mirror of
https://github.com/OpenKMIP/PyKMIP.git
synced 2025-06-27 09:14:23 +02:00
7854ba9e0b
This change adds and finalizes the enumerations defined for KMIP 1.1. It updates minor references to enumerations used around the library.
993 lines
38 KiB
Python
993 lines
38 KiB
Python
# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# In case of new content, remove the following line to enable flake8 tests
|
|
# flake8: noqa
|
|
|
|
import enum
|
|
|
|
|
|
class AttributeType(enum.Enum):
|
|
"""
|
|
The name identifier of a managed object attribute.
|
|
|
|
The attribute type is the name of a specific attribute that can be
|
|
associated with a managed object. Every attribute contains this name in
|
|
addition to the actual attribute value. This enumeration is primarily used
|
|
to automatically map between attribute object encodings and the actual
|
|
attribute structures that are used to store the attribute data.
|
|
"""
|
|
UNIQUE_IDENTIFIER = 'Unique Identifier'
|
|
NAME = 'Name'
|
|
OBJECT_TYPE = 'Object Type'
|
|
CRYPTOGRAPHIC_ALGORITHM = 'Cryptographic Algorithm'
|
|
CRYPTOGRAPHIC_LENGTH = 'Cryptographic Length'
|
|
CRYPTOGRAPHIC_PARAMETERS = 'Cryptographic Parameters'
|
|
CRYPTOGRAPHIC_DOMAIN_PARAMETERS = 'Cryptographic Domain Parameters'
|
|
CERTIFICATE_TYPE = 'Certificate Type'
|
|
CERTIFICATE_LENGTH = 'Certificate Length'
|
|
X_509_CERTIFICATE_IDENTIFIER = 'X.509 Certificate Identifier'
|
|
X_509_CERTIFICATE_SUBJECT = 'X.509 Certificate Subject'
|
|
X_509_CERTIFICATE_ISSUER = 'X.509 Certificate Issuer'
|
|
CERTIFICATE_IDENTIFIER = 'Certificate Identifier'
|
|
CERTIFICATE_SUBJECT = 'Certificate Subject'
|
|
CERTIFICATE_ISSUER = 'Certificate Issuer'
|
|
DIGITAL_SIGNATURE_ALGORITHM = 'Digital Signature Algorithm'
|
|
DIGEST = 'Digest'
|
|
OPERATION_POLICY_NAME = 'Operation Policy Name'
|
|
CRYPTOGRAPHIC_USAGE_MASK = 'Cryptographic Usage Mask'
|
|
LEASE_TIME = 'Lease Time'
|
|
USAGE_LIMITS = 'Usage Limits'
|
|
STATE = 'State'
|
|
INITIAL_DATE = 'Initial Date'
|
|
ACTIVATION_DATE = 'Activation Date'
|
|
PROCESS_START_DATE = 'Process Start Date'
|
|
PROTECT_STOP_DATE = 'Protect Stop Date'
|
|
DEACTIVATION_DATE = 'Deactivation Date'
|
|
DESTROY_DATE = 'Destroy Date'
|
|
COMPROMISE_OCCURRENCE_DATE = 'Compromise Occurrence Date'
|
|
COMPROMISE_DATE = 'Compromise Date'
|
|
REVOCATION_REASON = 'Revocation Reason'
|
|
ARCHIVE_DATE = 'Archive Date'
|
|
OBJECT_GROUP = 'Object Group'
|
|
FRESH = 'Fresh'
|
|
LINK = 'Link'
|
|
APPLICATION_SPECIFIC_INFORMATION = 'Application Specific Information'
|
|
CONTACT_INFORMATION = 'Contact Information'
|
|
LAST_CHANGE_DATE = 'Last Change Date'
|
|
CUSTOM_ATTRIBUTE = 'Custom Attribute'
|
|
|
|
|
|
class ConformanceClause(enum.Enum):
|
|
"""
|
|
The specification of KMIP features supported by KMIP clients and servers.
|
|
|
|
The conformance clause defines the KMIP objects and operations that need
|
|
to be supported for a specific feature set. The clause is one of two core
|
|
components that make up a KMIP client/server profile. For more information,
|
|
see Section 5 of the KMIP 1.1 profiles document.
|
|
"""
|
|
DISCOVER_VERSIONS = 1
|
|
BASELINE = 2
|
|
SECRET_DATA = 3
|
|
SYMMETRIC_KEY_STORE = 4
|
|
SYMMETRIC_KEY_FOUNDRY = 5
|
|
ASYMMETRIC_KEY_STORE = 6
|
|
ASYMMETRIC_KEY_AND_CERTIFICATE_STORE = 7
|
|
ASYMMETRIC_KEY_FOUNDRY = 8
|
|
CERTIFICATE = 9
|
|
ASYMMETRIC_KEY_FOUNDRY_AND_CERTIFICATE = 10
|
|
STORAGE = 11
|
|
|
|
|
|
class AuthenticationSuite(enum.Enum):
|
|
"""
|
|
The type of authentication suite used by KMIP clients and servers.
|
|
|
|
The authentication suite defines the protocol versions and cipher suites
|
|
that should be used to secure KMIP client/server communications. An
|
|
authentication suite is one of two core components that make up a KMIP
|
|
client/server profile. For more information, see Section 3 of the KMIP
|
|
1.1 profiles document.
|
|
"""
|
|
BASIC = 1
|
|
TLS12 = 2
|
|
|
|
|
|
class Types(enum.Enum):
|
|
"""
|
|
The unique identifier of an entity primitive type.
|
|
|
|
The type is a unique identifier for every possible primitive KMIP entity
|
|
defined by the KMIP specification. Every KMIP object is a form of KMIP
|
|
primitive. The type is the second piece of an object that is encoded and
|
|
decoded during serialization.
|
|
|
|
While not defined by the specification, the DEFAULT tag is used as a
|
|
default type identifier for testing purposes.
