mirror of
https://github.com/OpenKMIP/PyKMIP.git
synced 2025-05-31 20:20:09 +02:00
da284e932b
This change updates Locate operation support in the PyKMIP server, allowing users to filter objects based on the objects InitialDate attribute value. Specifying a single InitialDate attribute in the Locate request will perform an exact match on objects; specifying two InitialDate attributes will perform a ranged match. Unit tests and integration tests have been added to test and verify the correctness of this feature. Additionally, the Locate demo scripts have also been updated to support InitialDate filtering. Simply use the "--initial-date" flag to provide one or more InitialDate values to the Locate script to filter on those dates.
990 lines
40 KiB
Python
990 lines
40 KiB
Python
# Copyright (c) 2015 The Johns Hopkins University/Applied Physics Laboratory
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import six
|
|
import testtools
|
|
import time
|
|
import pytest
|
|
|
|
from kmip.core import enums
|
|
from kmip.core.factories import attributes as attribute_factory
|
|
|
|
from kmip.pie import exceptions
|
|
from kmip.pie import factory
|
|
from kmip.pie import objects
|
|
|
|
|
|
@pytest.mark.usefixtures("simple")
|
|
class TestProxyKmipClientIntegration(testtools.TestCase):
|
|
|
|
def setUp(self):
|
|
super(TestProxyKmipClientIntegration, self).setUp()
|
|
self.object_factory = factory.ObjectFactory()
|
|
self.attribute_factory = attribute_factory.AttributeFactory()
|
|
|
|
def tearDown(self):
|
|
super(TestProxyKmipClientIntegration, self).tearDown()
|
|
|
|
uuids = self.client.locate()
|
|
for uuid in uuids:
|
|
self.client.destroy(uid=uuid)
|
|
|
|
def test_symmetric_key_create_get_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can create, retrieve, and destroy a
|
|
symmetric key.
|
|
"""
|
|
uid = self.client.create(enums.CryptographicAlgorithm.AES, 256)
|
|
self.assertIsInstance(uid, six.string_types)
|
|
|
|
try:
|
|
key = self.client.get(uid)
|
|
self.assertIsInstance(key, objects.SymmetricKey)
|
|
self.assertEqual(
|
|
key.cryptographic_algorithm,
|
|
enums.CryptographicAlgorithm.AES)
|
|
self.assertEqual(key.cryptographic_length, 256)
|
|
finally:
|
|
self.client.destroy(uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.get, uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.destroy, uid)
|
|
|
|
def test_create_get_wrapped_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can create keys, retrieve a wrapped key,
|
|
and then destroy the keys for cleanup.
|
|
"""
|
|
key_id = self.client.create(enums.CryptographicAlgorithm.AES, 256)
|
|
wrapping_id = self.client.create(
|
|
enums.CryptographicAlgorithm.AES,
|
|
256,
|
|
cryptographic_usage_mask=[
|
|
enums.CryptographicUsageMask.WRAP_KEY,
|
|
enums.CryptographicUsageMask.UNWRAP_KEY,
|
|
enums.CryptographicUsageMask.ENCRYPT,
|
|
enums.CryptographicUsageMask.DECRYPT
|
|
]
|
|
)
|
|
|
|
self.client.activate(wrapping_id)
|
|
|
|
unwrapped_key = self.client.get(key_id)
|
|
wrapped_key = self.client.get(
|
|
key_id,
|
|
key_wrapping_specification={
|
|
'wrapping_method': enums.WrappingMethod.ENCRYPT,
|
|
'encryption_key_information': {
|
|
'unique_identifier': wrapping_id,
|
|
'cryptographic_parameters': {
|
|
'block_cipher_mode':
|
|
enums.BlockCipherMode.NIST_KEY_WRAP
|
|
}
|
|
},
|
|
'encoding_option': enums.EncodingOption.NO_ENCODING
|
|
}
|
|
)
|
|
|
|
self.assertNotEqual(unwrapped_key.value, wrapped_key.value)
|
|
|
|
self.client.revoke(
|
|
enums.RevocationReasonCode.CESSATION_OF_OPERATION,
|
|
wrapping_id
|
|
)
|
|
self.client.destroy(key_id)
|
|
self.client.destroy(wrapping_id)
|
|
|
|
def test_symmetric_key_register_get_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can register, retrieve, and destroy a
|
|
symmetric key.
|
|
"""
|
|
# Key encoding obtained from Section 14.2 of the KMIP 1.1 test
|
|
# documentation.
|
|
key = objects.SymmetricKey(
|
|
enums.CryptographicAlgorithm.AES,
|
|
128,
|
|
(b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E'
|
|
b'\x0F'),
|
|
name="Test Symmetric Key"
|
|
)
|
|
|
|
uid = self.client.register(key)
|
|
self.assertIsInstance(uid, six.string_types)
|
|
|
|
try:
|
|
result = self.client.get(uid)
|
|
self.assertIsInstance(result, objects.SymmetricKey)
|
|
self.assertEqual(
|
|
result, key, "expected {0}\nobserved {1}".format(result, key))
|
|
finally:
|
|
self.client.destroy(uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.get, uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.destroy, uid)
|
|
|
|
def test_register_wrapped_get_destroy(self):
|
|
"""
|
|
Test that a wrapped key can be registered with the server and that its
|
|
metadata is retrieved with the get operation.
|
|
"""
|
|
key = objects.SymmetricKey(
|
|
enums.CryptographicAlgorithm.AES,
|
|
128,
|
|
(b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E'
|
|
b'\x0F'),
|
|
key_wrapping_data={
|
|
'wrapping_method': enums.WrappingMethod.ENCRYPT,
|
|
'encryption_key_information': {
|
|
'unique_identifier': '42',
|
|
'cryptographic_parameters': {
|
|
'block_cipher_mode':
|
|
enums.BlockCipherMode.NIST_KEY_WRAP
|
|
}
|
|
},
|
|
'encoding_option': enums.EncodingOption.NO_ENCODING
|
|
}
|
|
)
|
|
key_id = self.client.register(key)
|
|
|
|
result = self.client.get(key_id)
|
|
key_wrapping_data = result.key_wrapping_data
|
|
self.assertIsInstance(key_wrapping_data, dict)
|
|
self.assertEqual(
|
|
enums.WrappingMethod.ENCRYPT,
|
|
key_wrapping_data.get('wrapping_method')
|
|
)
|
|
eki = key_wrapping_data.get('encryption_key_information')
|
|
self.assertIsInstance(eki, dict)
|
|
self.assertEqual('42', eki.get('unique_identifier'))
|
|
cp = eki.get('cryptographic_parameters')
|
|
self.assertIsInstance(cp, dict)
|
|
self.assertEqual(
|
|
enums.BlockCipherMode.NIST_KEY_WRAP,
|
|
cp.get('block_cipher_mode')
|
|
)
|
|
self.assertEqual(
|
|
enums.EncodingOption.NO_ENCODING,
|
|
key_wrapping_data.get('encoding_option')
|
|
)
|
|
|
|
def test_asymmetric_key_pair_create_get_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can create, retrieve, and destroy an
|
|
asymmetric key pair.
