diff --git a/barbican/plugin/kmip_secret_store.py b/barbican/plugin/kmip_secret_store.py index 433ca42b0..8e0c5ca61 100644 --- a/barbican/plugin/kmip_secret_store.py +++ b/barbican/plugin/kmip_secret_store.py @@ -610,21 +610,17 @@ class KMIPSecretStore(ss.SecretStoreBase): def _normalize_secret(self, secret, secret_type): """Normalizes secret for use by KMIP plugin""" data = base64.b64decode(secret) - if secret_type == ss.SecretType.PUBLIC: - return translations.convert_public_pem_to_der(data) - if secret_type == ss.SecretType.PRIVATE: - return translations.convert_private_pem_to_der(data) - if secret_type == ss.SecretType.CERTIFICATE: - return translations.convert_certificate_pem_to_der(data) + if secret_type in [ss.SecretType.PUBLIC, + ss.SecretType.PRIVATE, + ss.SecretType.CERTIFICATE]: + data = translations.convert_pem_to_der(data, secret_type) return data def _denormalize_secret(self, secret, secret_type): """Converts secret back to the format expected by Barbican core""" data = secret - if secret_type == ss.SecretType.PUBLIC: - data = translations.convert_public_der_to_pem(secret) - if secret_type == ss.SecretType.PRIVATE: - data = translations.convert_private_der_to_pkcs8(secret) - if secret_type == ss.SecretType.CERTIFICATE: - data = translations.convert_certificate_der_to_pem(secret) + if secret_type in [ss.SecretType.PUBLIC, + ss.SecretType.PRIVATE, + ss.SecretType.CERTIFICATE]: + data = translations.convert_der_to_pem(data, secret_type) return base64.b64encode(data) diff --git a/barbican/plugin/util/translations.py b/barbican/plugin/util/translations.py index 27df2cfdc..03ddc2340 100644 --- a/barbican/plugin/util/translations.py +++ b/barbican/plugin/util/translations.py @@ -16,6 +16,7 @@ import base64 from Crypto.PublicKey import RSA from OpenSSL import crypto +from barbican import i18n as u # noqa from barbican.plugin.interface import secret_store as s from barbican.plugin.util import mime_types @@ -109,37 +110,61 @@ def denormalize_after_decryption(unencrypted, content_type): return unencrypted -def convert_private_pem_to_der(pem): - pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, pem) - pem = crypto.dump_privatekey(crypto.FILETYPE_ASN1, pkey) +def convert_pem_to_der(pem, secret_type): + if secret_type == s.SecretType.PRIVATE: + return _convert_private_pem_to_der(pem) + elif secret_type == s.SecretType.PUBLIC: + return _convert_public_pem_to_der(pem) + elif secret_type == s.SecretType.CERTIFICATE: + return _convert_certificate_pem_to_der(pem) + else: + reason = u._("Secret type can not be converted to DER") + raise s.SecretGeneralException(reason=reason) + + +def convert_der_to_pem(der, secret_type): + if secret_type == s.SecretType.PRIVATE: + return _convert_private_der_to_pem(der) + elif secret_type == s.SecretType.PUBLIC: + return _convert_public_der_to_pem(der) + elif secret_type == s.SecretType.CERTIFICATE: + return _convert_certificate_der_to_pem(der) + else: + reason = u._("Secret type can not be converted to PEM") + raise s.SecretGeneralException(reason=reason) + + +def _convert_private_pem_to_der(pem): + private_key = RSA.importKey(pem) + der = private_key.exportKey('DER', pkcs=8) + return der + + +def _convert_private_der_to_pem(der): + private_key = RSA.importKey(der) + pem = private_key.exportKey('PEM', pkcs=8) return pem -def convert_private_der_to_pkcs8(der): - private_key = RSA.importKey(der) - pkcs8 = private_key.exportKey('PEM', pkcs=8) - return pkcs8 - - -def convert_public_pem_to_der(pem): +def _convert_public_pem_to_der(pem): pubkey = RSA.importKey(pem) der = pubkey.exportKey('DER') return der -def convert_public_der_to_pem(der): +def _convert_public_der_to_pem(der): pubkey = RSA.importKey(der) pem = pubkey.exportKey('PEM') return pem -def convert_certificate_pem_to_der(pem): +def _convert_certificate_pem_to_der(pem): cert = crypto.load_certificate(crypto.FILETYPE_PEM, pem) der = crypto.dump_certificate(crypto.FILETYPE_ASN1, cert) return der -def convert_certificate_der_to_pem(der): +def _convert_certificate_der_to_pem(der): cert = crypto.load_certificate(crypto.FILETYPE_ASN1, der) pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) return pem diff --git a/barbican/tests/keys.py b/barbican/tests/keys.py index b61ad1697..44435b2f5 100644 --- a/barbican/tests/keys.py +++ b/barbican/tests/keys.py @@ -14,7 +14,7 @@ # limitations under the License. -def get_private_key_pkcs8(): +def get_private_key_pem(): """Returns a private key in PCKS#8 format This key was created by issuing the following openssl commands: @@ -62,92 +62,95 @@ def get_private_key_der(): This key was created by issuing the following openssl commands: openssl genrsa -out private.pem 2048 - openssl rsa -in private.pem -outform DER -out private.der + openssl pkcs8 -in private.pem -topk8 -nocrypt \ + -outform DER -out private_pk8.der The byte string returned by this function is the contents - of the private.der file. + of the private_pk8.der file. """ key_der = ( - '\x30\x82\x04\xa5\x02\x01\x00\x02\x82\x01\x01\x00\xb3\x6b\x65' - '\x68\x0d\x79\x81\x50\xc9\xb0\x8c\x5b\xbd\x17\xa3\x0c\xe6\xaf' - '\xc0\x67\x55\xa3\x9d\x60\x36\x60\xd7\x4d\xcb\x6d\xfb\x4e\xb1' - '\x8d\xfe\x7a\x1b\x0c\x3b\xfc\x14\x10\x69\x50\xf9\x87\x35\x9d' - '\x38\x1f\x52\xf2\xc4\x57\x0f\xf1\x17\x85\xad\xc2\x17\xa6\x27' - '\xec\x45\xeb\xb6\x94\x05\x9a\xa9\x13\xf1\xa2\xfb\xb9\x0a\xe0' - '\x21\x7d\xe7\x0a\xbf\xe4\x61\x8c\xb5\x4b\x27\x42\x3e\x31\x92' - '\x1b\xef\x64\x4e\x2a\x97\xd9\x4e\x66\xfb\x76\x19\x45\x80\x60' - '\xf7\xbe\x40\xb9\xd4\x10\x9f\x84\x65\x56\xdf\x9c\x39\xd8\xe6' - '\x3f\xdb\x7c\x79\x31\xe3\xb8\xca\xfc\x79\x9b\x23\xdc\x72\x7c' - '\x4c\x55\x0e\x36\x2a\xe0\xeb\xcc\xaa\xa3\x06\x54\xa3\x98\x19' - '\xdc\xa4\x66\x31\xd0\x98\x02\x4f\xeb\x32\x16\x61\xec\x97\xca' - '\xce\x92\xa0\x8f\x3c\x52\xe8\xdb\x86\x10\x9f\xee\x3f\xa6\xbd' - '\x40\x63\x06\x99\x01\xb3\x13\x97\xdc\xe8\x2e\xd1\x10\x8f\xab' - '\x31\x49\xcb\x87\x71\x2f\x5e\xf2\x78\xa9\xb4\x3c\x65\xb1\xb2' - '\xd0\x82\xa1\x95\x68\x67\x44\xd7\x5e\xec\xb4\x2f\x79\x40\x7e' - '\xd4\xbc\x84\xdb\xb9\x8c\xdd\x8d\x9c\x01\x15\xcd\x52\x83\x3f' - '\x06\x67\xfd\xa1\x2d\x2b\x07\xba\x32\x62\x21\x07\x2f\x02\x03' - '\x01\x00\x01\x02\x82\x01\x00\x30\xe9\x54\x29\xbb\x92\xa6\x28' - '\x29\xf3\x91\x2f\xe9\x2a\xaa\x6e\x77\xec\xed\x9c\xbe\x01\xee' - '\x83\x2e\x0f\xd4\x62\x06\xd5\x22\xaf\x5f\x44\x00\x5d\xb5\x45' - '\xee\x8c\x57\xc3\xe9\x92\x03\x94\x52\x8f\x5b\x9f\x5e\x73\x84' - '\x06\xdf\xf7\xaf\x9b\xe7\xb4\x83\xd1\xee\x0c\x41\x3b\x72\xf8' - '\x83\x56\x98\x45\x31\x98\x66\xdb\x19\x15\xe4\xcb\x77\xd2\xbc' - '\x61\x3c\x1e\xa9\xc5\xa5\x1c\x2f\xec\x3f\x92\x91\xfe\x5c\x38' - '\xcc\x50\x97\x49\x07\xc0\x38\x3f\x74\x31\xfb\x17\xc8\x79\x60' - '\x50\x6f\xcc\x1d\xfc\x42\xd5\x4a\x07\xd1\x2d\x13\x5e\xa9\x82' - '\xf4\xd0\xa5\xd5\xb3\x4e\x3f\x14\xe0\x44\x86\xa4\xa2\xaa\x2f' - '\xe8\x1d\x82\x78\x83\x13\x6b\x4a\x82\x0d\x5f\xbd\x4f\x1d\x56' - '\xda\x12\x29\x08\xca\x0c\xe2\xe0\x76\x55\xc8\xcb\xad\xdc\xb1' - '\x3a\x71\xe1\xf3\x7d\x28\xfb\xd5\xfb\x67\xf9\x48\xb4\x4f\x39' - '\x0b\x39\xbf\x8d\xa0\x13\xf7\xd6\x16\x87\x0b\xfb\x1f\x0a\xba' - '\x4a\x83\xb4\x2d\x50\xff\x6a\xf5\xd4\x6a\xe9\xd6\x5c\x23\x5e' - '\xea\xe5\xde\xe8\x11\xd1\x13\x78\x34\x4a\x85\x3d\xaf\x9b\xb6' - '\xf1\xd9\xb2\xc6\x78\x5d\x70\xd8\x7f\x41\xfd\x5f\x35\xba\x98' - '\xe2\x01\xa8\x76\x45\x59\xde\x71\x02\x81\x81\x00\xec\x7c\x74' - '\xa3\x47\x58\x1d\