|
|
"""
|
|
DEFAULT = 0x00
|
|
STRUCTURE = 0x01
|
|
INTEGER = 0x02
|
|
LONG_INTEGER = 0x03
|
|
BIG_INTEGER = 0x04
|
|
ENUMERATION = 0x05
|
|
BOOLEAN = 0x06
|
|
TEXT_STRING = 0x07
|
|
BYTE_STRING = 0x08
|
|
DATE_TIME = 0x09
|
|
INTERVAL = 0x0A
|
|
|
|
|
|
class Tags(enum.Enum):
|
|
"""
|
|
The unique identifier of an entity type.
|
|
|
|
The tag is a unique identifier for every possible KMIP entity defined by
|
|
the KMIP specification. It is the first piece of an object that is encoded
|
|
and decoded during serialization.
|
|
|
|
While not defined by the specification, the DEFAULT tag is used as the
|
|
default tag for all KMIP primitives.
|
|
"""
|
|
DEFAULT = 0x420000
|
|
ACTIVATION_DATE = 0x420001
|
|
APPLICATION_DATA = 0x420002
|
|
APPLICATION_NAMESPACE = 0x420003
|
|
APPLICATION_SPECIFIC_INFORMATION = 0x420004
|
|
ARCHIVE_DATE = 0x420005
|
|
ASYNCHRONOUS_CORRELATION_VALUE = 0x420006
|
|
ASYNCHRONOUS_INDICATOR = 0x420007
|
|
ATTRIBUTE = 0x420008
|
|
ATTRIBUTE_INDEX = 0x420009
|
|
ATTRIBUTE_NAME = 0x42000A
|
|
ATTRIBUTE_VALUE = 0x42000B
|
|
AUTHENTICATION = 0x42000C
|
|
BATCH_COUNT = 0x42000D
|
|
BATCH_ERROR_CONTINUATION_OPTION = 0x42000E
|
|
BATCH_ITEM = 0x42000F
|
|
BATCH_ORDER_OPTION = 0x420010
|
|
BLOCK_CIPHER_MODE = 0x420011
|
|
CANCELLATION_RESULT = 0x420012
|
|
CERTIFICATE = 0x420013
|
|
CERTIFICATE_IDENTIFIER = 0x420014 # DEPRECATED
|
|
CERTIFICATE_ISSUER = 0x420015 # DEPRECATED
|
|
CERTIFICATE_ISSUER_ALTERNATIVE_NAME = 0x420016 # DEPRECATED
|
|
CERTIFICATE_ISSUER_DISTINGUISHED_NAME = 0x420017 # DEPRECATED
|
|
CERTIFICATE_REQUEST = 0x420018
|
|
CERTIFICATE_REQUEST_TYPE = 0x420019
|
|
CERTIFICATE_SUBJECT = 0x42001A # DEPRECATED
|
|
CERTIFICATE_SUBJECT_ALTERNATIVE_NAME = 0x42001B # DEPRECATED
|
|
CERTIFICATE_SUBJECT_DISTINGUISHED_NAME = 0x42001C # DEPRECATED
|
|
CERTIFICATE_TYPE = 0x42001D
|
|
CERTIFICATE_VALUE = 0x42001E
|
|
COMMON_TEMPLATE_ATTRIBUTE = 0x42001F
|
|
COMPROMISE_DATE = 0x420020
|
|
COMPROMISE_OCCURRENCE_DATE = 0x420021
|
|
CONTACT_INFORMATION = 0x420022
|
|
CREDENTIAL = 0x420023
|
|
CREDENTIAL_TYPE = 0x420024
|
|
CREDENTIAL_VALUE = 0x420025
|
|
CRITICALITY_INDICATOR = 0x420026
|
|
CRT_COEFFICIENT = 0x420027
|
|
CRYPTOGRAPHIC_ALGORITHM = 0x420028
|
|
CRYPTOGRAPHIC_DOMAIN_PARAMETERS = 0x420029
|
|
CRYPTOGRAPHIC_LENGTH = 0x42002A
|
|
CRYPTOGRAPHIC_PARAMETERS = 0x42002B
|
|
CRYPTOGRAPHIC_USAGE_MASK = 0x42002C
|
|
CUSTOM_ATTRIBUTE = 0x42002D
|
|
D = 0x42002E
|
|
DEACTIVATION_DATE = 0x42002F
|
|
DERIVATION_DATA = 0x420030
|
|
DERIVATION_METHOD = 0x420031
|
|
DERIVATION_PARAMETERS = 0x420032
|
|
DESTROY_DATE = 0x420033
|
|
DIGEST = 0x420034
|
|
DIGEST_VALUE = 0x420035
|
|
ENCRYPTION_KEY_INFORMATION = 0x420036
|
|
G = 0x420037
|
|
HASHING_ALGORITHM = 0x420038
|
|
INITIAL_DATE = 0x420039
|
|
INITIALIZATION_VECTOR = 0x42003A
|
|
ISSUER = 0x42003B # DEPRECATED
|
|
ITERATION_COUNT = 0x42003C
|
|
IV_COUNTER_NONCE = 0x42003D
|
|
J = 0x42003E
|
|
KEY = 0x42003F
|
|
KEY_BLOCK = 0x420040
|
|
KEY_COMPRESSION_TYPE = 0x420041
|
|
KEY_FORMAT_TYPE = 0x420042
|
|
KEY_MATERIAL = 0x420043
|
|
KEY_PART_IDENTIFIER = 0x420044
|
|
KEY_VALUE = 0x420045
|
|
KEY_WRAPPING_DATA = 0x420046
|
|
KEY_WRAPPING_SPECIFICATION = 0x420047
|
|
LAST_CHANGE_DATE = 0x420048
|
|
LEASE_TIME = 0x420049
|
|
LINK = 0x42004A
|
|
LINK_TYPE = 0x42004B
|
|
LINKED_OBJECT_IDENTIFIER = 0x42004C
|
|
MAC_SIGNATURE = 0x42004D
|
|
MAC_SIGNATURE_KEY_INFORMATION = 0x42004E
|
|
MAXIMUM_ITEMS = 0x42004F
|
|
