From 1773fba67c892daafb33b583248de12e53ec740b Mon Sep 17 00:00:00 2001 From: Grace Lombardi Date: Tue, 12 Jul 2022 13:54:51 -0400 Subject: [PATCH] Updated client integration tests, Added test for Application Specific Information --- .travis/run.sh | 16 +++--- .travis/server.conf | 3 +- kmip/core/factories/attribute_values.py | 10 ++-- kmip/pie/client.py | 12 +++- .../services/test_proxykmipclient.py | 57 +++++++++++++++---- 5 files changed, 72 insertions(+), 26 deletions(-) diff --git a/.travis/run.sh b/.travis/run.sh index 7baf0fb..fd17850 100755 --- a/.travis/run.sh +++ b/.travis/run.sh @@ -12,10 +12,10 @@ if [[ "${RUN_INTEGRATION_TESTS}" == "1" ]]; then sudo cp ./.travis/pykmip.conf /etc/pykmip/pykmip.conf sudo cp ./.travis/server.conf /etc/pykmip/server.conf sudo cp ./.travis/policy.json /etc/pykmip/policies/policy.json - sudo mkdir /var/log/pykmip + sudo mkdir -p /var/log/pykmip sudo chmod 777 /var/log/pykmip - python ./bin/run_server.py & - tox -e integration -- --config client + sudo python3 ./bin/run_server.py & + sudo tox -e integration -- --config client elif [[ "${RUN_INTEGRATION_TESTS}" == "2" ]]; then # Set up the SLUGS instance cp -r ./.travis/functional/slugs /tmp/ @@ -23,14 +23,14 @@ elif [[ "${RUN_INTEGRATION_TESTS}" == "2" ]]; then # Set up the PyKMIP server cp -r ./.travis/functional/pykmip /tmp/ - python ./bin/create_certificates.py + sudo python3 ./bin/create_certificates.py mv *.pem /tmp/pykmip/certs/ - sudo mkdir /var/log/pykmip + sudo mkdir -p /var/log/pykmip sudo chmod 777 /var/log/pykmip - pykmip-server -f /tmp/pykmip/server.conf -l /tmp/pykmip/server.log & + sudo pykmip-server -f /tmp/pykmip/server.conf -l /tmp/pykmip/server.log & # Run the functional tests - tox -e functional -- --config-file /tmp/pykmip/client.conf + sudo tox -e functional -- --config-file /tmp/pykmip/client.conf else - tox + sudo tox fi diff --git a/.travis/server.conf b/.travis/server.conf index 61f18a3..5988b42 100644 --- a/.travis/server.conf +++ b/.travis/server.conf @@ -4,6 +4,7 @@ port=5696 certificate_path=/etc/pykmip/certs/cert.pem key_path=/etc/pykmip/certs/key.pem ca_path=/etc/pykmip/certs/cert.pem -auth_suite=Basic +auth_suite=TLS1.2 enable_tls_client_auth=False policy_path=/etc/pykmip/policies/ +database_path=/tmp/pykmip.db diff --git a/kmip/core/factories/attribute_values.py b/kmip/core/factories/attribute_values.py index 4a1c4a5..20d6a5d 100644 --- a/kmip/core/factories/attribute_values.py +++ b/kmip/core/factories/attribute_values.py @@ -17,6 +17,7 @@ from kmip.core import attributes from kmip.core import enums from kmip.core import primitives from kmip.core import utils +import json class AttributeValueFactory(object): @@ -274,10 +275,11 @@ class AttributeValueFactory(object): def _create_application_specific_information(self, info): if info: - return attributes.ApplicationSpecificInformation( - application_namespace=info.get("application_namespace"), - application_data=info.get("application_data") - ) + for k,v in info.items(): + return attributes.ApplicationSpecificInformation( + k, + v + ) else: return attributes.ApplicationSpecificInformation() diff --git a/kmip/pie/client.py b/kmip/pie/client.py index 8e3ba3a..92ec146 100644 --- a/kmip/pie/client.py +++ b/kmip/pie/client.py @@ -25,6 +25,7 @@ from kmip.core.factories import attributes from kmip.core.attributes import CryptographicParameters from kmip.core.attributes import DerivationParameters + from kmip.core.messages import payloads from kmip.pie import exceptions @@ -559,8 +560,15 @@ class ProxyKmipClient(object): if hasattr(managed_object, '_application_specific_informations'): if managed_object._application_specific_informations: - for attr in managed_object._application_specific_informations: - object_attributes.append(attr) + for attr in managed_object._application_specific_informations: + app_dict = {} + app_dict[attr] = managed_object._application_specific_informations[attr] + attribute = self.attribute_factory.create_attribute( + name=enums.AttributeType.APPLICATION_SPECIFIC_INFORMATION, + value=app_dict, + index=1 + ) + object_attributes.append(attribute) template = cobjects.TemplateAttribute(attributes=object_attributes) object_type = managed_object.object_type diff --git a/kmip/tests/integration/services/test_proxykmipclient.py b/kmip/tests/integration/services/test_proxykmipclient.py index aeecc03..62d7988 100644 --- a/kmip/tests/integration/services/test_proxykmipclient.py +++ b/kmip/tests/integration/services/test_proxykmipclient.py @@ -39,7 +39,10 @@ class TestProxyKmipClientIntegration(testtools.TestCase): uuids = self.client.locate() for uuid in uuids: - self.client.destroy(uid=uuid) + try: + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uuid) + finally: + self.client.destroy(uid=uuid) def test_symmetric_key_create_get_destroy(self): """ @@ -57,6 +60,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): enums.CryptographicAlgorithm.AES) self.assertEqual(key.cryptographic_length, 256) finally: + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uid) self.client.destroy(uid) self.assertRaises( exceptions.KmipOperationFailure, self.client.get, uid) @@ -100,10 +104,8 @@ class