Update truenas_kmip_unlock.py

Reviewed-on: #1

pykmip/client.conf.sample

@@ -1,11 +0,0 @@
-# THIS IS A SAMPLE FILE, PLEASE COPY IT AND EDIT THE COPY
-[client]
-host=127.0.0.1
-port=5696
-certfile=kmip.crt
-keyfile=kmip.key
-ca_certs=kmip.crt
-cert_reqs=CERT_REQUIRED
-ssl_version=PROTOCOL_TLS
-do_handshake_on_connect=True
-suppress_ragged_eofs=True

truenas_kmip_unlock.py

@@ -9,17 +9,15 @@ import base64
 import optparse
 import configparser
 import requests
-import platform
-import subprocess
 import simplejson as json
 import urllib3
 urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
-
 from getpass import getpass
+from pathlib import Path
 from kmip.core import enums
 from kmip.demos import utils
 from kmip.pie import client
-
+from lib import pykmip_client
 
 def request(resource, api_key, method='GET', data=None):
     if data is None:
@@ -46,101 +44,6 @@ def request(resource, api_key, method='GET', data=None):
             return {'ok': r.ok, 'status_code': r.status_code, 'response': r.text}
     raise ValueError(r)
 
-
-def create_key(client):
-    # Create an encryption key.
-    try:
-        key_id = client.create(
-            enums.CryptographicAlgorithm.AES,
-            256,
-            cryptographic_usage_mask=[
-                enums.CryptographicUsageMask.ENCRYPT,
-                enums.CryptographicUsageMask.DECRYPT
-            ]
-        )
-        logger.debug("Successfully created a new encryption key.")
-        logger.debug("Secret ID: {}".format(key_id))
-    except Exception as e:
-        logger.error(e)
-        sys.exit(-1)
-
-    # Activate the encryption key so that it can be used.
-    try:
-        client.activate(key_id)
-        logger.debug("Successfully activated the encryption key.")
-        return key_id
-    except Exception as e:
-        logger.error(e)
-        sys.exit(-1)
-
-def encrypt(client, data):
-    try:
-        data = data.encode('UTF-8')
-        key_id = create_key(client)
-        iv = secrets.token_bytes(16)
-        cipher_text, autogenerated_iv = client.encrypt(
-            data,
-            uid=key_id,
-            cryptographic_parameters={
-                'cryptographic_algorithm':
-                    enums.CryptographicAlgorithm.AES,
-                'block_cipher_mode': enums.BlockCipherMode.CBC,
-                'padding_method': enums.PaddingMethod.ANSI_X923
-            },
-            iv_counter_nonce=(
-                iv
-            )
-        )
-        logger.debug("Successfully encrypted the data: {}".format(data))
-        cipher_text_base64_bytes = base64.b64encode(cipher_text)
-        cipher_text_base64 = cipher_text_base64_bytes.decode('ascii')
-        logger.debug("Cipher text (raw): {}".format(cipher_text))
-        logger.debug("Cipher txt (encoded): {}".format(cipher_text_base64))
-        logger.debug("IV (raw): {}".format(iv))
-        iv_base64_bytes = base64.b64encode(iv)
-        iv_base64 = iv_base64_bytes.decode('ascii')
-        logger.debug("IV (encoded): {}".format(iv_base64))
-        padded_key_id = str(key_id).zfill(9) 
-        logger.debug("Padding Key ID {} with zeros: {}".format(key_id,padded_key_id))
-        cipher_data = base64.b64encode(padded_key_id.encode('UTF-8') + iv + cipher_text).decode()
-        logger.debug("padded_key_id + iv + cipher_text (encoded): {}".format(cipher_data))
-        return cipher_data
-    except Exception as e:
-        logger.error(e)
-
-def decrypt(client, data):
-    try:
-        cipher_data = base64.b64decode(data)
-        padded_key_id = cipher_data[:9].decode('UTF-8')
-        iv = cipher_data[9:25]
-        cipher_text = cipher_data[25:]
-        logger.debug("Removing padding from Key ID: {}".format(padded_key_id))
-        key_id = padded_key_id.lstrip('0')
-        logger.debug("Decrypting with Key ID: {}".format(key_id))
-        logger.debug("Decrypting with IV (raw): {}".format(iv))
-        logger.debug("Decrypting cipher text (raw): {}".format(cipher_text))
-        plain_text = client.decrypt(
-            cipher_text,
-            uid=key_id,
-            cryptographic_parameters={
-                'cryptographic_algorithm':
-                    enums.CryptographicAlgorithm.AES,
-                'block_cipher_mode': enums.BlockCipherMode.CBC,
-                'padding_method': enums.PaddingMethod.ANSI_X923
-            },
-            iv_counter_nonce=(
-                iv
-            )
-        )
-        logger.debug("Successfully decrypted the data.")
-        plain_text = plain_text.decode('utf-8')
-        logger.debug("Plain text: '{}'".format(plain_text))
-        return plain_text
-    except Exception as e:
-        logger.error(e)
-
-
-
 if __name__ == '__main__':
     # get directory of script
     cwd = os.path.dirname(os.path.realpath(__file__))
@@ -176,7 +79,7 @@ if __name__ == '__main__':
     config = opts.config
     passphrase = opts.message
 
-    client = client.ProxyKmipClient(config=config, config_file=cwd + '/pykmip/client.conf')
+    client = client.ProxyKmipClient(config_file=cwd + '/pykmip/client.conf')
     client.open()
     if opts.encrypt:
         if not passphrase: