jgaunt/pykmip
2
0
Fork 0
mirror of https://github.com/openkmip/pykmip synced 2025-12-18 09:13:46 +00:00
Code Issues Releases Wiki Activity

Add CryptographicLength filtering support for the Locate operation

Browse Source 
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Length. If an object's type does not support the
Cryptographic Length attribute, the object is not a match. Unit
tests and integration tests have been added to test and verify
the correctness of this feature.

Additionally, the Locate demo scripts have also been updated to
support Cryptographic Length filtering. Simply use the
"--cryptographic-length" flag to specify a Cryptographic Length
integer value for the Locate script to filter on.
This commit is contained in:
Peter Hamilton
2019-07-31 12:07:28 -04:00
committed by Peter Hamilton
parent bf518c8393
commit 6dcae13c5b
7 changed files with 199 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
kmip/tests/unit/services/server/test_engine.py
View File

@@ -4977,6 +4977,94 @@ class TestKmipEngine(testtools.TestCase):
)
self.assertEqual(0, len(response_payload.unique_identifiers))
def test_locate_with_cryptographic_length(self):
"""
Test the Locate operation when the 'Cryptographic Length' attribute
is given.
"""
e = engine.KmipEngine()
e._data_store = self.engine
e._data_store_session_factory = self.session_factory
e._data_session = e._data_store_session_factory()
e._is_allowed_by_operation_policy = mock.Mock(return_value=True)
e._logger = mock.MagicMock()
key = (
b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
)
obj_a = pie_objects.SymmetricKey(
enums.CryptographicAlgorithm.AES,
128,
key,
name='name1'
)
obj_b = pie_objects.SecretData(
key,
enums.SecretDataType.PASSWORD
)
e._data_session.add(obj_a)
e._data_session.add(obj_b)
e._data_session.commit()
e._data_session = e._data_store_session_factory()
id_a = str(obj_a.unique_identifier)
attribute_factory = factory.AttributeFactory()
# Locate the symmetric key object based on its cryptographic length.
attrs = [
attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_LENGTH,
128
)
]
payload = payloads.LocateRequestPayload(attributes=attrs)
e._logger.reset_mock()
response_payload = e._process_locate(payload)
e._data_session.commit()
e._data_session = e._data_store_session_factory()
e._logger.info.assert_any_call("Processing operation: Locate")
e._logger.debug.assert_any_call(
"Locate filter matched object: {}".format(id_a)
)
e._logger.debug.assert_any_call(
"Failed match: "
"the specified attribute (Cryptographic Length) is not "
"applicable for the object's object type (SECRET_DATA)."
)
self.assertEqual(1, len(response_payload.unique_identifiers))
self.assertIn(id_a, response_payload.unique_identifiers)
# Try to locate a non-existent object based on its cryptographic
# algorithm.
attrs = [
attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_LENGTH,
2048
)
]
payload = payloads.LocateRequestPayload(attributes=attrs)
e._logger.reset_mock()
response_payload = e._process_locate(payload)
e._data_session.commit()
e._data_session = e._data_store_session_factory()
e._logger.info.assert_any_call("Processing operation: Locate")
e._logger.debug.assert_any_call(
"Failed match: "
"the specified cryptographic length (2048) does not match "
"the object's cryptographic length (128)."
)
e._logger.debug.assert_any_call(
"Failed match: "
"the specified attribute (Cryptographic Length) is not "
"applicable for the object's object type (SECRET_DATA)."
)
self.assertEqual(0, len(response_payload.unique_identifiers))
def test_get(self):
"""
Test that a Get request can be processed correctly.