This change restructures how access controls are enforced for
different server operations, pulling common code into a shared
method for reuse. The server unit tests have been updated to
reflect this change.
This change updates the server and managed object set to support
the InitialDate attribute. The InitialDate is set when the Create,
CreateKeyPair, and Register operations are invoked and can be
listed and retrieved with the GetAttributeList and GetAttributes
operations respectively. The server unit tests have been updated
to reflect these changes.
This change adds support for the GetAttributeList operation. The
user can specify the ID of a managed object and get back a list
containing the names of all attributes currently set on the object.
The user can also omit the ID and the server will default to using
the ID placeholder for the object ID. New server tests have been
added to cover this feature. The GetAttributeList payloads have
also been updated for consistency with other payloads, requiring
minor updates in other clients and unit tests.
This change fixes a bug introduced with the addition of Python3.5
support. In Python3.5, SIGINT is silently ignored for system calls
(e.g., socket.accept) if the SIGINT signal handler does not raise
an exception. This causes the server to delay shutdown when
receiving SIGINT until after a new connection has been made. This
change updates the server's SIGINT signal handler to raise the
correct exception and updates the error handling code while serving
connections to account for this change in SIGINT processing. This
allows the server to shutdown immediately upon receiving SIGINT.
The server unit tests are updated to account for this change.
This change updates how the built-in open function is mocked in
the PyKMIP server test suite. On some platforms the old approach
was insufficient. This change explicitly references the builtins
module for Python3+, removing the old module-based mock.
This change fixes a bug that could occur when accessing the server
with multiple threads or processes. The SQLite backend by default
does not support multithreading. This change updates how the
SQLite backend is instantiated, preventing error generation when
using multiple clients simultaenously. The server unit test suite
has been updated to cover the change.
This change fixes a bug in the ProxyKmipClient, specifically in
the register method. The client would create attributes for the
object to register, regardless if those attributes were set on
the object. This could cause attribute value overwrites, deleting
valid default values with empty values. This change adds checks
to ensure these attributes are not created with the request if
they are not set on the object. The client unit tests have been
updated to reflect this change.
This change updates the server to better handle exceptions thrown
while looking up the value of different attributes on managed
objects. Some managed objects in PyKMIP don't currently support
attributes they are supposed to. This can cause lookup errors
when using GetAttributes. This change suppresses any exceptions
and simply returns None for the missing attribute value. The
server unit tests have been updated to account for this change.
This change adds support for the GetAttributes operation to the
PyKMIP clients. Demo scripts showing how to use the new operation
will be included in a future update. Client test cases have been
added and updated to reflect the new operation.
This change adds server support for the GetAttributes operation.
The user can specify an object ID and an attribute list to get
the values of the attributes listed from the specified object.
The user can also omit either argument; the server will default
to using the ID placeholder and all viable attributes respectively.
Only a subset of the standard attributes are supported right now.
New tests have been added to cover the new feature.
Closes#185Closes#211Closes#218
This change updates the attribute value factory to allow for the
creation of ObjectType attributes with values provided by the
caller. Unit tests have been added to cover this change.
The ProxyKmipClient now allows you to optionally provide a name
when performing a `Create` or a `Create Key Pair`. If not specified,
the name is excluded from the request.
* For `create`, users specify `name`
* For `create_key_pair`, users specify `private_name` and `public_name`
Resolves#208
This change fixes a bug with the server where the server would
prematurely shutdown upon receiving a client connection using an
invalid certificate. The server will now withstand bad client
connections. The impacted server unit tests have been updated to
reflect the bug fix.
This change updates the payload factories, adding placeholder
support for operations added in KMIP 1.3. It also updates old
placeholders with now supported payloads. The corresponding
unit test suites have been updated to match the additions.
This change updates the server, updating how it processes config
values and allowing it to handle optional or ommitted policy_path
values. This fixes a bug where users could not leave the
policy_path config file unset, in addition to a bug that forced
users to use '/etc/pykmip/policies' as their policy directory.
Fixes#210
This change adds str and repr utilities to the Attribute object. A
new test suite for Attribute object tests is included, however only
the tests for the string utilities are included with this patch.
The remaining Attribute tests will be implemented in a later patch.
This change adds some utility methods, including equality operators
and string methods, to the ApplicationSpecificInformation attribute.
