tyler.durden/PyKMIP
1
0
Fork 0
mirror of https://github.com/OpenKMIP/PyKMIP.git synced 2025-04-08 19:25:06 +02:00
Code Issues Packages Projects Releases Wiki Activity
PyKMIP/kmip/core/enums.py
Peter Hamilton e313731692 Add support for the Sensitive attribute 
This change adds support for the Sensitive attribute, adding it to
the attribute factory, the SQLAlchemy object hierarchy, and to the
server attribute handling methods. The intent is to use this new
attribute to test the new SetAttribute and ModifyAttribute
operations coming in future commits. Unit tests have been added
and modified to support the new additions.
2019-11-22 15:08:37 -05:00

2058 lines
86 KiB
Python
Raw Blame History

# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# In case of new content, remove the following line to enable flake8 tests
# flake8: noqa
import copy
import enum
import functools
import six
class OrderedEnum(enum.Enum):
"""
An ordered variant of the Enum class that allows for comparisons.
Taken from: https://docs.python.org/3/library/enum.html#orderedenum
"""
def __ge__(self, other):
if self.__class__ is other.__class__:
return self.value >= other.value
return NotImplemented
def __gt__(self, other):
if self.__class__ is other.__class__:
return self.value > other.value
return NotImplemented
def __le__(self, other):
if self.__class__ is other.__class__:
return self.value <= other.value
return NotImplemented
def __lt__(self, other):
if self.__class__ is other.__class__:
return self.value < other.value
return NotImplemented
class AdjustmentType(enum.Enum):
# KMIP 2.0
INCREMENT = 0x00000001
DECREMENT = 0x00000002
NEGATE = 0x00000003
class AlternativeNameType(enum.Enum):
# KMIP 1.2
UNINTERPRETED_TEXT_STRING = 0x00000001
URI = 0x00000002
OBJECT_SERIAL_NUMBER = 0x00000003
EMAIL_ADDRESS = 0x00000004
DNS_NAME = 0x00000005
X500_DISTINGUISHED_NAME = 0x00000006
IP_ADDRESS = 0x00000007
class AsynchronousIndicator(enum.Enum):
# KMIP 2.0
MANDATORY = 0x00000001
OPTIONAL = 0x00000002
PROHIBITED = 0x00000003
class AttestationType(enum.Enum):
# KMIP 1.2
TPM_QUOTE = 0x00000001
TCG_INTEGRITY_REPORT = 0x00000002
SAML_ASSERTION = 0x00000003
class AttributeType(enum.Enum):
UNIQUE_IDENTIFIER = 'Unique Identifier'
NAME = 'Name'
OBJECT_TYPE = 'Object Type'
CRYPTOGRAPHIC_ALGORITHM = 'Cryptographic Algorithm'
CRYPTOGRAPHIC_LENGTH = 'Cryptographic Length'
CRYPTOGRAPHIC_PARAMETERS = 'Cryptographic Parameters'
CRYPTOGRAPHIC_DOMAIN_PARAMETERS = 'Cryptographic Domain Parameters'
CERTIFICATE_TYPE = 'Certificate Type'
CERTIFICATE_LENGTH = 'Certificate Length'
X_509_CERTIFICATE_IDENTIFIER = 'X.509 Certificate Identifier'
X_509_CERTIFICATE_SUBJECT = 'X.509 Certificate Subject'
X_509_CERTIFICATE_ISSUER = 'X.509 Certificate Issuer'
CERTIFICATE_IDENTIFIER = 'Certificate Identifier'
CERTIFICATE_SUBJECT = 'Certificate Subject'
CERTIFICATE_ISSUER = 'Certificate Issuer'
DIGITAL_SIGNATURE_ALGORITHM = 'Digital Signature Algorithm'
DIGEST = 'Digest'
OPERATION_POLICY_NAME = 'Operation Policy Name'
CRYPTOGRAPHIC_USAGE_MASK = 'Cryptographic Usage Mask'
LEASE_TIME = 'Lease Time'
USAGE_LIMITS = 'Usage Limits'
STATE = 'State'
INITIAL_DATE = 'Initial Date'
ACTIVATION_DATE = 'Activation Date'
PROCESS_START_DATE = 'Process Start Date'
PROTECT_STOP_DATE = 'Protect Stop Date'
DEACTIVATION_DATE = 'Deactivation Date'
DESTROY_DATE = 'Destroy Date'
COMPROMISE_OCCURRENCE_DATE = 'Compromise Occurrence Date'
COMPROMISE_DATE = 'Compromise Date'
REVOCATION_REASON = 'Revocation Reason'
ARCHIVE_DATE = 'Archive Date'
OBJECT_GROUP = 'Object Group'
FRESH = 'Fresh'
LINK = 'Link'
APPLICATION_SPECIFIC_INFORMATION = 'Application Specific Information'
CONTACT_INFORMATION = 'Contact Information'
LAST_CHANGE_DATE = 'Last Change Date'
CUSTOM_ATTRIBUTE = 'Custom Attribute'
ALTERNATIVE_NAME = 'Alternative Name'
KEY_VALUE_PRESENT = 'Key Value Present'
KEY_VALUE_LOCATION = 'Key Value Location'
ORIGINAL_CREATION_DATE = 'Original Creation Date'
SENSITIVE = "Sensitive"
class AuthenticationSuite(enum.Enum):
"""
The type of authentication suite used by KMIP clients and servers.
The authentication suite defines the protocol versions and cipher suites
that should be used to secure KMIP client/server communications. An
authentication suite is one of two core components that make up a KMIP
client/server profile. For more information, see Section 3 of the KMIP
1.1 profiles document.
"""
BASIC = 1
TLS12 = 2
class BatchErrorContinuationOption(enum.Enum):
# KMIP 1.0
CONTINUE = 0x00000001
STOP = 0x00000002
UNDO = 0x00000003
class BlockCipherMode(enum.Enum):
# KMIP 1.0
CBC = 0x00000001
ECB = 0x00000002
PCBC = 0x00000003
CFB = 0x00000004
OFB = 0x00000005
CTR = 0x00000006
CMAC = 0x00000007
CCM = 0x00000008
GCM = 0x00000009
CBC_MAC = 0x0000000A
XTS = 0x0000000B
AES_KEY_WRAP_PADDING = 0x0000000C
NIST_KEY_WRAP = 0x0000000D
X9_102_AESKW = 0x0000000E
X9_102_TDKW = 0x0000000F
X9_102_AKW1 = 0x00000010
X9_102_AKW2 = 0x00000011
# KMIP 1.4
AEAD = 0x00000012
class CancellationResult(enum.Enum):
# KMIP 1.0
CANCELED = 0x00000001
UNABLE_TO_CANCEL = 0x00000002
COMPLETED = 0x00000003
FAILED = 0x00000004
UNAVAILABLE = 0x00000005
class CertificateRequestType(enum.Enum):
# KMIP 1.0
CRMF = 0x00000001
PKCS10 = 0x00000002
PEM = 0x00000003
PGP = 0x00000004 # Deprecated, designated '(Reserved)' in KMIP 2.0
class CertificateType(enum.Enum):
# KMIP 1.0
X_509 = 0x00000001
PGP = 0x00000002 # Deprecated as of KMIP 1.2, not deprecated in KMIP 2.0
class ClientRegistrationMethod(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
SERVER_PREGENERATED = 0x00000002
SERVER_ON_DEMAND = 0x00000003
CLIENT_GENERATED = 0x00000004
CLIENT_REGISTERED = 0x00000005
class ConformanceClause(enum.Enum):
DISCOVER_VERSIONS = 1
BASELINE = 2
SECRET_DATA = 3
SYMMETRIC_KEY_STORE = 4
SYMMETRIC_KEY_FOUNDRY = 5
ASYMMETRIC_KEY_STORE = 6
ASYMMETRIC_KEY_AND_CERTIFICATE_STORE = 7
ASYMMETRIC_KEY_FOUNDRY = 8
CERTIFICATE = 9
ASYMMETRIC_KEY_FOUNDRY_AND_CERTIFICATE = 10
STORAGE = 11
class CredentialType(enum.Enum):
# KMIP 1.0
USERNAME_AND_PASSWORD = 0x00000001
# KMIP 1.1
DEVICE = 0x00000002
# KMIP 1.2
ATTESTATION = 0x00000003
# KMIP 2.0
ONE_TIME_PASSWORD = 0x00000004
HASHED_PASSWORD = 0x00000005
TICKET = 0x00000006
class CryptographicAlgorithm(enum.Enum):
# KMIP 1.0
DES = 0x00000001
TRIPLE_DES = 0x00000002 # '3DES' is invalid syntax
AES = 0x00000003
RSA = 0x00000004
DSA = 0x00000005
ECDSA = 0x00000006
HMAC_SHA1 = 0x00000007
HMAC_SHA224 = 0x00000008
HMAC_SHA256 = 0x00000009
HMAC_SHA384 = 0x0000000A
HMAC_SHA512 = 0x0000000B
HMAC_MD5 = 0x0000000C
DH = 0x0000000D
ECDH = 0x0000000E
ECMQV = 0x0000000F
BLOWFISH = 0x00000010
CAMELLIA = 0x00000011
CAST5 = 0x00000012
IDEA = 0x00000013
MARS = 0x00000014
RC2 = 0x00000015
RC4 = 0x00000016
RC5 = 0x00000017
SKIPJACK = 0x00000018
TWOFISH = 0x00000019
# KMIP 1.2
EC = 0x0000001A
# KMIP 1.3
ONE_TIME_PAD = 0x0000001B
# KMIP 1.4
CHACHA20 = 0x0000001C
POLY1305 = 0x0000001D
CHACHA20_POLY1305 = 0x0000001E
SHA3_224 = 0x0000001F
SHA3_256 = 0x00000020
SHA3_384 = 0x00000021
SHA3_512 = 0x00000022
HMAC_SHA3_224 = 0x00000023
HMAC_SHA3_256 = 0x00000024
HMAC_SHA3_384 = 0x00000025
HMAC_SHA3_512 = 0x00000026
SHAKE_128 = 0x00000027
SHAKE_256 = 0x00000028
# KMIP 2.0
ARIA = 0x00000029
SEED = 0x0000002A
SM2 = 0x0000002B
SM3 = 0x0000002C
SM4 = 0x0000002D
GOST_R_34_10_2012 = 0x0000002E
GOST_R_34_11_2012 = 0x0000002F
GOST_R_34_13_2015 = 0x00000030
GOST_28147_89 = 0x00000031
XMSS = 0x00000032
SPHINCS_256 = 0x00000033
MCELIECE = 0x00000034
MCELIECE_6960119 = 0x00000035
MCELIECE_8192128 = 0x00000036
ED25519 = 0x00000037
ED448 = 0x00000038
class CryptographicUsageMask(enum.Enum):
# KMIP 1.0
SIGN = 0x00000001
VERIFY = 0x00000002
ENCRYPT = 0x00000004
DECRYPT = 0x00000008
WRAP_KEY = 0x00000010
UNWRAP_KEY = 0x00000020
EXPORT = 0x00000040
MAC_GENERATE = 0x00000080
MAC_VERIFY = 0x00000100
DERIVE_KEY = 0x00000200
CONTENT_COMMITMENT = 0x00000400
