openstack/barbican
Code Issues Proposed changes

Refactor and Fix Translation Code for PER and DER Formats

Browse Source 
For private keys, both in PEM and DER format, we will use
PKCS#8.  This patch corrects our DER format so it is now PKCS#8.
Also, move the secret type logic into translation methods and
complete the unit tests.

Closes-Bug: #1445575
Change-Id: Ifacbc496e1120b5593345ca0d90a5fa2fadb3465
This commit is contained in:
Dave McCowan
2015-04-16 23:24:21 -04:00
parent 66fc6d7a1c
commit eb0e1ecf72
6 changed files with 261 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
barbican/plugin/kmip_secret_store.py
View File

@@ -610,21 +610,17 @@ class KMIPSecretStore(ss.SecretStoreBase):
def _normalize_secret(self, secret, secret_type):
"""Normalizes secret for use by KMIP plugin"""
data = base64.b64decode(secret)
if secret_type == ss.SecretType.PUBLIC:
return translations.convert_public_pem_to_der(data)
if secret_type == ss.SecretType.PRIVATE:
return translations.convert_private_pem_to_der(data)
if secret_type == ss.SecretType.CERTIFICATE:
return translations.convert_certificate_pem_to_der(data)
if secret_type in [ss.SecretType.PUBLIC,
ss.SecretType.PRIVATE,
ss.SecretType.CERTIFICATE]:
data = translations.convert_pem_to_der(data, secret_type)
return data
def _denormalize_secret(self, secret, secret_type):
"""Converts secret back to the format expected by Barbican core"""
data = secret
if secret_type == ss.SecretType.PUBLIC:
data = translations.convert_public_der_to_pem(secret)
if secret_type == ss.SecretType.PRIVATE:
data = translations.convert_private_der_to_pkcs8(secret)
if secret_type == ss.SecretType.CERTIFICATE:
data = translations.convert_certificate_der_to_pem(secret)
if secret_type in [ss.SecretType.PUBLIC,
ss.SecretType.PRIVATE,
ss.SecretType.CERTIFICATE]:
data = translations.convert_der_to_pem(data, secret_type)
return base64.b64encode(data)

51
barbican/plugin/util/translations.py
View File

@@ -16,6 +16,7 @@ import base64
from Crypto.PublicKey import RSA
from OpenSSL import crypto
from barbican import i18n as u # noqa
from barbican.plugin.interface import secret_store as s
from barbican.plugin.util import mime_types
@@ -109,37 +110,61 @@ def denormalize_after_decryption(unencrypted, content_type):
return unencrypted
def convert_private_pem_to_der(pem):
pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, pem)
pem = crypto.dump_privatekey(crypto.FILETYPE_ASN1, pkey)
def convert_pem_to_der(pem, secret_type):
if secret_type == s.SecretType.PRIVATE:
return _convert_private_pem_to_der(pem)
elif secret_type == s.SecretType.PUBLIC:
return _convert_public_pem_to_der(pem)
elif secret_type == s.SecretType.CERTIFICATE:
return _convert_certificate_pem_to_der(pem)
else:
reason = u._("Secret type can not be converted to DER")
raise s.SecretGeneralException(reason=reason)
def convert_der_to_pem(der, secret_type):
if secret_type == s.SecretType.PRIVATE:
return _convert_private_der_to_pem(der)
elif secret_type == s.SecretType.PUBLIC:
return _convert_public_der_to_pem(der)
elif secret_type == s.SecretType.CERTIFICATE:
return _convert_certificate_der_to_pem(der)
else:
reason = u._("Secret type can not be converted to PEM")
raise s.SecretGeneralException(reason=reason)
def _convert_private_pem_to_der(pem):
private_key = RSA.importKey(pem)
der = private_key.exportKey('DER', pkcs=8)
return der
def _convert_private_der_to_pem(der):
private_key = RSA.importKey(der)
pem = private_key.exportKey('PEM', pkcs=8)
return pem
def convert_private_der_to_pkcs8(der):
private_key = RSA.importKey(der)
pkcs8 = private_key.exportKey('PEM', pkcs=8)
return pkcs8
def convert_public_pem_to_der(pem):
def _convert_public_pem_to_der(pem):
pubkey = RSA.importKey(pem)
der = pubkey.exportKey('DER')
return der
def convert_public_der_to_pem(der):
def _convert_public_der_to_pem(der):
pubkey = RSA.importKey(der)
pem = pubkey.exportKey('PEM')
return pem
def convert_certificate_pem_to_der(pem):
def _convert_certificate_pem_to_der(pem):
cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem)
der = crypto.dump_certificate(crypto.FILETYPE_ASN1, cert)
return der
def convert_certificate_der_to_pem(der):
def _convert_certificate_der_to_pem(der):
cert = crypto.load_certificate(crypto.FILETYPE_ASN1, der)
pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
return pem

242
barbican/tests/keys.py
View File

@@ -14,7 +14,7 @@
# limitations under the License.
def get_private_key_pkcs8():
def get_private_key_pem():
"""Returns a private key in PCKS#8 format
This key was created by issuing the following openssl commands:
@@ -62,92 +62,95 @@ def get_private_key_der():
This key was created by issuing the following openssl commands:
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -outform DER -out private.der
openssl pkcs8 -in private.pem -topk8 -nocrypt \
-outform DER -out private_pk8.der
The byte string returned by this function is the contents
of the private.der file.
of the private_pk8.der file.
