covering the class is provided, as are updates to the Pie
object factory and associated tests.
This change adds certificate objects to the Pie object hierarchy,
specifically a generic Certificate class and an X509Certificate
subclass. Unit test suites covering both classes are included. The Pie
object factory is also updated to support Pie and core certificate
conversion.
This change adds the Pie ProxyKmipClient, which provides a simplified
version of the original KMIP interface and which wraps the original
client. The ProxyKmipClient supports basic CRUD operations for
symmetric, public, and private keys. A unit test suite for the client is
included.
This change adds an abstract base class defining the client interface
for all future PyKMIP clients. Required arguments for different
operations are explicitly specified. A basic sanity unit test suite is
included.
This change adds an ObjectFactory for the Pie object hierarchy. It
provides easy translation to and from Pie objects to the original core
object hierarchy. The factory is only used by the new Pie client and
should never be used outside of this context. A unit test suite for the
factory is included.
This change makes some minor updates to the Pie key object hierarchy. It
fixes the key subclasses to inherit from Key directly. It adds in
support for the key format type attribute, which is required for
low-level key encoding. It also improves repr and str functionality by
using binascii.hexlify to represent the key values. The corresponding
test suites are updated accordingly to reflect these changes.
Peter Hamilton
Dane
Peter Hamilton
Hao Shen
Peter Hamilton
Jonathan Seawright
Peter
Nathan Reller