Adding revoke operation

2026-01-06 10:33:35 +00:00 · 2015-06-25 13:40:55 +01:00
parent a7e2084385
commit 30ff7e78bf
10 changed files with 595 additions and 4 deletions
--- a/kmip/core/enums.py
+++ b/kmip/core/enums.py
@@ -620,3 +620,12 @@ class ObjectGroupMember(Enum):
 class StorageStatusMask(Enum):
    ONLINE_STORAGE      = 0x00000001
    ARCHIVAL_STORAGE    = 0x00000002
+
+class RevocationReasonCode(Enum):
+    UNSPECIFIED            = 0x00000001
+    KEY_COMPROMISE         = 0x00000002
+    CA_COMPROMISE          = 0x00000003
+    AFFILIATION_CHANGED    = 0x00000004
+    SUPERSEDED             = 0x00000005
+    CESSATION_OF_OPERATION = 0x00000006
+    PRIVILEGE_WITHDRAWN    = 0x00000007
--- a/kmip/core/factories/payloads/request.py
+++ b/kmip/core/factories/payloads/request.py
@@ -25,6 +25,7 @@ from kmip.core.messages.payloads import locate
 from kmip.core.messages.payloads import query
 from kmip.core.messages.payloads import rekey_key_pair
 from kmip.core.messages.payloads import register
+from kmip.core.messages.payloads import revoke


 class RequestPayloadFactory(PayloadFactory):
@@ -58,3 +59,6 @@ class RequestPayloadFactory(PayloadFactory):

    def _create_activate_payload(self):
        return activate.ActivateRequestPayload()
+
+    def _create_revoke_payload(self):
+        return revoke.RevokeRequestPayload()
--- a/kmip/core/factories/payloads/response.py
+++ b/kmip/core/factories/payloads/response.py
@@ -25,6 +25,7 @@ from kmip.core.messages.payloads import locate
 from kmip.core.messages.payloads import query
 from kmip.core.messages.payloads import rekey_key_pair
 from kmip.core.messages.payloads import register
+from kmip.core.messages.payloads import revoke


 class ResponsePayloadFactory(PayloadFactory):
@@ -58,3 +59,6 @@ class ResponsePayloadFactory(PayloadFactory):