"""
key_der = (
'\x30\x82\x04\xa5\x02\x01\x00\x02\x82\x01\x01\x00\xb3\x6b\x65'
'\x68\x0d\x79\x81\x50\xc9\xb0\x8c\x5b\xbd\x17\xa3\x0c\xe6\xaf'
'\xc0\x67\x55\xa3\x9d\x60\x36\x60\xd7\x4d\xcb\x6d\xfb\x4e\xb1'
'\x8d\xfe\x7a\x1b\x0c\x3b\xfc\x14\x10\x69\x50\xf9\x87\x35\x9d'
'\x38\x1f\x52\xf2\xc4\x57\x0f\xf1\x17\x85\xad\xc2\x17\xa6\x27'
'\xec\x45\xeb\xb6\x94\x05\x9a\xa9\x13\xf1\xa2\xfb\xb9\x0a\xe0'
'\x21\x7d\xe7\x0a\xbf\xe4\x61\x8c\xb5\x4b\x27\x42\x3e\x31\x92'
'\x1b\xef\x64\x4e\x2a\x97\xd9\x4e\x66\xfb\x76\x19\x45\x80\x60'
'\xf7\xbe\x40\xb9\xd4\x10\x9f\x84\x65\x56\xdf\x9c\x39\xd8\xe6'
'\x3f\xdb\x7c\x79\x31\xe3\xb8\xca\xfc\x79\x9b\x23\xdc\x72\x7c'
'\x4c\x55\x0e\x36\x2a\xe0\xeb\xcc\xaa\xa3\x06\x54\xa3\x98\x19'
'\xdc\xa4\x66\x31\xd0\x98\x02\x4f\xeb\x32\x16\x61\xec\x97\xca'
'\xce\x92\xa0\x8f\x3c\x52\xe8\xdb\x86\x10\x9f\xee\x3f\xa6\xbd'
'\x40\x63\x06\x99\x01\xb3\x13\x97\xdc\xe8\x2e\xd1\x10\x8f\xab'
'\x31\x49\xcb\x87\x71\x2f\x5e\xf2\x78\xa9\xb4\x3c\x65\xb1\xb2'
'\xd0\x82\xa1\x95\x68\x67\x44\xd7\x5e\xec\xb4\x2f\x79\x40\x7e'
'\xd4\xbc\x84\xdb\xb9\x8c\xdd\x8d\x9c\x01\x15\xcd\x52\x83\x3f'
'\x06\x67\xfd\xa1\x2d\x2b\x07\xba\x32\x62\x21\x07\x2f\x02\x03'
'\x01\x00\x01\x02\x82\x01\x00\x30\xe9\x54\x29\xbb\x92\xa6\x28'
'\x29\xf3\x91\x2f\xe9\x2a\xaa\x6e\x77\xec\xed\x9c\xbe\x01\xee'
'\x83\x2e\x0f\xd4\x62\x06\xd5\x22\xaf\x5f\x44\x00\x5d\xb5\x45'
'\xee\x8c\x57\xc3\xe9\x92\x03\x94\x52\x8f\x5b\x9f\x5e\x73\x84'
'\x06\xdf\xf7\xaf\x9b\xe7\xb4\x83\xd1\xee\x0c\x41\x3b\x72\xf8'
'\x83\x56\x98\x45\x31\x98\x66\xdb\x19\x15\xe4\xcb\x77\xd2\xbc'
'\x61\x3c\x1e\xa9\xc5\xa5\x1c\x2f\xec\x3f\x92\x91\xfe\x5c\x38'
'\xcc\x50\x97\x49\x07\xc0\x38\x3f\x74\x31\xfb\x17\xc8\x79\x60'
'\x50\x6f\xcc\x1d\xfc\x42\xd5\x4a\x07\xd1\x2d\x13\x5e\xa9\x82'
'\xf4\xd0\xa5\xd5\xb3\x4e\x3f\x14\xe0\x44\x86\xa4\xa2\xaa\x2f'
'\xe8\x1d\x82\x78\x83\x13\x6b\x4a\x82\x0d\x5f\xbd\x4f\x1d\x56'
'\xda\x12\x29\x08\xca\x0c\xe2\xe0\x76\x55\xc8\xcb\xad\xdc\xb1'
'\x3a\x71\xe1\xf3\x7d\x28\xfb\xd5\xfb\x67\xf9\x48\xb4\x4f\x39'
'\x0b\x39\xbf\x8d\xa0\x13\xf7\xd6\x16\x87\x0b\xfb\x1f\x0a\xba'
'\x4a\x83\xb4\x2d\x50\xff\x6a\xf5\xd4\x6a\xe9\xd6\x5c\x23\x5e'
'\xea\xe5\xde\xe8\x11\xd1\x13\x78\x34\x4a\x85\x3d\xaf\x9b\xb6'
'\xf1\xd9\xb2\xc6\x78\x5d\x70\xd8\x7f\x41\xfd\x5f\x35\xba\x98'
'\xe2\x01\xa8\x76\x45\x59\xde\x71\x02\x81\x81\x00\xec\x7c\x74'
'\xa3\x47\x58\x1d\xf9\x21\xf0\xff\x60\x3d\x49\xa5\xd2\xd6\x4f'
'\x4b\x79\x72\xed\xf9\x46\xc3\x41\xd6\xe3\x60\xeb\x21\xe4\xba'
'\x13\xf8\x43\x7f\xba\xd3\xbb\xd1\x1c\x83\x62\xa8\xe5\x87\x3a'
'\x89\xcd\xc8\x8a\x4e\xe0\x16\xe5\x25\x4f\x0b\xa8\x10\xb8\x2a'
'\x69\x03\x6f\x4a\x9e\xda\xbb\xc7\x5f\x8b\xc3\xfe\x30\x1b\xde'
'\x3b\xa6\x85\xdb\xeb\x4b\x4b\x76\x0d\xc1\x2b\x99\x81\x15\x33'
'\x91\x93\x90\x13\xa8\x0c\x15\xab\xbb\x7e\xd8\xdb\x52\xe5\x2f'
'\xc9\xba\x7c\xec\xe7\x1a\xd1\xa2\x50\xc5\x9d\x25\xf8\x2a\x7b'
'\xd5\x97\xa2\x63\xdd\x02\x81\x81\x00\xc2\x39\x76\x53\x55\x74'
