diff --git a/barbican/plugin/crypto/crypto.py b/barbican/plugin/crypto/base.py similarity index 100% rename from barbican/plugin/crypto/crypto.py rename to barbican/plugin/crypto/base.py diff --git a/barbican/plugin/crypto/manager.py b/barbican/plugin/crypto/manager.py index f3e2a74c0..91a1fc112 100644 --- a/barbican/plugin/crypto/manager.py +++ b/barbican/plugin/crypto/manager.py @@ -18,7 +18,7 @@ import threading from barbican.common import config from barbican.common import utils from barbican import i18n as u -from barbican.plugin.crypto import crypto +from barbican.plugin.crypto import base from barbican.plugin.interface import secret_store from barbican.plugin.util import multiple_backends from barbican.plugin.util import utils as plugin_utils @@ -87,7 +87,7 @@ class _CryptoPluginManager(named.NamedExtensionManager): self, project_id=project_id, existing_plugin_name=None) if not active_plugins: - raise crypto.CryptoPluginNotFound() + raise base.CryptoPluginNotFound() for generating_plugin in active_plugins: if generating_plugin.supports( @@ -108,7 +108,7 @@ class _CryptoPluginManager(named.NamedExtensionManager): active_plugins = plugin_utils.get_active_plugins(self) if not active_plugins: - raise crypto.CryptoPluginNotFound() + raise base.CryptoPluginNotFound() for decrypting_plugin in active_plugins: plugin_name = utils.generate_fullname_for(decrypting_plugin) diff --git a/barbican/plugin/crypto/p11_crypto.py b/barbican/plugin/crypto/p11_crypto.py index b3dec953b..fc836163e 100644 --- a/barbican/plugin/crypto/p11_crypto.py +++ b/barbican/plugin/crypto/p11_crypto.py @@ -23,7 +23,7 @@ from barbican.common import config from barbican.common import exception from barbican.common import utils from barbican import i18n as u -from barbican.plugin.crypto import crypto as plugin +from barbican.plugin.crypto import base as plugin from barbican.plugin.crypto import pkcs11 CONF = config.new_config() diff --git a/barbican/plugin/crypto/simple_crypto.py b/barbican/plugin/crypto/simple_crypto.py index 3e0023690..262cc62fe 100644 --- a/barbican/plugin/crypto/simple_crypto.py +++ b/barbican/plugin/crypto/simple_crypto.py @@ -22,7 +22,7 @@ import six from barbican.common import config from barbican.common import utils from barbican import i18n as u -from barbican.plugin.crypto import crypto as c +from barbican.plugin.crypto import base as c CONF = config.new_config() diff --git a/barbican/plugin/store_crypto.py b/barbican/plugin/store_crypto.py index 5efcc2a33..41a7e6a36 100644 --- a/barbican/plugin/store_crypto.py +++ b/barbican/plugin/store_crypto.py @@ -17,7 +17,7 @@ from barbican.common import config from barbican.common import utils from barbican.model import models from barbican.model import repositories -from barbican.plugin.crypto import crypto +from barbican.plugin.crypto import base from barbican.plugin.crypto import manager from barbican.plugin.interface import secret_store as sstore @@ -74,7 +74,7 @@ class StoreCryptoAdapterPlugin(object): # Find HSM-style 'crypto' plugin. encrypting_plugin = manager.get_manager().get_plugin_store_generate( - crypto.PluginSupportTypes.ENCRYPT_DECRYPT, + base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=context.project_model.id ) @@ -85,7 +85,7 @@ class StoreCryptoAdapterPlugin(object): # Secrets are base64 encoded before being passed to the secret stores. secret_bytes = base64.b64decode(secret_dto.secret) - encrypt_dto = crypto.EncryptDTO(secret_bytes) + encrypt_dto = base.EncryptDTO(secret_bytes) # Enhance the context with content_type, This is needed to build # datum_model to store @@ -123,11 +123,11 @@ class StoreCryptoAdapterPlugin(object): datum_model.kek_meta_project.plugin_name) # wrap the KEKDatum instance in our DTO - kek_meta_dto = crypto.KEKMetaDTO(datum_model.kek_meta_project) + kek_meta_dto = base.KEKMetaDTO(datum_model.kek_meta_project) # Convert from text-based storage format to binary. encrypted = base64.b64decode(datum_model.cypher_text) - decrypt_dto = crypto.DecryptDTO(encrypted) + decrypt_dto = base.DecryptDTO(encrypted) # Decrypt the secret. secret = decrypting_plugin.decrypt(decrypt_dto, @@ -158,7 +158,7 @@ class StoreCryptoAdapterPlugin(object): # Find HSM-style 'crypto' plugin. plugin_type = _determine_generation_type(key_spec.alg) - if crypto.PluginSupportTypes.SYMMETRIC_KEY_GENERATION != plugin_type: + if base.PluginSupportTypes.SYMMETRIC_KEY_GENERATION != plugin_type: raise sstore.SecretAlgorithmNotSupportedException(key_spec.alg) generating_plugin = manager.get_manager().get_plugin_store_generate( plugin_type, @@ -172,9 +172,9 @@ class StoreCryptoAdapterPlugin(object): generating_plugin, context.project_model) # Create an encrypted datum instance and add the created cypher text. - generate_dto = crypto.GenerateDTO(key_spec.alg, - key_spec.bit_length, - key_spec.mode, None) + generate_dto = base.GenerateDTO(key_spec.alg, + key_spec.bit_length, + key_spec.mode, None) # Create the encrypted meta. response_dto = generating_plugin.generate_symmetric( generate_dto, kek_meta_dto, context.project_model.external_id) @@ -195,7 +195,7 @@ class StoreCryptoAdapterPlugin(object): """ plugin_type = _determine_generation_type(key_spec.alg) - if crypto.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION != plugin_type: + if base.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION != plugin_type: raise sstore.SecretAlgorithmNotSupportedException(key_spec.alg) generating_plugin = manager.get_manager().get_plugin_store_generate( @@ -206,9 +206,9 @@ class StoreCryptoAdapterPlugin(object): kek_datum_model, kek_meta_dto = _find_or_create_kek_objects( generating_plugin, context.project_model) - generate_dto = crypto.GenerateDTO(key_spec.alg, - key_spec.bit_length, - None, key_spec.passphrase) + generate_dto = base.GenerateDTO(key_spec.alg, + key_spec.bit_length, + None, key_spec.passphrase) # Create the encrypted meta. private_key_dto, public_key_dto, passwd_dto = ( @@ -264,12 +264,12 @@ def _determine_generation_type(algorithm): if not algorithm: raise sstore.SecretAlgorithmNotSupportedException(algorithm) - symmetric_algs = crypto.PluginSupportTypes.SYMMETRIC_ALGORITHMS - asymmetric_algs = crypto.PluginSupportTypes.ASYMMETRIC_ALGORITHMS + symmetric_algs = base.PluginSupportTypes.SYMMETRIC_ALGORITHMS + asymmetric_algs = base.PluginSupportTypes.ASYMMETRIC_ALGORITHMS if algorithm.lower() in symmetric_algs: - return crypto.PluginSupportTypes.SYMMETRIC_KEY_GENERATION + return base.PluginSupportTypes.SYMMETRIC_KEY_GENERATION elif algorithm.lower() in asymmetric_algs: - return crypto.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION + return base.