    def _create_activate_payload(self):
        return activate.ActivateResponsePayload()
+
+    def _create_revoke_payload(self):
+        return revoke.RevokeResponsePayload()
--- a/kmip/core/messages/payloads/revoke.py
+++ b/kmip/core/messages/payloads/revoke.py
@@ -0,0 +1,193 @@
+# Copyright (c) 2015 Hewlett Packard Development Company, L.P.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from kmip.core import attributes
+from kmip.core import enums
+from kmip.core import objects
+from kmip.core import primitives
+
+from kmip.core.primitives import Struct
+
+from kmip.core.utils import BytearrayStream
+
+
+class RevokeRequestPayload(Struct):
+    """
+    A request payload for the Revoke operation.
+
+    The payload contains a UUID of a cryptographic object that that server
+    should revoke. See Section 4.20 of the KMIP 1.1 specification for more
+    information.
+
+    Attributes:
+        unique_identifier: The UUID of a managed cryptographic object
+        revocation_reason: The reason why the object was revoked
+        compromised_date: The date of compromise if the object was compromised
+    """
+
+    def __init__(self,
+                 unique_identifier=None,
+                 revocation_reason=None,
+                 compromise_date=None):
+        """
+        Construct a RevokeRequestPayload object.
+        Args:
+            unique_identifier (UniqueIdentifier): The UUID of a managed
+                cryptographic object.
+            revocation_reason (RevocationReason): The reason why the object was
+                revoked.
+            compromise_date (DateTime): the date of compromise if the object
+                was compromised.
+        """
+        super(RevokeRequestPayload, self).__init__(
+            tag=enums.Tags.REQUEST_PAYLOAD)
+        self.unique_identifier = unique_identifier
+        self.compromise_date = compromise_date
+        self.revocation_reason = revocation_reason
+        if self.revocation_reason is None:
+            self.revocation_reason = objects.RevocationReason()
+        self.validate()
+
+    def read(self, istream):
+        """
+        Read the data encoding the RevokeRequestPayload object and decode it
+        into its constituent parts.
+        Args:
+            istream (Stream): A data stream containing encoded object data,
+                supporting a read method; usually a BytearrayStream object.
+        """
+        super(RevokeRequestPayload, self).read(istream)
+        tstream = BytearrayStream(istream.read(self.length))
+
+        self.unique_identifier = attributes.UniqueIdentifier()
+        self.unique_identifier.read(tstream)
+
+        self.revocation_reason = objects.RevocationReason()
+        self.revocation_reason.read(tstream)
+
+        if self.is_tag_next(enums.Tags.COMPROMISE_OCCURRENCE_DATE, tstream):
+            self.compromise_date = primitives.DateTime(
+                tag=enums.Tags.COMPROMISE_OCCURRENCE_DATE)
+            self.compromise_date.read(tstream)
+
+        self.is_oversized(tstream)
+        self.validate()
+
+    def write(self, ostream):
+        """
+        Write the data encoding the RevokeRequestPayload object to a stream.
+        Args:
+            ostream (Stream): A data stream in which to encode object data,
+                supporting a write method; usually a BytearrayStream object.
+        """
+        tstream = BytearrayStream()
+
+        # Write the contents of the request payload
+        if self.unique_identifier is not None:
+            self.unique_identifier.write(tstream)
+
+        self.revocation_reason.write(tstream)
+
+        if self.compromise_date is not None:
+            self.compromise_date.write(tstream)
+
+        # Write the length and value of the request payload
+        self.length = tstream.length()
+        super(RevokeRequestPayload, self).write(ostream)
+        ostream.write(tstream.buffer)
+
+    def validate(self):
+        """
+        Error check the attributes of the ActivateRequestPayload object.
+        """
+        if self.unique_identifier is not None:
+            if not isinstance(self.unique_identifier,
+                              attributes.UniqueIdentifier):
+                msg = "invalid unique identifier"
+                raise TypeError(msg)
+        if self.compromise_date is not None:
+            if not isinstance(self.compromise_date, primitives.DateTime):
+                msg = "invalid compromise time"
+                raise TypeError(msg)
+        if not isinstance(self.revocation_reason, objects.RevocationReason):
+            msg = "invalid revocation reason"
+            raise TypeError(msg)
+
+
+class RevokeResponsePayload(Struct):
+    """
+    A response payload for the Revoke operation.
+    The payload contains the server response to the initial Revoke request.
+    See Section 4.20 of the KMIP 1.1 specification for more information.
+    Attributes:
+        unique_identifier: The UUID of a managed cryptographic object.
+    """
+    def __init__(self,
+                 unique_identifier=None):
+        """
+        Construct a RevokeResponsePayload object.
+        Args:
+            unique_identifier (UniqueIdentifier): The UUID of a managed
+                cryptographic object.
+        """
+        super(RevokeResponsePayload, self).__init__(
+            tag=enums.Tags.RESPONSE_PAYLOAD)
+        if unique_identifier is None:
+            self.unique_identifier = attributes.UniqueIdentifier()
+        else:
+            self.unique_identifier = unique_identifier
+        self.validate()
+
+    def read(self, istream):
+        """
+        Read the data encoding the RevokeResponsePayload object and decode it
+        into its constituent parts.
+        Args:
+            istream (Stream): A data stream containing encoded object data,
+                supporting a read method; usually a BytearrayStream object.
+        """
+        super(RevokeResponsePayload, self).read(istream)
+        tstream = BytearrayStream(istream.read(self.length))
+
+        self.unique_identifier = attributes.UniqueIdentifier()
+        self.unique_identifier.read(tstream)
+
+        self.is_oversized(tstream)
+        self.validate()
+
+    def write(self, ostream):
+        """
+        Write the data encoding the RevokeResponsePayload object to a stream.
+        Args:
+            ostream (Stream): A data stream in which to encode object data,
+                supporting a write method; usually a BytearrayStream object.
+        """
+        tstream = BytearrayStream()
+
+        # Write the contents of the response payload
+        self.unique_identifier.write(tstream)
+
+        # Write the length and value of the request payload
+        self.length = tstream.length()
+        super(RevokeResponsePayload, self).write(ostream)
+        ostream.write(tstream.buffer)
+
+    def validate(self):
+        """
+        Error check the attributes of the RevokeRequestPayload object.
+        """
+        if not isinstance(self.unique_identifier, attributes.UniqueIdentifier):
+            msg = "invalid unique identifier"
+            raise TypeError(msg)
--- a/kmip/core/objects.py
+++ b/kmip/core/objects.py
@@ -25,6 +25,7 @@ from kmip.core.enums import AttributeType
 from kmip.core.enums import Tags
 from kmip.core.enums import Types
 from kmip.core.enums import CredentialType
+from kmip.core.enums import RevocationReasonCode as RevocationReasonCodeEnum