MAXIMUM_RESPONSE_SIZE = 0x420050
|
|
MESSAGE_EXTENSION = 0x420051
|
|
MODULUS = 0x420052
|
|
NAME = 0x420053
|
|
NAME_TYPE = 0x420054
|
|
NAME_VALUE = 0x420055
|
|
OBJECT_GROUP = 0x420056
|
|
OBJECT_TYPE = 0x420057
|
|
OFFSET = 0x420058
|
|
OPAQUE_DATA_TYPE = 0x420059
|
|
OPAQUE_DATA_VALUE = 0x42005A
|
|
OPAQUE_OBJECT = 0x42005B
|
|
OPERATION = 0x42005C
|
|
OPERATION_POLICY_NAME = 0x42005D
|
|
P = 0x42005E
|
|
PADDING_METHOD = 0x42005F
|
|
PRIME_EXPONENT_P = 0x420060
|
|
PRIME_EXPONENT_Q = 0x420061
|
|
PRIME_FIELD_SIZE = 0x420062
|
|
PRIVATE_EXPONENT = 0x420063
|
|
PRIVATE_KEY = 0x420064
|
|
PRIVATE_KEY_TEMPLATE_ATTRIBUTE = 0x420065
|
|
PRIVATE_KEY_UNIQUE_IDENTIFIER = 0x420066
|
|
PROCESS_START_DATE = 0x420067
|
|
PROTECT_STOP_DATE = 0x420068
|
|
PROTOCOL_VERSION = 0x420069
|
|
PROTOCOL_VERSION_MAJOR = 0x42006A
|
|
PROTOCOL_VERSION_MINOR = 0x42006B
|
|
PUBLIC_EXPONENT = 0x42006C
|
|
PUBLIC_KEY = 0x42006D
|
|
PUBLIC_KEY_TEMPLATE_ATTRIBUTE = 0x42006E
|
|
PUBLIC_KEY_UNIQUE_IDENTIFIER = 0x42006F
|
|
PUT_FUNCTION = 0x420070
|
|
Q = 0x420071
|
|
Q_STRING = 0x420072
|
|
QLENGTH = 0x420073
|
|
QUERY_FUNCTION = 0x420074
|
|
RECOMMENDED_CURVE = 0x420075
|
|
REPLACED_UNIQUE_IDENTIFIER = 0x420076
|
|
REQUEST_BATCH_ITEM = 0x42000F
|
|
REQUEST_HEADER = 0x420077
|
|
REQUEST_MESSAGE = 0x420078
|
|
REQUEST_PAYLOAD = 0x420079
|
|
RESPONSE_BATCH_ITEM = 0x42000F
|
|
RESPONSE_HEADER = 0x42007A
|
|
RESPONSE_MESSAGE = 0x42007B
|
|
RESPONSE_PAYLOAD = 0x42007C
|
|
RESULT_MESSAGE = 0x42007D
|
|
RESULT_REASON = 0x42007E
|
|
RESULT_STATUS = 0x42007F
|
|
REVOCATION_MESSAGE = 0x420080
|
|
REVOCATION_REASON = 0x420081
|
|
REVOCATION_REASON_CODE = 0x420082
|
|
KEY_ROLE_TYPE = 0x420083
|
|
SALT = 0x420084
|
|
SECRET_DATA = 0x420085
|
|
SECRET_DATA_TYPE = 0x420086
|
|
SERIAL_NUMBER = 0x420087 # DEPRECATED
|
|
SERVER_INFORMATION = 0x420088
|
|
SPLIT_KEY = 0x420089
|
|
SPLIT_KEY_METHOD = 0x42008A
|
|
SPLIT_KEY_PARTS = 0x42008B
|
|
SPLIT_KEY_THRESHOLD = 0x42008C
|
|
STATE = 0x42008D
|
|
STORAGE_STATUS_MASK = 0x42008E
|
|
SYMMETRIC_KEY = 0x42008F
|
|
TEMPLATE = 0x420090
|
|
TEMPLATE_ATTRIBUTE = 0x420091
|
|
TIME_STAMP = 0x420092
|
|
UNIQUE_BATCH_ITEM_ID = 0x420093
|
|
UNIQUE_IDENTIFIER = 0x420094
|
|
USAGE_LIMITS = 0x420095
|
|
USAGE_LIMITS_COUNT = 0x420096
|
|
USAGE_LIMITS_TOTAL = 0x420097
|
|
USAGE_LIMITS_UNIT = 0x420098
|
|
USERNAME = 0x420099
|
|
VALIDITY_DATE = 0x42009A
|
|
VALIDITY_INDICATOR = 0x42009B
|
|
VENDOR_EXTENSION = 0x42009C
|
|
VENDOR_IDENTIFICATION = 0x42009D
|
|
WRAPPING_METHOD = 0x42009E
|
|
X = 0x42009F
|
|
Y = 0x4200A0
|
|
PASSWORD = 0x4200A1
|
|
DEVICE_IDENTIFIER = 0x4200A2
|
|
ENCODING_OPTION = 0x4200A3
|
|
EXTENSION_INFORMATION = 0x4200A4
|
|
EXTENSION_NAME = 0x4200A5
|
|
EXTENSION_TAG = 0x4200A6
|
|
EXTENSION_TYPE = 0x4200A7
|
|
FRESH = 0x4200A8
|
|
MACHINE_IDENTIFIER = 0x4200A9
|
|
MEDIA_IDENTIFIER = 0x4200AA
|
|
NETWORK_IDENTIFIER = 0x4200AB
|
|
OBJECT_GROUP_MEMBER = 0x4200AC
|
|
CERTIFICATE_LENGTH = 0x4200AD
|
|
DIGITAL_SIGNATURE_ALGORITHM = 0x4200AE
|
|
CERTIFICATE_SERIAL_NUMBER = 0x4200AF
|
|
DEVICE_SERIAL_NUMBER = 0x4200B0
|
|
ISSUER_ALTERNATIVE_NAME = 0x4200B1
|
|
ISSUER_DISTINGUISHED_NAME = 0x4200B2
|
|
SUBJECT_ALTERNATIVE_NAME = 0x4200B3
|
|
SUBJECT_DISTINGUISHED_NAME = 0x4200B4
|
|
X_509_CERTIFICATE_IDENTIFER = 0x4200B5
|
|
X_509_CERTIFICATE_ISSUER = 0x4200B6
|
|
X_509_CERTIFICATE_SUBJECT = 0x4200B7
|
|
|
|
|
|
class CredentialType(enum.Enum):
|
|
"""
|
|
The type of a credential object.