KEY_AGREEMENT = 0x00000800
CERTIFICATE_SIGN = 0x00001000
CRL_SIGN = 0x00002000
GENERATE_CRYPTOGRAM = 0x00004000 # Designated '(Reserved)' in KMIP 2.0
VALIDATE_CRYPTOGRAM = 0x00008000 # Designated '(Reserved)' in KMIP 2.0
TRANSLATE_ENCRYPT = 0x00010000 # Designated '(Reserved)' in KMIP 2.0
TRANSLATE_DECRYPT = 0x00020000 # Designated '(Reserved)' in KMIP 2.0
TRANSLATE_WRAP = 0x00040000 # Designated '(Reserved)' in KMIP 2.0
TRANSLATE_UNWRAP = 0x00080000 # Designated '(Reserved)' in KMIP 2.0
# KMIP 2.0
AUTHENTICATE = 0x00100000
UNRESTRICTED = 0x00200000
FPE_ENCRYPT = 0x00400000
FPE_DECRYPT = 0x00800000
class Data(enum.Enum):
# KMIP 2.0
DECRYPT = 0x00000001
ENCRYPT = 0x00000002
HASH = 0x00000003
MAC_MAC_DATA = 0x00000004
RNG_RETRIEVE = 0x00000005
SIGN_SIGNATURE_DATA = 0x00000006
SIGNATURE_VERIFY = 0x00000007
class DerivationMethod(enum.Enum):
# KMIP 1.0
PBKDF2 = 0x00000001
HASH = 0x00000002
HMAC = 0x00000003
ENCRYPT = 0x00000004
NIST800_108_C = 0x00000005
NIST800_108_F = 0x00000006
NIST800_108_DPI = 0x00000007
# KMIP 1.4
ASYMMETRIC_KEY = 0x00000008
# KMIP 2.0
AWS_SIGNATURE_VERSION_4 = 0x00000009
HKDF = 0x0000000A
class DestroyAction(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
KEY_MATERIAL_DELETED = 0x00000002
KEY_MATERIAL_SHREDDED = 0x00000003
METADATA_DELETED = 0x00000004
METADATA_SHREDDED = 0x00000005
DELETED = 0x00000006
SHREDDED = 0x00000007
class DigitalSignatureAlgorithm(enum.Enum):
# KMIP 1.1
MD2_WITH_RSA_ENCRYPTION = 0x00000001
MD5_WITH_RSA_ENCRYPTION = 0x00000002
SHA1_WITH_RSA_ENCRYPTION = 0x00000003
SHA224_WITH_RSA_ENCRYPTION = 0x00000004
SHA256_WITH_RSA_ENCRYPTION = 0x00000005
SHA384_WITH_RSA_ENCRYPTION = 0x00000006
SHA512_WITH_RSA_ENCRYPTION = 0x00000007
RSASSA_PSS = 0x00000008
DSA_WITH_SHA1 = 0x00000009
DSA_WITH_SHA224 = 0x0000000A
DSA_WITH_SHA256 = 0x0000000B
ECDSA_WITH_SHA1 = 0x0000000C
ECDSA_WITH_SHA224 = 0x0000000D
ECDSA_WITH_SHA256 = 0x0000000E
ECDSA_WITH_SHA384 = 0x0000000F
ECDSA_WITH_SHA512 = 0x00000010
# KMIP 1.4
SHA3_256_WITH_RSA_ENCRYPTION = 0x00000011
SHA3_384_WITH_RSA_ENCRYPTION = 0x00000012
SHA3_512_WITH_RSA_ENCRYPTION = 0x00000013
class DRBGAlgorithm(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
DUAL_EC = 0x00000002
HASH = 0x00000003
HMAC = 0x00000004
CTR = 0x00000005
class EncodingOption(enum.Enum):
# KMIP 1.1
NO_ENCODING = 0x00000001
TTLV_ENCODING = 0x00000002
class EndpointRole(enum.Enum):
CLIENT = 0x00000001
SERVER = 0x00000002
class FIPS186Variation(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
GP_X_ORIGINAL = 0x00000002
GP_X_CHANGE_NOTICE = 0x00000003
X_ORIGINAL = 0x00000004
X_CHANGE_NOTICE = 0x00000005
K_ORIGINAL = 0x00000006
K_CHANGE_NOTICE = 0x00000007
class HashingAlgorithm(enum.Enum):
# KMIP 1.0
MD2 = 0x00000001
MD4 = 0x00000002
MD5 = 0x00000003
SHA_1 = 0x00000004
SHA_224 = 0x00000005
SHA_256 = 0x00000006
SHA_384 = 0x00000007
SHA_512 = 0x00000008
RIPEMD_160 = 0x00000009
TIGER = 0x0000000A
WHIRLPOOL = 0x0000000B
# KMIP 1.2
SHA_512_224 = 0x0000000C
SHA_512_256 = 0x0000000D
# KMIP 1.4
SHA3_224 = 0x0000000E
SHA3_256 = 0x0000000F
SHA3_384 = 0x00000010
SHA3_512 = 0x00000011
class InteropFunction(enum.Enum):
# KMIP 2.0
BEGIN = 0x00000001
END = 0x00000002
RESET = 0x00000003
class ItemType(enum.Enum):
# KMIP 2.0
STRUCTURE = 0x00000001
INTEGER = 0x00000002
LONG_INTEGER = 0x00000003
BIG_INTEGER = 0x00000004
ENUMERATION = 0x00000005
BOOLEAN = 0x00000006
TEXT_STRING = 0x00000007
BYTE_STRING = 0x00000008
DATE_TIME = 0x00000009
INTERVAL = 0x0000000A
DATE_TIME_EXTENDED = 0x0000000B
class KeyCompressionType(enum.Enum):
# KMIP 1.0
EC_PUBLIC_KEY_TYPE_UNCOMPRESSED = 0x00000001
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_PRIME = 0x00000002
EC_PUBLIC_KEY_TYPE_X9_62_COMPRESSED_CHAR2 = 0x00000003
EC_PUBLIC_KEY_TYPE_X9_62_HYBRID = 0x00000004
class KeyFormatType(enum.Enum):
# KMIP 1.0
RAW = 0x00000001
OPAQUE = 0x00000002
PKCS_1 = 0x00000003
PKCS_8 = 0x00000004
X_509 = 0x00000005
EC_PRIVATE_KEY = 0x00000006
TRANSPARENT_SYMMETRIC_KEY = 0x00000007
TRANSPARENT_DSA_PRIVATE_KEY = 0x00000008
TRANSPARENT_DSA_PUBLIC_KEY = 0x00000009
TRANSPARENT_RSA_PRIVATE_KEY = 0x0000000A
TRANSPARENT_RSA_PUBLIC_KEY = 0x0000000B
TRANSPARENT_DH_PRIVATE_KEY = 0x0000000C
TRANSPARENT_DH_PUBLIC_KEY = 0x0000000D
TRANSPARENT_ECDSA_PRIVATE_KEY = 0x0000000E # Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0
TRANSPARENT_ECDSA_PUBLIC_KEY = 0x0000000F # Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0
TRANSPARENT_ECDH_PRIVATE_KEY = 0x00000010 # Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0
TRANSPARENT_ECDH_PUBLIC_KEY = 0x00000011 # Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0
TRANSPARENT_ECMQV_PRIVATE_KEY = 0x00000012 # Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0
TRANSPARENT_ECMQV_PUBLIC_KEY = 0x00000013 # Deprecated in KMIP 1.4, designated '(Reserved)' in KMIP 2.0
# KMIP 1.3
TRANSPARENT_EC_PRIVATE_KEY = 0x00000014
TRANSPARENT_EC_PUBLIC_KEY = 0x00000015
# KMIP 1.4
PKCS_12 = 0x00000016
class KeyRoleType(enum.Enum):
# KMIP 1.0
BDK = 0x00000001
CVK = 0x00000002
DEK = 0x00000003
MKAC = 0x00000004
MKSMC = 0x00000005
MKSMI = 0x00000006
MKDAC = 0x00000007
MKDN = 0x00000008
MKCP = 0x00000009
MKOTH = 0x0000000A
KEK = 0x0000000B
MAC_16609 = 0x0000000C
MAC_97971 = 0x0000000D
MAC_97972 = 0x0000000E
MAC_97973 = 0x0000000F
MAC_97974 = 0x00000010
MAC_97975 = 0x00000011
ZPK = 0x00000012
PVKIBM = 0x00000013
PVKPVV = 0x00000014
PVKOTH = 0x00000015
# KMIP 1.4
DUKPT = 0x00000016
IV = 0x00000017
TRKBK = 0x00000018
class KeyValueLocationType(enum.Enum):
# KMIP 1.2
UNINTERPRETED_TEXT_STRING = 0x00000001
URI = 0x00000002
class KeyWrapType(enum.Enum):
NOT_WRAPPED = 0x00000001
AS_REGISTERED = 0x00000002
class KMIPVersion(OrderedEnum):
KMIP_1_0 = 1.0
KMIP_1_1 = 1.1
KMIP_1_2 = 1.2
KMIP_1_3 = 1.3
KMIP_1_4 = 1.4
KMIP_2_0 = 2.0
class LinkType(enum.Enum):
# KMIP 1.0
CERTIFICATE_LINK = 0x00000101
PUBLIC_KEY_LINK = 0x00000102
PRIVATE_KEY_LINK = 0x00000103
DERIVATION_BASE_OBJECT_LINK = 0x00000104
DERIVED_KEY_LINK = 0x00000105
REPLACEMENT_OBJECT_LINK = 0x00000106
REPLACED_OBJECT_LINK = 0x00000107
# KMIP 1.2
PARENT_LINK = 0x00000108
CHILD_LINK = 0x00000109
PREVIOUS_LINK = 0x0000010A
NEXT_LINK = 0x0000010B
# KMIP 1.4
PKCS12_CERTIFICATE_LINK = 0x0000010C
PKCS12_PASSWORD_LINK = 0x0000010D
# KMIP 2.0
WRAPPING_KEY_LINK = 0x0000010E
class MaskGenerator(enum.Enum):
# KMIP 1.4
MGF1 = 0x00000001
class NameType(enum.Enum):
# KMIP 1.0
UNINTERPRETED_TEXT_STRING = 0x00000001
URI = 0x00000002
class NISTKeyType(enum.Enum):
# KMIP 2.0
PRIVATE_SIGNATURE_KEY = 0x00000001
PUBLIC_SIGNATURE_VERIFICATION_KEY = 0x00000002
SYMMETRIC_AUTHENTICATION_KEY = 0x00000003
PRIVATE_AUTHENTICATION_KEY = 0x00000004
PUBLIC_AUTHENTICATION_KEY = 0x00000005
SYMMETRIC_DATA_ENCRYPTION_KEY = 0x00000006
SYMMETRIC_KEY_WRAPPING_KEY = 0x00000007
SYMMETRIC_RANDOM_NUMBER_GENERATION_KEY = 0x00000008
SYMMETRIC_MASTER_KEY = 0x00000009
PRIVATE_KEY_TRANSPORT_KEY = 0x0000000A
PUBLIC_KEY_TRANSPORT_KEY = 0x0000000B
SYMMETRIC_KEY_AGREEMENT_KEY = 0x0000000C
PRIVATE_STATIC_KEY_AGREEMENT_KEY = 0x0000000D
PUBLIC_STATIC_KEY_AGREEMENT_KEY = 0x0000000E
PRIVATE_EPHEMERAL_KEY_AGREEMENT_KEY = 0x0000000F
PUBLIC_EPHEMERAL_KEY_AGREEMENT_KEY = 0x00000010
SYMMETRIC_AUTHORIZATION_KEY = 0x00000011
PRIVATE_AUTHORIZATION_KEY = 0x00000012
PUBLIC_AUTHORIZATION_KEY = 0x00000013
class ObjectGroupMember(enum.Enum):
# KMIP 1.1
GROUP_MEMBER_FRESH = 0x00000001
GROUP_MEMBER_DEFAULT = 0x00000002
class ObjectType(enum.Enum):
# KMIP 1.0
CERTIFICATE = 0x00000001
SYMMETRIC_KEY = 0x00000002
PUBLIC_KEY = 0x00000003
PRIVATE_KEY = 0x00000004
SPLIT_KEY = 0x00000005
TEMPLATE = 0x00000006 # Deprecated in KMIP 1.3, designated '(Reserved)' in KMIP 2.0
SECRET_DATA = 0x00000007
OPAQUE_DATA = 0x00000008
# KMIP 1.2
PGP_KEY = 0x00000009
# KMIP 2.0
CERTIFICATE_REQUEST = 0x0000000A
class OpaqueDataType(enum.Enum):
NONE = 0x80000000 # Not defined by the standard, but we need something.