|
|
"""
|
|
public_uid, private_uid = self.client.create_key_pair(
|
|
enums.CryptographicAlgorithm.RSA,
|
|
2048,
|
|
public_usage_mask=[enums.CryptographicUsageMask.ENCRYPT],
|
|
private_usage_mask=[enums.CryptographicUsageMask.DECRYPT]
|
|
)
|
|
self.assertIsInstance(public_uid, six.string_types)
|
|
self.assertIsInstance(private_uid, six.string_types)
|
|
|
|
try:
|
|
public_key = self.client.get(public_uid)
|
|
self.assertIsInstance(public_key, objects.PublicKey)
|
|
self.assertEqual(
|
|
public_key.cryptographic_algorithm,
|
|
enums.CryptographicAlgorithm.RSA)
|
|
self.assertEqual(public_key.cryptographic_length, 2048)
|
|
|
|
private_key = self.client.get(private_uid)
|
|
self.assertIsInstance(private_key, objects.PrivateKey)
|
|
self.assertEqual(
|
|
private_key.cryptographic_algorithm,
|
|
enums.CryptographicAlgorithm.RSA)
|
|
self.assertEqual(private_key.cryptographic_length, 2048)
|
|
finally:
|
|
self.client.destroy(public_uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.get, public_uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.destroy,
|
|
public_uid)
|
|
|
|
self.client.destroy(private_uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.get, private_uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.destroy,
|
|
private_uid)
|
|
|
|
def test_public_key_register_get_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can register, retrieve, and destroy a
|
|
public key.
|
|
"""
|
|
# Key encoding obtained from Section 13.4 of the KMIP 1.1 test
|
|
# documentation.
|
|
key = objects.PublicKey(
|
|
enums.CryptographicAlgorithm.RSA,
|
|
2048,
|
|
(b'\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x7F\x16\x1C\x00\x42'
|
|
b'\x49\x6C\xCD\x6C\x6D\x4D\xAD\xB9\x19\x97\x34\x35\x35\x77\x76'
|
|
b'\x00\x3A\xCF\x54\xB7\xAF\x1E\x44\x0A\xFB\x80\xB6\x4A\x87\x55'
|
|
b'\xF8\x00\x2C\xFE\xBA\x6B\x18\x45\x40\xA2\xD6\x60\x86\xD7\x46'
|
|
b'\x48\x34\x6D\x75\xB8\xD7\x18\x12\xB2\x05\x38\x7C\x0F\x65\x83'
|
|
b'\xBC\x4D\x7D\xC7\xEC\x11\x4F\x3B\x17\x6B\x79\x57\xC4\x22\xE7'
|
|
b'\xD0\x3F\xC6\x26\x7F\xA2\xA6\xF8\x9B\x9B\xEE\x9E\x60\xA1\xD7'
|
|
b'\xC2\xD8\x33\xE5\xA5\xF4\xBB\x0B\x14\x34\xF4\xE7\x95\xA4\x11'
|
|
b'\x00\xF8\xAA\x21\x49\x00\xDF\x8B\x65\x08\x9F\x98\x13\x5B\x1C'
|
|
b'\x67\xB7\x01\x67\x5A\xBD\xBC\x7D\x57\x21\xAA\xC9\xD1\x4A\x7F'
|
|
b'\x08\x1F\xCE\xC8\x0B\x64\xE8\xA0\xEC\xC8\x29\x53\x53\xC7\x95'
|
|
b'\x32\x8A\xBF\x70\xE1\xB4\x2E\x7B\xB8\xB7\xF4\xE8\xAC\x8C\x81'
|
|
b'\x0C\xDB\x66\xE3\xD2\x11\x26\xEB\xA8\xDA\x7D\x0C\xA3\x41\x42'
|
|
b'\xCB\x76\xF9\x1F\x01\x3D\xA8\x09\xE9\xC1\xB7\xAE\x64\xC5\x41'
|
|
b'\x30\xFB\xC2\x1D\x80\xE9\xC2\xCB\x06\xC5\xC8\xD7\xCC\xE8\x94'
|
|
b'\x6A\x9A\xC9\x9B\x1C\x28\x15\xC3\x61\x2A\x29\xA8\x2D\x73\xA1'
|
|
b'\xF9\x93\x74\xFE\x30\xE5\x49\x51\x66\x2A\x6E\xDA\x29\xC6\xFC'
|
|
b'\x41\x13\x35\xD5\xDC\x74\x26\xB0\xF6\x05\x02\x03\x01\x00\x01'),
|
|
enums.KeyFormatType.PKCS_1)
|
|
|
|
uid = self.client.register(key)
|
|
self.assertIsInstance(uid, six.string_types)
|
|
|
|
try:
|
|
result = self.client.get(uid)
|
|
self.assertIsInstance(result, objects.PublicKey)
|
|
self.assertEqual(
|
|
result, key, "expected {0}\nobserved {1}".format(result, key))
|
|
finally:
|
|
self.client.destroy(uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.get, uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.destroy, uid)
|
|
|
|
def test_private_key_register_get_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can register, retrieve, and destroy a
|
|
private key.
|
|
"""
