This test is meant to intentionally trigger an exception in the cryptography library
by creating a CMAC with a non-block cipher algorithm, IDEA.
That doesn't work any more because IDEA is now treated as a block cipher algorithm.
To fix this, we now use the ARC4 algorithm instead,
which does trigger the expected exception.
The cryptography release 39.0.0 added a new parameter to the
backend.load_pem_private_key and backend.load_der_private_key
that's required. This patch uses the serialization method to load keys
because there the new parameter is optional.
https://cryptography.io/en/latest/changelog/#v39-0-0
This patch fixes the tests test_encrypt_decrypt_asymmetric
Pass the required argument to the `build_cli_parser` function where
it was missed. Pass the missed argument in the `objects.SecretData`
initialization.
I'm not *entirely* sure what's going on here, but it seems that when we
do something like
obj = OpaqueObject(...)
Session = sessionmaker(...)
session = Session()
...
session.add(obj)
session.commit()
the primary key (and maybe some foreign relations?) aren't automatically
populated on `obj` following the commit, and will attempt to lazy-load
on next reference. Since expire_on_commit defaults to True, the session
attached to `obj` (which is no longer the `session` in locals!) is closed
out when we later do
session = Session()
get_obj = session.query(OpaqueObject).filter(
ManagedObject.unique_identifier == obj.unique_identifier).one()
leading to a DetachedInstanceError.
There seem to be a few different ways we can fix this:
* Set expire_on_commit=False so the old session is still useful for the
lazy-loading.
* Re-use the same session instead of creating a new one.
* Explicitly refresh added objects post-commit.
Generally prefer the first one; there's some prior art to follow in
services/server/test_engine.py. Curiously, that same file runs into
trouble despite already setting expire_on_commit=False -- so do the
explicit refresh, on the assumption that there was a reason we went to
the trouble of creating a fresh session.
Closes#649
This update includes numerous improvements to the usage and support
of KMIP attributes across both the client and server, including new
attribute support and new attribute operation support. The library
also now officially supports SplitKey objects.
The changes in this release include:
* Add server debug logging for message encodings
* Add server Locate filtering for all supported attributes
* Add server Locate filtering using offset/max item constraints
* Add server cryptography engine support for AES GCM mode
* Add server support for the SplitKey object
* Add client/server support for ApplicationSpecificInformation
* Add client/server support for ObjectGroup and Sensitive attrs
* Add client/server support for the DeleteAttribute operation
* Add client/server support for the SetAttribute operation
* Add client/server support for the ModifyAttribute operation
* Add unit and integration tests to cover all new functionality
* Add ProxyKmipClient demo scripts to show use of new operations
* Add pending deprecation warnings for Python 2.7 and 3.4
* Update server Locate filtering to sort results by creation date
* Update encoding support for SplitKey objects
* Update the Travis CI config to support default Python versions
* Update dependencies to maintain Python 3.4 support
* Update library docs to reflect new features and security details
* Fix a bug with how key pair names are handled by the client