# The standard does say that values starting 0x8xxxxxx
# are considered extensions
class Operation(enum.Enum):
# KMIP 1.0
CREATE = 0x00000001
CREATE_KEY_PAIR = 0x00000002
REGISTER = 0x00000003
REKEY = 0x00000004
DERIVE_KEY = 0x00000005
CERTIFY = 0x00000006
RECERTIFY = 0x00000007
LOCATE = 0x00000008
CHECK = 0x00000009
GET = 0x0000000A
GET_ATTRIBUTES = 0x0000000B
GET_ATTRIBUTE_LIST = 0x0000000C
ADD_ATTRIBUTE = 0x0000000D
MODIFY_ATTRIBUTE = 0x0000000E
DELETE_ATTRIBUTE = 0x0000000F
OBTAIN_LEASE = 0x00000010
GET_USAGE_ALLOCATION = 0x00000011
ACTIVATE = 0x00000012
REVOKE = 0x00000013
DESTROY = 0x00000014
ARCHIVE = 0x00000015
RECOVER = 0x00000016
VALIDATE = 0x00000017
QUERY = 0x00000018
CANCEL = 0x00000019
POLL = 0x0000001A
NOTIFY = 0x0000001B
PUT = 0x0000001C
# KMIP 1.1
REKEY_KEY_PAIR = 0x0000001D
DISCOVER_VERSIONS = 0x0000001E
# KMIP 1.2
ENCRYPT = 0x0000001F
DECRYPT = 0x00000020
SIGN = 0x00000021
SIGNATURE_VERIFY = 0x00000022
MAC = 0x00000023
MAC_VERIFY = 0x00000024
RNG_RETRIEVE = 0x00000025
RNG_SEED = 0x00000026
HASH = 0x00000027
CREATE_SPLIT_KEY = 0x00000028
JOIN_SPLIT_KEY = 0x00000029
# KMIP 1.4
IMPORT = 0x0000002A
EXPORT = 0x0000002B
# KMIP 2.0
LOG = 0x0000002C
LOGIN = 0x0000002D
LOGOUT = 0x0000002E
DELEGATED_LOGIN = 0x0000002F
ADJUST_ATTRIBUTE = 0x00000030
SET_ATTRIBUTE = 0x00000031
SET_ENDPOINT_ROLE = 0x00000032
PKCS_11 = 0x00000033
INTEROP = 0x00000034
REPROVISION = 0x00000035
class PaddingMethod(enum.Enum):
# KMIP 1.0
NONE = 0x00000001
OAEP = 0x00000002
PKCS5 = 0x00000003
SSL3 = 0x00000004
ZEROS = 0x00000005
ANSI_X923 = 0x00000006
ISO_10126 = 0x00000007
PKCS1v15 = 0x00000008
X931 = 0x00000009
PSS = 0x0000000A
class PKCS11Function(enum.Enum):
# KMIP 2.0
#
# These values are the 1-based offset count of the function in the
# CK_FUNCTION_LIST_3_0 structure as specified in the OASIS PKCS#11
# Cryptographic Token Interface Base Specification Version 3.0 document.
#
# The above document is not currently available, so this set of
# enumerations is intentionally left empty as a placeholder. It should
# be filled in in a future update.
PLACEHOLDER = 'Do not use this.'
class PKCS11ReturnCode(enum.Enum):
# KMIP 2.0
#
# These values are specified in the CK_RV values in the OASIS PKCS#11
# Cryptographic Token Interface Base Specification Version 3.0 document.
#
# The above document is not currently available, so this set of
# enumerations is intentionally left empty as a placeholder. It should
# be filled in in a future update.
PLACEHOLDER = 'Do not use this.'
class Policy(enum.Enum):
ALLOW_ALL = "Allow All"
ALLOW_OWNER = "Allow Owner"
DISALLOW_ALL = "Disallow All"
class ProfileName(enum.Enum):
# KMIP 1.3
BASELINE_SERVER_BASIC_KMIPv12 = 0x00000001
BASELINE_SERVER_TLSv12_KMIPv12 = 0x00000002
BASELINE_CLIENT_BASIC_KMIPv12 = 0x00000003
BASELINE_CLIENT_TLSv12_KMIPv12 = 0x00000004
COMPLETE_SERVER_BASIC_KMIPv12 = 0x00000005
COMPLETE_SERVER_TLSv12_KMIPv12 = 0x00000006
TAPE_LIBRARY_CLIENT_KMIPv10 = 0x00000007
TAPE_LIBRARY_CLIENT_KMIPv11 = 0x00000008
TAPE_LIBRARY_CLIENT_KMIPv12 = 0x00000009
TAPE_LIBRARY_SERVER_KMIPv10 = 0x0000000A
TAPE_LIBRARY_SERVER_KMIPv11 = 0x0000000B
TAPE_LIBRARY_SERVER_KMIPv12 = 0x0000000C
SYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv10 = 0x0000000D
SYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv11 = 0x0000000E
SYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv12 = 0x0000000F
SYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv10 = 0x00000010
SYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv11 = 0x00000011
SYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv12 = 0x00000012
ASYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv10 = 0x00000013
ASYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv11 = 0x00000014
ASYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv12 = 0x00000015
ASYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv10 = 0x00000016
ASYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv11 = 0x00000017
ASYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv12 = 0x00000018
BASIC_CRYPTOGRAPHIC_CLIENT_KMIPv12 = 0x00000019
BASIC_CRYPTOGRAPHIC_SERVER_KMIPv12 = 0x0000001A
ADVANCED_CRYPTOGRAPHIC_CLIENT_KMIPv12 = 0x0000001B
ADVANCED_CRYPTOGRAPHIC_SERVER_KMIPv12 = 0x0000001C
RNG_CRYPTOGRAPHIC_CLIENT_KMIPv12 = 0x0000001D
RNG_CRYPTOGRAPHIC_SERVER_KMIPv12 = 0x0000001E
BASIC_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv10 = 0x0000001F
INTERMEDIATE_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv10 = 0x00000020
ADVANCED_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv10 = 0x00000021
BASIC_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv11 = 0x00000022
INTERMEDIATE_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv11 = 0x00000023
ADVANCED_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv11 = 0x00000024
BASIC_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv12 = 0x00000025
INTERMEDIATE_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv12 = 0x00000026
ADVANCED_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv12 = 0x00000027
SYMMETRIC_KEY_FOUNDRY_SERVER_KMIPv10 = 0x00000028
SYMMETRIC_KEY_FOUNDRY_SERVER_KMIPv11 = 0x00000029
SYMMETRIC_KEY_FOUNDRY_SERVER_KMIPv12 = 0x0000002A
OPAQUE_MANAGED_OBJECT_STORE_CLIENT_KMIPv10 = 0x0000002B
OPAQUE_MANAGED_OBJECT_STORE_CLIENT_KMIPv11 = 0x0000002C
OPAQUE_MANAGED_OBJECT_STORE_CLIENT_KMIPv12 = 0x0000002D
OPAQUE_MANAGED_OBJECT_STORE_SERVER_KMIPv10 = 0x0000002E
OPAQUE_MANAGED_OBJECT_STORE_SERVER_KMIPv11 = 0x0000002F
OPAQUE_MANAGED_OBJECT_STORE_SERVER_KMIPv12 = 0x00000030
SUITE_B_MINLOS_128_CLIENT_KMIPv10 = 0x00000031
SUITE_B_MINLOS_128_CLIENT_KMIPv11 = 0x00000032
SUITE_B_MINLOS_128_CLIENT_KMIPv12 = 0x00000033
SUITE_B_MINLOS_128_SERVER_KMIPv10 = 0x00000034
SUITE_B_MINLOS_128_SERVER_KMIPv11 = 0x00000035
SUITE_B_MINLOS_128_SERVER_KMIPv12 = 0x00000036
SUITE_B_MINLOS_192_CLIENT_KMIPv10 = 0x00000037
SUITE_B_MINLOS_192_CLIENT_KMIPv11 = 0x00000038
SUITE_B_MINLOS_192_CLIENT_KMIPv12 = 0x00000039
SUITE_B_MINLOS_192_SERVER_KMIPv10 = 0x0000003A
SUITE_B_MINLOS_192_SERVER_KMIPv11 = 0x0000003B
SUITE_B_MINLOS_192_SERVER_KMIPv12 = 0x0000003C
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_CLIENT_KMIPv10 = 0x0000003D
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_CLIENT_KMIPv11 = 0x0000003E
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_CLIENT_KMIPv12 = 0x0000003F
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_SERVER_KMIPv10 = 0x00000040
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_SERVER_KMIPv11 = 0x00000041
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_SERVER_KMIPv12 = 0x00000042
HTTPS_CLIENT_KMIPv10 = 0x00000043
HTTPS_CLIENT_KMIPv11 = 0x00000044
HTTPS_CLIENT_KMIPv12 = 0x00000045
HTTPS_SERVER_KMIPv10 = 0x00000046
HTTPS_SERVER_KMIPv11 = 0x00000047
HTTPS_SERVER_KMIPv12 = 0x00000048
JSON_CLIENT_KMIPv10 = 0x00000049
JSON_CLIENT_KMIPv11 = 0x0000004A
JSON_CLIENT_KMIPv12 = 0x0000004B
JSON_SERVER_KMIPv10 = 0x0000004C
JSON_SERVER_KMIPv11 = 0x0000004D
JSON_SERVER_KMIPv12 = 0x0000004E
XML_CLIENT_KMIPv10 = 0x0000004F
XML_CLIENT_KMIPv11 = 0x00000050
XML_CLIENT_KMIPv12 = 0x00000051
XML_SERVER_KMIPv10 = 0x00000052
XML_SERVER_KMIPv11 = 0x00000053
XML_SERVER_KMIPv12 = 0x00000054
BASELINE_SERVER_BASIC_KMIPv13 = 0x00000055
BASELINE_SERVER_TLSv12_KMIPv13 = 0x00000056
BASELINE_CLIENT_BASIC_KMIPv13 = 0x00000057
BASELINE_CLIENT_TLSv12_KMIPv13 = 0x00000058
COMPLETE_SERVER_BASIC_KMIPv13 = 0x00000059