'\x4f\x10\x58\x67\xaa\x7a\x8b\x12\xb6\x5e\xe8\x42\x64\xc9\x2c'
'\x06\xf3\x08\x2d\x39\xd0\xa6\xaf\xae\xb4\x6e\x87\x18\xd6\x2f'
'\x6f\x57\xe4\x5a\x33\x58\x80\x44\x75\xfa\xbb\xfb\x2e\x32\x19'
'\x33\xfb\x72\x91\x8a\x7c\xf1\x20\x6e\x60\x42\xcc\xa2\x5a\x64'
'\xe9\x15\x5d\xbd\xf1\x6f\x6f\x91\x1b\x66\xb0\x24\x03\x9f\x69'
'\xb2\xf7\x4c\xaf\xe1\xee\xac\x2c\x8d\x27\x83\xb9\x7f\x37\x7a'
'\xfb\x0b\x02\xcb\x34\x85\x7f\x0a\xa7\xb2\x68\xde\x34\xb2\xec'
'\xc4\xf0\x08\xe0\x12\x06\xb9\x8d\x3b\x9a\xe9\xb3\xf9\x9b\xec'
'\x7c\x7b\x02\x81\x81\x00\x9e\xb9\x6d\xc3\xc5\x77\xe4\x2e\x39'
'\xd4\xba\x63\x0a\xdf\xaa\x97\xd7\x55\xc3\x6f\x91\x6f\x1e\x37'
'\x9b\x88\x4e\x45\xb0\xe0\x40\x90\x77\x40\x3e\x0a\x77\xe9\x9a'
'\x81\x5d\xfa\x08\x49\x28\xd9\x5d\xa9\x31\xa2\xd7\xed\xd4\xc0'
'\xdd\x3d\x11\x8c\x7b\x63\x63\x4d\x68\xd1\xb1\x07\x7a\x8b\x22'
'\x7e\x94\x73\x91\xa8\x8b\xac\x18\x98\x51\x6b\x14\x3f\x26\x2f'
'\x14\x47\xf9\x35\x65\x21\x13\x9d\x7a\x4e\x44\x3f\x98\xa1\xda'
'\xf2\x94\xa0\x34\xa4\x32\x98\xf1\xd0\xe0\x51\xf5\xd5\x3f\xcc'
'\x25\x56\x0f\x66\x83\x72\x5f\x9d\x8c\x1e\x31\x37\x42\x55\x02'
'\x81\x81\x00\xb1\xd7\x7d\xe2\x36\x68\x26\x91\x37\xf1\xcc\x67'
'\x22\xfb\x02\x64\x8a\xd5\x68\x85\xd0\x3b\x98\xc3\x8e\xed\xd6'
'\x81\x1a\x72\xa5\x22\x63\xaf\xb9\x47\x7b\xf3\x85\xd3\x96\x1a'
'\x5e\x70\xd1\x7a\xc2\x2f\xf0\x0f\xcd\x86\x0c\xa2\xce\x63\x79'
'\x9e\x2c\xed\x04\x55\x86\x1c\xcf\x1a\x81\x56\xa0\x1c\x71\x7b'
'\x71\x33\xf4\x5c\x25\xc3\x04\x52\x2e\xad\xc1\xc5\xc5\x72\xe2'
'\x61\x62\xf5\xe9\x0d\xb3\x87\xaa\x5c\x80\x8c\x87\x85\x5b\xd5'
'\x35\x0b\xa3\x9c\x38\x6b\xe6\xe3\x42\xeb\xdd\x42\xb3\x31\xae'
'\x58\xae\xda\xba\x31\x6e\x2b\x8b\xbb\x92\x0b\x02\x81\x81\x00'
'\xdf\x76\xa5\x63\x4f\x8b\x97\x98\x6c\x0e\x87\x5c\xf8\x3f\x3b'
'\xfa\x18\x2a\x1c\xfb\xa1\xa8\x6d\x78\x38\x0e\xfb\xc2\x52\x33'
'\xfd\x31\x1f\xb6\xfb\x9b\x17\xd0\x06\x3f\x7f\xe6\x95\x08\x3d'
'\x39\xfc\xd8\xf4\x46\xaa\x40\xc1\x47\x34\xdf\x36\x54\xe5\x9b'
'\x4b\xda\xe3\x5e\xe9\x70\xe3\x12\xe8\x1f\x16\xd9\x73\x79\xae'
'\xbe\xad\xb0\xfa\x2a\x91\x52\xfa\x7c\x4f\x24\x0f\x18\xc9\x66'
'\x11\xa4\xd8\x69\x45\x61\x96\x41\xa9\x07\x79\xda\xf7\x06\xd3'
'\x2d\x1a\xcd\x21\xa4\xa3\x40\x40\x6e\xf6\x1c\xa5\xad\x49\xf2'
'\x50\x31\x7b\xe7\xd9\x19\x62\x70')
'\x30\x82\x04\xbf\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86'
'\xf7\x0d\x01\x01\x01\x05\x00\x04\x82\x04\xa9\x30\x82\x04\xa5'
'\x02\x01\x00\x02\x82\x01\x01\x00\xb3\x6b\x65\x68\x0d\x79\x81'
'\x50\xc9\xb0\x8c\x5b\xbd\x17\xa3\x0c\xe6\xaf\xc0\x67\x55\xa3'
'\x9d\x60\x36\x60\xd7\x4d\xcb\x6d\xfb\x4e\xb1\x8d\xfe\x7a\x1b'
'\x0c\x3b\xfc\x14\x10\x69\x50\xf9\x87\x35\x9d\x38\x1f\x52\xf2'
'\xc4\x57\x0f\xf1\x17\x85\xad\xc2\x17\xa6\x27\xec\x45\xeb\xb6'
'\x94\x05\x9a\xa9\x13\xf1\xa2\xfb\xb9\x0a\xe0\x21\x7d\xe7\x0a'
'\xbf\xe4\x61\x8c\xb5\x4b\x27\x42\x3e\x31\x92\x1b\xef\x64\x4e'
'\x2a\x97\xd9\x4e\x66\xfb\x76\x19\x45\x80\x60\xf7\xbe\x40\xb9'
'\xd4\x10\x9f\x84\x65\x56\xdf\x9c\x39\xd8\xe6\x3f\xdb\x7c\x79'
'\x31\xe3\xb8\xca\xfc\x79\x9b\x23\xdc\x72\x7c\x4c\x55\x0e\x36'
'\x2a\xe0\xeb\xcc\xaa\xa3\x06\x54\xa3\x98\x19\xdc\xa4\x66\x31'
'\xd0\x98\x02\x4f\xeb\x32\x16\x61\xec\x97\xca\xce\x92\xa0\x8f'
'\x3c\x52\xe8\xdb\x86\x10\x9f\xee\x3f\xa6\xbd\x40\x63\x06\x99'
'\x01\xb3\x13\x97\xdc\xe8\x2e\xd1\x10\x8f\xab\x31\x49\xcb\x87'
'\x71\x2f\x5e\xf2\x78\xa9\xb4\x3c\x65\xb1\xb2\xd0\x82\xa1\x95'
'\x68\x67\x44\xd7\x5e\xec\xb4\x2f\x79\x40\x7e\xd4\xbc\x84\xdb'
'\xb9\x8c\xdd\x8d\x9c\x01\x15\xcd\x52\x83\x3f\x06\x67\xfd\xa1'
'\x2d\x2b\x07\xba\x32\x62\x21\x07\x2f\x02\x03\x01\x00\x01\x02'
'\x82\x01\x00\x30\xe9\x54\x29\xbb\x92\xa6\x28\x29\xf3\x91\x2f'
'\xe9\x2a\xaa\x6e\x77\xec\xed\x9c\xbe\x01\xee\x83\x2e\x0f\xd4'
'\x62\x06\xd5\x22\xaf\x5f\x44\x00\x5d\xb5\x45\xee\x8c\x57\xc3'
'\xe9\x92\x03\x94\x52\x8f\x5b\x9f\x5e\x73\x84\x06\xdf\xf7\xaf'
'\x9b\xe7\xb4\x83\xd1\xee\x0c\x41\x3b\x72\xf8\x83\x56\x98\x45'
'\x31\x98\x66\xdb\x19\x15\xe4\xcb\x77\xd2\xbc\x61\x3c\x1e\xa9'
'\xc5\xa5\x1c\x2f\xec\x3f\x92\x91\xfe\x5c\x38\xcc\x50\x97\x49'
'\x07\xc0\x38\x3f\x74\x31\xfb\x17\xc8\x79\x60\x50\x6f\xcc\x1d'
'\xfc\x42\xd5\x4a\x07\xd1\x2d\x13\x5e\xa9\x82\xf4\xd0\xa5\xd5'
'\xb3\x4e\x3f\x14\xe0\x44\x86\xa4\xa2\xaa\x2f\xe8\x1d\x82\x78'
'\x83\x13\x6b\x4a\x82\x0d\x5f\xbd\x4f\x1d\x56\xda\x12\x29\x08'
'\xca\x0c\xe2\xe0\x76\x55\xc8\xcb\xad\xdc\xb1\x3a\x71\xe1\xf3'
'\x7d\x28\xfb\xd5\xfb\x67\xf9\x48\xb4\x4f\x39\x0b\x39\xbf\x8d'
'\xa0\x13\xf7\xd6\x16\x87\x0b\xfb\x1f\x0a\xba\x4a\x83\xb4\x2d'
'\x50\xff\x6a\xf5\xd4\x6a\xe9\xd6\x5c\x23\x5e\xea\xe5\xde\xe8'
'\x11\xd1\x13\x78\x34\x4a\x85\x3d\xaf\x9b\xb6\xf1\xd9\xb2\xc6'
'\x78\x5d\x70\xd8\x7f\x41\xfd\x5f\x35\xba\x98\xe2\x01\xa8\x76'
'\x45\x59\xde\x71\x02\x81\x81\x00\xec\x7c\x74\xa3\x47\x58\x1d'
'\xf9\x21\xf0\xff\x60\x3d\x49\xa5\xd2\xd6\x4f\x4b\x79\x72\xed'
'\xf9\x46\xc3\x41\xd6\xe3\x60\xeb\x21\xe4\xba\x13\xf8\x43\x7f'
'\xba\xd3\xbb\xd1\x1c\x83\x62\xa8\xe5\x87\x3a\x89\xcd\xc8\x8a'
'\x4e\xe0\x16\xe5\x25\x4f\x0b\xa8\x10\xb8\x2a\x69\x03\x6f\x4a'
'\x9e\xda\xbb\xc7\x5f\x8b\xc3\xfe\x30\x1b\xde\x3b\xa6\x85\xdb'
'\xeb\x4b\x4b\x76\x0d\xc1\x2b\x99\x81\x15\x33\x91\x93\x90\x13'
'\xa8\x0c\x15\xab\xbb\x7e\xd8\xdb\x52\xe5\x2f\xc9\xba\x7c\xec'
'\xe7\x1a\xd1\xa2\x50\xc5\x9d\x25\xf8\x2a\x7b\xd5\x97\xa2\x63'
'\xdd\x02\x81\x81\x00\xc2\x39\x76\x53\x55\x74\x4f\x10\x58\x67'
'\xaa\x7a\x8b\x12\xb6\x5e\xe8\x42\x64\xc9\x2c\x06\xf3\x08\x2d'
'\x39\xd0\xa6\xaf\xae\xb4\x6e\x87\x18\xd6\x2f\x6f\x57\xe4\x5a'
'\x33\x58\x80\x44\x75\xfa\xbb\xfb\x2e\x32\x19\x33\xfb\x72\x91'
'\x8a\x7c\xf1\x20\x6e\x60\x42\xcc\xa2\x5a\x64\xe9\x15\x5d\xbd'
'\xf1\x6f\x6f\x91\x1b\x66\xb0\x24\x03\x9f\x69\xb2\xf7\x4c\xaf'
'\xe1\xee\xac\x2c\x8d\x27\x83\xb9\x7f\x37\x7a\xfb\x0b\x02\xcb'
'\x34\x85\x7f\x0a\xa7\xb2\x68\xde\x34\xb2\xec\xc4\xf0\x08\xe0'
'\x12\x06\xb9\x8d\x3b\x9a\xe9\xb3\xf9\x9b\xec\x7c\x7b\x02\x81'