 from kmip.core.errors import ErrorStrings
 from kmip.core.misc import KeyFormatType
@@ -1177,3 +1178,102 @@ class ExtensionInformation(Struct):
            extension_name=extension_name,
            extension_tag=extension_tag,
            extension_type=extension_type)
+
+
+# 3.31, 9.1.3.2.19
+class RevocationReasonCode(Enumeration):
+    ENUM_TYPE = RevocationReasonCodeEnum
+
+    def __init__(self, value=RevocationReasonCodeEnum.UNSPECIFIED):
+        super(RevocationReasonCode, self).__init__(
+            value=value, tag=Tags.REVOCATION_REASON_CODE)
+
+
+# 3.31
+class RevocationReason(Struct):
+    """
+    A structure describing  the reason for a revocation operation.
+
+    See Sections 2.1.9 and 4.25 of the KMIP 1.1 specification for
+    more information.
+
+    Attributes:
+        code: The revocation reason code enumeration
+        message: An optional revocation message
+    """
+
+    def __init__(self, code=None, message=None):
+        """
+        Construct a RevocationReason object.
+
+        Parameters:
+            code(RevocationReasonCode): revocation reason code
+            message(string): An optional revocation message
+        """
+        super(RevocationReason, self).__init__(tag=Tags.REVOCATION_REASON)
+        if code is not None:
+            self.revocation_code = RevocationReasonCode(value=code)
+        else:
+            self.revocation_code = RevocationReasonCode()
+
+        if message is not None:
+            self.revocation_message = TextString(
+                value=message,
+                tag=Tags.REVOCATION_MESSAGE)
+        else:
+            self.revocation_message = None
+
+        self.validate()
+
+    def read(self, istream):
+        """
+        Read the data encoding the RevocationReason object and decode it
+        into its constituent parts.
+
+        Args:
+            istream (Stream): A data stream containing encoded object data,
+                supporting a read method; usually a BytearrayStream object.
+        """
+        super(RevocationReason, self).read(istream)
+        tstream = BytearrayStream(istream.read(self.length))
+
+        self.revocation_code = RevocationReasonCode()
+        self.revocation_code.read(tstream)
+
+        if self.is_tag_next(Tags.REVOCATION_MESSAGE, tstream):
+            self.revocation_message = TextString()
+            self.revocation_message.read(tstream)
+
+        self.is_oversized(tstream)
+        self.validate()
+
+    def write(self, ostream):
+        """
+        Write the data encoding the RevocationReason object to a stream.
+
+        Args:
+            ostream (Stream): A data stream in which to encode object data,
+                supporting a write method; usually a BytearrayStream object.
+        """
+        tstream = BytearrayStream()
+
+        self.revocation_code.write(tstream)
+        if self.revocation_message is not None:
+            self.revocation_message.write(tstream)
+
+        # Write the length and value
+        self.length = tstream.length()
+        super(RevocationReason, self).write(ostream)
+        ostream.write(tstream.buffer)
+
+    def validate(self):
+        """
+        validate the RevocationReason object
+        """
+        if not isinstance(self.revocation_code, RevocationReasonCode):
+            msg = "RevocationReaonCode expected"
+            raise TypeError(msg)
+        if self.revocation_message is not None:
+            if not isinstance(self.revocation_message, TextString):
+                msg = "TextString expect"
+                raise TypeError(msg)