COMPLETE_SERVER_TLSv12_KMIPv13 = 0x0000005A
TAPE_LIBRARY_CLIENT_KMIPv13 = 0x0000005B
TAPE_LIBRARY_SERVER_KMIPv13 = 0x0000005C
SYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv13 = 0x0000005D
SYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv13 = 0x0000005E
ASYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv13 = 0x0000005F
ASYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv13 = 0x00000060
BASIC_CRYPTOGRAPHIC_CLIENT_KMIPv13 = 0x00000061
BASIC_CRYPTOGRAPHIC_SERVER_KMIPv13 = 0x00000062
ADVANCED_CRYPTOGRAPHIC_CLIENT_KMIPv13 = 0x00000063
ADVANCED_CRYPTOGRAPHIC_SERVER_KMIPv13 = 0x00000064
RNG_CRYPTOGRAPHIC_CLIENT_KMIPv13 = 0x00000065
RNG_CRYPTOGRAPHIC_SERVER_KMIPv13 = 0x00000066
BASIC_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv13 = 0x00000067
INTERMEDIATE_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv13 = 0x00000068
ADVANCED_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv13 = 0x00000069
SYMMETRIC_KEY_FOUNDRY_SERVER_KMIPv13 = 0x0000006A
OPAQUE_MANAGED_OBJECT_STORE_CLIENT_KMIPv13 = 0x0000006B
OPAQUE_MANAGED_OBJECT_STORE_SERVER_KMIPv13 = 0x0000006C
SUITE_B_MINLOS_128_CLIENT_KMIPv13 = 0x0000006D
SUITE_B_MINLOS_128_SERVER_KMIPv13 = 0x0000006E
SUITE_B_MINLOS_192_CLIENT_KMIPv13 = 0x0000006F
SUITE_B_MINLOS_192_SERVER_KMIPv13 = 0x00000070
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_CLIENT_KMIPv13 = 0x00000071
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_SERVER_KMIPv13 = 0x00000072
HTTPS_CLIENT_KMIPv13 = 0x00000073
HTTPS_SERVER_KMIPv13 = 0x00000074
JSON_CLIENT_KMIPv13 = 0x00000075
JSON_SERVER_KMIPv13 = 0x00000076
XML_CLIENT_KMIPv13 = 0x00000077
XML_SERVER_KMIPv13 = 0x00000078
# KMIP 1.4
BASELINE_SERVER_BASIC_KMIPv14 = 0x00000079
BASELINE_SERVER_TLSv12_KMIPv14 = 0x0000007A
BASELINE_CLIENT_BASIC_KMIPv14 = 0x0000007B
BASELINE_CLIENT_TLSv12_KMIPv14 = 0x0000007C
COMPLETE_SERVER_BASIC_KMIPv14 = 0x0000007D
COMPLETE_SERVER_TLSv12_KMIPv14 = 0x0000007E
TAPE_LIBRARY_CLIENT_KMIPv14 = 0x0000007F
TAPE_LIBRARY_SERVER_KMIPv14 = 0x00000080
SYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv14 = 0x00000081
SYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv14 = 0x00000082
ASYMMETRIC_KEY_LIFECYCLE_CLIENT_KMIPv14 = 0x00000083
ASYMMETRIC_KEY_LIFECYCLE_SERVER_KMIPv14 = 0x00000084
BASIC_CRYPTOGRAPHIC_CLIENT_KMIPv14 = 0x00000085
BASIC_CRYPTOGRAPHIC_SERVER_KMIPv14 = 0x00000086
ADVANCED_CRYPTOGRAPHIC_CLIENT_KMIPv14 = 0x00000087
ADVANCED_CRYPTOGRAPHIC_SERVER_KMIPv14 = 0x00000088
RNG_CRYPTOGRAPHIC_CLIENT_KMIPv14 = 0x00000089
RNG_CRYPTOGRAPHIC_SERVER_KMIPv14 = 0x0000008A
BASIC_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv14 = 0x0000008B
INTERMEDIATE_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv14 = 0x0000008C
ADVANCED_SYMMETRIC_KEY_FOUNDRY_CLIENT_KMIPv14 = 0x0000008D
SYMMETRIC_KEY_FOUNDRY_SERVER_KMIPv14 = 0x0000008E
OPAQUE_MANAGED_OBJECT_STORE_CLIENT_KMIPv14 = 0x0000008F
OPAQUE_MANAGED_OBJECT_STORE_SERVER_KMIPv14 = 0x00000090
SUITE_B_MINLOS_128_CLIENT_KMIPv14 = 0x00000091
SUITE_B_MINLOS_128_SERVER_KMIPv14 = 0x00000092
SUITE_B_MINLOS_192_CLIENT_KMIPv14 = 0x00000093
SUITE_B_MINLOS_192_SERVER_KMIPv14 = 0x00000094
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_CLIENT_KMIPv14 = 0x00000095
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_SERVER_KMIPv14 = 0x00000096
HTTPS_CLIENT_KMIPv14 = 0x00000097
HTTPS_SERVER_KMIPv14 = 0x00000098
JSON_CLIENT_KMIPv14 = 0x00000099
JSON_SERVER_KMIPv14 = 0x0000009A
XML_CLIENT_KMIPv14 = 0x0000009B
XML_SERVER_KMIPv14 = 0x0000009C
# KMIP 2.0 - All of the above are now designated '(Reserved)' in KMIP 2.0
COMPLETE_SERVER_BASIC = 0x00000104
COMPLETE_SERVER_TLSv12 = 0x00000105
TAPE_LIBRARY_CLIENT = 0x00000106
TAPE_LIBRARY_SERVER = 0x00000107
SYMMETRIC_KEY_LIFECYCLE_CLIENT = 0x00000108
SYMMETRIC_KEY_LIFECYCLE_SERVER = 0x00000109
ASYMMETRIC_KEY_LIFECYCLE_CLIENT = 0x0000010A
ASYMMETRIC_KEY_LIFECYCLE_SERVER = 0x0000010B
BASIC_CRYPTOGRAPHIC_CLIENT = 0x0000010C
BASIC_CRYPTOGRAPHIC_SERVER = 0x0000010D
ADVANCED_CRYPTOGRAPHIC_CLIENT = 0x0000010E
ADVANCED_CRYPTOGRAPHIC_SERVER = 0x0000010F
RNG_CRYPTOGRAPHIC_CLIENT = 0x00000110
RNG_CRYPTOGRAPHIC_SERVER = 0x00000111
BASIC_SYMMETRIC_KEY_FOUNDRY_CLIENT = 0x00000112
INTERMEDIATE_SYMMETRIC_KEY_FOUNDRY_CLIENT = 0x00000113
ADVANCED_SYMMETRIC_KEY_FOUNDRY_CLIENT = 0x00000114
SYMMETRIC_KEY_FOUNDRY_SERVER = 0x00000115
OPAQUE_MANAGED_OBJECT_STORE_CLIENT = 0x00000116
OPAQUE_MANAGED_OBJECT_STORE_SERVER = 0x00000117
SUITE_B_MINLOS_128_CLIENT = 0x00000118
SUITE_B_MINLOS_128_SERVER = 0x00000119
SUITE_B_MINLOS_192_CLIENT = 0x0000011A
SUITE_B_MINLOS_192_SERVER = 0x0000011B
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_CLIENT = 0x0000011C
STORAGE_ARRAY_WITH_SELF_ENCRYPTING_DRIVE_SERVER = 0x0000011D
HTTPS_CLIENT = 0x0000011E
HTTPS_SERVER = 0x0000011F
JSON_CLIENT = 0x00000120
JSON_SERVER = 0x00000121
XML_CLIENT = 0x00000122
XML_SERVER = 0x00000123
AES_XTS_CLIENT = 0x00000124
AES_XTS_SERVER = 0x00000125
QUANTUM_SAFE_CLIENT = 0x00000126
QUANTUM_SAFE_SERVER = 0x00000127
PKCS11_CLIENT = 0x00000128
PKCS11_SERVER = 0x00000129
BASELINE_CLIENT = 0x0000012A
BASELINE_SERVER = 0x0000012B
COMPLETE_SERVER = 0x0000012C
class ProtectionLevel(enum.Enum):
# KMIP 2.0
HIGH = 0x00000001
LOW = 0x00000002
class ProtectionStorageMask(enum.Enum):
# KMIP 2.0
SOFTWARE = 0x00000001
HARDWARE = 0x00000002
ON_PROCESSOR = 0x00000004
ON_SYSTEM = 0x00000008
OFF_SYSTEM = 0x00000010
HYPERVISOR = 0x00000020
OPERATING_SYSTEM = 0x00000040
CONTAINER = 0x00000080
ON_PREMISES = 0x00000100
OFF_PREMISES = 0x00000200
SELF_MANAGED = 0x00000400
OUTSOURCED = 0x00000800
VALIDATED = 0x00001000
SAME_JURISDICTION = 0x00002000
class PutFunction(enum.Enum):
# KMIP 1.0
NEW = 0x00000001
REPLACE = 0x00000002
class QueryFunction(enum.Enum):
# KMIP 1.0
QUERY_OPERATIONS = 0x00000001
QUERY_OBJECTS = 0x00000002
QUERY_SERVER_INFORMATION = 0x00000003
QUERY_APPLICATION_NAMESPACES = 0x00000004
# KMIP 1.1
QUERY_EXTENSION_LIST = 0x00000005
QUERY_EXTENSION_MAP = 0x00000006
# KMIP 1.2
QUERY_ATTESTATION_TYPES = 0x00000007
# KMIP 1.3
QUERY_RNGS = 0x00000008
QUERY_VALIDATIONS = 0x00000009
QUERY_PROFILES = 0x0000000A
QUERY_CAPABILITIES = 0x0000000B
QUERY_CLIENT_REGISTRATION_METHODS = 0x0000000C
# KMIP 2.0
QUERY_DEFAULTS_INFORMATION = 0x0000000D
QUERY_STORAGE_PROTECTION_MASKS = 0x0000000E
class RecommendedCurve(enum.Enum):
# KMIP 1.0
P_192 = 0x00000001
K_163 = 0x00000002
B_163 = 0x00000003
P_224 = 0x00000004
K_233 = 0x00000005
B_233 = 0x00000006
P_256 = 0x00000007
K_283 = 0x00000008
B_283 = 0x00000009
P_384 = 0x0000000A
K_409 = 0x0000000B
B_409 = 0x0000000C
P_521 = 0x0000000D
K_571 = 0x0000000E
B_571 = 0x0000000F
# KMIP 1.2
SECP112R1 = 0x00000010
SECP112R2 = 0x00000011
SECP128R1 = 0x00000012
SECP128R2 = 0x00000013
SECP160K1 = 0x00000014
SECP160R1 = 0x00000015
SECP160R2 = 0x00000016
SECP191K1 = 0x00000017
SECP224K1 = 0x00000018
SECP256K1 = 0x00000019
SECT113R1 = 0x0000001A
SECT113R2 = 0x0000001B
SECT131R1 = 0x0000001C
SECT131R2 = 0x0000001D
SECT163R1 = 0x0000001E
SECT193R1 = 0x0000001F
SECT193R2 = 0x00000020
SECT239K1 = 0x00000021
ANSIX9P192V2 = 0x00000022
ANSIX9P192V3 = 0x00000023
ANSIX9P239V1 = 0x00000024
ANSIX9P239V2 = 0x00000025
ANSIX9P239V3 = 0x00000026
ANSIX9C2PNB163V1 = 0x00000027
ANSIX9C2PNB163V2 = 0x00000028
ANSIX9C2PNB163V3 = 0x00000029
ANSIX9C2PNB176V1 = 0x0000002A
ANSIX9C2TNB191V1 = 0x0000002B
ANSIX9C2TNB191V2 = 0x0000002C
ANSIX9C2TNB191V3 = 0x0000002D
ANSIX9C2PNB208W1 = 0x0000002E
ANSIX9C2TNB239V1 = 0x0000002F