|
|
# Key encoding obtained from Section 13.4 of the KMIP 1.1 test
|
|
# documentation.
|
|
key = objects.PrivateKey(
|
|
enums.CryptographicAlgorithm.RSA,
|
|
2048,
|
|
(b'\x30\x82\x04\xA5\x02\x01\x00\x02\x82\x01\x01\x00\xAB\x7F\x16'
|
|
b'\x1C\x00\x42\x49\x6C\xCD\x6C\x6D\x4D\xAD\xB9\x19\x97\x34\x35'
|
|
b'\x35\x77\x76\x00\x3A\xCF\x54\xB7\xAF\x1E\x44\x0A\xFB\x80\xB6'
|
|
b'\x4A\x87\x55\xF8\x00\x2C\xFE\xBA\x6B\x18\x45\x40\xA2\xD6\x60'
|
|
b'\x86\xD7\x46\x48\x34\x6D\x75\xB8\xD7\x18\x12\xB2\x05\x38\x7C'
|
|
b'\x0F\x65\x83\xBC\x4D\x7D\xC7\xEC\x11\x4F\x3B\x17\x6B\x79\x57'
|
|
b'\xC4\x22\xE7\xD0\x3F\xC6\x26\x7F\xA2\xA6\xF8\x9B\x9B\xEE\x9E'
|
|
b'\x60\xA1\xD7\xC2\xD8\x33\xE5\xA5\xF4\xBB\x0B\x14\x34\xF4\xE7'
|
|
b'\x95\xA4\x11\x00\xF8\xAA\x21\x49\x00\xDF\x8B\x65\x08\x9F\x98'
|
|
b'\x13\x5B\x1C\x67\xB7\x01\x67\x5A\xBD\xBC\x7D\x57\x21\xAA\xC9'
|
|
b'\xD1\x4A\x7F\x08\x1F\xCE\xC8\x0B\x64\xE8\xA0\xEC\xC8\x29\x53'
|
|
b'\x53\xC7\x95\x32\x8A\xBF\x70\xE1\xB4\x2E\x7B\xB8\xB7\xF4\xE8'
|
|
b'\xAC\x8C\x81\x0C\xDB\x66\xE3\xD2\x11\x26\xEB\xA8\xDA\x7D\x0C'
|
|
b'\xA3\x41\x42\xCB\x76\xF9\x1F\x01\x3D\xA8\x09\xE9\xC1\xB7\xAE'
|
|
b'\x64\xC5\x41\x30\xFB\xC2\x1D\x80\xE9\xC2\xCB\x06\xC5\xC8\xD7'
|
|
b'\xCC\xE8\x94\x6A\x9A\xC9\x9B\x1C\x28\x15\xC3\x61\x2A\x29\xA8'
|
|
b'\x2D\x73\xA1\xF9\x93\x74\xFE\x30\xE5\x49\x51\x66\x2A\x6E\xDA'
|
|
b'\x29\xC6\xFC\x41\x13\x35\xD5\xDC\x74\x26\xB0\xF6\x05\x02\x03'
|
|
b'\x01\x00\x01\x02\x82\x01\x00\x3B\x12\x45\x5D\x53\xC1\x81\x65'
|
|
b'\x16\xC5\x18\x49\x3F\x63\x98\xAA\xFA\x72\xB1\x7D\xFA\x89\x4D'
|
|
b'\xB8\x88\xA7\xD4\x8C\x0A\x47\xF6\x25\x79\xA4\xE6\x44\xF8\x6D'
|
|
b'\xA7\x11\xFE\xC8\x50\xCD\xD9\xDB\xBD\x17\xF6\x9A\x44\x3D\x2E'
|
|
b'\xC1\xDD\x60\xD3\xC6\x18\xFA\x74\xCD\xE5\xFD\xAF\xAB\xD6\xBA'
|
|
b'\xA2\x6E\xB0\xA3\xAD\xB4\xDE\xF6\x48\x0F\xB1\x21\x8C\xD3\xB0'
|
|
b'\x83\xE2\x52\xE8\x85\xB6\xF0\x72\x9F\x98\xB2\x14\x4D\x2B\x72'
|
|
b'\x29\x3E\x1B\x11\xD7\x33\x93\xBC\x41\xF7\x5B\x15\xEE\x3D\x75'
|
|
b'\x69\xB4\x99\x5E\xD1\xA1\x44\x25\xDA\x43\x19\xB7\xB2\x6B\x0E'
|
|
b'\x8F\xEF\x17\xC3\x75\x42\xAE\x5C\x6D\x58\x49\xF8\x72\x09\x56'
|
|
b'\x7F\x39\x25\xA4\x7B\x01\x6D\x56\x48\x59\x71\x7B\xC5\x7F\xCB'
|
|
b'\x45\x22\xD0\xAA\x49\xCE\x81\x6E\x5B\xE7\xB3\x08\x81\x93\x23'
|
|
b'\x6E\xC9\xEF\xFF\x14\x08\x58\x04\x5B\x73\xC5\xD7\x9B\xAF\x38'
|
|
b'\xF7\xC6\x7F\x04\xC5\xDC\xF0\xE3\x80\x6A\xD9\x82\xD1\x25\x90'
|
|
b'\x58\xC3\x47\x3E\x84\x71\x79\xA8\x78\xF2\xC6\xB3\xBD\x96\x8F'
|
|
b'\xB9\x9E\xA4\x6E\x91\x85\x89\x2F\x36\x76\xE7\x89\x65\xC2\xAE'
|
|
b'\xD4\x87\x7B\xA3\x91\x7D\xF0\x7C\x5E\x92\x74\x74\xF1\x9E\x76'
|
|
b'\x4B\xA6\x1D\xC3\x8D\x63\xBF\x29\x02\x81\x81\x00\xD5\xC6\x9C'
|
|
b'\x8C\x3C\xDC\x24\x64\x74\x4A\x79\x37\x13\xDA\xFB\x9F\x1D\xBC'
|
|
b'\x79\x9F\xF9\x64\x23\xFE\xCD\x3C\xBA\x79\x42\x86\xBC\xE9\x20'
|
|
b'\xF4\xB5\xC1\x83\xF9\x9E\xE9\x02\x8D\xB6\x21\x2C\x62\x77\xC4'
|
|
b'\xC8\x29\x7F\xCF\xBC\xE7\xF7\xC2\x4C\xA4\xC5\x1F\xC7\x18\x2F'
|
|
b'\xB8\xF4\x01\x9F\xB1\xD5\x65\x96\x74\xC5\xCB\xE6\xD5\xFA\x99'
|
|
b'\x20\x51\x34\x17\x60\xCD\x00\x73\x57\x29\xA0\x70\xA9\xE5\x4D'
|
|
b'\x34\x2B\xEB\xA8\xEF\x47\xEE\x82\xD3\xA0\x1B\x04\xCE\xC4\xA0'
|
|