Unit tests covering the changes are included.
This change adds support for the Activate operation to the server,
including additional server unit tests, a new IllegalOperation
exception, and updated state attribute support in Pie objects.
Fixes#186
This change fixes a minor bug with the client shutdown routine,
where an error would get thrown when attempting to call shutdown
on an unconnected socket. This error is now caught and suppressed,
since the client is already shutting down. A new client unit test
is included to cover this change.
This change adds support for dynamic operation policy loading.
The server config file now supports a 'policy_path' option that
points to a filesystem directory. Each file in the directory
should contain a JSON policy object. The KMIP server will scan
this directory and attempt to load all valid policies it finds.
The results of this process will be logged.
This change adds enforcement of KMIP operation policies to the
server engine, specifically to the Get and Destroy operations.
Explicit object ownership is enforced as a result, with ownership
now a tracked internal server property of managed objects. Tests
for this new functionality are included.
This change updates the KMIP engine to process and persist the
value of the operation policy name attribute when creating or
registering new managed objects. Tests are included for these
changes.
This change adds operation policy name support to the pie client,
allowing you to optionally specify the policy name when creating
new symmetric keys and asymmetric key pairs. The operation policy
name can also be set on any pie object and will be sent with the
corresponding register request for new objects. Tests for these
additions are included.
This change fixes a bug in the KMIP server engine where a missing
request credential would cause the session to prematurely
terminate. Credential handling may require session termination
for missing credentials, but that decision should be made by
credential processing not request processing.
Fixes#193
This change updates the KmipSession, allowing it to extract client
identity from the client certificate of a TLS connection. The
certificate subject common name is used as the client identity if
the certificate has client authentication set in the extended key
usage extension.
This change breaks backwards compatibility. If a client certificate
does not define a client identity, the session will reject it and
shutdown the connection. Any client certificates used to connect
with the software server in the past will need to be replaced with
certificates that define a suitable client identity.
This change adds some additional logging statements when processing
individual KMIP operations, providing additional information on
operation input and output. The associated tests have been updated
accordingly.
An issue with local daylight savings time causes a comparison error in
some locales when checking against a hard-coded expected time string.
The DateTime primitive string representation has been updated to output
only UTC time strings.
Fixes#124
This change fixes a bug with the KmipSession connection handling logic
that would terminate the connection before actually receiving a
termination from the client. The corresponding unit tests have been
updated to reflect this fix.
This change adds KmipEngine support to the KmipSession. The session will
now pass on received requests for processing by the engine, handling any
results or errors that occur. The KmipSession test suite has been
updated to reflect this change.
This change adds the KmipServer, the front-end of the KMIP software
server. The KmipServer is in charge of loading configuration settings,
creating all major server components, and serving and managing client
connections. A KmipServerConfig tool is included to handle configuration
settings. Test cases for all new code are included.
When KmipSession instantiated without session name there is error:
File ".../PyKMIP/kmip/services/server/session.py", line 57, in __init__
self._logger = logging.getLogger('.'.join((__name__, name)))
TypeError: sequence item 1: expected str instance, NoneType found
This change adds a policy system that will be used by the KmipEngine to
track and organize rules for individual KMIP attributes. Comparison
operators for the Integer primitive and ProtocolVersion struct are added
to support the AttributePolicy. Tests for all new changes are included.
This change adds a policy system that will be used by the KmipEngine to
track and organize rules for individual KMIP attributes. Comparison
operators for the Integer primitive and ProtocolVersion struct are added
to support the AttributePolicy. Tests for all new changes are included.
This change adds the KmipEngine, the core processing component of the
KmipServer. The KmipEngine contains the KMIP application logic and
handles process request messages by batch. The engine handles logging
and error handling throughout the processing stack.
New server exceptions are added to handle new error cases. A test suite
is included.
This pull request:
- Adds the comparison operators to the following classes:
-- Attribute.AttributeName class
- Fixes bug in the "_create_cryptographic_parameters" function when "None" type parameters are used
- Adds read, write, and comparator unit tests for the Attribute class in the /kmip/core/objects.py file
Signed-off-by: Hadi Esiely <hadi.esiely-barrera@jhuapl.edu>
... to gently indicate the end of request processing
Introduce 'RequestLengthMismatch' exception dedicated for the
unexpected result of 'read' request operation
Unit tests for kmip-protocol
The code for persisting symmetric keys in a database has been added
along with the corresponding unit tests.