ANSIX9C2TNB239V2 = 0x00000030
ANSIX9C2TNB239V3 = 0x00000031
ANSIX9C2PNB272W1 = 0x00000032
ANSIX9C2PNB304W1 = 0x00000033
ANSIX9C2TNB359V1 = 0x00000034
ANSIX9C2PNB368W1 = 0x00000035
ANSIX9C2TNB431R1 = 0x00000036
BRAINPOOLP160R1 = 0x00000037
BRAINPOOLP160T1 = 0x00000038
BRAINPOOLP192R1 = 0x00000039
BRAINPOOLP192T1 = 0x0000003A
BRAINPOOLP224R1 = 0x0000003B
BRAINPOOLP224T1 = 0x0000003C
BRAINPOOLP256R1 = 0x0000003D
BRAINPOOLP256T1 = 0x0000003E
BRAINPOOLP320R1 = 0x0000003F
BRAINPOOLP320T1 = 0x00000040
BRAINPOOLP384R1 = 0x00000041
BRAINPOOLP384T1 = 0x00000042
BRAINPOOLP512R1 = 0x00000043
BRAINPOOLP512T1 = 0x00000044
# KMIP 2.0
CURVE25519 = 0x00000045
CURVE448 = 0x00000046
class ResultReason(enum.Enum):
# KMIP 1.0
ITEM_NOT_FOUND = 0x00000001
RESPONSE_TOO_LARGE = 0x00000002
AUTHENTICATION_NOT_SUCCESSFUL = 0x00000003
INVALID_MESSAGE = 0x00000004
OPERATION_NOT_SUPPORTED = 0x00000005
MISSING_DATA = 0x00000006
INVALID_FIELD = 0x00000007
FEATURE_NOT_SUPPORTED = 0x00000008
OPERATION_CANCELED_BY_REQUESTER = 0x00000009
CRYPTOGRAPHIC_FAILURE = 0x0000000A
ILLEGAL_OPERATION = 0x0000000B
PERMISSION_DENIED = 0x0000000C
OBJECT_ARCHIVED = 0x0000000D
INDEX_OUT_OF_BOUNDS = 0x0000000E
APPLICATION_NAMESPACE_NOT_SUPPORTED = 0x0000000F
KEY_FORMAT_TYPE_NOT_SUPPORTED = 0x00000010
KEY_COMPRESSION_TYPE_NOT_SUPPORTED = 0x00000011
ENCODING_OPTION_ERROR = 0x00000012
KEY_VALUE_NOT_PRESENT = 0x00000013
ATTESTATION_REQUIRED = 0x00000014
ATTESTATION_FAILED = 0x00000015
SENSITIVE = 0x00000016
NOT_EXTRACTABLE = 0x00000017
OBJECT_ALREADY_EXISTS = 0x00000018
GENERAL_FAILURE = 0x00000100
# KMIP 2.0
INVALID_TICKET = 0x00000019
USAGE_LIMIT_EXCEEDED = 0x0000001A
NUMERIC_RANGE = 0x0000001B
INVALID_DATA_TYPE = 0x0000001C
READ_ONLY_ATTRIBUTE = 0x0000001D
MULTI_VALUED_ATTRIBUTE = 0x0000001E
UNSUPPORTED_ATTRIBUTE = 0x0000001F
ATTRIBUTE_INSTANCE_NOT_FOUND = 0x00000020
ATTRIBUTE_NOT_FOUND = 0x00000021
ATTRIBUTE_READ_ONLY = 0x00000022
ATTRIBUTE_SINGLE_VALUED = 0x00000023
BAD_CRYPTOGRAPHIC_PARAMETERS = 0x00000024
BAD_PASSWORD = 0x00000025
CODEC_ERROR = 0x00000026
# 0x00000027 is designated '(Reserved)' in KMIP 2.0
ILLEGAL_OBJECT_TYPE = 0x00000028
INCOMPATIBLE_CRYPTOGRAPHIC_USAGE_MASK = 0x00000029
INTERNAL_SERVER_ERROR = 0x0000002A
INVALID_ASYNCHRONOUS_CORRELATION_VALUE = 0x0000002B
INVALID_ATTRIBUTE = 0x0000002C
INVALID_ATTRIBUTE_VALUE = 0x0000002D
INVALID_CORRELATION_VALUE = 0x0000002E
INVALID_CSR = 0x0000002F
INVALID_OBJECT_TYPE = 0x00000030
# 0x00000031 is designated '(Reserved)' in KMIP 2.0
KEY_WRAP_TYPE_NOT_SUPPORTED = 0x00000032
# 0x00000033 is designated '(Reserved)' in KMIP 2.0
MISSING_INITIALIZATION_VECTOR = 0x00000034
NON_UNIQUE_NAME_ATTRIBUTE = 0x00000035
OBJECT_DESTROYED = 0x00000036
OBJECT_NOT_FOUND = 0x00000037
# 0x00000038 is unassigned
NOT_AUTHORISED = 0x00000039
SERVER_LIMIT_EXCEEDED = 0x0000003A
UNKNOWN_ENUMERATION = 0x0000003B
UNKNOWN_MESSAGE_EXTENSION = 0x0000003C
UNKNOWN_TAG = 0x0000003D
UNSUPPORTED_CRYPTOGRAPHIC_PARAMETERS = 0x0000003E
UNSUPPORTED_PROTOCOL_VERSION = 0x0000003F
WRAPPING_OBJECT_ARCHIVED = 0x00000040
WRAPPING_OBJECT_DESTROYED = 0x00000041
WRAPPING_OBJECT_NOT_FOUND = 0x00000042
WRONG_KEY_LIFECYCLE_STATE = 0x00000043
PROTECTION_STORAGE_UNAVAILABLE = 0x00000044
PKCS11_CODEC_ERROR = 0x00000045
PKCS11_INVALID_FUNCTION = 0x00000046
PKCS11_INVALID_INTERFACE = 0x00000047
class ResultStatus(enum.Enum):
# KMIP 1.0
SUCCESS = 0x00000000
OPERATION_FAILED = 0x00000001
OPERATION_PENDING = 0x00000002
OPERATION_UNDONE = 0x00000003
class RevocationReasonCode(enum.Enum):
# KMIP 1.0
UNSPECIFIED = 0x00000001
KEY_COMPROMISE = 0x00000002
CA_COMPROMISE = 0x00000003
AFFILIATION_CHANGED = 0x00000004
SUPERSEDED = 0x00000005
CESSATION_OF_OPERATION = 0x00000006
PRIVILEGE_WITHDRAWN = 0x00000007
class RNGAlgorithm(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
FIPS186_2 = 0x00000002
DRBG = 0x00000003
NRBG = 0x00000004
ANSI_X931 = 0x00000005
ANSI_X962 = 0x00000006
class RNGMode(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
SHARED_INSTANTIATION = 0x00000002
NON_SHARED_INSTANTIATION = 0x00000003
class SecretDataType(enum.Enum):
# KMIP 1.0
PASSWORD = 0x00000001
SEED = 0x00000002
class ShreddingAlgorithm(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
CRYPTOGRAPHIC = 0x00000002
UNSUPPORTED = 0x00000003
class SplitKeyMethod(enum.Enum):
# KMIP 1.0
XOR = 0x00000001
POLYNOMIAL_SHARING_GF_2_16 = 0x00000002
POLYNOMIAL_SHARING_PRIME_FIELD = 0x00000003
# KMIP 1.2
POLYNOMIAL_SHARING_GF_2_8 = 0x00000004
class State(enum.Enum):
# KMIP 1.0
PRE_ACTIVE = 0x00000001
ACTIVE = 0x00000002
DEACTIVATED = 0x00000003
COMPROMISED = 0x00000004
DESTROYED = 0x00000005
DESTROYED_COMPROMISED = 0x00000006
class StorageStatusMask(enum.Enum):
# KMIP 1.0
ONLINE_STORAGE = 0x00000001
ARCHIVAL_STORAGE = 0x00000002
# KMIP 2.0
DESTROYED_STORAGE = 0x00000004
class Tags(enum.Enum):
DEFAULT = 0x420000 # Custom PyKMIP tag used as the global default
# KMIP 1.0
ACTIVATION_DATE = 0x420001
APPLICATION_DATA = 0x420002
APPLICATION_NAMESPACE = 0x420003
APPLICATION_SPECIFIC_INFORMATION = 0x420004
ARCHIVE_DATE = 0x420005
ASYNCHRONOUS_CORRELATION_VALUE = 0x420006
ASYNCHRONOUS_INDICATOR = 0x420007
ATTRIBUTE = 0x420008
ATTRIBUTE_INDEX = 0x420009 # Designated '(Reserved)' in KMIP 2.0
ATTRIBUTE_NAME = 0x42000A
ATTRIBUTE_VALUE = 0x42000B
AUTHENTICATION = 0x42000C
BATCH_COUNT = 0x42000D
BATCH_ERROR_CONTINUATION_OPTION = 0x42000E
BATCH_ITEM = 0x42000F
BATCH_ORDER_OPTION = 0x420010
BLOCK_CIPHER_MODE = 0x420011
CANCELLATION_RESULT = 0x420012
CERTIFICATE = 0x420013
CERTIFICATE_IDENTIFIER = 0x420014 # Deprecated, designated '(Reserved)' in KMIP 2.0
CERTIFICATE_ISSUER = 0x420015 # Deprecated, designated '(Reserved)' in KMIP 2.0
CERTIFICATE_ISSUER_ALTERNATIVE_NAME = 0x420016 # Deprecated, designated '(Reserved)' in KMIP 2.0
CERTIFICATE_ISSUER_DISTINGUISHED_NAME = 0x420017 # Deprecated, designated '(Reserved)' in KMIP 2.0
CERTIFICATE_REQUEST = 0x420018
CERTIFICATE_REQUEST_TYPE = 0x420019
CERTIFICATE_SUBJECT = 0x42001A # Deprecated, designated '(Reserved)' in KMIP 2.0
CERTIFICATE_SUBJECT_ALTERNATIVE_NAME = 0x42001B # Deprecated, designated '(Reserved)' in KMIP 2.0
CERTIFICATE_SUBJECT_DISTINGUISHED_NAME = 0x42001C # Deprecated, designated '(Reserved)' in KMIP 2.0
CERTIFICATE_TYPE = 0x42001D
CERTIFICATE_VALUE = 0x42001E
COMMON_TEMPLATE_ATTRIBUTE = 0x42001F # Designated '(Reserved)' in KMIP 2.0
COMPROMISE_DATE = 0x420020
COMPROMISE_OCCURRENCE_DATE = 0x420021
CONTACT_INFORMATION = 0x420022
CREDENTIAL = 0x420023
CREDENTIAL_TYPE = 0x420024
CREDENTIAL_VALUE = 0x420025
CRITICALITY_INDICATOR = 0x420026
CRT_COEFFICIENT = 0x420027
CRYPTOGRAPHIC_ALGORITHM = 0x420028
CRYPTOGRAPHIC_DOMAIN_PARAMETERS = 0x420029
CRYPTOGRAPHIC_LENGTH = 0x42002A
CRYPTOGRAPHIC_PARAMETERS = 0x42002B
CRYPTOGRAPHIC_USAGE_MASK = 0x42002C
CUSTOM_ATTRIBUTE = 0x42002D # Designated '(Reserved)' in KMIP 2.0
D = 0x42002E
DEACTIVATION_DATE = 0x42002F
DERIVATION_DATA = 0x420030
DERIVATION_METHOD = 0x420031
DERIVATION_PARAMETERS = 0x420032
DESTROY_DATE = 0x420033
DIGEST = 0x420034
DIGEST_VALUE = 0x420035
ENCRYPTION_KEY_INFORMATION = 0x420036
G = 0x420037
HASHING_ALGORITHM = 0x420038
INITIAL_DATE = 0x420039
INITIALIZATION_VECTOR = 0x42003A
ISSUER = 0x42003B # Deprecated, designated '(Reserved)' in KMIP 2.0
ITERATION_COUNT = 0x42003C
IV_COUNTER_NONCE = 0x42003D
J = 0x42003E
KEY = 0x42003F
KEY_BLOCK = 0x420040
KEY_COMPRESSION_TYPE = 0x420041
KEY_FORMAT_TYPE = 0x420042
KEY_MATERIAL = 0x420043
KEY_PART_IDENTIFIER = 0x420044