|
|
|
|
The credential type is a required attribute of a credential object. It
|
|
identifies the format and structure of the value of the credential.
|
|
"""
|
|
USERNAME_AND_PASSWORD = 0x00000001
|
|
DEVICE = 0x00000002
|
|
|
|
|
|
class KeyCompressionType(enum.Enum):
|
|
"""
|
|
The technique used to compress an elliptic curve public key.
|
|
|
|
The key compression type is an attribute of a key block structure. If it
|
|
is omitted, it is inferred that the related public key is uncompressed.
|
|
"""
|
|
EC_PUBLIC_KEY_TYPE_UNCOMPRESSED = 0x00000001
|
|
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_PRIME = 0x00000002
|
|
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_CHAR2 = 0x00000003
|
|
EC_PUBLIC_KEY_TYPE_X9_62_HYBRID = 0x00000004
|
|
|
|
|
|
class KeyFormatType(enum.Enum):
|
|
"""
|
|
The format of the key data structure.
|
|
|
|
The key format type is a required attribute of a key block structure. It
|
|
is the differentiating feature that describes the structure of different
|
|
types of keys.
|
|
"""
|
|
RAW = 0x00000001
|
|
OPAQUE = 0x00000002
|
|
PKCS_1 = 0x00000003
|
|
PKCS_8 = 0x00000004
|
|
X_509 = 0x00000005
|
|
EC_PRIVATE_KEY = 0x00000006
|
|
TRANSPARENT_SYMMETRIC_KEY = 0x00000007
|
|
TRANSPARENT_DSA_PRIVATE_KEY = 0x00000008
|
|
TRANSPARENT_DSA_PUBLIC_KEY = 0x00000009
|
|
TRANSPARENT_RSA_PRIVATE_KEY = 0x0000000A
|
|
TRANSPARENT_RSA_PUBLIC_KEY = 0x0000000B
|
|
TRANSPARENT_DH_PRIVATE_KEY = 0x0000000C
|
|
TRANSPARENT_DH_PUBLIC_KEY = 0x0000000D
|
|
TRANSPARENT_ECDSA_PRIVATE_KEY = 0x0000000E
|
|
TRANSPARENT_ECDSA_PUBLIC_KEY = 0x0000000F
|
|
TRANSPARENT_ECDH_PRIVATE_KEY = 0x00000010
|
|
TRANSPARENT_ECDH_PUBLIC_KEY = 0x00000011
|
|
TRANSPARENT_ECMQV_PRIVATE_KEY = 0x00000012
|
|
TRANSPARENT_ECMQV_PUBLIC_KEY = 0x00000013
|
|
|
|
|
|
class WrappingMethod(enum.Enum):
|
|
"""
|
|
The technique used to wrap a secret object.
|
|
|
|
The wrapping method is a required attribute of a key wrapping data
|
|
structure. It indicates how an algorithm is used to conduct the data
|
|
wrapping.
|
|
"""
|
|
ENCRYPT = 0x00000001
|
|
MAC_SIGN = 0x00000002
|
|
ENCRYPT_THEN_MAC_SIGN = 0x00000003
|
|
MAC_SIGN_THEN_ENCRYPT = 0x00000004
|
|
TR_31 = 0x00000005
|
|
|
|
|
|
class RecommendedCurve(enum.Enum):
|
|
"""
|
|
The type of algorithm for elliptic curve cryptography.
|
|
|
|
The recommended curve defines the algorithm associated with specific
|
|
classes of asymmetric keys. It is a required attribute of all transparent
|
|
key structures.
|
|
"""
|
|
P_192 = 0x00000001
|
|
K_163 = 0x00000002
|
|
B_163 = 0x00000003
|
|
P_224 = 0x00000004
|
|
K_233 = 0x00000005
|
|
B_233 = 0x00000006
|
|
P_256 = 0x00000007
|
|
K_283 = 0x00000008
|
|
B_283 = 0x00000009
|
|
P_384 = 0x0000000A
|
|
K_409 = 0x0000000B
|
|
B_409 = 0x0000000C
|
|
P_521 = 0x0000000D
|
|
K_571 = 0x0000000E
|
|
B_571 = 0x0000000F
|
|
|
|
|
|
class CertificateTypeEnum(enum.Enum):
|
|
"""
|
|
The type of a certificate managed object.
|
|
|
|
The certificate type identifies the format of a certificate. It can be
|
|
specified when creating or registering a certificate managed object.
|
|
"""
|
|
X_509 = 0x00000001
|
|
PGP = 0x00000002
|
|
|
|
|
|
class DigitalSignatureAlgorithm(enum.Enum):
|
|
"""
|
|
The algorithm used to create a digital signature.
|
|
|
|
The digital signature algorithm is an attribute associated with a
|
|
cryptographically signed object, usually a certificate. It can be
|
|
specified when registering a new managed object and is often managed
|
|
directly by the storage backend.
