# Copyright (c) 2014 The Johns Hopkins University/Applied Physics Laboratory # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import six from kmip.core import enums from kmip.core.enums import CertificateTypeEnum from kmip.core.enums import HashingAlgorithm as HashingAlgorithmEnum from kmip.core.enums import KeyFormatType as KeyFormatTypeEnum from kmip.core.enums import Tags from kmip.core.errors import ErrorStrings from kmip.core.misc import KeyFormatType from kmip.core.primitives import Boolean from kmip.core.primitives import ByteString from kmip.core.primitives import Enumeration from kmip.core.primitives import Integer from kmip.core.primitives import Struct from kmip.core.primitives import TextString from kmip.core.utils import BytearrayStream from enum import Enum # 3.1 class UniqueIdentifier(TextString): def __init__(self, value=None, tag=Tags.UNIQUE_IDENTIFIER): super(UniqueIdentifier, self).__init__(value, tag) class PrivateKeyUniqueIdentifier(UniqueIdentifier): def __init__(self, value=None): super(PrivateKeyUniqueIdentifier, self).__init__( value, Tags.PRIVATE_KEY_UNIQUE_IDENTIFIER) class PublicKeyUniqueIdentifier(UniqueIdentifier): def __init__(self, value=None): super(PublicKeyUniqueIdentifier, self).__init__( value, Tags.PUBLIC_KEY_UNIQUE_IDENTIFIER) # 3.2 class Name(Struct): class NameValue(TextString): def __init__(self, value=None): super(Name.NameValue, self).__init__(value, Tags.NAME_VALUE) def __eq__(self, other): if isinstance(other, Name.NameValue): if self.value == other.value: return True else: return False else: return NotImplemented def __repr__(self): return "{0}(value={1})".format( type(self).__name__, repr(self.value)) def __str__(self): return "{0}".format(self.value) class NameType(Enumeration): def __init__(self, value=None): super(Name.NameType, self).__init__( enums.NameType, value, Tags.NAME_TYPE) def __eq__(self, other): if isinstance(other, Name.NameType): if self.value == other.value: return True else: return False else: return NotImplemented def __repr__(self): return "{0}(value={1})".format( type(self).__name__, repr(self.value)) def __str__(self): return "{0}".format(self.value) def __init__(self, name_value=None, name_type=None): super(Name, self).__init__(tag=Tags.NAME) self.name_value = name_value self.name_type = name_type self.validate() def read(self, istream): super(Name, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) # Read the value and type of the name self.name_value = Name.NameValue() self.name_type = Name.NameType() self.name_value.read(tstream) self.name_type.read(tstream) self.is_oversized(tstream) def write(self, ostream): tstream = BytearrayStream() # Write the value and type of the name self.name_value.write(tstream) self.name_type.write(tstream) # Write the length and value of the template attribute self.length = tstream.length() super(Name, self).write(ostream) ostream.write(tstream.buffer) def validate(self): self.__validate() def __validate(self): name = Name.__name__ msg = ErrorStrings.BAD_EXP_RECV if self.name_value and \ not isinstance(self.name_value, Name.NameValue) and \ not isinstance(self.name_value, str): member = 'name_value' raise TypeError(msg.format('{0}.{1}'.format(name, member), 'name_value', type(Name.NameValue), type(self.name_value))) if self.name_type and \ not isinstance(self.name_type, Name.NameType) and \ not isinstance(self.name_type, str): member = 'name_type' raise TypeError(msg.format('{0}.{1}'.format(name, member), 'name_type', type(Name.NameType), type(self.name_type))) @classmethod def create(cls, name_value, name_type): ''' Returns a Name object, populated with the given value and type ''' if isinstance(name_value, Name.NameValue): value = name_value elif isinstance(name_value, str): value = cls.NameValue(name_value) else: name = 'Name' msg = ErrorStrings.BAD_EXP_RECV member = 'name_value' raise TypeError(msg.format('{0}.{1}'.format(name, member), 'name_value', type(Name.NameValue), type(name_value))) if isinstance(name_type, Name.NameType): n_type = name_type elif isinstance(name_type, Enum): n_type = cls.NameType(name_type) else: name = 'Name' msg = ErrorStrings.BAD_EXP_RECV member = 'name_type' raise TypeError(msg.format('{0}.{1}'.format(name, member), 'name_type', type(Name.NameType), type(name_type))) return Name(name_value=value, name_type=n_type) def __repr__(self): return "{0}(type={1},value={2})".format( type(self).