The usage mask list for cryptographic objects is stored as an integer bitmask.
The conversion takes place with a new SQLAlchemy type.
Switched ManagedObject value type to VARBINARY. This prevents errors from
occuring when trying to convert to a string.
Added the ORM code to be able to persist OpaqueData in a database.
This added the code to the base class ManagedObject as well. Unit
tests are added to demonstrate the code is working correctly.
This change adds a KmipSession class that manages individual
client/server connections in a thread of execution separate from the
main thread. A test suite is included.
This pull request adds some unit tests for the server failover code that was recently merged.
Signed-off-by: Hadi Esiely <hadi.esiely-barrera@jhuapl.edu>
This change adds KMIP authentication suites, which define the TLS
protocols and cipher suites to use for establishing secure network
connections compliant with the KMIP specification. Test suites are
included.
This feature enables the PyKMIP library to switch between KMIP service provider
hosts in the event one of them is unavailable. To list more than than one host,
include all necessary host IP addresses separated by commas in the "host" field
in the pykmip.conf file.
Signed-off-by: Hadi Esiely <hadi.esiely-barrera@jhuapl.edu>
This change updates the Enumeration primitive, adding a fresh
implementation and documentation. An updated unit test suite for the
primitive is included. Numerous changes to Enumeration usage across the
library are also included to comply with the updated implementation.
This change adds support for the GetAttributeList operation to the
ProxyKmipClient. It updates the Pie client API and provides a demo
showing how to use the operation. All relevant test suites are updated
accordingly.
This change updates the DateTime primitive, adding documentation and
Python string operator support. A new unit test suite for the primitive
is included.
This change adds support for the GetAttributeList operation to the
KMIPProxy client. It adds a new result object for the operation along
with an integration test demonstrating how the operation can be used.
Client unit test cases are also included.
This change fixes various bugs with the original BigInteger
implementation, adding in a working version of the primitive. A full
unit test suite is included.
This change updates the LongInteger primitive, improving class
documentation, adding standard Python operators, cleaning up the
original implementation, and expanding the corresponding unit test suite
to address the modifications.
This change adds a new pytest marker, ignore. It is used to silently
skip the software server integration test suite, which is now broken
from a recent ssl update. A pytest ini configuration file is also added
to register the new marker.
This change updates the AttributeValue factory, removing and
streamlining code. Support for several basic primitive attributes are
added in addition to a redesigned test suite for the factory.
This change splits the original set of primitive object test suites into
separate modules. Minor refactoring to account for structure changes is
included.
This change adds request and response payloads for the GetAttributeList
operation. It updates the payload factories to support these new objects
and updates and adds all associated or required test suites. A new
exception is also included that is thrown by objects attempting to parse
invalid KMIP encodings.
This change adds two examples showing how to use opaque objects with the
ProxyKmipClient. The first is a unit demo showing how to register an
opaque object using the register operation of the ProxyKmipClient. The
second is an integration test showing how to register, get, and destroy
an opaque object using the ProxyKmipClient.
This change adds two examples showing how to use secret data with the
ProxyKmipClient. The first is a unit demo showing how to register a
secret using the register operation of the ProxyKmipClient. The second
is an integration test showing how to register, get, and destroy a
secret using the ProxyKmipClient.
This change adds two examples showing how to use certificates with the
ProxyKmipClient. The first is a unit demo showing how to register a
certificate using the register operation of the ProxyKmipClient. The
second is an integration test showing how to register, get, and destroy
a certificate using the ProxyKmipClient.
This change adds an OpaqueObject class to the Pie object hierarchy. A
unit test suite covering the class is included, as are updates to the
Pie object factory and associated tests.
This change adds a SecretData class to the Pie object hierarchy. A unit
test suite covering the class is provided, as are updates to the Pie
object factory and associated tests.
This change adds certificate objects to the Pie object hierarchy,
specifically a generic Certificate class and an X509Certificate
subclass. Unit test suites covering both classes are included. The Pie
object factory is also updated to support Pie and core certificate
conversion.