b'\x0D\x4D\xDB\x41\xE3\x51\x16\xFC\x22\x1E\x85\x4B\x43\xA6\x96'
|
|
b'\xC0\xE6\x41\x9B\x1B\x02\x81\x81\x00\xCD\x5E\xA7\x70\x27\x89'
|
|
b'\x06\x4B\x67\x35\x40\xCB\xFF\x09\x35\x6A\xD8\x0B\xC3\xD5\x92'
|
|
b'\x81\x2E\xBA\x47\x61\x0B\x9F\xAC\x6A\xEC\xEF\xE2\x2A\xCA\xE4'
|
|
b'\x38\x45\x9C\xDA\x74\xE5\x96\x53\xD8\x8C\x04\x18\x9D\x34\x39'
|
|
b'\x9B\xF5\xB1\x4B\x92\x0E\x34\xEF\x38\xA7\xD0\x9F\xE6\x95\x93'
|
|
b'\x39\x6E\x8F\xE7\x35\xE6\xF0\xA6\xAE\x49\x90\x40\x10\x41\xD8'
|
|
b'\xA4\x06\xB6\xFD\x86\xA1\x16\x1E\x45\xF9\x5A\x3E\xAA\x5C\x10'
|
|
b'\x12\xE6\x66\x2E\x44\xF1\x5F\x33\x5A\xC9\x71\xE1\x76\x6B\x2B'
|
|
b'\xB9\xC9\x85\x10\x99\x74\x14\x1B\x44\xD3\x7E\x1E\x31\x98\x20'
|
|
b'\xA5\x5F\x02\x81\x81\x00\xB2\x87\x12\x37\xBF\x9F\xAD\x38\xC3'
|
|
b'\x31\x6A\xB7\x87\x7A\x6A\x86\x80\x63\xE5\x42\xA7\x18\x6D\x43'
|
|
b'\x1E\x8D\x27\xC1\x9A\xC0\x41\x45\x84\x03\x39\x42\xE9\xFF\x6E'
|
|
b'\x29\x73\xBB\x7B\x2D\x8B\x0E\x94\xAD\x1E\xE8\x21\x58\x10\x8F'
|
|
b'\xBC\x86\x64\x51\x7A\x5A\x46\x7F\xB9\x63\x01\x4B\xD5\xDC\xC2'
|
|
b'\xB4\xFB\x08\x7C\x23\x03\x9D\x11\x92\x0D\xBE\x22\xFD\x9F\x16'
|
|
b'\xB4\xD8\x9E\x23\x22\x5C\xD4\x55\xAD\xBA\xF3\x2E\xF4\x3F\x18'
|
|
b'\x58\x64\xA3\x6D\x63\x03\x09\xD6\x85\x3F\x77\x14\xB3\x9A\xAE'
|
|
b'\x1E\xBE\xE3\x93\x8F\x87\xC2\x70\x7E\x17\x8C\x73\x9F\x9F\x02'
|
|
b'\x81\x81\x00\x96\x90\xBE\xD1\x4B\x2A\xFA\xA2\x6D\x98\x6D\x59'
|
|
b'\x22\x31\xEE\x27\xD7\x1D\x49\x06\x5B\xD2\xBA\x1F\x78\x15\x7E'
|
|
b'\x20\x22\x98\x81\xFD\x9D\x23\x22\x7D\x0F\x84\x79\xEA\xEF\xA9'
|
|
b'\x22\xFD\x75\xD5\xB1\x6B\x1A\x56\x1F\xA6\x68\x0B\x04\x0C\xA0'
|
|
b'\xBD\xCE\x65\x0B\x23\xB9\x17\xA4\xB1\xBB\x79\x83\xA7\x4F\xAD'
|
|
b'\x70\xE1\xC3\x05\xCB\xEC\x2B\xFF\x1A\x85\xA7\x26\xA1\xD9\x02'
|
|
b'\x60\xE4\xF1\x08\x4F\x51\x82\x34\xDC\xD3\xFE\x77\x0B\x95\x20'
|
|
b'\x21\x5B\xD5\x43\xBB\x6A\x41\x17\x71\x87\x54\x67\x6A\x34\x17'
|
|
b'\x16\x66\xA7\x9F\x26\xE7\x9C\x14\x9C\x5A\xA1\x02\x81\x81\x00'
|
|
b'\xA0\xC9\x85\xA0\xA0\xA7\x91\xA6\x59\xF9\x97\x31\x13\x4C\x44'
|
|
b'\xF3\x7B\x2E\x52\x0A\x2C\xEA\x35\x80\x0A\xD2\x72\x41\xED\x36'
|
|
b'\x0D\xFD\xE6\xE8\xCA\x61\x4F\x12\x04\x7F\xD0\x8B\x76\xAC\x4D'
|
|
b'\x13\xC0\x56\xA0\x69\x9E\x2F\x98\xA1\xCA\xC9\x10\x11\x29\x4D'
|
|
b'\x71\x20\x8F\x4A\xBA\xB3\x3B\xA8\x7A\xA0\x51\x7F\x41\x5B\xAC'
|
|
b'\xA8\x8D\x6B\xAC\x00\x60\x88\xFA\x60\x1D\x34\x94\x17\xE1\xF0'
|
|
b'\xC9\xB2\x3A\xFF\xA4\xD4\x96\x61\x8D\xBC\x02\x49\x86\xED\x69'
|
|
b'\x0B\xBB\x7B\x02\x57\x68\xFF\x9D\xF8\xAC\x15\x41\x6F\x48\x9F'
|
|
b'\x81\x29\xC3\x23\x41\xA8\xB4\x4F'),
|
|
enums.KeyFormatType.PKCS_8)
|
|
|
|
uid = self.client.register(key)
|
|
self.assertIsInstance(uid, six.string_types)
|
|
|
|
try:
|
|
result = self.client.get(uid)
|
|
self.assertIsInstance(result, objects.PrivateKey)
|
|
self.assertEqual(
|
|
result, key, "expected {0}\nobserved {1}".format(result, key))
|
|
finally:
|
|
self.client.destroy(uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.get, uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.destroy, uid)
|
|
|
|
def test_x509_certificate_register_get_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can register, retrieve, and destroy an
|
|
X.509 certificate.
|
|
"""