__name__, repr(self.name_type), repr(self.name_value)) def __str__(self): return "{0}".format(self.name_value.value) def __eq__(self, other): if isinstance(other, Name): if self.name_value == other.name_value and \ self.name_type == other.name_type: return True else: return False else: return NotImplemented def __ne__(self, other): return not self.__eq__(other) # 3.3 class ObjectType(Enumeration): def __init__(self, value=None): super(ObjectType, self).__init__( enums.ObjectType, value, Tags.OBJECT_TYPE) # 3.4 class CryptographicAlgorithm(Enumeration): def __init__(self, value=None): super(CryptographicAlgorithm, self).__init__( enums.CryptographicAlgorithm, value, Tags.CRYPTOGRAPHIC_ALGORITHM) # 3.5 class CryptographicLength(Integer): def __init__(self, value=None): super(CryptographicLength, self).__init__( value, Tags.CRYPTOGRAPHIC_LENGTH) # 3.6 class HashingAlgorithm(Enumeration): """ An encodeable wrapper for the HashingAlgorithm enumeration. Used to specify the algorithm used to compute the Digest of a Managed Object. See Sections 3.17 and 9.1.3.2.16 of the KMIP v1.1 specification for more information. """ def __init__(self, value=HashingAlgorithmEnum.SHA_256): """ Construct a HashingAlgorithm object. Args: value (HashingAlgorithm): A HashingAlgorithm enumeration value, (e.g., HashingAlgorithm.MD5). Optional, defaults to HashingAlgorithm.SHA_256. """ super(HashingAlgorithm, self).__init__( enums.HashingAlgorithm, value, Tags.HASHING_ALGORITHM) class CryptographicParameters(Struct): """ A set of values for cryptographic operations. A structure containing optional fields describing certain cryptographic parameters to be used when performing cryptographic operations with the associated KMIP object. """ def __init__(self, block_cipher_mode=None, padding_method=None, hashing_algorithm=None, key_role_type=None, digital_signature_algorithm=None, cryptographic_algorithm=None, random_iv=None, iv_length=None, tag_length=None, fixed_field_length=None, invocation_field_length=None, counter_length=None, initial_counter_value=None): super(CryptographicParameters, self).__init__( tag=Tags.CRYPTOGRAPHIC_PARAMETERS) self._block_cipher_mode = None self._padding_method = None self._hashing_algorithm = None self._key_role_type = None self._digital_signature_algorithm = None self._cryptographic_algorithm = None self._random_iv = None self._iv_length = None self._tag_length = None self._fixed_field_length = None self._invocation_field_length = None self._counter_length = None self._initial_counter_value = None self.block_cipher_mode = block_cipher_mode self.padding_method = padding_method self.hashing_algorithm = hashing_algorithm self.key_role_type = key_role_type self.digital_signature_algorithm = digital_signature_algorithm self.cryptographic_algorithm = cryptographic_algorithm self.random_iv = random_iv self.iv_length = iv_length self.tag_length = tag_length self.fixed_field_length = fixed_field_length self.invocation_field_length = invocation_field_length self.counter_length = counter_length self.initial_counter_value = initial_counter_value @property def block_cipher_mode(self): if self._block_cipher_mode: return self._block_cipher_mode.value else: return None @block_cipher_mode.setter def block_cipher_mode(self, value): if value is None: self._block_cipher_mode = None elif isinstance(value, enums.BlockCipherMode): self._block_cipher_mode = Enumeration( enums.BlockCipherMode, value=value, tag=Tags.BLOCK_CIPHER_MODE ) else: raise TypeError( "block cipher mode must be a BlockCipherMode enumeration" ) @property def padding_method(self): if self._padding_method: return self._padding_method.value else: return None @padding_method.setter def padding_method(self, value): if value is None: self._padding_method = None elif isinstance(value, enums.PaddingMethod): self._padding_method = Enumeration( enums.PaddingMethod, value=value, tag=Tags.PADDING_METHOD ) else: raise TypeError( "padding method must be a PaddingMethod enumeration" ) @property def hashing_algorithm(self): if self._hashing_algorithm: return self._hashing_algorithm.value else: return None @hashing_algorithm.setter def hashing_algorithm(self, value): if value is None: self._hashing_algorithm = None elif isinstance(value, enums.HashingAlgorithm): self._hashing_algorithm = Enumeration( enums.HashingAlgorithm, value=value, tag=Tags.HASHING_ALGORITHM ) else: raise