jgaunt/pykmip
2
0
Fork 0
mirror of https://github.com/openkmip/pykmip synced 2025-12-21 18:53:15 +00:00
Code Issues Releases Wiki Activity

Add SplitKey server integration tests

Browse Source 
This change adds integration tests that test registering,
retrieving, and destroying SplitKey objects with the server.
Minor updates are included for the client and server to ensure
that SplitKey operations function as expected.

Partially implements #545
This commit is contained in:
Peter Hamilton
2019-09-20 13:36:01 -04:00
committed by Peter Hamilton
parent a8713fc909
commit 29750cbda6
6 changed files with 191 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
kmip/tests/integration/services/test_integration.py
View File

@@ -54,6 +54,7 @@ from kmip.core.secrets import PublicKey
from kmip.core.secrets import Certificate
from kmip.core.secrets import SecretData
from kmip.core.secrets import OpaqueObject
from kmip.core.secrets import SplitKey
@pytest.mark.usefixtures("client")
@@ -1675,3 +1676,105 @@ class TestIntegration(testtools.TestCase):
ResultStatus.OPERATION_FAILED,
result.result_status.value
)
def test_split_key_register_get_destroy(self):
"""
Tests that split keys are properly registered, retrieved, and
destroyed.
"""
usage_mask = self.attr_factory.create_attribute(
AttributeType.CRYPTOGRAPHIC_USAGE_MASK,
[CryptographicUsageMask.ENCRYPT, CryptographicUsageMask.DECRYPT]
)
key_name = "Integration Test - Register-Get-Destroy Split Key"
name = self.attr_factory.create_attribute(AttributeType.NAME, key_name)
template_attribute = TemplateAttribute(attributes=[usage_mask, name])
key_data = (
b'\x00\x00\x00\x00\x00\x00\x00\x00'
b'\x00\x00\x00\x00\x00\x00\x00\x00'
)
key_block = KeyBlock(
key_format_type=KeyFormatType(KeyFormatTypeEnum.RAW),
key_compression_type=None,
key_value=KeyValue(KeyMaterial(key_data)),
cryptographic_algorithm=CryptographicAlgorithm(
CryptoAlgorithmEnum.AES
),
cryptographic_length=CryptographicLength(128),
key_wrapping_data=None
)
secret = SplitKey(
split_key_parts=3,
key_part_identifier=1,
split_key_threshold=2,
split_key_method=enums.SplitKeyMethod.XOR,
prime_field_size=None,
key_block=key_block
)
result = self.client.register(
ObjectType.SPLIT_KEY,
template_attribute,
secret,
credential=None
)
self._check_result_status(result, ResultStatus, ResultStatus.SUCCESS)
self._check_uuid(result.uuid, str)
# Check that the returned key bytes match what was provided
uuid = result.uuid
result = self.client.get(uuid=uuid, credential=None)
self._check_result_status(result, ResultStatus, ResultStatus.SUCCESS)
self._check_object_type(
result.object_type,
ObjectType,
ObjectType.SPLIT_KEY
)
self._check_uuid(result.uuid, str)
self.assertEqual(3, result.secret.split_key_parts)
self.assertEqual(1, result.secret.key_part_identifier)
self.assertEqual(2, result.secret.split_key_threshold)
self.assertEqual(
enums.SplitKeyMethod.XOR,
result.secret.split_key_method
)
self.assertIsNone(result.secret.prime_field_size)
# Check the secret type
self.assertIsInstance(result.secret, SplitKey)
self.assertEqual(
key_data,
result.secret.key_block.key_value.key_material.value
)
self.logger.debug(
'Destroying key: ' + key_name + '\nWith UUID: ' + result.uuid
)
result = self.client.destroy(result.uuid)
self._check_result_status(
result,
ResultStatus,
ResultStatus.SUCCESS
)
self._check_uuid(result.uuid.value, str)
# Verify the secret was destroyed
result = self.client.get(uuid=uuid, credential=None)
self._check_result_status(
result,
ResultStatus,
ResultStatus.OPERATION_FAILED
)
self.assertIsInstance(result.result_reason.value, ResultReason)
self.assertEqual(
ResultReason.ITEM_NOT_FOUND,
result.result_reason.value
)