KEY_VALUE = 0x420045
KEY_WRAPPING_DATA = 0x420046
KEY_WRAPPING_SPECIFICATION = 0x420047
LAST_CHANGE_DATE = 0x420048
LEASE_TIME = 0x420049
LINK = 0x42004A
LINK_TYPE = 0x42004B
LINKED_OBJECT_IDENTIFIER = 0x42004C
MAC_SIGNATURE = 0x42004D
MAC_SIGNATURE_KEY_INFORMATION = 0x42004E
MAXIMUM_ITEMS = 0x42004F
MAXIMUM_RESPONSE_SIZE = 0x420050
MESSAGE_EXTENSION = 0x420051
MODULUS = 0x420052
NAME = 0x420053
NAME_TYPE = 0x420054
NAME_VALUE = 0x420055
OBJECT_GROUP = 0x420056
OBJECT_TYPE = 0x420057
OFFSET = 0x420058
OPAQUE_DATA_TYPE = 0x420059
OPAQUE_DATA_VALUE = 0x42005A
OPAQUE_OBJECT = 0x42005B
OPERATION = 0x42005C
OPERATION_POLICY_NAME = 0x42005D # Designated '(Reserved)' in KMIP 2.0
P = 0x42005E
PADDING_METHOD = 0x42005F
PRIME_EXPONENT_P = 0x420060
PRIME_EXPONENT_Q = 0x420061
PRIME_FIELD_SIZE = 0x420062
PRIVATE_EXPONENT = 0x420063
PRIVATE_KEY = 0x420064
PRIVATE_KEY_TEMPLATE_ATTRIBUTE = 0x420065 # Designated '(Reserved)' in KMIP 2.0
PRIVATE_KEY_UNIQUE_IDENTIFIER = 0x420066
PROCESS_START_DATE = 0x420067
PROTECT_STOP_DATE = 0x420068
PROTOCOL_VERSION = 0x420069
PROTOCOL_VERSION_MAJOR = 0x42006A
PROTOCOL_VERSION_MINOR = 0x42006B
PUBLIC_EXPONENT = 0x42006C
PUBLIC_KEY = 0x42006D
PUBLIC_KEY_TEMPLATE_ATTRIBUTE = 0x42006E # Designated '(Reserved)' in KMIP 2.0
PUBLIC_KEY_UNIQUE_IDENTIFIER = 0x42006F
PUT_FUNCTION = 0x420070
Q = 0x420071
Q_STRING = 0x420072
QLENGTH = 0x420073
QUERY_FUNCTION = 0x420074
RECOMMENDED_CURVE = 0x420075
REPLACED_UNIQUE_IDENTIFIER = 0x420076
REQUEST_BATCH_ITEM = 0x42000F
REQUEST_HEADER = 0x420077
REQUEST_MESSAGE = 0x420078
REQUEST_PAYLOAD = 0x420079
RESPONSE_BATCH_ITEM = 0x42000F
RESPONSE_HEADER = 0x42007A
RESPONSE_MESSAGE = 0x42007B
RESPONSE_PAYLOAD = 0x42007C
RESULT_MESSAGE = 0x42007D
RESULT_REASON = 0x42007E
RESULT_STATUS = 0x42007F
REVOCATION_MESSAGE = 0x420080
REVOCATION_REASON = 0x420081
REVOCATION_REASON_CODE = 0x420082
KEY_ROLE_TYPE = 0x420083
SALT = 0x420084
SECRET_DATA = 0x420085
SECRET_DATA_TYPE = 0x420086
SERIAL_NUMBER = 0x420087 # Deprecated, designated '(Reserved)' in KMIP 2.0
SERVER_INFORMATION = 0x420088
SPLIT_KEY = 0x420089
SPLIT_KEY_METHOD = 0x42008A
SPLIT_KEY_PARTS = 0x42008B
SPLIT_KEY_THRESHOLD = 0x42008C
STATE = 0x42008D
STORAGE_STATUS_MASK = 0x42008E
SYMMETRIC_KEY = 0x42008F
TEMPLATE = 0x420090 # Designated '(Reserved)' in KMIP 2.0
TEMPLATE_ATTRIBUTE = 0x420091 # Designated '(Reserved)' in KMIP 2.0
TIME_STAMP = 0x420092
UNIQUE_BATCH_ITEM_ID = 0x420093
UNIQUE_IDENTIFIER = 0x420094
USAGE_LIMITS = 0x420095
USAGE_LIMITS_COUNT = 0x420096
USAGE_LIMITS_TOTAL = 0x420097
USAGE_LIMITS_UNIT = 0x420098
USERNAME = 0x420099
VALIDITY_DATE = 0x42009A
VALIDITY_INDICATOR = 0x42009B
VENDOR_EXTENSION = 0x42009C
VENDOR_IDENTIFICATION = 0x42009D
WRAPPING_METHOD = 0x42009E
X = 0x42009F
Y = 0x4200A0
PASSWORD = 0x4200A1
# KMIP 1.1
DEVICE_IDENTIFIER = 0x4200A2
ENCODING_OPTION = 0x4200A3
EXTENSION_INFORMATION = 0x4200A4
EXTENSION_NAME = 0x4200A5
EXTENSION_TAG = 0x4200A6
EXTENSION_TYPE = 0x4200A7
FRESH = 0x4200A8
MACHINE_IDENTIFIER = 0x4200A9
MEDIA_IDENTIFIER = 0x4200AA
NETWORK_IDENTIFIER = 0x4200AB
OBJECT_GROUP_MEMBER = 0x4200AC
CERTIFICATE_LENGTH = 0x4200AD
DIGITAL_SIGNATURE_ALGORITHM = 0x4200AE
CERTIFICATE_SERIAL_NUMBER = 0x4200AF
DEVICE_SERIAL_NUMBER = 0x4200B0
ISSUER_ALTERNATIVE_NAME = 0x4200B1
ISSUER_DISTINGUISHED_NAME = 0x4200B2
SUBJECT_ALTERNATIVE_NAME = 0x4200B3
SUBJECT_DISTINGUISHED_NAME = 0x4200B4
X_509_CERTIFICATE_IDENTIFIER = 0x4200B5
X_509_CERTIFICATE_ISSUER = 0x4200B6
X_509_CERTIFICATE_SUBJECT = 0x4200B7
# KMIP 1.2
KEY_VALUE_LOCATION = 0x4200B8
KEY_VALUE_LOCATION_VALUE = 0x4200B9
KEY_VALUE_LOCATION_TYPE = 0x4200BA
KEY_VALUE_PRESENT = 0x4200BB
ORIGINAL_CREATION_DATE = 0x4200BC
PGP_KEY = 0x4200BD
PGP_KEY_VERSION = 0x4200BE
ALTERNATIVE_NAME = 0x4200BF
ALTERNATIVE_NAME_VALUE = 0x4200C0
ALTERNATIVE_NAME_TYPE = 0x4200C1
DATA = 0x4200C2
SIGNATURE_DATA = 0x4200C3
DATA_LENGTH = 0x4200C4
RANDOM_IV = 0x4200C5
MAC_DATA = 0x4200C6
ATTESTATION_TYPE = 0x4200C7
NONCE = 0x4200C8
NONCE_ID = 0x4200C9
NONCE_VALUE = 0x4200CA
ATTESTATION_MEASUREMENT = 0x4200CB
ATTESTATION_ASSERTION = 0x4200CC
IV_LENGTH = 0x4200CD
TAG_LENGTH = 0x4200CE
FIXED_FIELD_LENGTH = 0x4200CF
COUNTER_LENGTH = 0x4200D0
INITIAL_COUNTER_VALUE = 0x4200D1
INVOCATION_FIELD_LENGTH = 0x4200D2
ATTESTATION_CAPABLE_INDICATOR = 0x4200D3
# KMIP 1.3
OFFSET_ITEMS = 0x4200D4
LOCATED_ITEMS = 0x4200D5
CORRELATION_VALUE = 0x4200D6
INIT_INDICATOR = 0x4200D7
FINAL_INDICATOR = 0x4200D8
RNG_PARAMETERS = 0x4200D9
RNG_ALGORITHM = 0x4200DA
DRBG_ALGORITHM = 0x4200DB
FIPS186_VARIATION = 0x4200DC
PREDICTION_RESISTANCE = 0x4200DD
RANDOM_NUMBER_GENERATOR = 0x4200DE
VALIDATION_INFORMATION = 0x4200DF
VALIDATION_AUTHORITY_TYPE = 0x4200E0
VALIDATION_AUTHORITY_COUNTRY = 0x4200E1
VALIDATION_AUTHORITY_URI = 0x4200E2
VALIDATION_VERSION_MAJOR = 0x4200E3
VALIDATION_VERSION_MINOR = 0x4200E4
VALIDATION_TYPE = 0x4200E5
VALIDATION_LEVEL = 0x4200E6
VALIDATION_CERTIFICATE_IDENTIFIER = 0x4200E7
VALIDATION_CERTIFICATE_URI = 0x4200E8
VALIDATION_VENDOR_URI = 0x4200E9
VALIDATION_PROFILE = 0x4200EA
PROFILE_INFORMATION = 0x4200EB
PROFILE_NAME = 0x4200EC
SERVER_URI = 0x4200ED
SERVER_PORT = 0x4200EE
STREAMING_CAPABILITY = 0x4200EF
ASYNCHRONOUS_CAPABILITY = 0x4200F0
ATTESTATION_CAPABILITY = 0x4200F1
UNWRAP_MODE = 0x4200F2
DESTROY_ACTION = 0x4200F3
SHREDDING_ALGORITHM = 0x4200F4
RNG_MODE = 0x4200F5
CLIENT_REGISTRATION_METHOD = 0x4200F6
CAPABILITY_INFORMATION = 0x4200F7
# KMIP 1.4
KEY_WRAP_TYPE = 0x4200F8
BATCH_UNDO_CAPABILITY = 0x4200F9
BATCH_CONTINUE_CAPABILITY = 0x4200FA
PKCS12_FRIENDLY_NAME = 0x4200FB
DESCRIPTION = 0x4200FC
COMMENT = 0x4200FD
AUTHENTICATED_ENCRYPTION_ADDITIONAL_DATA = 0x4200FE
AUTHENTICATED_ENCRYPTION_TAG = 0x4200FF
SALT_LENGTH = 0x420100
MASK_GENERATOR = 0x420101
MASK_GENERATOR_HASHING_ALGORITHM = 0x420102
P_SOURCE = 0x420103
TRAILER_FIELD = 0x420104
CLIENT_CORRELATION_VALUE = 0x420105
SERVER_CORRELATION_VALUE = 0x420106
DIGESTED_DATA = 0x420107
CERTIFICATE_SUBJECT_CN = 0x420108
CERTIFICATE_SUBJECT_O = 0x420109
CERTIFICATE_SUBJECT_OU = 0x42010A
CERTIFICATE_SUBJECT_EMAIL = 0x42010B
CERTIFICATE_SUBJECT_C = 0x42010C
CERTIFICATE_SUBJECT_ST = 0x42010D
CERTIFICATE_SUBJECT_L = 0x42010E
CERTIFICATE_SUBJECT_UID = 0x42010F
CERTIFICATE_SUBJECT_SERIAL_NUMBER = 0x420110
CERTIFICATE_SUBJECT_TITLE = 0x420111
CERTIFICATE_SUBJECT_DC = 0x420112
CERTIFICATE_SUBJECT_DN_QUALIFIER = 0x420113
CERTIFICATE_ISSUER_CN = 0x420114
CERTIFICATE_ISSUER_O = 0x420115
CERTIFICATE_ISSUER_OU = 0x420116
CERTIFICATE_ISSUER_EMAIL = 0x420117
CERTIFICATE_ISSUER_C = 0x420118
CERTIFICATE_ISSUER_ST = 0x420119
CERTIFICATE_ISSUER_L = 0x42011A
CERTIFICATE_ISSUER_UID = 0x42011B
CERTIFICATE_ISSUER_SERIAL_NUMBER = 0x42011C
CERTIFICATE_ISSUER_TITLE = 0x42011D
CERTIFICATE_ISSUER_DC = 0x42011E
CERTIFICATE_ISSUER_DN_QUALIFIER = 0x42011F
SENSITIVE = 0x420120
ALWAYS_SENSITIVE = 0x420121
EXTRACTABLE = 0x420122
NEVER_EXTRACTABLE = 0x420123
REPLACE_EXISTING = 0x420124
# KMIP 2.0
ATTRIBUTES = 0x420125
COMMON_ATTRIBUTES = 0x420126
PRIVATE_KEY_ATTRIBUTES = 0x420127
PUBLIC_KEY_ATTRIBUTES = 0x420128
EXTENSION_ENUMERATION = 0x420129
EXTENSION_ATTRIBUTE = 0x42012A
EXTENSION_PARENT_STRUCTURE_TAG = 0x42012B
EXTENSION_DESCRIPTION = 0x42012C
SERVER_NAME = 0x42012D
SERVER_SERIAL_NUMBER = 0x42012E
SERVER_VERSION = 0x42012F
SERVER_LOAD = 0x420130
PRODUCT_NAME = 0x420131
BUILD_LEVEL = 0x420132
BUILD_DATE = 0x420133
CLUSTER_INFO = 0x420134
ALTERNATE_FAILOVER_ENDPOINTS = 0x420135