TypeError( "hashing algorithm must be a HashingAlgorithm enumeration" ) @property def key_role_type(self): if self._key_role_type: return self._key_role_type.value else: return None @key_role_type.setter def key_role_type(self, value): if value is None: self._key_role_type = None elif isinstance(value, enums.KeyRoleType): self._key_role_type = Enumeration( enums.KeyRoleType, value=value, tag=Tags.KEY_ROLE_TYPE ) else: raise TypeError( "key role type must be a KeyRoleType enumeration" ) @property def digital_signature_algorithm(self): if self._digital_signature_algorithm: return self._digital_signature_algorithm.value else: return None @digital_signature_algorithm.setter def digital_signature_algorithm(self, value): if value is None: self._digital_signature_algorithm = None elif isinstance(value, enums.DigitalSignatureAlgorithm): self._digital_signature_algorithm = Enumeration( enums.DigitalSignatureAlgorithm, value=value, tag=Tags.DIGITAL_SIGNATURE_ALGORITHM ) else: raise TypeError( "digital signature algorithm must be a " "DigitalSignatureAlgorithm enumeration" ) @property def cryptographic_algorithm(self): if self._cryptographic_algorithm: return self._cryptographic_algorithm.value else: return None @cryptographic_algorithm.setter def cryptographic_algorithm(self, value): if value is None: self._cryptographic_algorithm = None elif isinstance(value, enums.CryptographicAlgorithm): self._cryptographic_algorithm = Enumeration( enums.CryptographicAlgorithm, value=value, tag=Tags.CRYPTOGRAPHIC_ALGORITHM ) else: raise TypeError( "cryptographic algorithm must be a CryptographicAlgorithm " "enumeration" ) @property def random_iv(self): if self._random_iv: return self._random_iv.value else: return None @random_iv.setter def random_iv(self, value): if value is None: self._random_iv = None elif isinstance(value, bool): self._random_iv = Boolean( value=value, tag=Tags.RANDOM_IV ) else: raise TypeError("random iv must be a boolean") @property def iv_length(self): if self._iv_length: return self._iv_length.value else: return None @iv_length.setter def iv_length(self, value): if value is None: self._iv_length = None elif isinstance(value, six.integer_types): self._iv_length = Integer( value=value, tag=Tags.IV_LENGTH ) else: raise TypeError("iv length must be an integer") @property def tag_length(self): if self._tag_length: return self._tag_length.value else: return None @tag_length.setter def tag_length(self, value): if value is None: self._tag_length = None elif isinstance(value, six.integer_types): self._tag_length = Integer( value=value, tag=Tags.TAG_LENGTH ) else: raise TypeError("tag length must be an integer") @property def fixed_field_length(self): if self._fixed_field_length: return self._fixed_field_length.value else: return None @fixed_field_length.setter def fixed_field_length(self, value): if value is None: self._fixed_field_length = None elif isinstance(value, six.integer_types): self._fixed_field_length = Integer( value=value, tag=Tags.FIXED_FIELD_LENGTH ) else: raise TypeError("fixed field length must be an integer") @property def invocation_field_length(self): if self._invocation_field_length: return self._invocation_field_length.value else: return None @invocation_field_length.setter def invocation_field_length(self, value): if value is None: self._invocation_field_length = None elif isinstance(value, six.integer_types): self._invocation_field_length = Integer( value=value, tag=Tags.INVOCATION_FIELD_LENGTH ) else: raise TypeError("invocation field length must be an integer") @property def counter_length(self): if self._counter_length: return self._counter_length.value else: return None @counter_length.setter def counter_length(self, value): if value is None: self._counter_length = None elif isinstance(value, six.integer_types): self._counter_length = Integer( value=value, tag=Tags.COUNTER_LENGTH ) else: raise TypeError("counter length must be an integer") @property def initial_counter_value(self): if self._initial_counter_value: return self._initial_counter_value.value else: return None @initial_counter_value.setter def initial_counter_value(self, value): if value is None: self._initial_counter_value = None elif isinstance(value, six.integer_types): self._initial_counter_value = Integer( value=value, tag=Tags.INITIAL_COUNTER_VALUE ) else: raise TypeError("initial counter value must be an integer") def