|
|
# Certificate encoding obtained from Section 13.2 of the KMIP 1.1 test
|
|
# documentation.
|
|
cert = objects.X509Certificate(
|
|
(b'\x30\x82\x03\x12\x30\x82\x01\xFA\xA0\x03\x02\x01\x02\x02\x01'
|
|
b'\x01\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05'
|
|
b'\x00\x30\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55'
|
|
b'\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x54\x45\x53'
|
|
b'\x54\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05\x4F\x41\x53'
|
|
b'\x49\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13\x04\x4B\x4D'
|
|
b'\x49\x50\x30\x1E\x17\x0D\x31\x30\x31\x31\x30\x31\x32\x33\x35'
|
|
b'\x39\x35\x39\x5A\x17\x0D\x32\x30\x31\x31\x30\x31\x32\x33\x35'
|
|
b'\x39\x35\x39\x5A\x30\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06'
|
|
b'\x13\x02\x55\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x0A\x13\x04'
|
|
b'\x54\x45\x53\x54\x31\x0E\x30\x0C\x06\x03\x55\x04\x0B\x13\x05'
|
|
b'\x4F\x41\x53\x49\x53\x31\x0D\x30\x0B\x06\x03\x55\x04\x03\x13'
|
|
b'\x04\x4B\x4D\x49\x50\x30\x82\x01\x22\x30\x0D\x06\x09\x2A\x86'
|
|
b'\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F\x00\x30'
|
|
b'\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x7F\x16\x1C\x00\x42\x49'
|
|
b'\x6C\xCD\x6C\x6D\x4D\xAD\xB9\x19\x97\x34\x35\x35\x77\x76\x00'
|
|
b'\x3A\xCF\x54\xB7\xAF\x1E\x44\x0A\xFB\x80\xB6\x4A\x87\x55\xF8'
|
|
b'\x00\x2C\xFE\xBA\x6B\x18\x45\x40\xA2\xD6\x60\x86\xD7\x46\x48'
|
|
b'\x34\x6D\x75\xB8\xD7\x18\x12\xB2\x05\x38\x7C\x0F\x65\x83\xBC'
|
|
b'\x4D\x7D\xC7\xEC\x11\x4F\x3B\x17\x6B\x79\x57\xC4\x22\xE7\xD0'
|
|
b'\x3F\xC6\x26\x7F\xA2\xA6\xF8\x9B\x9B\xEE\x9E\x60\xA1\xD7\xC2'
|
|
b'\xD8\x33\xE5\xA5\xF4\xBB\x0B\x14\x34\xF4\xE7\x95\xA4\x11\x00'
|
|
b'\xF8\xAA\x21\x49\x00\xDF\x8B\x65\x08\x9F\x98\x13\x5B\x1C\x67'
|
|
b'\xB7\x01\x67\x5A\xBD\xBC\x7D\x57\x21\xAA\xC9\xD1\x4A\x7F\x08'
|
|
b'\x1F\xCE\xC8\x0B\x64\xE8\xA0\xEC\xC8\x29\x53\x53\xC7\x95\x32'
|
|
b'\x8A\xBF\x70\xE1\xB4\x2E\x7B\xB8\xB7\xF4\xE8\xAC\x8C\x81\x0C'
|
|
b'\xDB\x66\xE3\xD2\x11\x26\xEB\xA8\xDA\x7D\x0C\xA3\x41\x42\xCB'
|
|
b'\x76\xF9\x1F\x01\x3D\xA8\x09\xE9\xC1\xB7\xAE\x64\xC5\x41\x30'
|
|
b'\xFB\xC2\x1D\x80\xE9\xC2\xCB\x06\xC5\xC8\xD7\xCC\xE8\x94\x6A'
|
|
b'\x9A\xC9\x9B\x1C\x28\x15\xC3\x61\x2A\x29\xA8\x2D\x73\xA1\xF9'
|
|
b'\x93\x74\xFE\x30\xE5\x49\x51\x66\x2A\x6E\xDA\x29\xC6\xFC\x41'
|
|
b'\x13\x35\xD5\xDC\x74\x26\xB0\xF6\x05\x02\x03\x01\x00\x01\xA3'
|
|
b'\x21\x30\x1F\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x04'
|
|
b'\xE5\x7B\xD2\xC4\x31\xB2\xE8\x16\xE1\x80\xA1\x98\x23\xFA\xC8'
|
|
b'\x58\x27\x3F\x6B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01'
|
|
b'\x01\x05\x05\x00\x03\x82\x01\x01\x00\xA8\x76\xAD\xBC\x6C\x8E'
|
|
b'\x0F\xF0\x17\x21\x6E\x19\x5F\xEA\x76\xBF\xF6\x1A\x56\x7C\x9A'
|
|
b'\x13\xDC\x50\xD1\x3F\xEC\x12\xA4\x27\x3C\x44\x15\x47\xCF\xAB'
|
|
b'\xCB\x5D\x61\xD9\x91\xE9\x66\x31\x9D\xF7\x2C\x0D\x41\xBA\x82'
|
|
b'\x6A\x45\x11\x2F\xF2\x60\x89\xA2\x34\x4F\x4D\x71\xCF\x7C\x92'
|
|
b'\x1B\x4B\xDF\xAE\xF1\x60\x0D\x1B\xAA\xA1\x53\x36\x05\x7E\x01'
|
|
b'\x4B\x8B\x49\x6D\x4F\xAE\x9E\x8A\x6C\x1D\xA9\xAE\xB6\xCB\xC9'
|
|
b'\x60\xCB\xF2\xFA\xE7\x7F\x58\x7E\xC4\xBB\x28\x20\x45\x33\x88'
|
|
b'\x45\xB8\x8D\xD9\xAE\xEA\x53\xE4\x82\xA3\x6E\x73\x4E\x4F\x5F'
|
|
b'\x03\xB9\xD0\xDF\xC4\xCA\xFC\x6B\xB3\x4E\xA9\x05\x3E\x52\xBD'
|
|
b'\x60\x9E\xE0\x1E\x86\xD9\xB0\x9F\xB5\x11\x20\xC1\x98\x34\xA9'
|
|
b'\x97\xB0\x9C\xE0\x8D\x79\xE8\x13\x11\x76\x2F\x97\x4B\xB1\xC8'
|
|
b'\xC0\x91\x86\xC4\xD7\x89\x33\xE0\xDB\x38\xE9\x05\x08\x48\x77'
|
|
b'\xE1\x47\xC7\x8A\xF5\x2F\xAE\x07\x19\x2F\xF1\x66\xD1\x9F\xA9'
|
|
b'\x4A\x11\xCC\x11\xB2\x7E\xD0\x50\xF7\xA2\x7F\xAE\x13\xB2\x05'
|
|
b'\xA5\x74\xC4\xEE\x00\xAA\x8B\xD6\x5D\x0D\x70\x57\xC9\x85\xC8'
|
|
b'\x39\xEF\x33\x6A\x44\x1E\xD5\x3A\x53\xC6\xB6\xB6\x96\xF1\xBD'
|
|
b'\xEB\x5F\x7E\xA8\x11\xEB\xB2\x5A\x7F\x86'))
|
|
|
|
uid = self.client.register(cert)
|
|
self.assertIsInstance(uid, six.string_types)
|
|
|
|
try:
|
|
result = self.client.get(uid)
|
|
self.assertIsInstance(result, objects.X509Certificate)
|
|
self.assertEqual(
|
|
result, cert, "expected {0}\nobserved {1}".format(
|
|
result, cert))
|
|
finally:
|
|
self.client.destroy(uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.get, uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.destroy, uid)
|
|
|
|
def test_secret_data_register_get_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can register, retrieve, and destroy a
|
|
secret.
|
|
"""
|
|
# Secret encoding obtained from Section 3.1.5 of the KMIP 1.1 test
|
|
# documentation.
|
|
secret = objects.SecretData(
|
|
(b'\x53\x65\x63\x72\x65\x74\x50\x61\x73\x73\x77\x6F\x72\x64'),
|
|
enums.SecretDataType.PASSWORD)
|
|
|
|
uid = self.client.register(secret)
|
|
self.assertIsInstance(uid, six.string_types)
|
|
|
|
try:
|
|
result = self.client.get(uid)
|
|
self.assertIsInstance(result, objects.SecretData)
|
|
self.assertEqual(
|
|
result, secret, "expected {0}\nobserved {1}".format(
|
|
result, secret))
|
|
finally:
|
|
self.client.destroy(uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.get, uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.destroy, uid)
|
|
|
|
def test_opaque_object_register_get_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can register, retrieve, and destroy an
|
|
opaque object.