xf9\x21\xf0\xff\x60\x3d\x49\xa5\xd2\xd6\x4f' - '\x4b\x79\x72\xed\xf9\x46\xc3\x41\xd6\xe3\x60\xeb\x21\xe4\xba' - '\x13\xf8\x43\x7f\xba\xd3\xbb\xd1\x1c\x83\x62\xa8\xe5\x87\x3a' - '\x89\xcd\xc8\x8a\x4e\xe0\x16\xe5\x25\x4f\x0b\xa8\x10\xb8\x2a' - '\x69\x03\x6f\x4a\x9e\xda\xbb\xc7\x5f\x8b\xc3\xfe\x30\x1b\xde' - '\x3b\xa6\x85\xdb\xeb\x4b\x4b\x76\x0d\xc1\x2b\x99\x81\x15\x33' - '\x91\x93\x90\x13\xa8\x0c\x15\xab\xbb\x7e\xd8\xdb\x52\xe5\x2f' - '\xc9\xba\x7c\xec\xe7\x1a\xd1\xa2\x50\xc5\x9d\x25\xf8\x2a\x7b' - '\xd5\x97\xa2\x63\xdd\x02\x81\x81\x00\xc2\x39\x76\x53\x55\x74' - '\x4f\x10\x58\x67\xaa\x7a\x8b\x12\xb6\x5e\xe8\x42\x64\xc9\x2c' - '\x06\xf3\x08\x2d\x39\xd0\xa6\xaf\xae\xb4\x6e\x87\x18\xd6\x2f' - '\x6f\x57\xe4\x5a\x33\x58\x80\x44\x75\xfa\xbb\xfb\x2e\x32\x19' - '\x33\xfb\x72\x91\x8a\x7c\xf1\x20\x6e\x60\x42\xcc\xa2\x5a\x64' - '\xe9\x15\x5d\xbd\xf1\x6f\x6f\x91\x1b\x66\xb0\x24\x03\x9f\x69' - '\xb2\xf7\x4c\xaf\xe1\xee\xac\x2c\x8d\x27\x83\xb9\x7f\x37\x7a' - '\xfb\x0b\x02\xcb\x34\x85\x7f\x0a\xa7\xb2\x68\xde\x34\xb2\xec' - '\xc4\xf0\x08\xe0\x12\x06\xb9\x8d\x3b\x9a\xe9\xb3\xf9\x9b\xec' - '\x7c\x7b\x02\x81\x81\x00\x9e\xb9\x6d\xc3\xc5\x77\xe4\x2e\x39' - '\xd4\xba\x63\x0a\xdf\xaa\x97\xd7\x55\xc3\x6f\x91\x6f\x1e\x37' - '\x9b\x88\x4e\x45\xb0\xe0\x40\x90\x77\x40\x3e\x0a\x77\xe9\x9a' - '\x81\x5d\xfa\x08\x49\x28\xd9\x5d\xa9\x31\xa2\xd7\xed\xd4\xc0' - '\xdd\x3d\x11\x8c\x7b\x63\x63\x4d\x68\xd1\xb1\x07\x7a\x8b\x22' - '\x7e\x94\x73\x91\xa8\x8b\xac\x18\x98\x51\x6b\x14\x3f\x26\x2f' - '\x14\x47\xf9\x35\x65\x21\x13\x9d\x7a\x4e\x44\x3f\x98\xa1\xda' - '\xf2\x94\xa0\x34\xa4\x32\x98\xf1\xd0\xe0\x51\xf5\xd5\x3f\xcc' - '\x25\x56\x0f\x66\x83\x72\x5f\x9d\x8c\x1e\x31\x37\x42\x55\x02' - '\x81\x81\x00\xb1\xd7\x7d\xe2\x36\x68\x26\x91\x37\xf1\xcc\x67' - '\x22\xfb\x02\x64\x8a\xd5\x68\x85\xd0\x3b\x98\xc3\x8e\xed\xd6' - '\x81\x1a\x72\xa5\x22\x63\xaf\xb9\x47\x7b\xf3\x85\xd3\x96\x1a' - '\x5e\x70\xd1\x7a\xc2\x2f\xf0\x0f\xcd\x86\x0c\xa2\xce\x63\x79' - '\x9e\x2c\xed\x04\x55\x86\x1c\xcf\x1a\x81\x56\xa0\x1c\x71\x7b' - '\x71\x33\xf4\x5c\x25\xc3\x04\x52\x2e\xad\xc1\xc5\xc5\x72\xe2' - '\x61\x62\xf5\xe9\x0d\xb3\x87\xaa\x5c\x80\x8c\x87\x85\x5b\xd5' - '\x35\x0b\xa3\x9c\x38\x6b\xe6\xe3\x42\xeb\xdd\x42\xb3\x31\xae' - '\x58\xae\xda\xba\x31\x6e\x2b\x8b\xbb\x92\x0b\x02\x81\x81\x00' - '\xdf\x76\xa5\x63\x4f\x8b\x97\x98\x6c\x0e\x87\x5c\xf8\x3f\x3b' - '\xfa\x18\x2a\x1c\xfb\xa1\xa8\x6d\x78\x38\x0e\xfb\xc2\x52\x33' - '\xfd\x31\x1f\xb6\xfb\x9b\x17\xd0\x06\x3f\x7f\xe6\x95\x08\x3d' - '\x39\xfc\xd8\xf4\x46\xaa\x40\xc1\x47\x34\xdf\x36\x54\xe5\x9b' - '\x4b\xda\xe3\x5e\xe9\x70\xe3\x12\xe8\x1f\x16\xd9\x73\x79\xae' - '\xbe\xad\xb0\xfa\x2a\x91\x52\xfa\x7c\x4f\x24\x0f\x18\xc9\x66' - '\x11\xa4\xd8\x69\x45\x61\x96\x41\xa9\x07\x79\xda\xf7\x06\xd3' - '\x2d\x1a\xcd\x21\xa4\xa3\x40\x40\x6e\xf6\x1c\xa5\xad\x49\xf2' - '\x50\x31\x7b\xe7\xd9\x19\x62\x70') + '\x30\x82\x04\xbf\x02\x01\x00\x30\x0d\x06\x09\x2a\x86\x48\x86' + '\xf7\x0d\x01\x01\x01\x05\x00\x04\x82\x04\xa9\x30\x82\x04\xa5' + '\x02\x01\x00\x02\x82\x01\x01\x00\xb3\x6b\x65\x68\x0d\x79\x81' + '\x50\xc9\xb0\x8c\x5b\xbd\x17\xa3\x0c\xe6\xaf\xc0\x67\x55\xa3' + '\x9d\x60\x36\x60\xd7\x4d\xcb\x6d\xfb\x4e\xb1\x8d\xfe\x7a\x1b' + '\x0c\x3b\xfc\x14\x10\x69\x50\xf9\x87\x35\x9d\x38\x1f\x52\xf2' + '\xc4\x57\x0f\xf1\x17\x85\xad\xc2\x17\xa6\x27\xec\x45\xeb\xb6' + '\x94\x05\x9a\xa9\x13\xf1\xa2\xfb\xb9\x0a\xe0\x21\x7d\xe7\x0a' + '\xbf\xe4\x61\x8c\xb5\x4b\x27\x42\x3e\x31\x92\x1b\xef\x64\x4e' + '\x2a\x97\xd9\x4e\x66\xfb\x76\x19\x45\x80\x60\xf7\xbe\x40\xb9' + '\xd4\x10\x9f\x84\x65\x56\xdf\x9c\x39\xd8\xe6\x3f\xdb\x7c\x79' + '\x31\xe3\xb8\xca\xfc\x79\x9b\x23\xdc\x72\x7c\x4c\x55\x0e\x36' + '\x2a\xe0\xeb\xcc\xaa\xa3\x06\x54\xa3\x98\x19\xdc\xa4\x66\x31' + '\xd0\x98\x02\x4f\xeb\x32\x16\x61\xec\x97\xca\xce\x92\xa0\x8f' + '\x3c\x52\xe8\xdb\x86\x10\x9f\xee\x3f\xa6\xbd\x40\x63\x06\x99' + '\x01\xb3\x13\x97\xdc\xe8\x2e\xd1\x10\x8f\xab\x31\x49\xcb\x87' + '\x71\x2f\x5e\xf2\x78\xa9\xb4\x3c\x65\xb1\xb2\xd0\x82\xa1\x95' + '\x68\x67\x44\xd7\x5e\xec\xb4\x2f\x79\x40\x7e\xd4\xbc\x84\xdb' + '\xb9\x8c\xdd\x8d\x9c\x01\x15\xcd\x52\x83\x3f\x06\x67\xfd\xa1' + '\x2d\x2b\x07\xba\x32\x62\x21\x07\x2f\x02\x03\x01\x00\x01\x02' + '\x82\x01\x00\x30\xe9\x54\x29\xbb\x92\xa6\x28\x29\xf3\x91\x2f' + '\xe9\x2a\xaa\x6e\x77\xec\xed\x9c\xbe\x01\xee\x83\x2e\x0f\xd4' + '\x62\x06\xd5\x22\xaf\x5f\x44\x00\x5d\xb5\x45\xee\x8c\x57\xc3' + '\xe9\x92\x03\x94\x52\x8f\x5b\x9f\x5e\x73\x84\x06\xdf\xf7\xaf' + '\x9b\xe7\xb4\x83\xd1\xee\x0c\x41\x3b\x72\xf8\x83\x56\x98\x45' + '\x31\x98\x66\xdb\x19\x15\xe4\xcb\x77\xd2\xbc\x61\x3c\x1e\xa9' + '\xc5\xa5\x1c\x2f\xec\x3f\x92\x91\xfe\x5c\x38\xcc\x50\x97\x49' + '\x07\xc0\x38\x3f\x74\x31\xfb\x17\xc8\x79\x60\x50\x6f\xcc\x1d' + '\xfc\x42\xd5\x4a\x07\xd1\x2d\x13\x5e\xa9\x82\xf4\xd0\xa5\xd5' + '\xb3\x4e\x3f\x14\xe0\x44\x86\xa4\xa2\xaa\x2f\xe8\x1d\x82\x78' + '\x83\x13\x6b\x4a\x82\x0d\x5f\xbd\x4f\x1d\x56\xda\x12\x29\x08' + '\xca\x0c\xe2\xe0\x76\x55\xc8\xcb\xad\xdc\xb1\x3a\x71\xe1\xf3' + '\x7d\x28\xfb\xd5\xfb\x67\xf9\x48\xb4\x4f\x39\x0b\x39\xbf\x8d' + '\xa0\x13\xf7\xd6\x16\x87\x0b\xfb\x1f\x0a\xba\x4a\x83\xb4\x2d' + '\x50\xff\x6a\xf5\xd4\x6a\xe9\xd6\x5c\x23\x5e\xea\xe5\xde\xe8' + '\x11\xd1\x13\x78\x34\x4a\x85\x3d\xaf\x9b\xb6\xf1\xd9\xb2\xc6' + '\x78\x5d\x70\xd8\x7f\x41\xfd\x5f\x35\xba\x98\xe2\x01\xa8\x76' + '\x45\x59\xde\x71\x02\x81\x81\x00\xec\x7c\x74\xa3\x47\x58\x1d' + '\xf9\x21\xf0\xff\x60\x3d\x49\xa5\xd2\xd6\x4f\x4b\x79\x72\xed' + '\xf9\x46\xc3\x41\xd6\xe3\x60\xeb\x21\xe4\xba\x13\xf8\x43\x7f' + '\xba\xd3\xbb\xd1\x1c\x83\x62\xa8\xe5\x87\x3a\x89\xcd\xc8\x8a' + '\x4e\xe0\x16\xe5\x25\x4f\x0b\xa8\x10\xb8\x2a\x69\x03\x6f\x4a' + '\x9e\xda\xbb\xc7\x5f\x8b\xc3\xfe\x30\x1b\xde\x3b\xa6\x85\xdb' + '\xeb\x4b\x4b\x76\x0d\xc1\x2b\x99\x81\x15\x33\x91\x93\x90\x13' + '\xa8\x0c\x15\xab\xbb\x7e\xd8\xdb\x52\xe5\x2f\xc9\xba\x7c\xec' + '\xe7\x1a\xd1\xa2\x50\xc5\x9d\x25\xf8\x2a\x7b\xd5\x97\xa2\x63' + '\xdd\x02\x81\x81\x00\xc2\x39\x76\x53\x55\x74\x4f\x10\x58\x67' + '\xaa\x7a\x8b\x12\xb6\x5e\xe8\x42\x64\xc9\x2c\x06\xf3\x08\x2d' + '\x39\xd0\xa6\xaf\xae\xb4\x6e\x87\x18\xd6\x2f\x6f\x57\xe4\x5a' + '\x33\x58\x80\x44\x75\xfa\xbb\xfb\x2e\x32\x19\x33\xfb\x72\x91' + '\x8a\x7c\xf1\x20\x6e\x60\x42\xcc\xa2\x5a\x64\xe9\x15\x5d\xbd' + '\xf1\x6f\x6f\x91\x1b\x66\xb0\x24\x03\x9f\x69\xb2\xf7\x4c\xaf' + '\xe1\xee\xac\x2c\x8d\x27\x83\xb9\x7f\x37\x7a\xfb\x0b\x02\xcb' + '\x34\x85\x7f\x0a\xa7\xb2\x68\xde\x34\xb2\xec\xc4\xf0\x08\xe0' + '\x12\x06\xb9\x8d\x3b\x9a\xe9\xb3\xf9\x9b\xec\x7c\x7b\x02\x81' + '\x81\x00\x9e\xb9\x6d\xc3\xc5\x77\xe4\x2e\x39\xd4\xba\x63\x0a' + '\xdf\xaa\x97\xd7\x55\xc3\x6f\x91\x6f\x1e\x37\x9b\x88\x4e\x45' + '\xb0\xe0\x40\x90\x77\x40\x3e\x0a\x77\xe9\x9a\x81\x5d\xfa\x08' + '\x49\x28\xd9\x5d\xa9\x31\xa2\xd7\xed\xd4\xc0\xdd\x3d\x11\x8c' + '\x7b\x63\x63\x4d\x68\xd1\xb1\x07\x7a\x8b\x22\x7e\x94\x73\x91' + '\xa8\x8b\xac\x18\x98\x51\x6b\x14\x3f\x26\x2f\x14\x47\xf9\x35' + '\x65\x21\x13\x9d\x7a\x4e\x44\x3f\x98\xa1\xda\xf2\x94\xa0\x34' + '\xa4\x32\x98\xf1\xd0\xe0\x51\xf5\xd5\x3f\xcc\x25\x56\x0f\x66' + '\x83\x72\x5f\x9d\x8c\x1e\x31\x37\x42\x55\x02\x81\x81\x00\xb1' + '\xd7\x7d\xe2\x36\x68\x26\x91\x37\xf1\xcc\x67\x22\xfb\x02\x64' + '\x8a\xd5\x68\x85\xd0\x3b\x98\xc3\x8e\xed\xd6\x81\x1a\x72\xa5' + '\x22\x63\xaf\xb9\x47\x7b\xf3\x85\xd3\x96\x1a\x5e\x70\xd1\x7a' + '\xc2\x2f\xf0\x0f\xcd\x86\x0c\xa2\xce\x63\x79\x9e\x2c\xed\x04' + '\x55\x86\x1c\xcf\x1a\x81\x56\xa0\x1c\x71\x7b\x71\x33\xf4\x5c' + '\x25\xc3\x04\x52\x2