read(self, istream): super(CryptographicParameters, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) if self.is_tag_next(Tags.BLOCK_CIPHER_MODE, tstream): self._block_cipher_mode = Enumeration( enums.BlockCipherMode, tag=Tags.BLOCK_CIPHER_MODE ) self._block_cipher_mode.read(tstream) if self.is_tag_next(Tags.PADDING_METHOD, tstream): self._padding_method = Enumeration( enums.PaddingMethod, tag=Tags.PADDING_METHOD ) self._padding_method.read(tstream) if self.is_tag_next(Tags.HASHING_ALGORITHM, tstream): self._hashing_algorithm = Enumeration( enums.HashingAlgorithm, tag=Tags.HASHING_ALGORITHM ) self._hashing_algorithm.read(tstream) if self.is_tag_next(Tags.KEY_ROLE_TYPE, tstream): self._key_role_type = Enumeration( enums.KeyRoleType, tag=Tags.KEY_ROLE_TYPE ) self._key_role_type.read(tstream) if self.is_tag_next(Tags.DIGITAL_SIGNATURE_ALGORITHM, tstream): self._digital_signature_algorithm = Enumeration( enums.DigitalSignatureAlgorithm, tag=Tags.DIGITAL_SIGNATURE_ALGORITHM ) self._digital_signature_algorithm.read(tstream) if self.is_tag_next(Tags.CRYPTOGRAPHIC_ALGORITHM, tstream): self._cryptographic_algorithm = Enumeration( enums.CryptographicAlgorithm, tag=Tags.CRYPTOGRAPHIC_ALGORITHM ) self._cryptographic_algorithm.read(tstream) if self.is_tag_next(Tags.RANDOM_IV, tstream): self._random_iv = Boolean(tag=Tags.RANDOM_IV) self._random_iv.read(tstream) if self.is_tag_next(Tags.IV_LENGTH, tstream): self._iv_length = Integer(tag=Tags.IV_LENGTH) self._iv_length.read(tstream) if self.is_tag_next(Tags.TAG_LENGTH, tstream): self._tag_length = Integer(tag=Tags.TAG_LENGTH) self._tag_length.read(tstream) if self.is_tag_next(Tags.FIXED_FIELD_LENGTH, tstream): self._fixed_field_length = Integer(tag=Tags.FIXED_FIELD_LENGTH) self._fixed_field_length.read(tstream) if self.is_tag_next(Tags.INVOCATION_FIELD_LENGTH, tstream): self._invocation_field_length = Integer( tag=Tags.INVOCATION_FIELD_LENGTH ) self._invocation_field_length.read(tstream) if self.is_tag_next(Tags.COUNTER_LENGTH, tstream): self._counter_length = Integer(tag=Tags.COUNTER_LENGTH) self._counter_length.read(tstream) if self.is_tag_next(Tags.INITIAL_COUNTER_VALUE, tstream): self._initial_counter_value = Integer( tag=Tags.INITIAL_COUNTER_VALUE ) self._initial_counter_value.read(tstream) self.is_oversized(tstream) def write(self, ostream): tstream = BytearrayStream() if self._block_cipher_mode: self._block_cipher_mode.write(tstream) if self._padding_method: self._padding_method.write(tstream) if self._hashing_algorithm: self._hashing_algorithm.write(tstream) if self._key_role_type: self._key_role_type.write(tstream) if self._digital_signature_algorithm: self._digital_signature_algorithm.write(tstream) if self._cryptographic_algorithm: self._cryptographic_algorithm.write(tstream) if self._random_iv: self._random_iv.write(tstream) if self._iv_length: self._iv_length.write(tstream) if self._tag_length: self._tag_length.write(tstream) if self._fixed_field_length: self._fixed_field_length.write(tstream) if self._invocation_field_length: self._invocation_field_length.write(tstream) if self._counter_length: self._counter_length.write(tstream) if self._initial_counter_value: self._initial_counter_value.write(tstream) self.length = tstream.length() super(CryptographicParameters, self).write(ostream) ostream.write(tstream.buffer) def __eq__(self, other): if isinstance(other, CryptographicParameters): if self.block_cipher_mode != other.block_cipher_mode: return False elif self.padding_method != other.padding_method: return False elif self.hashing_algorithm != other.hashing_algorithm: return False elif self.key_role_type != other.key_role_type: return False elif self.digital_signature_algorithm \ != other.digital_signature_algorithm: return False elif self.cryptographic_algorithm != other.cryptographic_algorithm: return False elif self.random_iv != other.random_iv: return False elif self.iv_length != other.iv_length: return False elif self.tag_length != other.tag_length: return False elif self.fixed_field_length != other.fixed_field_length: return False elif self.invocation_field_length != other.invocation_field_length: return False elif self.counter_length != other.counter_length: return False elif self.initial_counter_value != other.initial_counter_value: return False else: return True def __ne__(self, other): if isinstance(other, CryptographicParameters): return not self == other else: return