Add MAC operation support for client

2025-12-16 00:04:26 +00:00 · 2017-01-31 09:06:24 -08:00
parent a2696b722f
commit 2d45f33d43
9 changed files with 423 additions and 10 deletions
--- a/kmip/pie/client.py
+++ b/kmip/pie/client.py
@@ -21,6 +21,9 @@ from kmip.core import objects as cobjects

 from kmip.core.factories import attributes

+from kmip.core.attributes import CryptographicParameters, \
+    CryptographicAlgorithm
+
 from kmip.pie import api
 from kmip.pie import exceptions
 from kmip.pie import factory
@@ -476,6 +479,58 @@ class ProxyKmipClient(api.KmipClient):
            message = result.result_message.value
            raise exceptions.KmipOperationFailure(status, reason, message)

+    def mac(self, uid, algorithm, data):
+        """
+        Get the message authentication code for data.
+
+        Args:
+            uid (string): The unique ID of the managed object that is the key
+                to use for the MAC operation.
+            algorithm (CryptographicAlgorithm): An enumeration defining the
+                algorithm to use to generate the MAC.
+            data (string): The data to be MACed.
+
+
+        Returns:
+            string: The unique ID of the managed object that is the key
+                to use for the MAC operation.
+            string: The data MACed
+
+        Raises:
+            ClientConnectionNotOpen: if the client connection is unusable
+            KmipOperationFailure: if the operation result is a failure
+            TypeError: if the input arguments are invalid
+        """
+        # Check inputs
+        if not isinstance(uid, six.string_types):
+            raise TypeError("uid must be a string")
+        if not isinstance(algorithm, enums.CryptographicAlgorithm):
+            raise TypeError(
+                "algorithm must be a CryptographicAlgorithm enumeration")
+        if not isinstance(data, six.binary_type):
+            raise TypeError(
+                "data must be bytes")
+
+        # Verify that operations can be given at this time
+        if not self._is_open:
+            raise exceptions.ClientConnectionNotOpen()
+
+        parameters_attribute = CryptographicParameters(
+            cryptographic_algorithm=CryptographicAlgorithm(algorithm))
+
+        # Create the symmetric key and handle the results
+        result = self.proxy.mac(uid, parameters_attribute, data)
+
+        status = result.result_status.value
+        if status == enums.ResultStatus.SUCCESS:
+            uid = result.uuid.value
+            mac_data = result.mac_data.value
+            return uid, mac_data
+        else:
+            reason = result.result_reason.value
+            message = result.result_message.value
+            raise exceptions.KmipOperationFailure(status, reason, message)
+
    def _build_key_attributes(self, algorithm, length):
        # Build a list of core key attributes.
        algorithm_attribute = self.attribute_factory.create_attribute(