e\xad\xc1\xc5\xc5\x72\xe2\x61\x62\xf5\xe9' + '\x0d\xb3\x87\xaa\x5c\x80\x8c\x87\x85\x5b\xd5\x35\x0b\xa3\x9c' + '\x38\x6b\xe6\xe3\x42\xeb\xdd\x42\xb3\x31\xae\x58\xae\xda\xba' + '\x31\x6e\x2b\x8b\xbb\x92\x0b\x02\x81\x81\x00\xdf\x76\xa5\x63' + '\x4f\x8b\x97\x98\x6c\x0e\x87\x5c\xf8\x3f\x3b\xfa\x18\x2a\x1c' + '\xfb\xa1\xa8\x6d\x78\x38\x0e\xfb\xc2\x52\x33\xfd\x31\x1f\xb6' + '\xfb\x9b\x17\xd0\x06\x3f\x7f\xe6\x95\x08\x3d\x39\xfc\xd8\xf4' + '\x46\xaa\x40\xc1\x47\x34\xdf\x36\x54\xe5\x9b\x4b\xda\xe3\x5e' + '\xe9\x70\xe3\x12\xe8\x1f\x16\xd9\x73\x79\xae\xbe\xad\xb0\xfa' + '\x2a\x91\x52\xfa\x7c\x4f\x24\x0f\x18\xc9\x66\x11\xa4\xd8\x69' + '\x45\x61\x96\x41\xa9\x07\x79\xda\xf7\x06\xd3\x2d\x1a\xcd\x21' + '\xa4\xa3\x40\x40\x6e\xf6\x1c\xa5\xad\x49\xf2\x50\x31\x7b\xe7' + '\xd9\x19\x62\x70') return key_der @@ -209,7 +212,7 @@ def get_public_key_der(): return key_der -def get_encrypted_private_key_pkcs8(): +def get_encrypted_private_key_pem(): """Returns an encrypted private key in PKCS#8 format This key was created by issuing the following openssl commands: @@ -300,7 +303,7 @@ hSZgIl7v+UAIM+9bhpVg15aTjRzfH2OsZodFIbsMDw== def get_certificate_pem(): """Returns an X509 certificate in PEM format - This key was created by issuing the following openssl commands: + This certificate was created by issuing the following openssl commands: openssl genrsa -out private.pem 2048 openssl req -new -x509 -key private.pem -out cert.pem \ @@ -330,3 +333,72 @@ YI4hFtGfkOzd6B7r2sY1wGKdTLHkuT4m4/9A/SOzvnH+epnJqIS9jw+1iRj8xcDA 6PNT -----END CERTIFICATE----- """ + + +def get_certificate_der(): + """Returns an X509 certificate in DER format + + This certificate was created by issuing the following openssl commands: + + openssl genrsa -out private.pem 2048 + openssl req -new -x509 -key private.pem -out cert.pem \ + -days 1000 -subj '/CN=example.com' + openssl x509 -outform der -in cert.pem -out cert.der + + The byte string returned by this function is the contents + of the cert.der file. + """ + cert_der = ( + '\x30\x82\x02\xff\x30\x82\x01\xe7\xa0\x03\x02\x01\x02\x02\x09' + '\x00\xe2\xea\x5c\xa2\x7d\xab\xdf\xe7\x30\x0d\x06\x09\x2a\x86' + '\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00\x30\x16\x31\x14\x30\x12' + '\x06\x03\x55\x04\x03\x0c\x0b\x65\x78\x61\x6d\x70\x6c\x65\x2e' + '\x63\x6f\x6d\x30\x1e\x17\x0d\x31\x35\x30\x34\x31\x31\x30\x32' + '\x31\x35\x32\x39\x5a\x17\x0d\x31\x38\x30\x31\x30\x35\x30\x32' + '\x31\x35\x32\x39\x5a\x30\x16\x31\x14\x30\x12\x06\x03\x55\x04' + '\x03\x0c\x0b\x65\x78\x61\x6d\x70\x6c\x65\x2e\x63\x6f\x6d\x30' + '\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01' + '\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01' + '\x01\x00\xb3\x6b\x65\x68\x0d\x79\x81\x50\xc9\xb0\x8c\x5b\xbd' + '\x17\xa3\x0c\xe6\xaf\xc0\x67\x55\xa3\x9d\x60\x36\x60\xd7\x4d' + '\xcb\x6d\xfb\x4e\xb1\x8d\xfe\x7a\x1b\x0c\x3b\xfc\x14\x10\x69' + '\x50\xf9\x87\x35\x9d\x38\x1f\x52\xf2\xc4\x57\x0f\xf1\x17\x85' + '\xad\xc2\x17\xa6\x27\xec\x45\xeb\xb6\x94\x05\x9a\xa9\x13\xf1' + '\xa2\xfb\xb9\x0a\xe0\x21\x7d\xe7\x0a\xbf\xe4\x61\x8c\xb5\x4b' + '\x27\x42\x3e\x31\x92\x1b\xef\x64\x4e\x2a\x97\xd9\x4e\x66\xfb' + '\x76\x19\x45\x80\x60\xf7\xbe\x40\xb9\xd4\x10\x9f\x84\x65\x56' + '\xdf\x9c\x39\xd8\xe6\x3f\xdb\x7c\x79\x31\xe3\xb8\xca\xfc\x79' + '\x9b\x23\xdc\x72\x7c\x4c\x55\x0e\x36\x2a\xe0\xeb\xcc\xaa\xa3' + '\x06\x54\xa3\x98\x19\xdc\xa4\x66\x31\xd0\x98\x02\x4f\xeb\x32' + '\x16\x61\xec\x97\xca\xce\x92\xa0\x8f\x3c\x52\xe8\xdb\x86\x10' + '\x9f\xee\x3f\xa6\xbd\x40\x63\x06\x99\x01\xb3\x13\x97\xdc\xe8' + '\x2e\xd1\x10\x8f\xab\x31\x49\xcb\x87\x71\x2f\x5e\xf2\x78\xa9' + '\xb4\x3c\x65\xb1\xb2\xd0\x82\xa1\x95\x68\x67\x44\xd7\x5e\xec' + '\xb4\x2f\x79\x40\x7e\xd4