|
|
"""
|
|
MD2_WITH_RSA = 0x00000001
|
|
MD5_WITH_RSA = 0x00000002
|
|
SHA1_WITH_RSA = 0x00000003
|
|
SHA224_WITH_RSA = 0x00000004
|
|
SHA256_WITH_RSA = 0x00000005
|
|
SHA384_WITH_RSA = 0x00000006
|
|
SHA512_WITH_RSA = 0x00000007
|
|
RSASSA_PSS = 0x00000008
|
|
DSA_WITH_SHA1 = 0x00000009
|
|
DSA_WITH_SHA224 = 0x0000000A
|
|
DSA_WITH_SHA256 = 0x0000000B
|
|
ECDSA_WITH_SHA1 = 0x0000000C
|
|
ECDSA_WITH_SHA224 = 0x0000000D
|
|
ECDSA_WITH_SHA256 = 0x0000000E
|
|
ECDSA_WITH_SHA384 = 0x0000000F
|
|
ECDSA_WITH_SHA512 = 0x00000010
|
|
|
|
|
|
class SplitKeyMethod(enum.Enum):
|
|
"""
|
|
The computation used to create a split key managed object.
|
|
|
|
The split key method is a required attribute of a split key managed object,
|
|
indicating how the parts of the split key were generated from the original
|
|
source secret. It is only used when working with split keys.
|
|
"""
|
|
XOR = 0x00000001
|
|
POLYNOMIAL_SHARING_GF = 0x00000002
|
|
POLYNOMIAL_SHARING_PRIME_FIELD = 0x00000003
|
|
|
|
|
|
class SecretDataType(enum.Enum):
|
|
"""
|
|
The type of a secret data value.
|
|
|
|
The secret data type indicates how to decode or interpret the value of a
|
|
secret object. It is a required attribute of a secret data managed object.
|
|
"""
|
|
PASSWORD = 0x00000001
|
|
SEED = 0x00000002
|
|
|
|
|
|
class OpaqueDataType(enum.Enum):
|
|
"""
|
|
The type of an opaque data value.
|
|
|
|
The opaque data type is a custom value indicating how to decode or
|
|
interpret the value of an opaque object. Unlike all other enumerations,
|
|
the KMIP specification does not define any default opaque data types,
|
|
instead leaving the usage and definition up to the extension system
|
|
supported by a KMIP provider.
|
|
|
|
While not defined in the standard, the default type NONE is provided so
|
|
that basic opaque objects can still be defined, independent of a specific
|
|
vendor implementation. By definition as an extension, all opaque data type
|
|
enumeration values start with 0x80.
|
|
"""
|
|
NONE = 0x80000000
|
|
|
|
|
|
class NameType(enum.Enum):
|
|
"""
|
|
The type of a managed object name string.
|
|
|
|
The name type defines the format of a given name attribute value. Names
|
|
are common attributes for all managed objects.
|
|
"""
|
|
UNINTERPRETED_TEXT_STRING = 0x00000001
|
|
URI = 0x00000002
|
|
|
|
|
|
class ObjectType(enum.Enum):
|
|
"""
|
|
The type of a managed object.
|
|
|
|
The object type is a common attribute to all managed objects. It can be
|
|
set or specified upon object creation but is immutable once finalized. The
|
|
type can be used as a filter to locate sets of managed objects.
|
|
"""
|
|
CERTIFICATE = 0x00000001
|
|
SYMMETRIC_KEY = 0x00000002
|
|
PUBLIC_KEY = 0x00000003
|
|
PRIVATE_KEY = 0x00000004
|
|
SPLIT_KEY = 0x00000005
|
|
TEMPLATE = 0x00000006
|
|
SECRET_DATA = 0x00000007
|
|
OPAQUE_DATA = 0x00000008
|
|
|
|
|
|
class CryptographicAlgorithm(enum.Enum):
|
|
"""
|
|
The type of algorithm used for a cryptographic operation.
|
|
|
|
The cryptographic algorithm is a common attribute for cryptographic managed
|
|
objects and is used in various cryptographic structures and operations. It
|
|
is commonly specified during creation or registration of a cryptographic
|
|
object.
|
|
"""
|
|
DES = 0x00000001
|
|
TRIPLE_DES = 0x00000002 # '3DES' is invalid syntax
|
|
AES = 0x00000003
|
|
RSA = 0x00000004
|
|
DSA = 0x00000005
|
|
ECDSA = 0x00000006
|
|
HMAC_SHA1 = 0x00000007
|
|
HMAC_SHA224 = 0x00000008
|
|
HMAC_SHA256 = 0x00000009
|
|
HMAC_SHA384 = 0x0000000A
|
|
HMAC_SHA512 = 0x0000000B
|
|
HMAC_MD5 = 0x0000000C
|
|
DH = 0x0000000D
|
|
ECDH = 0x0000000E
|
|
ECMQV = 0x0000000F
|
|
BLOWFISH = 0x00000010
|
|
CAMELLIA = 0x00000011
|
|
CAST5 = 0x00000012
|
|
IDEA = 0x00000013
|
|
MARS = 0x00000014
|
|
RC2 = 0x00000015
|
|
RC4 = 0x00000016
|
|
RC5 = 0x00000017
|
|
SKIPJACK = 0x00000018
|
|
TWOFISH = 0x00000019
|
|
|
|
|
|
class BlockCipherMode(enum.Enum):
|
|
"""
|
|
The mode dictating block processing in a cryptographic algorithm.
|
|
|
|
The block cipher mode is one of several features that make up a set of
|
|
cryptographic parameters, which can be used to describe all cryptographic
|
|
managed objects.
