Update the object data model to support storing key wrapping data

This change updates the KMIP object model to support explicitly storing key wrapping data attributes. Key wrapping data is treated externally as a dictionary and is stored as individual fields in the back end. Various unit tests have been updated and added to support these additions.
2025-12-24 04:04:20 +00:00 · 2017-09-30 16:22:52 -04:00
parent aa798d939c
commit fc86e1bef4
8 changed files with 736 additions and 30 deletions
--- a/kmip/pie/factory.py
+++ b/kmip/pie/factory.py
@@ -85,9 +85,17 @@ class ObjectFactory:
        length = key.key_block.cryptographic_length.value
        value = key.key_block.key_value.key_material.value
        format_type = key.key_block.key_format_type.value
+        key_wrapping_data = key.key_block.key_wrapping_data

        if cls is pobjects.SymmetricKey:
-            key = cls(algorithm, length, value)
+            key = cls(
+                algorithm,
+                length,
+                value,
+                key_wrapping_data=self._build_key_wrapping_data(
+                    key_wrapping_data
+                )
+            )
            if key.key_format_type != format_type:
                raise TypeError(
                    "core key format type not compatible with Pie "
@@ -96,7 +104,15 @@ class ObjectFactory:
            else:
                return key
        else:
-            return cls(algorithm, length, value, format_type)
+            return cls(
+                algorithm,
+                length,
+                value,
+                format_type,
+                key_wrapping_data=self._build_key_wrapping_data(
+                    key_wrapping_data
+                )
+            )

    def _build_pie_secret_data(self, secret):
        secret_data_type = secret.secret_data_type.value
@@ -117,6 +133,11 @@ class ObjectFactory:

        key_material = cobjects.KeyMaterial(value)
        key_value = cobjects.KeyValue(key_material)
+        key_wrapping_data = None
+        if key.key_wrapping_data:
+            key_wrapping_data = cobjects.KeyWrappingData(
+                **key.key_wrapping_data
+            )
        key_block = cobjects.KeyBlock(
            key_format_type=misc.KeyFormatType(format_type),
            key_compression_type=None,
@@ -124,7 +145,8 @@ class ObjectFactory:
            cryptographic_algorithm=attributes.CryptographicAlgorithm(
                algorithm),
            cryptographic_length=attributes.CryptographicLength(length),
-            key_wrapping_data=None)
+            key_wrapping_data=key_wrapping_data
+        )

        return cls(key_block)

@@ -155,3 +177,54 @@ class ObjectFactory:
        opaque_data_type = secrets.OpaqueObject.OpaqueDataType(opaque_type)
        opaque_data_value = secrets.OpaqueObject.OpaqueDataValue(value)
        return secrets.OpaqueObject(opaque_data_type, opaque_data_value)
+
+    def _build_cryptographic_parameters(self, value):
+        cryptographic_parameters = {
+            'block_cipher_mode': value.block_cipher_mode,
+            'padding_method': value.padding_method,
+            'hashing_algorithm': value.hashing_algorithm,
+            'key_role_type': value.key_role_type,
+            'digital_signature_algorithm': value.digital_signature_algorithm,
+            'cryptographic_algorithm': value.cryptographic_algorithm,
+            'random_iv': value.random_iv,
+            'iv_length': value.iv_length,
+            'tag_length': value.tag_length,
+            'fixed_field_length': value.fixed_field_length,
+            'invocation_field_length': value.invocation_field_length,
+            'counter_length': value.counter_length,
+            'initial_counter_value': value.initial_counter_value
+        }
+        return cryptographic_parameters
+
+    def _build_key_wrapping_data(self, value):
+        if value is None:
+            return None
+        encryption_key_info = value.encryption_key_information
+        encryption_key_information = {}
+        if encryption_key_info:
+            encryption_key_information = {
+                'unique_identifier': encryption_key_info.unique_identifier,
+                'cryptographic_parameters':
+                    self._build_cryptographic_parameters(
+                        encryption_key_info.cryptographic_parameters
+                    )
+            }
+        mac_signature_key_info = value.mac_signature_key_information
+        mac_signature_key_information = {}
+        if mac_signature_key_info:
+            mac_signature_key_information = {
+                'unique_identifier': mac_signature_key_info.unique_identifier,
+                'cryptographic_parameters':
+                    self._build_cryptographic_parameters(
+                        mac_signature_key_info.cryptographic_parameters
+                    )
+            }
+        key_wrapping_data = {
+            'wrapping_method': value.wrapping_method,
+            'encryption_key_information': encryption_key_information,
+            'mac_signature_key_information': mac_signature_key_information,
+            'mac_signature': value.mac_signature,
+            'iv_counter_nonce': value.iv_counter_nonce,
+            'encoding_option': value.encoding_option
+        }
+        return key_wrapping_data