diff --git a/kmip/core/factories/secrets.py b/kmip/core/factories/secrets.py index 70bafc3..0c8da35 100644 --- a/kmip/core/factories/secrets.py +++ b/kmip/core/factories/secrets.py @@ -183,11 +183,11 @@ class SecretFactory(object): crypto_length = CryptographicLength(cryptographic_length) key_wrap_data = None - if key_wrapping_data is not None: + if key_wrapping_data: # TODO (peter-hamilton) This currently isn't used in the tests # TODO (peter-hamilton) but needs to be updated to properly # TODO (peter-hamilton) create a KeyWrappingData object. - key_wrap_data = KeyWrappingData(key_wrapping_data) + key_wrap_data = KeyWrappingData(**key_wrapping_data) key_block = KeyBlock(key_format_type, key_comp_type, diff --git a/kmip/services/server/engine.py b/kmip/services/server/engine.py index 89631ae..805f1e2 100644 --- a/kmip/services/server/engine.py +++ b/kmip/services/server/engine.py @@ -534,21 +534,24 @@ class KmipEngine(object): 'cryptographic_algorithm': obj.cryptographic_algorithm, 'cryptographic_length': obj.cryptographic_length, 'key_format_type': obj.key_format_type, - 'key_value': obj.value + 'key_value': obj.value, + 'key_wrapping_data': obj.key_wrapping_data } elif object_type == enums.ObjectType.PUBLIC_KEY: value = { 'cryptographic_algorithm': obj.cryptographic_algorithm, 'cryptographic_length': obj.cryptographic_length, 'key_format_type': obj.key_format_type, - 'key_value': obj.value + 'key_value': obj.value, + 'key_wrapping_data': obj.key_wrapping_data } elif object_type == enums.ObjectType.PRIVATE_KEY: value = { 'cryptographic_algorithm': obj.cryptographic_algorithm, 'cryptographic_length': obj.cryptographic_length, 'key_format_type': obj.key_format_type, - 'key_value': obj.value + 'key_value': obj.value, + 'key_wrapping_data': obj.key_wrapping_data } elif object_type == enums.ObjectType.SECRET_DATA: value = { diff --git a/kmip/tests/integration/services/test_proxykmipclient.py b/kmip/tests/integration/services/test_proxykmipclient.py index 3a0812a..04c1a73 100644 --- a/kmip/tests/integration/services/test_proxykmipclient.py +++ b/kmip/tests/integration/services/test_proxykmipclient.py @@ -128,6 +128,51 @@ class TestProxyKmipClientIntegration(testtools.TestCase): self.assertRaises( exceptions.KmipOperationFailure, self.client.destroy, uid) + def test_register_wrapped_get_destroy(self): + """ + Test that a wrapped key can be registered with the server and that its + metadata is retrieved with the get operation. + """ + key = objects.SymmetricKey( + enums.CryptographicAlgorithm.AES, + 128, + (b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E' + b'\x0F'), + key_wrapping_data={ + 'wrapping_method': enums.WrappingMethod.ENCRYPT, + 'encryption_key_information': { + 'unique_identifier': '42', + 'cryptographic_parameters': { + 'block_cipher_mode': + enums.BlockCipherMode.NIST_KEY_WRAP + } + }, + 'encoding_option': enums.EncodingOption.NO_ENCODING + } + ) + key_id = self.client.register(key) + + result = self.client.get(key_id) + key_wrapping_data = result.key_wrapping_data + self.assertIsInstance(key_wrapping_data, dict) + self.assertEqual( + enums.WrappingMethod.ENCRYPT, + key_wrapping_data.get('wrapping_method') + ) + eki = key_wrapping_data.get('encryption_key_information') + self.assertIsInstance(eki, dict) + self.assertEqual('42', eki.get('unique_identifier')) + cp = eki.get('cryptographic_parameters') + self.assertIsInstance(cp, dict) + self.assertEqual( + enums.BlockCipherMode.NIST_KEY_WRAP, + cp.get('block_cipher_mode') + ) + self.assertEqual( + enums.EncodingOption.NO_ENCODING, + key_wrapping_data.get('encoding_option') + ) + def test_asymmetric_key_pair_create_get_destroy(self): """ Test that the ProxyKmipClient can create, retrieve, and destroy an