|
|
"""
|
|
# Object encoding obtained from Section 3.1.5 of the KMIP 1.1 test
|
|
# documentation.
|
|
obj = objects.OpaqueObject(
|
|
b'\x53\x65\x63\x72\x65\x74\x50\x61\x73\x73\x77\x6F\x72\x64',
|
|
enums.OpaqueDataType.NONE)
|
|
uid = self.client.register(obj)
|
|
self.assertIsInstance(uid, six.string_types)
|
|
|
|
try:
|
|
result = self.client.get(uid)
|
|
self.assertIsInstance(result, objects.OpaqueObject)
|
|
self.assertEqual(
|
|
result, obj, "expected {0}\nobserved {1}".format(result, obj))
|
|
finally:
|
|
self.client.destroy(uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.get, uid)
|
|
self.assertRaises(
|
|
exceptions.KmipOperationFailure, self.client.destroy, uid)
|
|
|
|
def test_derive_key_using_pbkdf2(self):
|
|
"""
|
|
Test that the ProxyKmipClient can derive a new key using PBKDF2.
|
|
"""
|
|
password_id = self.client.register(
|
|
objects.SecretData(
|
|
b'password',
|
|
enums.SecretDataType.PASSWORD,
|
|
masks=[enums.CryptographicUsageMask.DERIVE_KEY]
|
|
)
|
|
)
|
|
key_id = self.client.derive_key(
|
|
enums.ObjectType.SYMMETRIC_KEY,
|
|
[password_id],
|
|
enums.DerivationMethod.PBKDF2,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_1
|
|
},
|
|
'salt': b'salt',
|
|
'iteration_count': 4096
|
|
},
|
|
cryptographic_length=160,
|
|
cryptographic_algorithm=enums.CryptographicAlgorithm.AES
|
|
)
|
|
|
|
key = self.client.get(key_id)
|
|
self.assertEqual(
|
|
(
|
|
b'\x4b\x00\x79\x01\xb7\x65\x48\x9a'
|
|
b'\xbe\xad\x49\xd9\x26\xf7\x21\xd0'
|
|
b'\x65\xa4\x29\xc1'
|
|
),
|
|
key.value
|
|
)
|
|
|
|
attribute_list = self.client.get_attribute_list(key_id)
|
|
self.assertIn('Cryptographic Algorithm', attribute_list)
|
|
self.assertIn('Cryptographic Length', attribute_list)
|
|
|
|
result_id, attribute_list = self.client.get_attributes(
|
|
uid=key_id,
|
|
attribute_names=['Cryptographic Algorithm', 'Cryptographic Length']
|
|
)
|
|
self.assertEqual(key_id, result_id)
|
|
self.assertEqual(2, len(attribute_list))
|
|
|
|
attribute = attribute_list[0]
|
|
self.assertEqual(
|
|
'Cryptographic Algorithm',
|
|
attribute.attribute_name.value
|
|
)
|
|
self.assertEqual(
|
|
enums.CryptographicAlgorithm.AES,
|
|
attribute.attribute_value.value
|
|
)
|
|
|
|
attribute = attribute_list[1]
|
|
self.assertEqual(
|
|
'Cryptographic Length',
|
|
attribute.attribute_name.value
|
|
)
|
|
self.assertEqual(160, attribute.attribute_value.value)
|
|
|
|
def test_derive_key_using_encryption(self):
|
|
"""
|
|
Test that the ProxyKmipClient can derive a new key using encryption.
|
|
"""
|
|
key_id = self.client.register(
|
|
objects.SymmetricKey(
|
|
enums.CryptographicAlgorithm.BLOWFISH,
|
|
128,
|
|
(
|
|
b'\x01\x23\x45\x67\x89\xAB\xCD\xEF'
|
|
b'\xF0\xE1\xD2\xC3\xB4\xA5\x96\x87'
|
|
),
|
|
masks=[enums.CryptographicUsageMask.DERIVE_KEY]
|
|
)
|
|
)
|
|
secret_id = self.client.derive_key(
|
|
enums.ObjectType.SECRET_DATA,
|
|
[key_id],
|
|
enums.DerivationMethod.ENCRYPT,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'block_cipher_mode': enums.BlockCipherMode.CBC,
|
|
'padding_method': enums.PaddingMethod.PKCS5,
|
|
'cryptographic_algorithm':
|
|
enums.CryptographicAlgorithm.BLOWFISH
|
|
},
|
|
'initialization_vector': b'\xFE\xDC\xBA\x98\x76\x54\x32\x10',
|
|
'derivation_data': (
|
|
b'\x37\x36\x35\x34\x33\x32\x31\x20'
|
|
b'\x4E\x6F\x77\x20\x69\x73\x20\x74'
|
|
b'\x68\x65\x20\x74\x69\x6D\x65\x20'
|
|
b'\x66\x6F\x72\x20\x00'
|
|
)
|
|
},
|
|
cryptographic_length=256
|
|
)
|
|
|
|
secret = self.client.get(secret_id)
|
|
self.assertEqual(
|
|
(
|
|
b'\x6B\x77\xB4\xD6\x30\x06\xDE\xE6'
|
|
b'\x05\xB1\x56\xE2\x74\x03\x97\x93'
|
|
b'\x58\xDE\xB9\xE7\x15\x46\x16\xD9'
|
|
b'\x74\x9D\xEC\xBE\xC0\x5D\x26\x4B'
|
|
),
|
|
secret.value
|
|
)
|
|
|
|
def test_derive_key_using_nist_800_108c(self):
|
|
"""
|
|
Test that the ProxyKmipClient can derive a new key using
|
|
NIST 800 108-C.