'\x81\x00\x9e\xb9\x6d\xc3\xc5\x77\xe4\x2e\x39\xd4\xba\x63\x0a'
'\xdf\xaa\x97\xd7\x55\xc3\x6f\x91\x6f\x1e\x37\x9b\x88\x4e\x45'
'\xb0\xe0\x40\x90\x77\x40\x3e\x0a\x77\xe9\x9a\x81\x5d\xfa\x08'
'\x49\x28\xd9\x5d\xa9\x31\xa2\xd7\xed\xd4\xc0\xdd\x3d\x11\x8c'
'\x7b\x63\x63\x4d\x68\xd1\xb1\x07\x7a\x8b\x22\x7e\x94\x73\x91'
'\xa8\x8b\xac\x18\x98\x51\x6b\x14\x3f\x26\x2f\x14\x47\xf9\x35'
'\x65\x21\x13\x9d\x7a\x4e\x44\x3f\x98\xa1\xda\xf2\x94\xa0\x34'
'\xa4\x32\x98\xf1\xd0\xe0\x51\xf5\xd5\x3f\xcc\x25\x56\x0f\x66'
'\x83\x72\x5f\x9d\x8c\x1e\x31\x37\x42\x55\x02\x81\x81\x00\xb1'
'\xd7\x7d\xe2\x36\x68\x26\x91\x37\xf1\xcc\x67\x22\xfb\x02\x64'
'\x8a\xd5\x68\x85\xd0\x3b\x98\xc3\x8e\xed\xd6\x81\x1a\x72\xa5'
'\x22\x63\xaf\xb9\x47\x7b\xf3\x85\xd3\x96\x1a\x5e\x70\xd1\x7a'
'\xc2\x2f\xf0\x0f\xcd\x86\x0c\xa2\xce\x63\x79\x9e\x2c\xed\x04'
'\x55\x86\x1c\xcf\x1a\x81\x56\xa0\x1c\x71\x7b\x71\x33\xf4\x5c'
'\x25\xc3\x04\x52\x2e\xad\xc1\xc5\xc5\x72\xe2\x61\x62\xf5\xe9'
'\x0d\xb3\x87\xaa\x5c\x80\x8c\x87\x85\x5b\xd5\x35\x0b\xa3\x9c'
'\x38\x6b\xe6\xe3\x42\xeb\xdd\x42\xb3\x31\xae\x58\xae\xda\xba'
'\x31\x6e\x2b\x8b\xbb\x92\x0b\x02\x81\x81\x00\xdf\x76\xa5\x63'
'\x4f\x8b\x97\x98\x6c\x0e\x87\x5c\xf8\x3f\x3b\xfa\x18\x2a\x1c'
'\xfb\xa1\xa8\x6d\x78\x38\x0e\xfb\xc2\x52\x33\xfd\x31\x1f\xb6'
'\xfb\x9b\x17\xd0\x06\x3f\x7f\xe6\x95\x08\x3d\x39\xfc\xd8\xf4'
'\x46\xaa\x40\xc1\x47\x34\xdf\x36\x54\xe5\x9b\x4b\xda\xe3\x5e'
'\xe9\x70\xe3\x12\xe8\x1f\x16\xd9\x73\x79\xae\xbe\xad\xb0\xfa'
'\x2a\x91\x52\xfa\x7c\x4f\x24\x0f\x18\xc9\x66\x11\xa4\xd8\x69'
'\x45\x61\x96\x41\xa9\x07\x79\xda\xf7\x06\xd3\x2d\x1a\xcd\x21'
'\xa4\xa3\x40\x40\x6e\xf6\x1c\xa5\xad\x49\xf2\x50\x31\x7b\xe7'
'\xd9\x19\x62\x70')
return key_der
@@ -209,7 +212,7 @@ def get_public_key_der():
return key_der
def get_encrypted_private_key_pkcs8():
def get_encrypted_private_key_pem():
"""Returns an encrypted private key in PKCS#8 format
This key was created by issuing the following openssl commands:
@@ -300,7 +303,7 @@ hSZgIl7v+UAIM+9bhpVg15aTjRzfH2OsZodFIbsMDw==
def get_certificate_pem():
"""Returns an X509 certificate in PEM format
This key was created by issuing the following openssl commands:
This certificate was created by issuing the following openssl commands:
openssl genrsa -out private.pem 2048
openssl req -new -x509 -key private.pem -out cert.pem \
@@ -330,3 +333,72 @@ YI4hFtGfkOzd6B7r2sY1wGKdTLHkuT4m4/9A/SOzvnH+epnJqIS9jw+1iRj8xcDA
6PNT
-----END CERTIFICATE-----
"""
def get_certificate_der():
"""Returns an X509 certificate in DER format
This certificate was created by issuing the following openssl commands:
openssl genrsa -out private.pem 2048
openssl req -new -x509 -key private.pem -out cert.pem \
-days 1000 -subj '/CN=example.com'
openssl x509 -outform der -in cert.pem -out cert.der
The byte string returned by this function is the contents
of the cert.der file.