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION else: raise sstore.SecretAlgorithmNotSupportedException(algorithm) @@ -285,14 +285,14 @@ def _find_or_create_kek_objects(plugin_inst, project_model): # Bind to the plugin's key management. # TODO(jwood): Does this need to be in a critical section? Should the # bind operation just be declared idempotent in the plugin contract? - kek_meta_dto = crypto.KEKMetaDTO(kek_datum_model) + kek_meta_dto = base.KEKMetaDTO(kek_datum_model) if not kek_datum_model.bind_completed: kek_meta_dto = plugin_inst.bind_kek_metadata(kek_meta_dto) # By contract, enforce that plugins return a # (typically modified) DTO. if kek_meta_dto is None: - raise crypto.CryptoKEKBindingException(full_plugin_name) + raise base.CryptoKEKBindingException(full_plugin_name) _indicate_bind_completed(kek_meta_dto, kek_datum_model) kek_repo.save(kek_datum_model) diff --git a/barbican/tests/plugin/crypto/test_crypto.py b/barbican/tests/plugin/crypto/test_crypto.py index af0d1f6ba..35e30cd7e 100644 --- a/barbican/tests/plugin/crypto/test_crypto.py +++ b/barbican/tests/plugin/crypto/test_crypto.py @@ -23,7 +23,7 @@ import mock import six from barbican.model import models -from barbican.plugin.crypto import crypto as plugin +from barbican.plugin.crypto import base as plugin from barbican.plugin.crypto import simple_crypto as simple from barbican.tests import utils diff --git a/barbican/tests/plugin/crypto/test_manager.py b/barbican/tests/plugin/crypto/test_manager.py index f9ccf0d08..f8e60271c 100644 --- a/barbican/tests/plugin/crypto/test_manager.py +++ b/barbican/tests/plugin/crypto/test_manager.py @@ -15,7 +15,7 @@ import mock import threading from barbican.common import utils as common_utils -from barbican.plugin.crypto import crypto +from barbican.plugin.crypto import base from barbican.plugin.crypto import manager as cm from barbican.plugin.interface import secret_store from barbican.tests import utils @@ -37,7 +37,7 @@ class WhenTestingManager(utils.BaseTestCase): super(WhenTestingManager, self).setUp() self.plugin_returned = mock.MagicMock() - self.plugin_type = crypto.PluginSupportTypes.ENCRYPT_DECRYPT + self.plugin_type = base.PluginSupportTypes.ENCRYPT_DECRYPT self.plugin_returned.supports.return_value = True self.plugin_name = common_utils.generate_fullname_for( self.plugin_returned) @@ -80,7 +80,7 @@ class WhenTestingManager(utils.BaseTestCase): def test_raises_error_with_no_active_store_generate_plugin(self): self.manager.extensions = [] self.assertRaises( - crypto.CryptoPluginNotFound, + base.CryptoPluginNotFound, self.manager.get_plugin_store_generate, self.plugin_type) @@ -98,7 +98,7 @@ class WhenTestingManager(utils.BaseTestCase): def test_raises_error_with_no_active_plugin_name(self): self.manager.extensions = [] self.assertRaises( - crypto.CryptoPluginNotFound, + base.CryptoPluginNotFound, self.manager.get_plugin_retrieve, self.plugin_name) diff --git a/barbican/tests/plugin/crypto/test_p11_crypto.py b/barbican/tests/plugin/crypto/test_p11_crypto.py index c2d51a1f5..c3c1e9cbd 100644 --- a/barbican/tests/plugin/crypto/test_p11_crypto.py +++ b/barbican/tests/plugin/crypto/test_p11_crypto.py @@ -18,7 +18,7 @@ import six from barbican.common import exception as ex from barbican.model import models -from barbican.plugin.crypto import crypto as plugin_import +from barbican.plugin.crypto import base as plugin_import from barbican.plugin.crypto import p11_crypto from barbican.plugin.crypto import pkcs11 from barbican.tests import utils diff --git a/barbican/tests/plugin/interface/test_secret_store.py b/barbican/tests/plugin/interface/test_secret_store.py index 5637f7021..225cceb33 100644 --- a/barbican/tests/plugin/interface/test_secret_store.py +++ b/barbican/tests/plugin/interface/test_secret_store.py @@ -16,7 +16,7 @@ import mock from barbican.common import utils as common_utils -from barbican.plugin.crypto import crypto +from barbican.plugin.crypto import base from barbican.plugin.crypto import manager as cm from barbican.plugin.crypto import p11_crypto from barbican.plugin.interface