\xbc\x84\xdb\xb9\x8c\xdd\x8d\x9c\x01' + '\x15\xcd\x52\x83\x3f\x06\x67\xfd\xa1\x2d\x2b\x07\xba\x32\x62' + '\x21\x07\x2f\x02\x03\x01\x00\x01\xa3\x50\x30\x4e\x30\x1d\x06' + '\x03\x55\x1d\x0e\x04\x16\x04\x14\x94\xab\x60\x34\x6f\x65\xe8' + '\xfa\xc2\xaf\x98\xa8\x0d\xf1\x6a\xbc\x97\xa8\xfc\xda\x30\x1f' + '\x06\x03\x55\x1d\x23\x04\x18\x30\x16\x80\x14\x94\xab\x60\x34' + '\x6f\x65\xe8\xfa\xc2\xaf\x98\xa8\x0d\xf1\x6a\xbc\x97\xa8\xfc' + '\xda\x30\x0c\x06\x03\x55\x1d\x13\x04\x05\x30\x03\x01\x01\xff' + '\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x0b\x05\x00' + '\x03\x82\x01\x01\x00\x63\x8a\xea\xa1\x97\x33\x55\x39\x52\xeb' + '\x1c\x34\x32\x1a\xbd\x1f\x4c\x00\x85\x25\xd0\xd1\x12\x7b\xa1' + '\x66\x9e\x1d\xf7\x5f\xbe\x0e\x63\x02\x4f\xe6\xdc\x4c\x6d\x3e' + '\x18\x2a\x77\xad\xf1\x4e\xb8\x45\xa9\x24\xb2\xcb\x3d\xd4\x8e' + '\x9c\x8b\x27\x89\xbb\x0e\xb3\x22\x8f\x5e\xe0\x41\x5f\x99\x26' + '\x75\x82\x28\x8d\xb7\x63\x51\x34\xb0\x9e\x17\x31\xf4\x94\xc0' + '\x7c\xa4\xa6\xc5\x75\x92\x0b\x4a\xe7\x28\x27\x9f\x01\xfe\x38' + '\x32\x6e\x9f\xaa\xfa\x13\xc9\x36\xde\x19\x24\x0f\xea\x71\xf3' + '\x73\xb7\x8b\x68\xaf\xde\x7d\xca\xcc\xbd\x87\x5c\xb7\xe4\xde' + '\x4e\x41\xe3\xa9\x1f\x0b\xbb\x8a\x63\x66\xf4\x5d\x51\x06\x9d' + '\x40\x78\x43\xc8\xdf\x8e\x34\xa7\x4a\x0f\xd4\xeb\x8e\xf7\xcf' + '\x8a\x6d\x1b\xec\x0a\xbc\xf3\x93\xe3\x48\xde\x90\xa3\x86\x7d' + '\x1d\x74\x7a\xfa\x72\xbe\x6d\x3c\xfd\x1f\x25\x00\x4c\xc7\xc3' + '\x18\xd4\x2d\xd0\xbd\xef\xc9\xf5\x71\x6c\xd3\xb1\x90\x20\x5c' + '\x60\x8e\x21\x16\xd1\x9f\x90\xec\xdd\xe8\x1e\xeb\xda\xc6\x35' + '\xc0\x62\x9d\x4c\xb1\xe4\xb9\x3e\x26\xe3\xff\x40\xfd\x23\xb3' + '\xbe\x71\xfe\x7a\x99\xc9\xa8\x84\xbd\x8f\x0f\xb5\x89\x18\xfc' + '\xc5\xc0\xc0\xe8\xf3\x53') + return cert_der diff --git a/barbican/tests/plugin/test_kmip.py b/barbican/tests/plugin/test_kmip.py index 9abbf128c..8e42970d6 100644 --- a/barbican/tests/plugin/test_kmip.py +++ b/barbican/tests/plugin/test_kmip.py @@ -19,7 +19,6 @@ import stat import mock from barbican.plugin.interface import secret_store -from barbican.plugin.util import translations from barbican.tests import keys from barbican.tests import utils @@ -53,9 +52,7 @@ def get_sample_symmetric_key(): def get_sample_public_key(): - key_material = objects.KeyMaterial( - translations.convert_public_pem_to_der(keys.get_public_key_pem()) - ) + key_material = objects.KeyMaterial(keys.get_public_key_der()) key_value = objects.KeyValue(key_material) key_block = objects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.X_509), @@ -69,9 +66,7 @@ def get_sample_public_key(): def get_sample_private_key(): - key_material = objects.KeyMaterial( - translations.convert_private_pem_to_der(keys.get_private_key_pkcs8()) - ) + key_material = objects.KeyMaterial(keys.get_private_key_der()) key_value = objects.KeyValue(key_material) key_block = objects.KeyBlock( key_format_type=misc.KeyFormatType(enums.KeyFormatType.PKCS_8), @@ -383,7 +378,7 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase): key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048) secret_dto = secret_store.SecretDTO(secret_store.SecretType.PRIVATE, base64.b64encode( - keys.get_private_key_pkcs8()), + keys.get_private_key_pem()), key_spec, 'content_type') self.secret_store.store_secret(secret_dto) @@ -397,7 +392,7 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase): key_spec = secret_store.KeySpec(secret_store.KeyAlgorithm.RSA, 2048) secret_dto = secret_store.SecretDTO(secret_store.SecretType.PRIVATE, base64.b64encode( - keys.get_private_key_pkcs8()), + keys.get_private_key_pem()), key_spec, 'content_type') return_value = self.secret_store.store_secret(secret_dto) @@ -492,7 +487,7 @@ class