|
|
"""
|
|
CBC = 0x00000001
|
|
ECB = 0x00000002
|
|
PCBC = 0x00000003
|
|
CFB = 0x00000004
|
|
OFB = 0x00000005
|
|
CTR = 0x00000006
|
|
CMAC = 0x00000007
|
|
CCM = 0x00000008
|
|
GCM = 0x00000009
|
|
CBC_MAC = 0x0000000A
|
|
XTS = 0x0000000B
|
|
AES_KEY_WRAP_PADDING = 0x0000000C
|
|
NIST_KEY_WRAP = 0x0000000D
|
|
X9_102_AESKW = 0x0000000E
|
|
X9_102_TDKW = 0x0000000F
|
|
X9_102_AKW1 = 0x00000010
|
|
X9_102_AKW2 = 0x00000011
|
|
|
|
|
|
class PaddingMethod(enum.Enum):
|
|
"""
|
|
The type of padding technique used with a cryptographic algorithm.
|
|
|
|
The padding method is one of several features that make up a set of
|
|
cryptographic parameters, which can be used to describe all cryptographic
|
|
managed objects.
|
|
"""
|
|
NONE = 0x00000001
|
|
OAEP = 0x00000002
|
|
PKCS5 = 0x00000003
|
|
SSL3 = 0x00000004
|
|
ZEROS = 0x00000005
|
|
ANSI_X923 = 0x00000006
|
|
ISO_10126 = 0x00000007
|
|
PKCS1_V15 = 0x00000008
|
|
X9_31 = 0x00000009
|
|
PSS = 0x0000000A
|
|
|
|
|
|
class HashingAlgorithm(enum.Enum):
|
|
"""
|
|
The type of algorithm used to generate a cryptographic hash.
|
|
|
|
The hashing algorithm is one of several features that make up a set of
|
|
cryptographic parameters, which can be used to describe all cryptographic
|
|
managed objects. It is also a required digest attribute, defining the
|
|
algorithm used to create the digest value.
|
|
"""
|
|
MD2 = 0x00000001
|
|
MD4 = 0x00000002
|
|
MD5 = 0x00000003
|
|
SHA1 = 0x00000004
|
|
SHA224 = 0x00000005
|
|
SHA256 = 0x00000006
|
|
SHA384 = 0x00000007
|
|
SHA512 = 0x00000008
|
|
RIPEMD_160 = 0x00000009
|
|
TIGER = 0x0000000A
|
|
WHIRLPOOL = 0x0000000B
|
|
|
|
|
|
class KeyRoleType(enum.Enum):
|
|
"""
|
|
The position a cryptographic managed object holds in a cryptosystem.
|
|
|
|
The key role type is one of several features that make up a set of
|
|
cryptographic parameters, which can be used to describe all cryptographic
|
|
managed objects. The set of key role types is defined by ANSI X9 TR-31.
|
|
"""
|
|
BDK = 0x00000001
|
|
CVK = 0x00000002
|
|
DEK = 0x00000003
|
|
MKAC = 0x00000004
|
|
MKSMC = 0x00000005
|
|
MKSMI = 0x00000006
|
|
MKDAC = 0x00000007
|
|
MKDN = 0x00000008
|
|
MKCP = 0x00000009
|
|
MKOTH = 0x0000000A
|
|
KEK = 0x0000000B
|
|
MAC_16609 = 0x0000000C
|
|
MAC_97971 = 0x0000000D
|
|
MAC_97972 = 0x0000000E
|
|
MAC_97973 = 0x0000000F
|
|
MAC_97974 = 0x00000010
|
|
MAC_97975 = 0x00000011
|
|
ZPK = 0x00000012
|
|
PVKIBM = 0x00000013
|
|
PVKPVV = 0x00000014
|
|
PVKOTH = 0x00000015
|
|
|
|
|
|
class State(enum.Enum):
|
|
"""
|
|
The mode a managed object is currently in.
|
|
|
|
The state is a common attribute of managed objects. It defines how a
|
|
managed object can be used and can change as different operations are
|
|
enacted upon the object. It is set dynamically by a server and is only
|
|
queryable by a client.
|
|
"""
|
|
PRE_ACTIVE = 0x00000001
|
|
ACTIVE = 0x00000002
|
|
DEACTIVATED = 0x00000003
|
|
COMPROMISED = 0x00000004
|
|
DESTROYED = 0x00000005
|
|
DESTROYED_COMPROMISED = 0x00000006
|
|
|
|
|
|
class RevocationReasonCode(enum.Enum):
|
|
"""
|
|
A code number used to designate why a managed object was revoked.
|
|
|
|
The revocation reason code is used, in conjunction with a revocation
|
|
message, to record why revocation occurred for a managed object. Revocation
|
|
involves a state change in the associated managed object and is usually
|
|
carried out explicitly using the revoke operation.
|
|
"""
|
|
UNSPECIFIED = 0x00000001
|
|
KEY_COMPROMISE = 0x00000002
|
|
CA_COMPROMISE = 0x00000003
|
|
AFFILIATION_CHANGED = 0x00000004
|
|
SUPERSEDED = 0x00000005
|
|
CESSATION_OF_OPERATION = 0x00000006
|
|
PRIVILEGE_WITHDRAWN = 0x00000007
|
|
|
|
|
|
class LinkType(enum.Enum):
|
|
"""
|
|
The type of linkage between two managed objects.
|
|
|
|
The link type is a common attribute of managed objects. It is used to show
|
|
relationships between different objects, like between a public/private key
|
|
pair, or between a certificate and its public key. A managed object can
|
|
have multiple links associated with it and links themselves can be created
|
|
dynamically by the server and by the client upon or after object creation.
|
|
The link type can also be used as a filter to locate sets of managed
|
|
objects.