import secret_store as str @@ -285,7 +285,7 @@ class TestSecretStorePluginManagerMultipleBackend( # check pkcs11 crypto is matched as its defined first. crypto_plugin = cm.get_manager().get_plugin_store_generate( - crypto.PluginSupportTypes.ENCRYPT_DECRYPT) + base.PluginSupportTypes.ENCRYPT_DECRYPT) self.assertIsInstance(crypto_plugin, p11_crypto.P11CryptoPlugin) def test_plugin_created_kmip_default_mulitple_backend_conf(self): diff --git a/barbican/tests/plugin/test_store_crypto.py b/barbican/tests/plugin/test_store_crypto.py index 4345aa7d3..35e55bf03 100644 --- a/barbican/tests/plugin/test_store_crypto.py +++ b/barbican/tests/plugin/test_store_crypto.py @@ -19,7 +19,7 @@ import testtools from barbican.common import utils from barbican.model import models -from barbican.plugin.crypto import crypto +from barbican.plugin.crypto import base from barbican.plugin.interface import secret_store from barbican.plugin import store_crypto from barbican.tests import keys @@ -81,11 +81,11 @@ class TestSecretStoreBase(testtools.TestCase, secret_store.KeySpec(), self.content_type ) - self.response_dto = crypto.ResponseDTO( + self.response_dto = base.ResponseDTO( self.cypher_text, kek_meta_extended=self.kek_meta_extended) - self.private_key_dto = crypto.ResponseDTO(self.cypher_text) - self.public_key_dto = crypto.ResponseDTO(self.cypher_text) - self.passphrase_dto = crypto.ResponseDTO(self.cypher_text) + self.private_key_dto = base.ResponseDTO(self.cypher_text) + self.public_key_dto = base.ResponseDTO(self.cypher_text) + self.passphrase_dto = base.ResponseDTO(self.cypher_text) self.kek_meta_project_model = models.KEKDatum() self.kek_meta_project_model.plugin_name = 'plugin-name' @@ -184,7 +184,7 @@ class WhenTestingStoreCrypto(TestSecretStoreBase): self.assertEqual(1, encrypt_mock.call_count) args, kwargs = encrypt_mock.call_args test_encrypt_dto, test_kek_meta_dto, test_project_id = tuple(args) - self.assertIsInstance(test_encrypt_dto, crypto.EncryptDTO) + self.assertIsInstance(test_encrypt_dto, base.EncryptDTO) self.assertEqual(b'secret', test_encrypt_dto.unencrypted) self.assertEqual(self.kek_meta_dto, test_kek_meta_dto) self.assertEqual(self.project_id, test_project_id) @@ -214,7 +214,7 @@ class WhenTestingStoreCrypto(TestSecretStoreBase): self.assertEqual(1, encrypt_mock.call_count) args, kwargs = encrypt_mock.call_args test_encrypt_dto, test_kek_meta_dto, test_project_id = tuple(args) - self.assertIsInstance(test_encrypt_dto, crypto.EncryptDTO) + self.assertIsInstance(test_encrypt_dto, base.EncryptDTO) self.assertEqual(raw_content, test_encrypt_dto.unencrypted) self.assertEqual(self.kek_meta_dto, test_kek_meta_dto) self.assertEqual(self.project_id, test_project_id) @@ -254,12 +254,12 @@ class WhenTestingStoreCrypto(TestSecretStoreBase): test_project_id ) = tuple(args) - self.assertIsInstance(test_decrypt, crypto.DecryptDTO) + self.assertIsInstance(test_decrypt, base.DecryptDTO) self.assertEqual( base64.b64decode(self.encrypted_datum_model.cypher_text), test_decrypt.encrypted) - self.assertIsInstance(test_kek_meta, crypto.KEKMetaDTO) + self.assertIsInstance(test_kek_meta, base.KEKMetaDTO) self.assertEqual( self.kek_meta_project_model.plugin_name, test_kek_meta.plugin_name) @@ -303,7 +303,7 @@ class WhenTestingStoreCrypto(TestSecretStoreBase): def test_generate_symmetric_key(self): """test symmetric secret generation.""" - generation_type = crypto.PluginSupportTypes.SYMMETRIC_KEY_GENERATION + generation_type = base.PluginSupportTypes.SYMMETRIC_KEY_GENERATION self._config_determine_generation_type_private_method( generation_type) @@ -390,7 +390,7 @@ class WhenTestingStoreCrypto(TestSecretStoreBase): ) def test_should_raise_algorithm_not_supported_generate_symmetric_key(self): - generation_type = crypto.