"""
cert_der = (
'\x30\x82\x02\xff\x30\x82\x01\xe7\xa0\x03\x02\x01\x02\x02\x09'
'\x00\xe2\xea\x5c\xa2\x7d\xab\xdf\xe7\x30\x0d\x06\x09\x2a\x86'
'\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x16\x31\x14\x30\x12'
'\x06\x03\x55\x04\x03\x0c\x0b\x65\x78\x61\x6d\x70\x6c\x65\x2e'
'\x63\x6f\x6d\x30\x1e\x17\x0d\x31\x35\x30\x34\x31\x31\x30\x32'
'\x31\x35\x32\x39\x5a\x17\x0d\x31\x38\x30\x31\x30\x35\x30\x32'
'\x31\x35\x32\x39\x5a\x30\x16\x31\x14\x30\x12\x06\x03\x55\x04'
'\x03\x0c\x0b\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d\x30'
'\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01'
'\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01'
'\x01\x00\xb3\x6b\x65\x68\x0d\x79\x81\x50\xc9\xb0\x8c\x5b\xbd'
'\x17\xa3\x0c\xe6\xaf\xc0\x67\x55\xa3\x9d\x60\x36\x60\xd7\x4d'
'\xcb\x6d\xfb\x4e\xb1\x8d\xfe\x7a\x1b\x0c\x3b\xfc\x14\x10\x69'
'\x50\xf9\x87\x35\x9d\x38\x1f\x52\xf2\xc4\x57\x0f\xf1\x17\x85'
'\xad\xc2\x17\xa6\x27\xec\x45\xeb\xb6\x94\x05\x9a\xa9\x13\xf1'
'\xa2\xfb\xb9\x0a\xe0\x21\x7d\xe7\x0a\xbf\xe4\x61\x8c\xb5\x4b'
'\x27\x42\x3e\x31\x92\x1b\xef\x64\x4e\x2a\x97\xd9\x4e\x66\xfb'
'\x76\x19\x45\x80\x60\xf7\xbe\x40\xb9\xd4\x10\x9f\x84\x65\x56'
'\xdf\x9c\x39\xd8\xe6\x3f\xdb\x7c\x79\x31\xe3\xb8\xca\xfc\x79'
'\x9b\x23\xdc\x72\x7c\x4c\x55\x0e\x36\x2a\xe0\xeb\xcc\xaa\xa3'
'\x06\x54\xa3\x98\x19\xdc\xa4\x66\x31\xd0\x98\x02\x4f\xeb\x32'
'\x16\x61\xec\x97\xca\xce\x92\xa0\x8f\x3c\x52\xe8\xdb\x86\x10'
'\x9f\xee\x3f\xa6\xbd\x40\x63\x06\x99\x01\xb3\x13\x97\xdc\xe8'
'\x2e\xd1\x10\x8f\xab\x31\x49\xcb\x87\x71\x2f\x5e\xf2\x78\xa9'
'\xb4\x3c\x65\xb1\xb2\xd0\x82\xa1\x95\x68\x67\x44\xd7\x5e\xec'
'\xb4\x2f\x79\x40\x7e\xd4\xbc\x84\xdb\xb9\x8c\xdd\x8d\x9c\x01'
'\x15\xcd\x52\x83\x3f\x06\x67\xfd\xa1\x2d\x2b\x07\xba\x32\x62'
'\x21\x07\x2f\x02\x03\x01\x00\x01\xa3\x50\x30\x4e\x30\x1d\x06'
'\x03\x55\x1d\x0e\x04\x16\x04\x14\x94\xab\x60\x34\x6f\x65\xe8'
'\xfa\xc2\xaf\x98\xa8\x0d\xf1\x6a\xbc\x97\xa8\xfc\xda\x30\x1f'
'\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x94\xab\x60\x34'
'\x6f\x65\xe8\xfa\xc2\xaf\x98\xa8\x0d\xf1\x6a\xbc\x97\xa8\xfc'
'\xda\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff'
'\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00'
'\x03\x82\x01\x01\x00\x63\x8a\xea\xa1\x97\x33\x55\x39\x52\xeb'
'\x1c\x34\x32\x1a\xbd\x1f\x4c\x00\x85\x25\xd0\xd1\x12\x7b\xa1'
'\x66\x9e\x1d\xf7\x5f\xbe\x0e\x63\x02\x4f\xe6\xdc\x4c\x6d\x3e'
'\x18\x2a\x77\xad\xf1\x4e\xb8\x45\xa9\x24\xb2\xcb\x3d\xd4\x8e'
'\x9c\x8b\x27\x89\xbb\x0e\xb3\x22\x8f\x5e\xe0\x41\x5f\x99\x26'
'\x75\x82\x28\x8d\xb7\x63\x51\x34\xb0\x9e\x17\x31\xf4\x94\xc0'
'\x7c\xa4\xa6\xc5\x75\x92\x0b\x4a\xe7\x28\x27\x9f\x01\xfe\x38'
'\x32\x6e\x9f\xaa\xfa\x13\xc9\x36\xde\x19\x24\x0f\xea\x71\xf3'
'\x73\xb7\x8b\x68\xaf\xde\x7d\xca\xcc\xbd\x87\x5c\xb7\xe4\xde'
'\x4e\x41\xe3\xa9\x1f\x0b\xbb\x8a\x63\x66\xf4\x5d\x51\x06\x9d'
'\x40\x78\x43\xc8\xdf\x8e\x34\xa7\x4a\x0f\xd4\xeb\x8e\xf7\xcf'
'\x8a\x6d\x1b\xec\x0a\xbc\xf3\x93\xe3\x48\xde\x90\xa3\x86\x7d'
'\x1d\x74\x7a\xfa\x72\xbe\x6d\x3c\xfd\x1f\x25\x00\x4c\xc7\xc3'
'\x18\xd4\x2d\xd0\xbd\xef\xc9\xf5\x71\x6c\xd3\xb1\x90\x20\x5c'
'\x60\x8e\x21\x16\xd1\x9f\x90\xec\xdd\xe8\x1e\xeb\xda\xc6\x35'
'\xc0\x62\x9d\x4c\xb1\xe4\xb9\x3e\x26\xe3\xff\x40\xfd\x23\xb3'
'\xbe\x71\xfe\x7a\x99\xc9\xa8\x84\xbd\x8f\x0f\xb5\x89\x18\xfc'
'\xc5\xc0\xc0\xe8\xf3\x53')
return cert_der

15
barbican/tests/plugin/test_kmip.py
View File

@@ -19,7 +19,6 @@ import stat
import mock
from barbican.plugin.interface import secret_store
from barbican.plugin.util import translations
from barbican.tests import keys
from barbican.tests import utils
@@ -53,9 +52,7 @@ def get_sample_symmetric_key():
def get_sample_public_key():
key_material = objects.KeyMaterial(
translations.convert_public_pem_to_der(keys.get_public_key_pem())
)
key_material = objects.KeyMaterial(keys.get_public_key_der())
key_value = objects.KeyValue(key_material)
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.X_509),
@@ -69,9 +66,7 @@ def get_sample_public_key():