NotImplemented def __repr__(self): args = ", ".join([ "block_cipher_mode={0}".format(self.block_cipher_mode), "padding_method={0}".format(self.padding_method), "hashing_algorithm={0}".format(self.hashing_algorithm), "key_role_type={0}".format(self.key_role_type), "digital_signature_algorithm={0}".format( self.digital_signature_algorithm ), "cryptographic_algorithm={0}".format( self.cryptographic_algorithm ), "random_iv={0}".format(self.random_iv), "iv_length={0}".format(self.iv_length), "tag_length={0}".format(self.tag_length), "fixed_field_length={0}".format(self.fixed_field_length), "invocation_field_length={0}".format( self.invocation_field_length ), "counter_length={0}".format(self.counter_length), "initial_counter_value={0}".format(self.initial_counter_value) ]) return "CryptographicParameters({0})".format(args) def __str__(self): return str({ 'block_cipher_mode': self.block_cipher_mode, 'padding_method': self.padding_method, 'hashing_algorithm': self.hashing_algorithm, 'key_role_type': self.key_role_type, 'digital_signature_algorithm': self.digital_signature_algorithm, 'cryptographic_algorithm': self.cryptographic_algorithm, 'random_iv': self.random_iv, 'iv_length': self.iv_length, 'tag_length': self.tag_length, 'fixed_field_length': self.fixed_field_length, 'invocation_field_length': self.invocation_field_length, 'counter_length': self.counter_length, 'initial_counter_value': self.initial_counter_value }) class CertificateType(Enumeration): """ An encodeable wrapper for the CertificateType enumeration. Used to specify the type of the encoded bytes of a Certificate Managed Object. See Sections 2.2.1 and 3.8 of the KMIP v1.1 specification for more information. """ def __init__(self, value=CertificateTypeEnum.X_509): """ Construct a CertificateType object. Args: value (CertificateTypeEnum): A CertificateTypeEnum enumeration value, (e.g., CertificateTypeEnum.PGP). Optional, defaults to CertificateTypeEnum.X_509. """ super(CertificateType, self).__init__( enums.CertificateTypeEnum, value, Tags.CERTIFICATE_TYPE) class DigestValue(ByteString): """ A byte string representing the hash value of a Digest. Used to hold the bytes of the digest hash value. Automatically generated by the KMIP server, the value is empty if the server does not have access to the value or encoding of the related Managed Object. See Section 3.17 of the KMIP 1.1 specification for more information. Attributes: value: The bytes of the hash. """ def __init__(self, value=b''): """ Construct a DigestValue object. Args: value (bytes): The bytes of the hash. Optional, defaults to the empty byte string. """ super(DigestValue, self).__init__(value, Tags.DIGEST_VALUE) class Digest(Struct): """ A structure storing a hash digest of a Managed Object. Digests may be calculated for keys, secret data objects, certificates, and opaque data objects and are generated when the object is created or registered with the KMIP server. See Section 3.17 of the KMIP 1.1 specification for more information. Attributes: hashing_algorithm: The algorithm used to compute the hash digest. digest_value: The bytes representing the hash digest value. key_format_type: The type of the key the hash was generated for. """ def __init__(self, hashing_algorithm=None, digest_value=None, key_format_type=None): """ Construct a Digest object. Args: hashing_algorithm (HashingAlgorithm): The hash algorithm used to compute the value of the digest. Optional, defaults to None. digest_value (DigestValue): The byte string representing the value of the hash digest. Optional, defaults to None. key_format_type (KeyFormatType): The format type of the key the hash was computed for, if the object in question is a key. Optional, defaults to None. """ super(Digest, self).