WhenTestingKMIPSecretStore(utils.BaseTestCase): 'private_key': [get_sample_private_key(), secret_store.SecretType.PRIVATE, misc.KeyFormatType(enums.KeyFormatType.PKCS_8), - base64.b64encode(keys.get_private_key_pkcs8())], + base64.b64encode(keys.get_private_key_pem())], 'opaque': [get_sample_symmetric_key(), secret_store.SecretType.OPAQUE, None, diff --git a/barbican/tests/plugin/util/test_translations.py b/barbican/tests/plugin/util/test_translations.py index 074e563d6..117670159 100644 --- a/barbican/tests/plugin/util/test_translations.py +++ b/barbican/tests/plugin/util/test_translations.py @@ -92,18 +92,18 @@ class WhenNormalizingBeforeEncryption(utils.BaseTestCase): 'expected': base64.b64encode('stuff') }, 'private_base64': { - 'unencrypted': base64.b64encode(keys.get_private_key_pkcs8()), + 'unencrypted': base64.b64encode(keys.get_private_key_pem()), 'secret_type': s.SecretType.PRIVATE, 'content_type': 'application/octet-stream', 'content_encoding': 'base64', - 'expected': base64.b64encode(keys.get_private_key_pkcs8()) + 'expected': base64.b64encode(keys.get_private_key_pem()) }, 'private': { - 'unencrypted': keys.get_private_key_pkcs8(), + 'unencrypted': keys.get_private_key_pem(), 'secret_type': s.SecretType.PRIVATE, 'content_type': 'application/octet-stream', 'content_encoding': None, - 'expected': base64.b64encode(keys.get_private_key_pkcs8()) + 'expected': base64.b64encode(keys.get_private_key_pem()) }, 'public_base64': { 'unencrypted': base64.b64encode(keys.get_public_key_pem()), @@ -204,7 +204,7 @@ class WhenDenormalizingAfterDecryption(utils.BaseTestCase): dataset_for_pem_denormalize = { 'private_key': { - 'encoded_pem': base64.b64encode(keys.get_private_key_pkcs8()), + 'encoded_pem': base64.b64encode(keys.get_private_key_pem()), 'content_type': 'application/octet-stream' }, 'public_key': { @@ -264,31 +264,61 @@ class WhenConvertingKeyFormats(utils.BaseTestCase): super(WhenConvertingKeyFormats, self).setUp() def test_passes_convert_private_pem_to_der(self): - pem = keys.get_private_key_pkcs8() + pem = keys.get_private_key_pem() expected_der = keys.get_private_key_der() - der = translations.convert_private_pem_to_der(pem) + der = translations.convert_pem_to_der( + pem, s.SecretType.PRIVATE) self.assertEqual(expected_der, der) def test_passes_convert_private_der_to_pem(self): der = keys.get_private_key_der() - expected_pem = keys.get_private_key_pkcs8() - pem = translations.convert_private_der_to_pkcs8(der) + expected_pem = keys.get_private_key_pem() + pem = translations.convert_der_to_pem( + der, s.SecretType.PRIVATE) self.assertEqual(expected_pem, pem) def test_passes_convert_public_pem_to_der(self): pem = keys.get_public_key_pem() expected_der = keys.get_public_key_der() - der = translations.convert_public_pem_to_der(pem) + der = translations.convert_pem_to_der( + pem, s.SecretType.PUBLIC) self.assertEqual(expected_der, der) def test_passes_convert_public_der_to_pem(self): der = keys.get_public_key_der() expected_pem = keys.get_public_key_pem() - pem = translations.convert_public_der_to_pem(der) + pem = translations.convert_der_to_pem( + der, s.SecretType.PUBLIC) self.assertEqual(expected_pem, pem) - def test_certificate_conversion(self): + def test_passes_convert_certificate_pem_to_der(self): pem = keys.get_certificate_pem() - der = translations.convert_certificate_pem_to_der(pem) - converted_pem = translations.convert_certificate_der_to_pem(der) + expected_der = keys.get_certificate_der() + der = translations.convert_pem_to_der( + pem, s.SecretType.CERTIFICATE) + self.assertEqual(expected_der, der) + + def test_passes_convert_certificate_der_to_pem(self): + der = keys.get_certificate_der() + expected_pem = keys.get_certificate_pem() + pem = translations.convert_der_to_pem( + der, s.SecretType.CERTIFICATE) + self.assertEqual(expected_pem, pem) + + def test_passes_certificate_conversion(self): + pem = keys.get_certificate_pem() + der = translations.convert_pem_to_der( + pem, s.SecretType.CERTIFICATE) + converted_pem = translations.convert_der_to_pem( + der, s.SecretType.CERTIFICATE) self.assertEqual(pem, converted_pem) + + def test_should_raise_to_pem_with_bad_secret_type(self): + self.assertRaises(s.SecretGeneralException, + translations.convert_der_to_pem, + "der", "bad type") + + def test_should_raise_to_der_with_bad_secret_type(self): + self.assertRaises(s.SecretGeneralException, + translations.convert_pem_to_der, + "pem", "bad type") diff --git a/functionaltests/api/v1/smoke/test_rsa.py b/functionaltests/api/v1/smoke/test_rsa.py index e743fa688..58e2cb910 100644 --- a/functionaltests/api/v1/smoke/test_rsa.py +++ b/functionaltests/api/v1/smoke/test_rsa.py @@ -155,7 +155,7 @@ class RSATestCase(base.TestCase): """Verify the keys input for test cases""" # prove pyOpenSSL can parse the original private key - pem = keys.get_private_key_pkcs8() + pem = keys.get_private_key_pem() crypto.load_privatekey(crypto.FILETYPE_PEM, pem) # prove pyCrypto can parse the original public key @@ -163,7 +163,7 @@ class RSATestCase(base.TestCase): RSA.importKey(pem) # prove pyOpenSSL can parse the original encrypted private key - pem = keys.get_encrypted_private_key_pkcs8() + pem = keys.get_encrypted_private_key_pem() passphrase = keys.get_passphrase_txt() crypto.load_privatekey(crypto.FILETYPE_PEM, pem, @@ -179,7 +179,7 @@ class RSATestCase(base.TestCase): # make a secret bits = 2048 - pem = keys.get_private_key_pkcs8() + pem = keys.get_private_key_pem() # create with Post to server test_model = secret_models.SecretModel( @@ -256,7 +256,7 @@ class RSATestCase(base.TestCase): # make a secret bits = 2048 - pem = keys.get_private_key_pkcs8() + pem = keys.get_private_key_pem() # create with Post to server create_req = get_private_key_req(bits, base64.b64encode(pem)) @@ -364,7 +364,7 @@ class RSATestCase(base.TestCase): # make the secrets bits = 2048 - private_pem = keys.get_private_key_pkcs8() + private_pem = keys.get_private_key_pem() public_pem = keys.get_public_key_pem() # create private secret with Post to server @@ -403,7 +403,7 @@ class RSATestCase(base.TestCase): # make the secrets bits = 2048 - private_pem = keys.get_encrypted_private_key_pkcs8() + private_pem = keys.get_encrypted_private_key_pem() public_pem = keys.get_public_key_pem() passphrase = keys.get_passphrase_txt() @@ -523,7 +523,7 @@ class RSATestCase(base.TestCase): self.assertEqual(204, update_resp.status_code) # store private key - private_pem = keys.get_private_key_pkcs8() + private_pem = keys.get_private_key_pem() create_req = get_private_key_req(bits, base64.b64encode(private_pem)) del create_req['payload'] del create_req['payload_content_type'] @@ -637,7 +637,7 @@ class RSATestCase(base.TestCase): self.assertEqual(204, update_resp.status_code) # store private key - private_pem = keys.get_private_key_pkcs8() + private_pem = keys.get_private_key_pem() create_req = get_private_key_req(bits, base64.b64encode(private_pem)) del create_req['payload'] del create_req['payload_content_type'] @@ -688,7 +688,7 @@ class RSATestCase(base.TestCase): self.assertEqual(204, update_resp.status_code) # store private key - private_pem = keys.get_private_key_pkcs8() + private_pem = keys.get_private_key_pem() create_req = get_private_key_req(bits, base64.b64encode(private_pem)) del create_req['payload'] del create_req['payload_content_type']