def get_sample_private_key():
key_material = objects.KeyMaterial(
translations.convert_private_pem_to_der(keys.get_private_key_pkcs8())
)
key_material = objects.KeyMaterial(keys.get_private_key_der())
key_value = objects.KeyValue(key_material)
key_block = objects.KeyBlock(
key_format_type=misc.KeyFormatType(enums.KeyFormatType.PKCS_8),
@@ -383,7 +378,7 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase):
key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048)
secret_dto = secret_store.SecretDTO(secret_store.SecretType.PRIVATE,
base64.b64encode(
keys.get_private_key_pkcs8()),
keys.get_private_key_pem()),
key_spec,
'content_type')
self.secret_store.store_secret(secret_dto)
@@ -397,7 +392,7 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase):
key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048)
secret_dto = secret_store.SecretDTO(secret_store.SecretType.PRIVATE,
base64.b64encode(
keys.get_private_key_pkcs8()),
keys.get_private_key_pem()),
key_spec,
'content_type')
return_value = self.secret_store.store_secret(secret_dto)
@@ -492,7 +487,7 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase):
'private_key': [get_sample_private_key(),
secret_store.SecretType.PRIVATE,
misc.KeyFormatType(enums.KeyFormatType.PKCS_8),
base64.b64encode(keys.get_private_key_pkcs8())],
base64.b64encode(keys.get_private_key_pem())],
'opaque': [get_sample_symmetric_key(),
secret_store.SecretType.OPAQUE,
None,

58
barbican/tests/plugin/util/test_translations.py
View File

@@ -92,18 +92,18 @@ class WhenNormalizingBeforeEncryption(utils.BaseTestCase):
'expected': base64.b64encode('stuff')
},
'private_base64': {
'unencrypted': base64.b64encode(keys.get_private_key_pkcs8()),
'unencrypted': base64.b64encode(keys.get_private_key_pem()),
'secret_type': s.SecretType.PRIVATE,
'content_type': 'application/octet-stream',
'content_encoding': 'base64',
'expected': base64.b64encode(keys.get_private_key_pkcs8())
'expected': base64.b64encode(keys.get_private_key_pem())
},
'private': {
'unencrypted': keys.get_private_key_pkcs8(),
'unencrypted': keys.get_private_key_pem(),
'secret_type': s.SecretType.PRIVATE,
'content_type': 'application/octet-stream',
'content_encoding': None,
'expected': base64.b64encode(keys.get_private_key_pkcs8())
'expected': base64.b64encode(keys.get_private_key_pem())
},
'public_base64': {
'unencrypted': base64.b64encode(keys.get_public_key_pem()),
@@ -204,7 +204,7 @@ class WhenDenormalizingAfterDecryption(utils.BaseTestCase):
dataset_for_pem_denormalize = {
'private_key': {
'encoded_pem': base64.b64encode(keys.get_private_key_pkcs8()),
'encoded_pem': base64.b64encode(keys.get_private_key_pem()),
'content_type': 'application/octet-stream'
},
'public_key': {
@@ -264,31 +264,61 @@ class WhenConvertingKeyFormats(utils.BaseTestCase):
super(WhenConvertingKeyFormats, self).setUp()
def test_passes_convert_private_pem_to_der(self):
pem = keys.get_private_key_pkcs8()
pem = keys.get_private_key_pem()
expected_der = keys.get_private_key_der()
der = translations.convert_private_pem_to_der(pem)
der = translations.convert_pem_to_der(
pem, s.SecretType.PRIVATE)
self.assertEqual(expected_der, der)
def test_passes_convert_private_der_to_pem(self):
der = keys.get_private_key_der()
expected_pem = keys.get_private_key_pkcs8()
pem = translations.convert_private_der_to_pkcs8(der)
expected_pem = keys.get_private_key_pem()
pem = translations.convert_der_to_pem(
der, s.SecretType.PRIVATE)
self.assertEqual(expected_pem, pem)
def test_passes_convert_public_pem_to_der(self):
pem = keys.get_public_key_pem()
expected_der = keys.get_public_key_der()
der = translations.convert_public_pem_to_der(pem)
der = translations.convert_pem_to_der(
pem, s.SecretType.PUBLIC)
self.assertEqual(expected_der, der)
def test_passes_convert_public_der_to_pem(self):
der = keys.get_public_key_der()
expected_pem = keys.get_public_key_pem()
pem = translations.convert_public_der_to_pem(der)
pem = translations.convert_der_to_pem(