TestProxyKmipClientIntegration(testtools.TestCase): self.assertNotEqual(unwrapped_key.value, wrapped_key.value) - self.client.revoke( - enums.RevocationReasonCode.CESSATION_OF_OPERATION, - wrapping_id - ) + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, key_id) + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, wrapping_id) self.client.destroy(key_id) self.client.destroy(wrapping_id) @@ -131,6 +133,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): self.assertEqual( result, key, "expected {0}\nobserved {1}".format(result, key)) finally: + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uid) self.client.destroy(uid) self.assertRaises( exceptions.KmipOperationFailure, self.client.get, uid) @@ -181,6 +184,30 @@ class TestProxyKmipClientIntegration(testtools.TestCase): enums.EncodingOption.NO_ENCODING, key_wrapping_data.get('encoding_option') ) + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, key_id) + self.client.destroy(key_id) + + def test_register_app_specific_get(self): + """ + Test that a key with app specifc info can be registered with the server and that its + metadata is retrieved with the get operation. + """ + key = objects.SymmetricKey( + enums.CryptographicAlgorithm.AES, + 128, + (b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E' + b'\x0F'), + app_specific_info={ + 'application_namespace': 'Testing', + 'application_data': 'Testing2' + } + ) + key_id = self.client.register(key) + result = self.client.get(key_id) + app_specific_info = result.app_specific_info + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, key_id) + self.client.destroy(key_id) + def test_asymmetric_key_pair_create_get_destroy(self): """ @@ -211,6 +238,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): enums.CryptographicAlgorithm.RSA) self.assertEqual(private_key.cryptographic_length, 2048) finally: + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, public_uid) self.client.destroy(public_uid) self.assertRaises( exceptions.KmipOperationFailure, self.client.get, public_uid) @@ -218,6 +246,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): exceptions.KmipOperationFailure, self.client.destroy, public_uid) + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, private_uid) self.client.destroy(private_uid) self.assertRaises( exceptions.KmipOperationFailure, self.client.get, private_uid) @@ -264,6 +293,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): self.assertEqual( result, key, "expected {0}\nobserved {1}".format(result, key)) finally: + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uid) self.client.destroy(uid) self.assertRaises( exceptions.KmipOperationFailure, self.client.get, uid) @@ -371,6 +401,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): self.assertEqual( result, key, "expected {0}\nobserved {1}".format(result, key)) finally: + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uid) self.client.destroy(uid) self.assertRaises( exceptions.KmipOperationFailure, self.client.get, uid) @@ -449,6 +480,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): result, cert, "expected {0}\nobserved {1}".format( result, cert)) finally: + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uid) self.client.destroy(uid) self.assertRaises( exceptions.KmipOperationFailure, self.client.get, uid) @@ -476,6 +508,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): result, secret, "expected {0}\nobserved {1}".format( result, secret)) finally: + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uid) self.client.destroy(uid) self.assertRaises( exceptions.KmipOperationFailure, self.client.get, uid) @@ -570,6 +603,8 @@ class TestProxyKmipClientIntegration(testtools.TestCase): attribute.attribute_name.value ) self.assertEqual(160, attribute.attribute_value.value) + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, key_id) + self.client.destroy(key_id) def test_derive_key_using_encryption(self): """ @@ -798,10 +833,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): self.assertEqual(plain_text, result) # Clean up. - self.client.revoke( - enums.RevocationReasonCode.CESSATION_OF_OPERATION, - key_id - ) + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, key_id) self.client.destroy(key_id) def test_create_key_pair_sign_signature_verify(self): @@ -858,11 +890,11 @@ class TestProxyKmipClientIntegration(testtools.TestCase): # Clean up. self.client.revoke( - enums.RevocationReasonCode.CESSATION_OF_OPERATION, + enums.RevocationReasonCode.KEY_COMPROMISE, public_key_id ) self.client.revoke( - enums.RevocationReasonCode.CESSATION_OF_OPERATION, + enums.RevocationReasonCode.KEY_COMPROMISE, private_key_id ) self.client.destroy(public_key_id) @@ -1293,6 +1325,8 @@ class TestProxyKmipClientIntegration(testtools.TestCase): self.assertEqual(0, len(result)) # Clean up the keys + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, a_id) + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, b_id) self.client.destroy(a_id) self.client.destroy(b_id) @@ -1344,6 +1378,7 @@ class TestProxyKmipClientIntegration(testtools.TestCase): self.assertEqual(enums.SplitKeyMethod.XOR, result.split_key_method) self.assertIsNone(result.prime_field_size) finally: + self.client.revoke(enums.RevocationReasonCode.KEY_COMPROMISE, uid) self.client.destroy(uid) self.assertRaises( exceptions.KmipOperationFailure, self.client.get, uid)