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION + generation_type = base.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION self._config_determine_generation_type_private_method( generation_type) @@ -402,7 +402,7 @@ class WhenTestingStoreCrypto(TestSecretStoreBase): ) def test_should_raise_algo_not_supported_generate_asymmetric_key(self): - generation_type = crypto.PluginSupportTypes.SYMMETRIC_KEY_GENERATION + generation_type = base.PluginSupportTypes.SYMMETRIC_KEY_GENERATION self._config_determine_generation_type_private_method( generation_type) @@ -417,7 +417,7 @@ class WhenTestingStoreCrypto(TestSecretStoreBase): """test asymmetric secret generation with passphrase parameter.""" self.spec_rsa.passphrase = passphrase - generation_type = crypto.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION + generation_type = base.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION self._config_determine_generation_type_private_method( generation_type) @@ -455,7 +455,7 @@ class WhenTestingStoreCrypto(TestSecretStoreBase): self.assertEqual(1, generate_mock.call_count) args, kwargs = generate_mock.call_args test_generate_dto, test_kek_meta_dto, test_project_id = tuple(args) - self.assertIsInstance(test_generate_dto, crypto.GenerateDTO) + self.assertIsInstance(test_generate_dto, base.GenerateDTO) self.assertEqual(alg, test_generate_dto.algorithm) self.assertEqual(bit_length, test_generate_dto.bit_length) self.assertEqual(self.kek_meta_dto, test_kek_meta_dto) @@ -528,25 +528,25 @@ class WhenTestingStoreCryptoDetermineGenerationType(testtools.TestCase): """Tests store_crypto.py's _determine_generation_type() function.""" def test_symmetric_algorithms(self): - for algorithm in crypto.PluginSupportTypes.SYMMETRIC_ALGORITHMS: + for algorithm in base.PluginSupportTypes.SYMMETRIC_ALGORITHMS: self.assertEqual( - crypto.PluginSupportTypes.SYMMETRIC_KEY_GENERATION, + base.PluginSupportTypes.SYMMETRIC_KEY_GENERATION, store_crypto._determine_generation_type(algorithm)) # Case doesn't matter. self.assertEqual( - crypto.PluginSupportTypes.SYMMETRIC_KEY_GENERATION, + base.PluginSupportTypes.SYMMETRIC_KEY_GENERATION, store_crypto._determine_generation_type('AeS')) def test_asymmetric_algorithms(self): - for algorithm in crypto.PluginSupportTypes.ASYMMETRIC_ALGORITHMS: + for algorithm in base.PluginSupportTypes.ASYMMETRIC_ALGORITHMS: self.assertEqual( - crypto.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION, + base.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION, store_crypto._determine_generation_type(algorithm)) # Case doesn't matter. self.assertEqual( - crypto.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION, + base.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION, store_crypto._determine_generation_type('RsA')) def test_should_raise_not_supported_no_algorithm(self): @@ -581,7 +581,7 @@ class WhenTestingStoreCryptoFindOrCreateKekObjects(TestSecretStoreBase): # Verify returns. self.assertEqual(self.kek_meta_project_model, kek_model) - self.assertIsInstance(kek_meta_dto, crypto.KEKMetaDTO) + self.assertIsInstance(kek_meta_dto, base.KEKMetaDTO) # Verify the KEK repository interactions. self._verify_kek_repository_interactions(plugin_inst) @@ -619,7 +619,7 @@ class WhenTestingStoreCryptoFindOrCreateKekObjects(TestSecretStoreBase): plugin_inst.bind_kek_metadata.return_value = None self.assertRaises( - crypto.CryptoKEKBindingException, + base.CryptoKEKBindingException, store_crypto._find_or_create_kek_objects, plugin_inst, self.project_model) @@ -714,7 +714,7 @@ class WhenTestingStoreCryptoIndicateBindCompleted(TestSecretStoreBase): """Tests store_crypto.py's _indicate_bind_completed() function.""" def test_bind_operation(self): - kek_meta_dto = crypto.KEKMetaDTO(self.kek_meta_project_model) + kek_meta_dto = base.KEKMetaDTO(self.kek_meta_project_model) self.kek_meta_project_model.bind_completed = False store_crypto._indicate_bind_completed( diff --git a/barbican/tests/plugin/util/test_multiple_backends.py b/barbican/tests/plugin/util/test_multiple_backends.py index 461eae11f..73a4a90c9 100644 --- a/barbican/tests/plugin/util/test_multiple_backends.py +++ b/barbican/tests/plugin/util/test_multiple_backends.py @@ -21,7 +21,7 @@ from barbican.common import config from barbican.common import exception from barbican.model import models from barbican.model import repositories -from barbican.plugin.crypto import crypto +from barbican.plugin.crypto import base from barbican.plugin.crypto import manager as cm from barbican.plugin.crypto import p11_crypto from barbican.plugin.crypto import simple_crypto @@ -485,7 +485,7 @@ class TestPluginsGenerateStoreAPIMultipleBackend( if dataset['default_crypto_class']: crypto_plugin = cm.get_manager().get_plugin_store_generate( - crypto.PluginSupportTypes.ENCRYPT_DECRYPT) + base.PluginSupportTypes.ENCRYPT_DECRYPT) self.assertIsInstance(crypto_plugin, dataset['default_crypto_class']) @@ -499,9 +499,9 @@ class TestPluginsGenerateStoreAPIMultipleBackend( self.assertEqual(global_secret_store.name, plugin_found.get_plugin_name()) # error raised for no crypto plugin - self.assertRaises(crypto.CryptoPluginNotFound, + self.assertRaises(base.CryptoPluginNotFound, cm.get_manager().get_plugin_store_generate, - crypto.PluginSupportTypes.ENCRYPT_DECRYPT) + base.PluginSupportTypes.ENCRYPT_DECRYPT) @test_utils.parameterized_dataset(backend_dataset) def test_project_preferred_default_plugin(self, dataset): @@ -543,7 +543,7 @@ class TestPluginsGenerateStoreAPIMultipleBackend( self.assertIsInstance(plugin_found, store_crypto.StoreCryptoAdapterPlugin) crypto_plugin = cm.get_manager().get_plugin_store_generate( - crypto.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project1.id) + base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project1.id) self.assertIsInstance(crypto_plugin, p11_crypto.P11CryptoPlugin) # For project2, verify store plugin instance is kmip specific @@ -553,8 +553,8 @@ class TestPluginsGenerateStoreAPIMultipleBackend( self.assertIsInstance(plugin_found, kss.KMIPSecretStore) self.assertRaises( - crypto.CryptoPluginNotFound, cm_manager.get_plugin_store_generate, - crypto.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project2.id) + base.CryptoPluginNotFound, cm_manager.get_plugin_store_generate, + base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project2.id) # For project3, verify store and crypto plugin instance used are db # backend specific @@ -563,7 +563,7 @@ class TestPluginsGenerateStoreAPIMultipleBackend( self.assertIsInstance(plugin_found, store_crypto.StoreCryptoAdapterPlugin) crypto_plugin = cm.get_manager().get_plugin_store_generate( - crypto.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project3.id) + base.PluginSupportTypes.ENCRYPT_DECRYPT, project_id=project3.id) self.assertIsInstance(crypto_plugin, simple_crypto.SimpleCryptoPlugin) # Make sure for project with no preferred setting, uses global default