|
|
"""
|
|
base_id = self.client.register(
|
|
objects.SymmetricKey(
|
|
enums.CryptographicAlgorithm.AES,
|
|
512,
|
|
(
|
|
b'\xdd\x5d\xbd\x45\x59\x3e\xe2\xac'
|
|
b'\x13\x97\x48\xe7\x64\x5b\x45\x0f'
|
|
b'\x22\x3d\x2f\xf2\x97\xb7\x3f\xd7'
|
|
b'\x1c\xbc\xeb\xe7\x1d\x41\x65\x3c'
|
|
b'\x95\x0b\x88\x50\x0d\xe5\x32\x2d'
|
|
b'\x99\xef\x18\xdf\xdd\x30\x42\x82'
|
|
b'\x94\xc4\xb3\x09\x4f\x4c\x95\x43'
|
|
b'\x34\xe5\x93\xbd\x98\x2e\xc6\x14'
|
|
),
|
|
masks=[enums.CryptographicUsageMask.DERIVE_KEY]
|
|
)
|
|
)
|
|
key_id = self.client.derive_key(
|
|
enums.ObjectType.SYMMETRIC_KEY,
|
|
[base_id],
|
|
enums.DerivationMethod.NIST800_108_C,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_512
|
|
},
|
|
'derivation_data': (
|
|
b'\xb5\x0b\x0c\x96\x3c\x6b\x30\x34'
|
|
b'\xb8\xcf\x19\xcd\x3f\x5c\x4e\xbe'
|
|
b'\x4f\x49\x85\xaf\x0c\x03\xe5\x75'
|
|
b'\xdb\x62\xe6\xfd\xf1\xec\xfe\x4f'
|
|
b'\x28\xb9\x5d\x7c\xe1\x6d\xf8\x58'
|
|
b'\x43\x24\x6e\x15\x57\xce\x95\xbb'
|
|
b'\x26\xcc\x9a\x21\x97\x4b\xbd\x2e'
|
|
b'\xb6\x9e\x83\x55'
|
|
)
|
|
},
|
|
cryptographic_length=128,
|
|
cryptographic_algorithm=enums.CryptographicAlgorithm.AES
|
|
)
|
|
|
|
key = self.client.get(key_id)
|
|
self.assertEqual(
|
|
(
|
|
b'\xe5\x99\x3b\xf9\xbd\x2a\xa1\xc4'
|
|
b'\x57\x46\x04\x2e\x12\x59\x81\x55'
|
|
),
|
|
key.value
|
|
)
|
|
|
|
attribute_list = self.client.get_attribute_list(key_id)
|
|
self.assertIn('Cryptographic Algorithm', attribute_list)
|
|
self.assertIn('Cryptographic Length', attribute_list)
|
|
|
|
result_id, attribute_list = self.client.get_attributes(
|
|
uid=key_id,
|
|
attribute_names=['Cryptographic Algorithm', 'Cryptographic Length']
|
|
)
|
|
self.assertEqual(key_id, result_id)
|
|
self.assertEqual(2, len(attribute_list))
|
|
|
|
attribute = attribute_list[0]
|
|
self.assertEqual(
|
|
'Cryptographic Algorithm',
|
|
attribute.attribute_name.value
|
|
)
|
|
self.assertEqual(
|
|
enums.CryptographicAlgorithm.AES,
|
|
attribute.attribute_value.value
|
|
)
|
|
|
|
attribute = attribute_list[1]
|
|
self.assertEqual(
|
|
'Cryptographic Length',
|
|
attribute.attribute_name.value
|
|
)
|
|
self.assertEqual(128, attribute.attribute_value.value)
|
|
|
|
def test_derive_key_using_hmac(self):
|
|
"""
|
|
Test that the ProxyKmipClient can derive a new key using HMAC.
|
|
"""
|
|
base_id = self.client.register(
|
|
objects.SecretData(
|
|
(
|
|
b'\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c'
|
|
b'\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c'
|
|
b'\x0c\x0c\x0c\x0c\x0c\x0c'
|
|
),
|
|
enums.SecretDataType.SEED,
|
|
masks=[enums.CryptographicUsageMask.DERIVE_KEY]
|
|
)
|
|
)
|
|
secret_id = self.client.derive_key(
|
|
enums.ObjectType.SECRET_DATA,
|
|
[base_id],
|
|
enums.DerivationMethod.HMAC,
|
|
{
|
|
'cryptographic_parameters': {
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_1
|
|
},
|
|
'derivation_data': b'',
|
|
'salt': b''
|
|
},
|
|
cryptographic_length=336
|
|
)
|
|
|
|
secret = self.client.get(secret_id)
|
|
self.assertEqual(
|
|
(
|
|
b'\x2c\x91\x11\x72\x04\xd7\x45\xf3'
|
|
b'\x50\x0d\x63\x6a\x62\xf6\x4f\x0a'
|
|
b'\xb3\xba\xe5\x48\xaa\x53\xd4\x23'
|
|
b'\xb0\xd1\xf2\x7e\xbb\xa6\xf5\xe5'
|
|
b'\x67\x3a\x08\x1d\x70\xcc\xe7\xac'
|
|
b'\xfc\x48'
|
|
),
|
|
secret.value
|
|
)
|
|
|
|
def test_encrypt_decrypt(self):
|
|
"""
|
|
Test that the ProxyKmipClient can create an encryption key, encrypt
|
|
plain text with it, and then decrypt the cipher text, retrieving the
|
|
original plain text.
|
|
"""
|
|
# Create an encryption key.
|
|
key_id = self.client.create(
|
|
enums.CryptographicAlgorithm.AES,
|
|
256,
|
|
cryptographic_usage_mask=[
|
|
enums.CryptographicUsageMask.ENCRYPT,
|
|
enums.CryptographicUsageMask.DECRYPT
|
|
]
|
|
)
|
|
|
|
# Activate the encryption key.
|
|
self.client.activate(key_id)
|
|
|
|
# Encrypt some plain text.
|
|
plain_text = b'This is a secret message.'
|
|
cipher_text, iv = self.client.encrypt(
|
|
plain_text,
|
|
uid=key_id,
|
|
cryptographic_parameters={
|
|
'cryptographic_algorithm': enums.CryptographicAlgorithm.AES,
|
|
'block_cipher_mode': enums.BlockCipherMode.CBC,
|
|
'padding_method': enums.PaddingMethod.PKCS5
|
|
},
|
|
iv_counter_nonce=(
|
|
b'\x85\x1e\x87\x64\x77\x6e\x67\x96'
|
|
b'\xaa\xb7\x22\xdb\xb6\x44\xac\xe8'
|
|
)
|
|
)
|
|
|
|
self.assertEqual(None, iv)
|
|
|
|
# Decrypt the cipher text.
|
|
result = self.client.decrypt(
|
|
cipher_text,
|
|
uid=key_id,
|
|
cryptographic_parameters={
|
|
'cryptographic_algorithm': enums.CryptographicAlgorithm.AES,
|
|
'block_cipher_mode': enums.BlockCipherMode.CBC,
|
|
'padding_method': enums.PaddingMethod.PKCS5
|
|
},
|
|
iv_counter_nonce=(
|
|
b'\x85\x1e\x87\x64\x77\x6e\x67\x96'
|
|
b'\xaa\xb7\x22\xdb\xb6\x44\xac\xe8'
|
|
)
|
|
)
|
|
|
|
self.assertEqual(plain_text, result)
|
|
|
|
# Clean up.
|
|
self.client.revoke(
|
|
enums.RevocationReasonCode.CESSATION_OF_OPERATION,
|
|
key_id
|
|
)
|
|
self.client.destroy(key_id)
|
|
|
|
def test_create_key_pair_sign_signature_verify(self):
|
|
"""
|
|
Test that the ProxyKmipClient can create an asymmetric key pair and
|
|
then use that key pair (1) to sign data and (2) verify the signature
|
|
on the data.