der, s.SecretType.PUBLIC)
self.assertEqual(expected_pem, pem)
def test_certificate_conversion(self):
def test_passes_convert_certificate_pem_to_der(self):
pem = keys.get_certificate_pem()
der = translations.convert_certificate_pem_to_der(pem)
converted_pem = translations.convert_certificate_der_to_pem(der)
expected_der = keys.get_certificate_der()
der = translations.convert_pem_to_der(
pem, s.SecretType.CERTIFICATE)
self.assertEqual(expected_der, der)
def test_passes_convert_certificate_der_to_pem(self):
der = keys.get_certificate_der()
expected_pem = keys.get_certificate_pem()
pem = translations.convert_der_to_pem(
der, s.SecretType.CERTIFICATE)
self.assertEqual(expected_pem, pem)
def test_passes_certificate_conversion(self):
pem = keys.get_certificate_pem()
der = translations.convert_pem_to_der(
pem, s.SecretType.CERTIFICATE)
converted_pem = translations.convert_der_to_pem(
der, s.SecretType.CERTIFICATE)
self.assertEqual(pem, converted_pem)
def test_should_raise_to_pem_with_bad_secret_type(self):
self.assertRaises(s.SecretGeneralException,
translations.convert_der_to_pem,
"der", "bad type")
def test_should_raise_to_der_with_bad_secret_type(self):
self.assertRaises(s.SecretGeneralException,
translations.convert_pem_to_der,
"pem", "bad type")

18
functionaltests/api/v1/smoke/test_rsa.py
View File

@@ -155,7 +155,7 @@ class RSATestCase(base.TestCase):
"""Verify the keys input for test cases"""
# prove pyOpenSSL can parse the original private key
pem = keys.get_private_key_pkcs8()
pem = keys.get_private_key_pem()
crypto.load_privatekey(crypto.FILETYPE_PEM, pem)
# prove pyCrypto can parse the original public key
@@ -163,7 +163,7 @@ class RSATestCase(base.TestCase):
RSA.importKey(pem)
# prove pyOpenSSL can parse the original encrypted private key
pem = keys.get_encrypted_private_key_pkcs8()
pem = keys.get_encrypted_private_key_pem()
passphrase = keys.get_passphrase_txt()
crypto.load_privatekey(crypto.FILETYPE_PEM,
pem,
@@ -179,7 +179,7 @@ class RSATestCase(base.TestCase):
# make a secret
bits = 2048
pem = keys.get_private_key_pkcs8()
pem = keys.get_private_key_pem()
# create with Post to server
test_model = secret_models.SecretModel(
@@ -256,7 +256,7 @@ class RSATestCase(base.TestCase):
# make a secret
bits = 2048
pem = keys.get_private_key_pkcs8()
pem = keys.get_private_key_pem()
# create with Post to server
create_req = get_private_key_req(bits, base64.b64encode(pem))
@@ -364,7 +364,7 @@ class RSATestCase(base.TestCase):
# make the secrets
bits = 2048
private_pem = keys.get_private_key_pkcs8()
private_pem = keys.get_private_key_pem()
public_pem = keys.get_public_key_pem()
# create private secret with Post to server
@@ -403,7 +403,7 @@ class RSATestCase(base.TestCase):
# make the secrets
bits = 2048
private_pem = keys.get_encrypted_private_key_pkcs8()
private_pem = keys.get_encrypted_private_key_pem()
public_pem = keys.get_public_key_pem()
passphrase = keys.get_passphrase_txt()
@@ -523,7 +523,7 @@ class RSATestCase(base.TestCase):
self.assertEqual(204, update_resp.status_code)
# store private key
private_pem = keys.get_private_key_pkcs8()
private_pem = keys.get_private_key_pem()
create_req = get_private_key_req(bits, base64.b64encode(private_pem))
del create_req['payload']
del create_req['payload_content_type']
@@ -637,7 +637,7 @@ class RSATestCase(base.TestCase):
self.assertEqual(204, update_resp.status_code)
# store private key
private_pem = keys.get_private_key_pkcs8()
private_pem = keys.get_private_key_pem()
create_req = get_private_key_req(bits, base64.b64encode(private_pem))
del create_req['payload']
del create_req['payload_content_type']
@@ -688,7 +688,7 @@ class RSATestCase(base.TestCase):
self.assertEqual(204, update_resp.status_code)
# store private key
private_pem = keys.get_private_key_pkcs8()
private_pem = keys.get_private_key_pem()
create_req = get_private_key_req(bits, base64.b64encode(private_pem))
del create_req['payload']
del create_req['payload_content_type']