SHORT_UNIQUE_IDENTIFIER = 0x420136
RESERVED = 0x420137
TAG = 0x420138
CERTIFICATE_REQUEST_UNIQUE_IDENTIFIER = 0x420139
NIST_KEY_TYPE = 0x42013A
ATTRIBUTE_REFERENCE = 0x42013B
CURRENT_ATTRIBUTE = 0x42013C
NEW_ATTRIBUTE = 0x42013D
# 0x42013E is designated '(Reserved)' in KMIP 2.0
# 0x42013F is designated '(Reserved)' in KMIP 2.0
CERTIFICATE_REQUEST_VALUE = 0x420140
LOG_MESSAGE = 0x420141
PROFILE_VERSION = 0x420142
PROFILE_VERSION_MAJOR = 0x420143
PROFILE_VERSION_MINOR = 0x420144
PROTECTION_LEVEL = 0x420145
PROTECTION_PERIOD = 0x420146
QUANTUM_SAFE = 0x420147
QUANTUM_SAFE_CAPABILITY = 0x420148
TICKET = 0x420149
TICKET_TYPE = 0x42014A
TICKET_VALUE = 0x42014B
REQUEST_COUNT = 0x42014C
RIGHTS = 0x42014D
OBJECTS = 0x42014E
OPERATIONS = 0x42014F
RIGHT = 0x420150
ENDPOINT_ROLE = 0x420151
DEFAULTS_INFORMATION = 0x420152
OBJECT_DEFAULTS = 0x420153
EPHEMERAL = 0x420154
SERVER_HASHED_PASSWORD = 0x420155
ONE_TIME_PASSWORD = 0x420156
HASHED_PASSWORD = 0x420157
ADJUSTMENT_TYPE = 0x420158
PKCS11_INTERFACE = 0x420159
PKCS11_FUNCTION = 0x42015A
PKCS11_INPUT_PARAMETERS = 0x42015B
PKCS11_OUTPUT_PARAMETERS = 0x42015C
PKCS11_RETURN_CODE = 0x42015D
PROTECTION_STORAGE_MASK = 0x42015E
PROTECTION_STORAGE_MASKS = 0x42015F
INTEROP_FUNCTION = 0x420160
INTEROP_IDENTIFIER = 0x420161
ADJUSTMENT_VALUE = 0x420162
COMMON_PROTECTION_STORAGE_MASKS = 0x420163
PRIVATE_PROTECTION_STORAGE_MASKS = 0x420164
PUBLIC_PROTECTION_STORAGE_MASKS = 0x420165
class TicketType(enum.Enum):
# KMIP 2.0
LOGIN = 0x00000001
class Types(enum.Enum):
DEFAULT = 0x00
STRUCTURE = 0x01
INTEGER = 0x02
LONG_INTEGER = 0x03
BIG_INTEGER = 0x04
ENUMERATION = 0x05
BOOLEAN = 0x06
TEXT_STRING = 0x07
BYTE_STRING = 0x08
DATE_TIME = 0x09
INTERVAL = 0x0A
class UniqueIdentifier(enum.Enum):
# KMIP 2.0
ID_PLACEHOLDER = 0x00000001
CERTIFY = 0x00000002
CREATE = 0x00000003
CREATE_KEY_PAIR = 0x00000004
CREATE_KEY_PAIR_PRIVATE_KEY = 0x00000005
CREATE_KEY_PAIR_PUBLIC_KEY = 0x00000006
CREATE_SPLIT_KEY = 0x00000007
DERIVE_KEY = 0x00000008
IMPORT = 0x00000009
JOIN_SPLIT_KEY = 0x0000000A
LOCATE = 0x0000000B
REGISTER = 0x0000000C
REKEY = 0x0000000D
RECERTIFY = 0x0000000E
REKEY_KEY_PAIR = 0x0000000F
REKEY_KEY_PAIR_PRIVATE_KEY = 0x00000010
REKEY_KEY_PAIR_PUBLIC_KEY = 0x00000011
class UnwrapMode(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
PROCESSED = 0x00000002
NOT_PROCESSED = 0x00000003
class UsageLimitsUnit(enum.Enum):
# KMIP 1.0
BYTE = 0x00000001
OBJECT = 0x00000002
class ValidationAuthorityType(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
NIST_CMVP = 0x00000002
COMMON_CRITERIA = 0x00000003
class ValidationType(enum.Enum):
# KMIP 1.3
UNSPECIFIED = 0x00000001
HARDWARE = 0x00000002
SOFTWARE = 0x00000003
FIRMWARE = 0x00000004
HYBRID = 0x00000005
class ValidityIndicator(enum.Enum):
# KMIP 1.0
VALID = 0x00000001
INVALID = 0x00000002
UNKNOWN = 0x00000003
class WrappingMethod(enum.Enum):
# KMIP 1.0
ENCRYPT = 0x00000001
MAC_SIGN = 0x00000002
ENCRYPT_THEN_MAC_SIGN = 0x00000003
MAC_SIGN_THEN_ENCRYPT = 0x00000004
TR_31 = 0x00000005
attribute_name_tag_table = [
("Activation Date", Tags.ACTIVATION_DATE),
("Alternative Name", Tags.ALTERNATIVE_NAME),
("Always Sensitive", Tags.ALWAYS_SENSITIVE),
("Application Specific Information", Tags.APPLICATION_SPECIFIC_INFORMATION),
("Archive Date", Tags.ARCHIVE_DATE),
("Attribute", Tags.ATTRIBUTE),
("Certificate Identifier", Tags.CERTIFICATE_IDENTIFIER),
("Certificate Issuer", Tags.CERTIFICATE_ISSUER),
("Certificate Issuer C", Tags.CERTIFICATE_ISSUER_C),
("Certificate Issuer CN", Tags.CERTIFICATE_ISSUER_CN),
("Certificate Issuer DC", Tags.CERTIFICATE_ISSUER_DC),
("Certificate Issuer DN Qualifier", Tags.CERTIFICATE_ISSUER_DN_QUALIFIER),
("Certificate Issuer Email", Tags.CERTIFICATE_ISSUER_EMAIL),
("Certificate Issuer L", Tags.CERTIFICATE_ISSUER_L),
("Certificate Issuer O", Tags.CERTIFICATE_ISSUER_O),
("Certificate Issuer OU", Tags.CERTIFICATE_ISSUER_OU),
("Certificate Issuer Serial Number", Tags.CERTIFICATE_ISSUER_SERIAL_NUMBER),
("Certificate Issuer ST", Tags.CERTIFICATE_ISSUER_ST),
("Certificate Issuer Title", Tags.CERTIFICATE_ISSUER_TITLE),
("Certificate Issuer UID", Tags.CERTIFICATE_ISSUER_UID),
("Certificate Length", Tags.CERTIFICATE_LENGTH),
("Certificate Subject", Tags.CERTIFICATE_SUBJECT),
("Certificate Subject C", Tags.CERTIFICATE_SUBJECT_C),
("Certificate Subject CN", Tags.CERTIFICATE_SUBJECT_CN),
("Certificate Subject DC", Tags.CERTIFICATE_SUBJECT_DC),
("Certificate Subject DN Qualifier", Tags.CERTIFICATE_SUBJECT_DN_QUALIFIER),
("Certificate Subject Email", Tags.CERTIFICATE_SUBJECT_EMAIL),
("Certificate Subject L", Tags.CERTIFICATE_SUBJECT_L),
("Certificate Subject O", Tags.CERTIFICATE_SUBJECT_O),
("Certificate Subject OU", Tags.CERTIFICATE_SUBJECT_OU),
("Certificate Subject Serial Number", Tags.CERTIFICATE_SUBJECT_SERIAL_NUMBER),
("Certificate Subject ST", Tags.CERTIFICATE_SUBJECT_ST),
("Certificate Subject Title", Tags.CERTIFICATE_SUBJECT_TITLE),
("Certificate Subject UID", Tags.CERTIFICATE_SUBJECT_UID),
("Certificate Type", Tags.CERTIFICATE_TYPE),
("Comment", Tags.COMMENT),
("Compromise Date", Tags.COMPROMISE_DATE),
("Compromise Occurrence Date", Tags.COMPROMISE_OCCURRENCE_DATE),
("Contact Information", Tags.CONTACT_INFORMATION),
("Cryptographic Algorithm", Tags.CRYPTOGRAPHIC_ALGORITHM),
("Cryptographic Domain Parameters", Tags.CRYPTOGRAPHIC_DOMAIN_PARAMETERS),
("Cryptographic Length", Tags.CRYPTOGRAPHIC_LENGTH),
("Cryptographic Parameters", Tags.CRYPTOGRAPHIC_PARAMETERS),
("Cryptographic Usage Mask", Tags.CRYPTOGRAPHIC_USAGE_MASK),
("Custom Attribute", Tags.CUSTOM_ATTRIBUTE),
("Deactivation Date", Tags.DEACTIVATION_DATE),
("Description", Tags.DESCRIPTION),
("Destroy Date", Tags.DESTROY_DATE),
("Digest", Tags.DIGEST),
("Digital Signature Algorithm", Tags.DIGITAL_SIGNATURE_ALGORITHM),
("Extractable", Tags.EXTRACTABLE),
("Fresh", Tags.FRESH),
("Initial Date", Tags.INITIAL_DATE),
("Key Format Type", Tags.KEY_FORMAT_TYPE),
("Key Value Location", Tags.KEY_VALUE_LOCATION),
("Key Value Present", Tags.KEY_VALUE_PRESENT),
("Last Change Date", Tags.LAST_CHANGE_DATE),
("Lease Time", Tags.LEASE_TIME),
("Link", Tags.LINK),
("Name", Tags.NAME),
("Never Extractable", Tags.NEVER_EXTRACTABLE),
("NIST Key Type", Tags.NIST_KEY_TYPE),
("Object Group", Tags.OBJECT_GROUP),
("Object Type", Tags.OBJECT_TYPE),
("Opaque Data Type", Tags.OPAQUE_DATA_TYPE),
("Operation Policy Name", Tags.OPERATION_POLICY_NAME),
("Original Creation Date", Tags.ORIGINAL_CREATION_DATE),
("PKCS#12 Friendly Name", Tags.PKCS12_FRIENDLY_NAME),
("Process Start Date", Tags.PROCESS_START_DATE),
("Protect Stop Date", Tags.PROTECT_STOP_DATE),
("Protection Level", Tags.PROTECTION_LEVEL),
("Protection Period", Tags.PROTECTION_PERIOD),
("Protection Storage Mask", Tags.PROTECTION_STORAGE_MASK),
("Quantum Safe", Tags.QUANTUM_SAFE),
("Random Number Generator", Tags.RANDOM_NUMBER_GENERATOR),
("Revocation Reason", Tags.REVOCATION_REASON),
("Sensitive", Tags.SENSITIVE),
("Short Unique Identifier", Tags.SHORT_UNIQUE_IDENTIFIER),
("State", Tags.STATE),
("Unique Identifier", Tags.UNIQUE_IDENTIFIER),
("Usage Limits", Tags.USAGE_LIMITS),
("X.509 Certificate Identifier", Tags.X_509_CERTIFICATE_IDENTIFIER),
("X.509 Certificate Issuer", Tags.X_509_CERTIFICATE_ISSUER),
("X.509 Certificate Subject", Tags.X_509_CERTIFICATE_SUBJECT)
]
def convert_attribute_name_to_tag(value):
"""
A utility function that converts an attribute name string into the
corresponding attribute tag.