|
|
"""
|
|
CERTIFICATE_LINK = 0x00000101
|
|
PUBLIC_KEY_LINK = 0x00000102
|
|
PRIVATE_KEY_LINK = 0x00000103
|
|
DERIVATION_BASE_OBJECT_LINK = 0x00000104
|
|
DERIVED_KEY_LINK = 0x00000105
|
|
REPLACEMENT_OBJECT_LINK = 0x00000106
|
|
REPLACED_OBJECT_LINK = 0x00000107
|
|
|
|
|
|
class DerivationMethod(enum.Enum):
|
|
"""
|
|
The type of computation used to derive a new cryptographic object.
|
|
|
|
The derivation method is used to select a specific algorithm that will be
|
|
used, in conjunction with an existing managed object, to generate a new
|
|
key or secret data object. It is used exclusively with the derive key
|
|
operation.
|
|
"""
|
|
PBKDF2 = 0x00000001
|
|
HASH = 0x00000002
|
|
HMAC = 0x00000003
|
|
ENCRYPT = 0x00000004
|
|
NIST800_108_C = 0x00000005
|
|
NIST800_108_F = 0x00000006
|
|
NIST800_108_DPI = 0x00000007
|
|
|
|
|
|
class CertificateRequestType(enum.Enum):
|
|
"""
|
|
The type of a certificate request issued for certification.
|
|
|
|
The certificate request type is used when certifying or re-certifying a
|
|
specific certificate request. It can be omitted from the process if the
|
|
type information is included in an associated request template attribute.
|
|
"""
|
|
CRMF = 0x00000001
|
|
PKCS_10 = 0x00000002
|
|
PEM = 0x00000003
|
|
PGP = 0x00000004
|
|
|
|
|
|
class ValidityIndicator(enum.Enum):
|
|
"""
|
|
The result of validating a chain of certificates.
|
|
|
|
The validity indicator is used by a server to indicate if a chain of
|
|
certificate objects and references was correctly validated. It can
|
|
represent success, failure, or an unknown state if the server did not know
|
|
how to validate the certificate chain.
|
|
"""
|
|
VALID = 0x00000001
|
|
INVALID = 0x00000002
|
|
UNKNOWN = 0x00000003
|
|
|
|
|
|
class QueryFunction(enum.Enum):
|
|
"""
|
|
A flag representing a specific set of server-specific information.
|
|
|
|
The query function is used to uniquely identifying what server-specific
|
|
information should be returned by a query request. A list of these flags
|
|
are used exclusively by the request payload for the query operation.
|
|
"""
|
|
QUERY_OPERATIONS = 0x00000001
|
|
QUERY_OBJECTS = 0x00000002
|
|
QUERY_SERVER_INFORMATION = 0x00000003
|
|
QUERY_APPLICATION_NAMESPACES = 0x00000004
|
|
QUERY_EXTENSION_LIST = 0x00000005
|
|
QUERY_EXTENSION_MAP = 0x00000006
|
|
|
|
|
|
class CancellationResult(enum.Enum):
|
|
"""
|
|
The final result of cancelling an operation.
|
|
|
|
The cancellation result is used by a server to indicate how a cancelled
|
|
operation was handled. It is used exclusively in the response payload for
|
|
the cancel operation.
|
|
"""
|
|
CANCELED = 0x00000001
|
|
UNABLE_TO_CANCEL = 0x00000002
|
|
COMPLETED = 0x00000003
|
|
FAILED = 0x00000004
|
|
UNAVAILABLE = 0x00000005
|
|
|
|
|
|
class PutFunction(enum.Enum):
|
|
"""
|
|
The flag indicating the context of an object push to the client.
|
|
|
|
The put function defines if an object being pushed to a client is a new
|
|
object or if it is a replacement for an object already retrieved by the
|
|
client. It is used exclusively in the put operation message payload.
|
|
"""
|
|
NEW = 0x00000001
|
|
REPLACE = 0x00000002
|
|
|
|
|
|
class Operation(enum.Enum):
|
|
"""
|
|
The identifier of an action supported by the KMIP specification.
|
|
|
|
The operation defines what actions should be taken with the data provided
|
|
in the operation payload. It is required to decode the data provided in
|
|
each message payload. It is included in each request or response batch
|
|
item.
|
|
"""
|
|
CREATE = 0x00000001
|
|
CREATE_KEY_PAIR = 0x00000002
|
|
REGISTER = 0x00000003
|
|
REKEY = 0x00000004
|
|
DERIVE_KEY = 0x00000005
|
|
CERTIFY = 0x00000006
|
|
RECERTIFY = 0x00000007
|
|
LOCATE = 0x00000008
|
|
CHECK = 0x00000009
|
|
GET = 0x0000000A
|
|
GET_ATTRIBUTES = 0x0000000B
|
|
GET_ATTRIBUTE_LIST = 0x0000000C
|
|
ADD_ATTRIBUTE = 0x0000000D
|
|
MODIFY_ATTRIBUTE = 0x0000000E
|
|
DELETE_ATTRIBUTE = 0x0000000F
|
|
OBTAIN_LEASE = 0x00000010
|
|
GET_USAGE_ALLOCATION = 0x00000011
|
|
ACTIVATE = 0x00000012
|
|
REVOKE = 0x00000013
|
|
DESTROY = 0x00000014
|
|
ARCHIVE = 0x00000015
|
|
RECOVER = 0x00000016
|
|
VALIDATE = 0x00000017
|
|
QUERY = 0x00000018
|
|
CANCEL = 0x00000019
|
|
POLL = 0x0000001A
|
|
NOTIFY = 0x0000001B
|
|
PUT = 0x0000001C
|
|
REKEY_KEY_PAIR = 0x0000001D
|
|
DISCOVER_VERSIONS = 0x0000001E
|
|
|
|
|
|
class ResultStatus(enum.Enum):
|
|
"""
|
|
The final status of an operation.
|
|
|
|
The result status is used to indicate whether an operation completed
|
|
successfully or failed during processing. It is included in each response
|
|
batch item for a response.