__init__(Tags.DIGEST) if hashing_algorithm is None: self.hashing_algorithm = HashingAlgorithm() else: self.hashing_algorithm = hashing_algorithm if digest_value is None: self.digest_value = DigestValue() else: self.digest_value = digest_value if key_format_type is None: self.key_format_type = KeyFormatType() else: self.key_format_type = key_format_type self.validate() def read(self, istream): """ Read the data encoding the Digest object and decode it into its constituent parts. Args: istream (Stream): A data stream containing encoded object data, supporting a read method; usually a BytearrayStream object. """ super(Digest, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.hashing_algorithm.read(tstream) self.digest_value.read(tstream) self.key_format_type.read(tstream) self.is_oversized(tstream) self.validate() def write(self, ostream): """ Write the data encoding the Digest object to a stream. Args: ostream (Stream): A data stream in which to encode object data, supporting a write method; usually a BytearrayStream object. """ tstream = BytearrayStream() self.hashing_algorithm.write(tstream) self.digest_value.write(tstream) self.key_format_type.write(tstream) self.length = tstream.length() super(Digest, self).write(ostream) ostream.write(tstream.buffer) def validate(self): """ Error check the attributes of the Digest object. """ self.__validate() def __validate(self): # TODO (peter-hamilton) Add checks comparing the length of the digest # value against the standard length for the stated hashing algorithm. if not isinstance(self.hashing_algorithm, HashingAlgorithm): msg = "invalid hashing algorithm" msg += "; expected {0}, received {1}".format( HashingAlgorithm, self.hashing_algorithm) raise TypeError(msg) if not isinstance(self.digest_value, DigestValue): msg = "invalid digest value" msg += "; expected {0}, received {1}".format( DigestValue, self.digest_value) raise TypeError(msg) if not isinstance(self.key_format_type, KeyFormatType): msg = "invalid key format type" msg += "; expected {0}, received {1}".format( KeyFormatType, self.key_format_type) raise TypeError(msg) def __eq__(self, other): if isinstance(other, Digest): if self.hashing_algorithm != other.hashing_algorithm: return False elif self.digest_value != other.digest_value: return False elif self.key_format_type != other.key_format_type: return False else: return True else: return NotImplemented def __ne__(self, other): if isinstance(other, Digest): return not (self == other) else: return NotImplemented def __repr__(self): hashing_algorithm = "hashing_algorithm={0}".format( repr(self.hashing_algorithm)) digest_value = "digest_value={0}".format( repr(self.digest_value)) key_format_type = "key_format_type={0}".format( repr(self.key_format_type)) return "Digest({0}, {1}, {2})".format( hashing_algorithm, digest_value, key_format_type) def __str__(self): return str(self.digest_value) @classmethod def create(cls, hashing_algorithm=HashingAlgorithmEnum.SHA_256, digest_value=b'', key_format_type=KeyFormatTypeEnum.RAW): """ Construct a Digest object from provided digest values. Args: hashing_algorithm (HashingAlgorithm): An enumeration representing the hash algorithm used to compute the digest. Optional, defaults to HashingAlgorithm.SHA_256. digest_value (byte string): The bytes of the digest hash. Optional, defaults to the empty byte string. key_format_type (KeyFormatType): An enumeration representing the format of the key corresponding to the digest. Optional, defaults to KeyFormatType.RAW. Returns: Digest: The newly created Digest. Example: >>> x = Digest.create(HashingAlgorithm.MD5, b'\x00', ... KeyFormatType.RAW) >>> x.hashing_algorithm HashingAlgorithm(value=HashingAlgorithm.MD5) >>> x.digest_value DigestValue(value=bytearray(b'\x00')) >>> x.key_format_type KeyFormatType(value=KeyFormatType.RAW) """ algorithm = HashingAlgorithm(hashing_algorithm) value = DigestValue(bytearray(digest_value)) format_type = KeyFormatType(key_format_type) return Digest(hashing_algorithm=algorithm, digest_value=value, key_format_type=format_type) # 3.18 class OperationPolicyName(TextString): def __init__(self, value=None): super(OperationPolicyName, self).__init__( value, Tags.OPERATION_POLICY_NAME) # 3.19 class CryptographicUsageMask(Integer): ENUM_TYPE = enums.CryptographicUsageMask def __init__(self, value=None): super(CryptographicUsageMask, self).__init__( value, Tags.CRYPTOGRAPHIC_USAGE_MASK) class State(Enumeration): def __init__(self, value=None): super(State, self).__init__(enums.State, value, Tags.STATE) # 3.33 class ObjectGroup(TextString): def __init__(self, value=None): super(ObjectGroup, self).__init__(value, Tags.OBJECT_GROUP) # 3.36 class ApplicationNamespace(TextString): """ The name of a namespace supported by the KMIP server. A part of ApplicationSpecificInformation, sets of these are also potential responses to a Query request. See Sections 3.36 and 4.25 of the KMIP v1.1 specification for more information. """ def __init__(self, value=None): """ Construct an ApplicationNamespace object. Args: value (str): A string representing a namespace. Optional, defaults to None. """ super(ApplicationNamespace, self).