openstack/deb-python-kmip
Code Issues Proposed changes

Fixing stringent argument checks for MAC operation

Browse Source
This commit is contained in:
Hao Shen 2017-03-30 14:32:42 -07:00
parent 2aabad714a
commit 5967b55148
6 changed files with 25 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kmip/demos/pie/mac.py
View File

@ -50,7 +50,7 @@ if __name__ == '__main__':
# Build the client and connect to the server
with client.ProxyKmipClient(config=config) as client:
try:
uid, mac_data = client.mac(uid, algorithm, data)
uid, mac_data = client.mac(data, uid, algorithm)
logger.info("Successfully done MAC using key with ID: "
"{0}".format(uid))
logger.info("MACed data: {0}".format(

22
kmip/pie/client.py
View File

@ -575,17 +575,16 @@ class ProxyKmipClient(api.KmipClient):
message = result.result_message.value
raise exceptions.KmipOperationFailure(status, reason, message)
def mac(self, uid, algorithm, data):
def mac(self, data, uid=None, algorithm=None):
"""
Get the message authentication code for data.
Args:
data (string): The data to be MACed.
uid (string): The unique ID of the managed object that is the key
to use for the MAC operation.
algorithm (CryptographicAlgorithm): An enumeration defining the
algorithm to use to generate the MAC.
data (string): The data to be MACed.
Returns:
string: The unique ID of the managed object that is the key
@ -598,14 +597,15 @@ class ProxyKmipClient(api.KmipClient):
TypeError: if the input arguments are invalid
"""
# Check inputs
if not isinstance(uid, six.string_types):
raise TypeError("uid must be a string")
if not isinstance(algorithm, enums.CryptographicAlgorithm):
raise TypeError(
"algorithm must be a CryptographicAlgorithm enumeration")
if not isinstance(data, six.binary_type):
raise TypeError(
"data must be bytes")
raise TypeError("data must be bytes")
if uid is not None:
if not isinstance(uid, six.string_types):
raise TypeError("uid must be a string")
if algorithm is not None:
if not isinstance(algorithm, enums.CryptographicAlgorithm):
raise TypeError(
"algorithm must be a CryptographicAlgorithm enumeration")
# Verify that operations can be given at this time
if not self._is_open:
@ -615,7 +615,7 @@ class ProxyKmipClient(api.KmipClient):
cryptographic_algorithm=CryptographicAlgorithm(algorithm))
# Get the message authentication code and handle the results
result = self.proxy.mac(uid, parameters_attribute, data)
result = self.proxy.mac(data, uid, parameters_attribute)
status = result.result_status.value
if status == enums.ResultStatus.SUCCESS:

8
kmip/services/kmip_client.py
View File

@ -430,12 +430,12 @@ class KMIPProxy(KMIP):
results = self._process_batch_items(response)
return results[0]
def mac(self, unique_identifier=None, cryptographic_parameters=None,
data=None, credential=None):
def mac(self, data, unique_identifier=None,
cryptographic_parameters=None, credential=None):
return self._mac(
data=data,
unique_identifier=unique_identifier,
cryptographic_parameters=cryptographic_parameters,
data=data,
credential=credential)
def _create(self,
@ -930,9 +930,9 @@ class KMIPProxy(KMIP):
return result
def _mac(self,
data,
unique_identifier=None,
cryptographic_parameters=None,
data=None,
credential=None):
operation = Operation(OperationEnum.MAC)

2
kmip/tests/unit/pie/test_api.py
View File

@ -115,4 +115,4 @@ class TestKmipClient(testtools.TestCase):
Test that the mac method can be called without error.
"""
dummy = DummyKmipClient()
dummy.mac('uid', 'algorithm', 'data')
dummy.mac('data', 'uid', 'algorithm')

12
kmip/tests/unit/pie/test_client.py
View File

@ -1140,7 +1140,7 @@ class TestProxyKmipClient(testtools.TestCase):
with ProxyKmipClient() as client:
client.proxy.mac.return_value = result
uid, mac_data = client.mac(uuid, algorithm, data)
uid, mac_data = client.mac(data, uuid, algorithm)
self.assertEqual(uid, uuid)
self.assertEqual(mac_data, data)
@ -1165,17 +1165,17 @@ class TestProxyKmipClient(testtools.TestCase):
uuid=attr.UniqueIdentifier(uuid),
mac_data=obj.MACData(data))
args = [uuid_invalid, algorithm, data]
args = [data, uuid_invalid, algorithm]
with ProxyKmipClient() as client:
client.proxy.mac.return_value = result
self.assertRaises(TypeError, client.mac, *args)
args = [uuid, algorithm_invalid, data]
args = [data, uuid, algorithm_invalid]
with ProxyKmipClient() as client:
client.proxy.mac.return_value = result
self.assertRaises(TypeError, client.mac, *args)
args = [uuid, algorithm, data_invalid]
args = [data_invalid, uuid, algorithm]
with ProxyKmipClient() as client:
client.proxy.mac.return_value = result
self.assertRaises(TypeError, client.mac, *args)
@ -1204,7 +1204,7 @@ class TestProxyKmipClient(testtools.TestCase):
client = ProxyKmipClient()
client.open()
client.proxy.mac.return_value = result
args = [uuid, algorithm, data]
args = [data, uuid, algorithm]
self.assertRaisesRegexp(
KmipOperationFailure, error_msg, client.mac, *args)
@ -1220,7 +1220,7 @@ class TestProxyKmipClient(testtools.TestCase):
uuid = 'aaaaaaaa-1111-2222-3333-ffffffffffff'
algorithm = enums.CryptographicAlgorithm.HMAC_SHA256
data = (b'\x00\x01\x02\x03\x04')
args = [uuid, algorithm, data]
args = [data, uuid, algorithm]
self.assertRaises(
ClientConnectionNotOpen, client.mac, *args)

6
kmip/tests/unit/services/test_kmip_client.py
View File

@ -793,16 +793,14 @@ class TestKMIPClient(TestCase):
self.client._send_message.side_effect = verify_request
self.client._receive_message.return_value = BytearrayStream(response)
result = self.client.mac(uuid, cryptographic_parameters,
data)
result = self.client.mac(data, uuid, cryptographic_parameters)
self.assertEqual(result.uuid.value, uuid)
self.assertEqual(result.mac_data.value, mdata)
self.client._receive_message.return_value = \
BytearrayStream(response_no_payload)
result = self.client.mac(uuid, cryptographic_parameters,
data)
result = self.client.mac(data, uuid, cryptographic_parameters)
self.assertEqual(result.uuid, None)
self.assertEqual(result.mac_data, None)