|
|
"""
|
|
SUCCESS = 0x00000000
|
|
OPERATION_FAILED = 0x00000001
|
|
OPERATION_PENDING = 0x00000002
|
|
OPERATION_UNDONE = 0x00000003
|
|
|
|
|
|
class ResultReason(enum.Enum):
|
|
"""
|
|
A predefined explanation for a failure or partial success of an operation.
|
|
|
|
The result reason is used to provide additional information on the result
|
|
status of an operation. It is most often used upon operation failure but
|
|
may be used with other result states. The reason is included in each
|
|
response batch item for a response.
|
|
"""
|
|
ITEM_NOT_FOUND = 0x00000001
|
|
RESPONSE_TOO_LARGE = 0x00000002
|
|
AUTHENTICATION_NOT_SUCCESSFUL = 0x00000003
|
|
INVALID_MESSAGE = 0x00000004
|
|
OPERATION_NOT_SUPPORTED = 0x00000005
|
|
MISSING_DATA = 0x00000006
|
|
INVALID_FIELD = 0x00000007
|
|
FEATURE_NOT_SUPPORTED = 0x00000008
|
|
OPERATION_CANCELED_BY_REQUESTER = 0x00000009
|
|
CRYPTOGRAPHIC_FAILURE = 0x0000000A
|
|
ILLEGAL_OPERATION = 0x0000000B
|
|
PERMISSION_DENIED = 0x0000000C
|
|
OBJECT_ARCHIVED = 0x0000000D
|
|
INDEX_OUT_OF_BOUNDS = 0x0000000E
|
|
APPLICATION_NAMESPACE_NOT_SUPPORTED = 0x0000000F
|
|
KEY_FORMAT_TYPE_NOT_SUPPORTED = 0x00000010
|
|
KEY_COMPRESSION_TYPE_NOT_SUPPORTED = 0x00000011
|
|
ENCODING_OPTION_ERROR = 0x00000012
|
|
GENERAL_FAILURE = 0x00000100
|
|
|
|
|
|
class BatchErrorContinuationOption(enum.Enum):
|
|
"""
|
|
An error setting used to control the processing of batch items.
|
|
|
|
The batch error continuation option defines how the client wants the
|
|
server to handle batch item processing in the event of an operation
|
|
failure. The option is set in the request header of a request.
|
|
"""
|
|
CONTINUE = 0x00000001
|
|
STOP = 0x00000002
|
|
UNDO = 0x00000003
|
|
|
|
|
|
class UsageLimitsUnit(enum.Enum):
|
|
"""
|
|
A unit of measure for a usage limit on a cryptographic managed object.
|
|
|
|
The usage limits unit defines what type of data to which a usage limit
|
|
applies. It is used primarily in a usage limit attribute and is typically
|
|
set during object creation or registration.
|
|
"""
|
|
BYTE = 0x00000001
|
|
OBJECT = 0x00000002
|
|
|
|
|
|
class EncodingOption(enum.Enum):
|
|
"""
|
|
The type of encoding used for a wrapped managed object.
|
|
|
|
The encoding option is used in both key wrapping specifications and key
|
|
wrapping data. It defines how the wrapped object was encoded so that it
|
|
can be correctly parsed once unwrapped.
|
|
"""
|
|
NO_ENCODING = 0x00000001
|
|
TTLV_ENCODING = 0x00000002
|
|
|
|
|
|
class ObjectGroupMember(enum.Enum):
|
|
"""
|
|
The group member state of a managed object.
|
|
|
|
The object group member reflects the freshness of a managed object. If a
|
|
managed object has never left the appliance, it is considered fresh. The
|
|
object group member can be used as a filter to locate sets of managed
|
|
objects.
|
|
"""
|
|
GROUP_MEMBER_FRESH = 0x00000001
|
|
GROUP_MEMBER_DEFAULT = 0x00000002
|
|
|
|
|
|
class CryptographicUsageMask(enum.Enum):
|
|
"""
|
|
A mask identifying a usage case for a cryptographic managed object.
|
|
|
|
The cryptographic usage mask is an attribute associated with cryptographic
|
|
managed objects. It is a bit mask made from one or more of the enumeration
|
|
values, combined via logical-or. The mask is often specified during object
|
|
creation or registration and can also be used as a filter to locate sets
|
|
of managed objects.
|
|
"""
|
|
SIGN = 0x00000001
|
|
VERIFY = 0x00000002
|
|
ENCRYPT = 0x00000004
|
|
DECRYPT = 0x00000008
|
|
WRAP_KEY = 0x00000010
|
|
UNWRAP_KEY = 0x00000020
|
|
EXPORT = 0x00000040
|
|
MAC_GENERATE = 0x00000080
|
|
MAC_VERIFY = 0x00000100
|
|
DERIVE_KEY = 0x00000200
|
|
CONTENT_COMMITMENT = 0x00000400
|
|
KEY_AGREEMENT = 0x00000800
|
|
CERTIFICATE_SIGN = 0x00001000
|
|
CRL_SIGN = 0x00002000
|
|
GENERATE_CRYPTOGRAM = 0x00004000
|
|
VALIDATE_CRYPTOGRAM = 0x00008000
|
|
TRANSLATE_ENCRYPT = 0x00010000
|
|
TRANSLATE_DECRYPT = 0x00020000
|
|
TRANSLATE_WRAP = 0x00040000
|
|
TRANSLATE_UNWRAP = 0x00080000
|
|
|
|
|
|
class StorageStatusMask(enum.Enum):
|
|
"""
|
|
A mask identifying a possible storage state for a managed object.
|
|
|
|
The storage state mask is a filter option used to locate sets of managed
|
|
objects. It is a bit mask made from one or more of the enumeration values,
|
|
combined via logical-or.
|
|
"""
|
|
ONLINE_STORAGE = 0x00000001
|
|
ARCHIVAL_STORAGE = 0x00000002
|