For example: 'State' -> enums.Tags.STATE
Args:
value (string): The string name of the attribute.
Returns:
enum: The Tags enumeration value that corresponds to the attribute
name string.
Raises:
ValueError: if the attribute name string is not a string or if it is
an unrecognized attribute name
"""
if not isinstance(value, six.string_types):
raise ValueError("The attribute name must be a string.")
for entry in attribute_name_tag_table:
if value == entry[0]:
return entry[1]
raise ValueError("Unrecognized attribute name: '{}'".format(value))
def convert_attribute_tag_to_name(value):
"""
A utility function that converts an attribute tag into the corresponding
attribute name string.
For example: enums.Tags.STATE -> 'State'
Args:
value (enum): The Tags enumeration value of the attribute.
Returns:
string: The attribute name string that corresponds to the attribute
tag.
Raises:
ValueError: if the attribute tag is not a Tags enumeration or if it
is unrecognized attribute tag
"""
if not isinstance(value, Tags):
raise ValueError("The attribute tag must be a Tags enumeration.")
for entry in attribute_name_tag_table:
if value == entry[1]:
return entry[0]
raise ValueError("Unrecognized attribute tag: {}".format(value))
def get_bit_mask_from_enumerations(enumerations):
"""
A utility function that computes a bit mask from a collection of
enumeration values.
Args:
enumerations (list): A list of enumeration values to be combined in a
composite bit mask.
Returns:
int: The composite bit mask.
"""
return functools.reduce(
lambda x, y: x | y, [z.value for z in enumerations]
)
def get_enumerations_from_bit_mask(enumeration, mask):
"""
A utility function that creates a list of enumeration values from a bit
mask for a specific mask enumeration class.
Args:
enumeration (class): The enumeration class from which to draw
enumeration values.
mask (int): The bit mask from which to identify enumeration values.
Returns:
list: A list of enumeration values corresponding to the bit mask.
"""
return [x for x in enumeration if (x.value & mask) == x.value]
def is_bit_mask(enumeration, potential_mask):
"""
A utility function that checks if the provided value is a composite bit
mask of enumeration values in the specified enumeration class.
Args:
enumeration (class): One of the mask enumeration classes found in this
file. These include:
* Cryptographic Usage Mask
* Protection Storage Mask
* Storage Status Mask
potential_mask (int): A potential bit mask composed of enumeration
values belonging to the enumeration class.
Returns:
True: if the potential mask is a valid bit mask of the mask enumeration
False: otherwise
"""
if not isinstance(potential_mask, six.integer_types):
return False
mask_enumerations = (
CryptographicUsageMask,
ProtectionStorageMask,
StorageStatusMask
)
if enumeration not in mask_enumerations:
return False
mask = 0
for value in [e.value for e in enumeration]:
if (value & potential_mask) == value:
mask |= value
if mask != potential_mask:
return False
return True
def is_enum_value(enumeration, potential_value):
"""
A utility function that checks if the enumeration class contains the
provided value.
Args:
enumeration (class): One of the enumeration classes found in this file.
potential_value (int, string): A potential value of the enumeration
class.
Returns:
True: if the potential value is a valid value of the enumeration class
False: otherwise
"""
try:
enumeration(potential_value)
except ValueError:
return False
return True
def is_attribute(tag, kmip_version=None):
"""
A utility function that checks if the tag is a valid attribute tag.
Args:
tag (enum): A Tags enumeration that may or may not correspond to a
KMIP attribute type.
kmip_version (enum): The KMIPVersion enumeration that should be used
when checking if the tag is a valid attribute tag. Optional,
defaults to None. If None, the tag is compared with all possible
attribute tags across all KMIP versions. Otherwise, only the
attribute tags for a specific KMIP version are checked.
Returns:
True: if the tag is a valid attribute tag
False: otherwise
"""
kmip_1_0_attribute_tags = [
Tags.UNIQUE_IDENTIFIER,
Tags.NAME,
Tags.OBJECT_TYPE,
Tags.CRYPTOGRAPHIC_ALGORITHM,
Tags.CRYPTOGRAPHIC_LENGTH,
Tags.CRYPTOGRAPHIC_PARAMETERS,
Tags.CRYPTOGRAPHIC_DOMAIN_PARAMETERS,
Tags.CERTIFICATE_TYPE,
Tags.CERTIFICATE_IDENTIFIER,
Tags.CERTIFICATE_SUBJECT,
Tags.CERTIFICATE_ISSUER,
Tags.DIGEST,
Tags.OPERATION_POLICY_NAME,
Tags.CRYPTOGRAPHIC_USAGE_MASK,
Tags.LEASE_TIME,
Tags.USAGE_LIMITS,
Tags.STATE,
Tags.INITIAL_DATE,
Tags.ACTIVATION_DATE,
Tags.PROCESS_START_DATE,
Tags.PROTECT_STOP_DATE,
Tags.DEACTIVATION_DATE,
Tags.DESTROY_DATE,
Tags.COMPROMISE_OCCURRENCE_DATE,
Tags.COMPROMISE_DATE,
Tags.REVOCATION_REASON,
Tags.ARCHIVE_DATE,
Tags.OBJECT_GROUP,
Tags.LINK,
Tags.APPLICATION_SPECIFIC_INFORMATION,
Tags.CONTACT_INFORMATION,
Tags.LAST_CHANGE_DATE,
Tags.CUSTOM_ATTRIBUTE
]
kmip_1_1_attribute_tags = copy.deepcopy(kmip_1_0_attribute_tags) + [
Tags.CERTIFICATE_LENGTH,
Tags.X_509_CERTIFICATE_IDENTIFIER,
Tags.X_509_CERTIFICATE_SUBJECT,
Tags.X_509_CERTIFICATE_ISSUER,
Tags.DIGITAL_SIGNATURE_ALGORITHM,
Tags.FRESH
]
kmip_1_2_attribute_tags = copy.deepcopy(kmip_1_1_attribute_tags) + [
Tags.ALTERNATIVE_NAME,
Tags.KEY_VALUE_PRESENT,
Tags.KEY_VALUE_LOCATION,
Tags.ORIGINAL_CREATION_DATE
]
kmip_1_3_attribute_tags = copy.deepcopy(kmip_1_2_attribute_tags) + [
Tags.RANDOM_NUMBER_GENERATOR
]
kmip_1_4_attribute_tags = copy.deepcopy(kmip_1_3_attribute_tags) + [
Tags.PKCS12_FRIENDLY_NAME,
Tags.DESCRIPTION,
Tags.COMMENT,
Tags.SENSITIVE,
Tags.ALWAYS_SENSITIVE,
Tags.EXTRACTABLE,
Tags.NEVER_EXTRACTABLE
]
kmip_2_0_attribute_tags = copy.deepcopy(kmip_1_4_attribute_tags) + [
Tags.CERTIFICATE_SUBJECT_CN,
Tags.CERTIFICATE_SUBJECT_O,
Tags.CERTIFICATE_SUBJECT_OU,
Tags.CERTIFICATE_SUBJECT_EMAIL,
Tags.CERTIFICATE_SUBJECT_C,
Tags.CERTIFICATE_SUBJECT_ST,
Tags.CERTIFICATE_SUBJECT_L,
Tags.CERTIFICATE_SUBJECT_UID,
Tags.CERTIFICATE_SUBJECT_SERIAL_NUMBER,
Tags.CERTIFICATE_SUBJECT_TITLE,
Tags.CERTIFICATE_SUBJECT_DC,
Tags.CERTIFICATE_SUBJECT_DN_QUALIFIER,
Tags.CERTIFICATE_ISSUER_CN,
Tags.CERTIFICATE_ISSUER_O,
Tags.CERTIFICATE_ISSUER_OU,
Tags.CERTIFICATE_ISSUER_EMAIL,
Tags.CERTIFICATE_ISSUER_C,
Tags.CERTIFICATE_ISSUER_ST,
Tags.CERTIFICATE_ISSUER_L,
Tags.CERTIFICATE_ISSUER_UID,
Tags.CERTIFICATE_ISSUER_SERIAL_NUMBER,
Tags.CERTIFICATE_ISSUER_TITLE,
Tags.CERTIFICATE_ISSUER_DC,
Tags.CERTIFICATE_ISSUER_DN_QUALIFIER,
Tags.KEY_FORMAT_TYPE,
Tags.NIST_KEY_TYPE,
Tags.OPAQUE_DATA_TYPE,
Tags.PROTECTION_LEVEL,
Tags.PROTECTION_PERIOD,
Tags.PROTECTION_STORAGE_MASK,
Tags.QUANTUM_SAFE,
Tags.SHORT_UNIQUE_IDENTIFIER,
Tags.ATTRIBUTE
]
kmip_2_0_attribute_tags.remove(Tags.CERTIFICATE_IDENTIFIER)
kmip_2_0_attribute_tags.remove(Tags.CERTIFICATE_SUBJECT)
kmip_2_0_attribute_tags.remove(Tags.CERTIFICATE_ISSUER)
kmip_2_0_attribute_tags.remove(Tags.OPERATION_POLICY_NAME)
kmip_2_0_attribute_tags.remove(Tags.CUSTOM_ATTRIBUTE)
if kmip_version == KMIPVersion.KMIP_1_0:
return tag in kmip_1_0_attribute_tags
elif kmip_version == KMIPVersion.KMIP_1_1:
return tag in kmip_1_1_attribute_tags
elif kmip_version == KMIPVersion.KMIP_1_2:
return tag in kmip_1_2_attribute_tags
elif kmip_version == KMIPVersion.KMIP_1_3:
return tag in kmip_1_3_attribute_tags
elif kmip_version == KMIPVersion.KMIP_1_4:
return tag in kmip_1_4_attribute_tags
elif kmip_version == KMIPVersion.KMIP_2_0:
return tag in kmip_2_0_attribute_tags
else:
all_attribute_tags = set(
kmip_1_0_attribute_tags +
kmip_1_1_attribute_tags +
kmip_1_2_attribute_tags +
kmip_1_3_attribute_tags +
kmip_1_4_attribute_tags +
kmip_2_0_attribute_tags
)
return tag in all_attribute_tags
Reference in New Issue View Git Blame Copy Permalink