|
|
"""
|
|
# Create a public/private key pair.
|
|
public_key_id, private_key_id = self.client.create_key_pair(
|
|
enums.CryptographicAlgorithm.RSA,
|
|
2048,
|
|
public_usage_mask=[
|
|
enums.CryptographicUsageMask.VERIFY
|
|
],
|
|
private_usage_mask=[
|
|
enums.CryptographicUsageMask.SIGN
|
|
]
|
|
)
|
|
|
|
self.assertIsInstance(public_key_id, str)
|
|
self.assertIsInstance(private_key_id, str)
|
|
|
|
# Activate the signing key and the signature verification key.
|
|
self.client.activate(private_key_id)
|
|
self.client.activate(public_key_id)
|
|
|
|
# Sign a message.
|
|
signature = self.client.sign(
|
|
b'This is a signed message.',
|
|
uid=private_key_id,
|
|
cryptographic_parameters={
|
|
'padding_method': enums.PaddingMethod.PSS,
|
|
'cryptographic_algorithm': enums.CryptographicAlgorithm.RSA,
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_256
|
|
}
|
|
)
|
|
|
|
self.assertIsInstance(signature, six.binary_type)
|
|
|
|
# Verify the message signature.
|
|
result = self.client.signature_verify(
|
|
b'This is a signed message.',
|
|
signature,
|
|
uid=public_key_id,
|
|
cryptographic_parameters={
|
|
'padding_method': enums.PaddingMethod.PSS,
|
|
'cryptographic_algorithm': enums.CryptographicAlgorithm.RSA,
|
|
'hashing_algorithm': enums.HashingAlgorithm.SHA_256
|
|
}
|
|
)
|
|
|
|
self.assertEqual(result, enums.ValidityIndicator.VALID)
|
|
|
|
# Clean up.
|
|
self.client.revoke(
|
|
enums.RevocationReasonCode.CESSATION_OF_OPERATION,
|
|
public_key_id
|
|
)
|
|
self.client.revoke(
|
|
enums.RevocationReasonCode.CESSATION_OF_OPERATION,
|
|
private_key_id
|
|
)
|
|
self.client.destroy(public_key_id)
|
|
self.client.destroy(private_key_id)
|
|
|
|
def test_create_getattributes_locate_destroy(self):
|
|
"""
|
|
Test that the ProxyKmipClient can create symmetric keys and then
|
|
locate those keys using their attributes.
|
|
"""
|
|
start_time = int(time.time())
|
|
time.sleep(2)
|
|
|
|
# Create some symmetric keys
|
|
a_id = self.client.create(enums.CryptographicAlgorithm.AES, 256)
|
|
|
|
time.sleep(2)
|
|
mid_time = int(time.time())
|
|
time.sleep(2)
|
|
|
|
b_id = self.client.create(enums.CryptographicAlgorithm.AES, 128)
|
|
|
|
time.sleep(2)
|
|
end_time = int(time.time())
|
|
|
|
self.assertIsInstance(a_id, str)
|
|
self.assertIsInstance(b_id, str)
|
|
|
|
# Get the "Initial Date" attributes for each key
|
|
result_id, result_attributes = self.client.get_attributes(
|
|
uid=a_id,
|
|
attribute_names=["Initial Date"]
|
|
)
|
|
self.assertEqual(1, len(result_attributes))
|
|
self.assertEqual(
|
|
"Initial Date",
|
|
result_attributes[0].attribute_name.value
|
|
)
|
|
initial_date_a = result_attributes[0].attribute_value.value
|
|
|
|
result_id, result_attributes = self.client.get_attributes(
|
|
uid=b_id,
|
|
attribute_names=["Initial Date"]
|
|
)
|
|
self.assertEqual(1, len(result_attributes))
|
|
self.assertEqual(
|
|
"Initial Date",
|
|
result_attributes[0].attribute_name.value
|
|
)
|
|
initial_date_b = result_attributes[0].attribute_value.value
|
|
|
|
# Test locating each key by its exact "Initial Date" value
|
|
result = self.client.locate(
|
|
attributes=[
|
|
self.attribute_factory.create_attribute(
|
|
enums.AttributeType.INITIAL_DATE,
|
|
initial_date_a
|
|
)
|
|
]
|
|
)
|
|
self.assertEqual(1, len(result))
|
|
self.assertEqual(a_id, result[0])
|
|
|
|
result = self.client.locate(
|
|
attributes=[
|
|
self.attribute_factory.create_attribute(
|
|
enums.AttributeType.INITIAL_DATE,
|
|
initial_date_b
|
|
)
|
|
]
|
|
)
|
|
self.assertEqual(1, len(result))
|
|
self.assertEqual(b_id, result[0])
|
|
|
|
# Test locating each key by a range around its "Initial Date" value
|
|
result = self.client.locate(
|
|
attributes=[
|
|
self.attribute_factory.create_attribute(
|
|
enums.AttributeType.INITIAL_DATE,
|
|
start_time
|
|
),
|
|
self.attribute_factory.create_attribute(
|
|
enums.AttributeType.INITIAL_DATE,
|
|
mid_time
|
|
)
|
|
]
|
|
)
|
|
self.assertEqual(1, len(result))
|
|
self.assertEqual(a_id, result[0])
|
|
|
|
result = self.client.locate(
|
|
attributes=[
|
|
self.attribute_factory.create_attribute(
|
|
enums.AttributeType.INITIAL_DATE,
|
|
mid_time
|
|
),
|
|
self.attribute_factory.create_attribute(
|
|
enums.AttributeType.INITIAL_DATE,
|
|
end_time
|
|
)
|
|
]
|
|
)
|
|
self.assertEqual(1, len(result))
|
|
self.assertEqual(b_id, result[0])
|
|
|
|
result = self.client.locate(
|
|
attributes=[
|
|
self.attribute_factory.create_attribute(
|
|
enums.AttributeType.INITIAL_DATE,
|
|
start_time
|
|
),
|
|
self.attribute_factory.create_attribute(
|
|
enums.AttributeType.INITIAL_DATE,
|
|
end_time
|
|
)
|
|
]
|
|
)
|
|
self.assertEqual(2, len(result))
|
|
self.assertIn(a_id, result)
|
|
self.assertIn(b_id, result)
|
|
|
|
# Clean up the keys
|
|
self.client.destroy(a_id)
|
|
self.client.destroy(b_id)
|