jgaunt/pykmip
2
0
Fork 0
mirror of https://github.com/openkmip/pykmip synced 2025-12-10 21:33:15 +00:00
Code Issues Releases Wiki Activity

Add CryptographicAlgorithm filtering support for Locate

Browse Source 
This change updates Locate operation support in the PyKMIP server,
allowing users to filter objects based on the object's
Cryptographic Algorithm. If an object's type does not support the
Cryptographic Algorithm attribute, that object is not a match.
Unit tests and integration tests have been added to test and
verify the correctness of this feature.

Additionally, the Locate demo scripts have also been updated to
support Cryptographic Algorithm filtering. Simply use the
"--cryptographic-algorithm" flag to specify a Cryptographic
Algorithm enumeration for the Locate script to filter on.
This commit is contained in:
Peter Hamilton
2019-07-30 18:05:26 -04:00
committed by Peter Hamilton
parent d74b394261
commit bf518c8393
7 changed files with 232 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
kmip/tests/unit/services/server/test_engine.py
View File

@@ -4889,6 +4889,94 @@ class TestKmipEngine(testtools.TestCase):
)
self.assertEqual(0, len(response_payload.unique_identifiers))
def test_locate_with_cryptographic_algorithm(self):
"""
Test the Locate operation when the 'Cryptographic Algorithm' attribute
is given.
"""
e = engine.KmipEngine()
e._data_store = self.engine
e._data_store_session_factory = self.session_factory
e._data_session = e._data_store_session_factory()
e._is_allowed_by_operation_policy = mock.Mock(return_value=True)
e._logger = mock.MagicMock()
key = (
b'\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
)
obj_a = pie_objects.SymmetricKey(
enums.CryptographicAlgorithm.AES,
128,
key,
name='name1'
)
obj_b = pie_objects.SecretData(
key,
enums.SecretDataType.PASSWORD
)
e._data_session.add(obj_a)
e._data_session.add(obj_b)
e._data_session.commit()
e._data_session = e._data_store_session_factory()
id_a = str(obj_a.unique_identifier)
attribute_factory = factory.AttributeFactory()
# Locate the symmetric key object based on its cryptographic algorithm.
attrs = [
attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM,
enums.CryptographicAlgorithm.AES
)
]
payload = payloads.LocateRequestPayload(attributes=attrs)
e._logger.reset_mock()
response_payload = e._process_locate(payload)
e._data_session.commit()
e._data_session = e._data_store_session_factory()
e._logger.info.assert_any_call("Processing operation: Locate")
e._logger.debug.assert_any_call(
"Locate filter matched object: {}".format(id_a)
)
e._logger.debug.assert_any_call(
"Failed match: "
"the specified attribute (Cryptographic Algorithm) is not "
"applicable for the object's object type (SECRET_DATA)."
)
self.assertEqual(1, len(response_payload.unique_identifiers))
self.assertIn(id_a, response_payload.unique_identifiers)
# Try to locate a non-existent object based on its cryptographic
# algorithm.
attrs = [
attribute_factory.create_attribute(
enums.AttributeType.CRYPTOGRAPHIC_ALGORITHM,
enums.CryptographicAlgorithm.RSA
)
]
payload = payloads.LocateRequestPayload(attributes=attrs)
e._logger.reset_mock()
response_payload = e._process_locate(payload)
e._data_session.commit()
e._data_session = e._data_store_session_factory()
e._logger.info.assert_any_call("Processing operation: Locate")
e._logger.debug.assert_any_call(
"Failed match: "
"the specified cryptographic algorithm (RSA) does not match "
"the object's cryptographic algorithm (AES)."
)
e._logger.debug.assert_any_call(
"Failed match: "
"the specified attribute (Cryptographic Algorithm) is not "
"applicable for the object's object type (SECRET_DATA)."
)
self.assertEqual(0, len(response_payload.unique_identifiers))
def test_get(self):
"""
Test that a Get request can be processed correctly.