This change adds an integration test suite for the new Pie
ProxyKmipClient, which tests basic CRUD operations for symmetric and
asymmetric keys. An additional pytest fixture is included for the new
client.
This change adds the Pie ProxyKmipClient, which provides a simplified
version of the original KMIP interface and which wraps the original
client. The ProxyKmipClient supports basic CRUD operations for
symmetric, public, and private keys. A unit test suite for the client is
included.
This change adds an abstract base class defining the client interface
for all future PyKMIP clients. Required arguments for different
operations are explicitly specified. A basic sanity unit test suite is
included.
This change adds an ObjectFactory for the Pie object hierarchy. It
provides easy translation to and from Pie objects to the original core
object hierarchy. The factory is only used by the new Pie client and
should never be used outside of this context. A unit test suite for the
factory is included.
This change makes some minor updates to the Pie key object hierarchy. It
fixes the key subclasses to inherit from Key directly. It adds in
support for the key format type attribute, which is required for
low-level key encoding. It also improves repr and str functionality by
using binascii.hexlify to represent the key values. The corresponding
test suites are updated accordingly to reflect these changes.
This change adds SymmetricKey to the Pie object hierarchy along with a
test suite and updates to the other classes and test suites composing
the Pie interface.
This change fixes a bug with the Integer primitive that caused it to
break when accepting long integer values. As long as the long integer
value can be represented by a signed 32-bit integer, it is considered
valid. Test cases have been added to check for this condition and the
validation routine for Integer has been updated to raise appropriate
errors.
This change fixes the use of relative paths used to fetch the PyKMIP
library version number in kmip/__init__.py and setup.py. The absolute
path of the file is now dynamically generated and used instead. Tests
are included to verify that the __version__ attribute is set properly.
This change adds two additional abstract base classes for the Pie
ManagedObject object hierarchy: CryptographicObject and Key. Test suites
are provided for each base class, using a dummy subclass of each for
testing. The object test suite package structure is also modified to
collect all ManagedObject subclass tests in one package.
This change adds ManagedObject, the abstract base class of the
simplified KMIP object hierarchy. It defines a set of attributes common
to all KMIP objects and registers placeholder methods to be implemented
by all subclasses. A basic test suite is included, using a dummy
ManagedObject subclass for testing.
This change adds a test case that verifies a fix for a bug with how
Enumerations were encoded as signed instead of unsigned integers. The
validation check for Enumerations has also been updated to be more
concise.
This change adds a primitives test package to the unit test suite to
contain future test suites for primitive testing. The current primitives
test suite has been moved to this new package.
This change removes all references to self.__class__. In object
hierarchies with multiple levels of inheritance, using self.__class__
can cause an infinite loop when resolving references to parent classes.
This change adds a pytest config argument, allowing the integration test
suite to be run with the client configured with a specific section from
the PyKMIP configuration file. A simple integration test class is added
to demonstrate how to use the client created using the config argument.
To run the integration test suite with a specific configuration, use:
$ tox -e integration -- --config <config-section>
where <config-section> is the name of the config file section to use for
the PyKMIP client.
This change reorganizes the test suite, splitting it into two separate
test suites, one for unit tests and one for integration tests. The tox
configuration is also updated to reflect this change. Invoking tox now
runs the unit tests by default. A separate tox environment is used to
run the integration tests.
This change polishes and reorganizes the implementation of the
Certificate managed object and its required subclasses. It adds in
documentation and test suites for all modified classes and updates the
SecretFactory to support creating default Certificate objects.
This change updates the client with the KMIP profile information of the
conformance clauses and authentication suites that the client supports.
Several new methods are added to the client, allowing for the retrieval
and basic predicate querying of the profile data. A new test suite has
also been added to test this new capability.
This change updates the Register unit demo, adding support for the
registration of different types of secret objects. The changes required
to support this include implementation updates to the KeyValue backing
objects.
This change updates the Get unit demo, adding support for:
* the additional display of key-related objects
* the passing of more arguments to the client (e.g., KeyFormatType)
* the retrieval of Public/PrivateKeys
Hao Shen
Peter Hamilton
Peter Hamilton
Charles Stephens
Jonathan Seawright
Peter
Viktor Tarasov
Hadi Esiely
Nathan Reller
Tim Kelsey