__init__( value, Tags.APPLICATION_NAMESPACE) class ApplicationData(TextString): """ A string representing data specific to an application namespace. A part of ApplicationSpecificInformation. See Section 3.36 of the KMIP v1.1 specification for more information. """ def __init__(self, value=None): """ Construct an ApplicationData object. Args: value (str): A string representing data for a particular namespace. Optional, defaults to None. """ super(ApplicationData, self).__init__(value, Tags.APPLICATION_DATA) class ApplicationSpecificInformation(Struct): """ A structure used to store data specific to the applications that use a Managed Object. An attribute of Managed Objects, it may be specified during the creation or modification of any server Managed Object. Attributes: application_namespace: The name of a namespace supported by the server. application_data: String data relevant to the specified namespace. See Section 3.36 of the KMIP v1.1 specification for more information. """ def __init__(self, application_namespace=None, application_data=None): """ Construct an ApplicationSpecificInformation object. Args: application_namespace (ApplicationNamespace): The name of a namespace supported by the server. Optional, defaults to None. application_data (ApplicationData): String data relevant to the specified namespace. Optional, defaults to None. """ super(ApplicationSpecificInformation, self).__init__( Tags.APPLICATION_SPECIFIC_INFORMATION) if application_namespace is None: self.application_namespace = ApplicationNamespace() else: self.application_namespace = application_namespace if application_data is None: self.application_data = ApplicationData() else: self.application_data = application_data self.validate() def read(self, istream): """ Read the data encoding the ApplicationSpecificInformation object and decode it into its constituent parts. Args: istream (Stream): A data stream containing encoded object data, supporting a read method; usually a BytearrayStream object. """ super(ApplicationSpecificInformation, self).read(istream) tstream = BytearrayStream(istream.read(self.length)) self.application_namespace.read(tstream) self.application_data.read(tstream) self.is_oversized(tstream) self.validate() def write(self, ostream): """ Write the data encoding the ApplicationSpecificInformation object to a stream. Args: ostream (Stream): A data stream in which to encode object data, supporting a write method; usually a BytearrayStream object. """ tstream = BytearrayStream() self.application_namespace.write(tstream) self.application_data.write(tstream) self.length = tstream.length() super(ApplicationSpecificInformation, self).write(ostream) ostream.write(tstream.buffer) def validate(self): """ Error check the types of the different attributes of the ApplicationSpecificInformation object. """ self.__validate() def __repr__(self): application_namespace = "application_namespace={0}".format( repr(self.application_namespace) ) application_data = "application_data={0}".format( repr(self.application_data) ) return "ApplicationSpecificInformation({0}, {1})".format( application_namespace, application_data ) def __str__(self): return str({ "application_namespace": str(self.application_namespace), "application_data": str(self.application_data) }) def __eq__(self, other): if isinstance(other, ApplicationSpecificInformation): if self.application_namespace != other.application_namespace: return False if self.application_data != other.application_data: return False return True else: return NotImplemented def __ne__(self, other): if isinstance(other, ApplicationSpecificInformation): return not self.__eq__(other) else: return NotImplemented def __validate(self): if not isinstance(self.application_namespace, ApplicationNamespace): msg = "invalid application namespace" msg += "; expected {0}, received {1}".format( ApplicationNamespace, self.application_namespace) raise TypeError(msg) if not isinstance(self.application_data, ApplicationData): msg = "invalid application data" msg += "; expected {0}, received {1}".format( ApplicationData, self.application_data) raise TypeError(msg) @classmethod def create(cls, application_namespace, application_data): """ Construct an ApplicationSpecificInformation object from provided data and namespace values. Args: application_namespace (str): The name of the application namespace. application_data (str): Application data related to the namespace. Returns: ApplicationSpecificInformation: The newly created set of application information. Example: >>> x = ApplicationSpecificInformation.create('namespace', 'data') >>> x.application_namespace.value 'namespace' >>> x.application_data.value 'data' """ namespace = ApplicationNamespace(application_namespace) data = ApplicationData(application_data) return ApplicationSpecificInformation( application_namespace=namespace, application_data=data) # 3.37 class ContactInformation(TextString): def __init__(self, value=None): super(ContactInformation, self).__init__( value, Tags.CONTACT_INFORMATION) # 3.39 # TODO (peter-hamilton) A CustomAttribute TextString is not sufficient to # TODO (peter-hamilton) cover all potential custom attributes. This is a # TODO (peter-hamilton) temporary stopgap. class CustomAttribute(TextString): def __init__(self, value=None): super(CustomAttribute, self).__init__(value, Tags.ATTRIBUTE_VALUE) class DerivationParameters(Struct): """ A set of values needed for key or secret derivation. A structure containing optional fields describing certain cryptographic parameters to be used when performing key or secret derivation operations. """ def __init__(self, cryptographic_parameters=None, initialization_vector=None, derivation_data=None, salt=None, iteration_count=None): """ Construct a DerivationParameters struct. Args: cryptographic_parameters (CryptographicParameters): A CryptographicParameters struct containing the settings for the derivation process. Optional, defaults to None. If not included, the CryptographicParameters associated with the managed object will be used instead. initialization_vector (bytes): The IV value to be used with the pseudo-random derivation function (PRF). Optional depending on the PRF, defaults to None. derivation_data (bytes): A data component to be used instead of or with a derivation key to derive the new cryptographic object. Optional, defaults to None. salt (bytes): A salt value required by the PBKDF2 algorithm. Optional, defaults to None. iteration_count (bytes): An iteration count value required by the PBKDF2 algorithm. Optional, defaults to None. """ super(DerivationParameters, self).__init__( tag=Tags.DERIVATION_PARAMETERS ) self._cryptographic_parameters = None self._initialization_vector = None self._derivation_data = None self._salt = None self._iteration_count = None self.cryptographic_parameters = cryptographic_parameters self.initialization_vector = initialization_vector self.derivation_data = derivation_data self.salt = salt self.iteration_count = iteration_count @property def cryptographic_parameters(self): return self._cryptographic_parameters @cryptographic_parameters.setter def cryptographic_parameters(self, value): if value is None: self._cryptographic_parameters = None elif isinstance(value, CryptographicParameters): self._cryptographic_parameters = value else: raise TypeError( "cryptographic parameters must be a CryptographicParameters " "struct" ) @property def initialization_vector(self): if self._initialization_vector: return self._initialization_vector.value else: return None @initialization_vector.setter def initialization_vector(self, value): if value is None: self._initialization_vector = None elif isinstance(value, six.binary_type): self._initialization_vector = ByteString( value=value, tag=enums.Tags.INITIALIZATION_VECTOR ) else: raise TypeError("initialization vector must be bytes") @property def derivation_data(self): if self._derivation_data: return self._derivation_data.value else: return None @derivation_data.setter def derivation_data(self, value): if value is None: self._derivation_data = None elif isinstance(value, six.binary_type): self._derivation_data = ByteString( value=value, tag=enums.Tags.DERIVATION_DATA ) else: raise TypeError("derivation data must be bytes") @property def salt(self): if self._salt: return self._salt.value else: return None @salt.setter def salt(self, value): if value is None: self._salt = None elif isinstance(value, six.binary_type): self._salt = ByteString( value=value, tag=enums.Tags.SALT ) else: raise TypeError("salt must be bytes") @property def iteration_count(self): if self._iteration_count: return self._iteration_count.value else: return None @iteration_count.setter def iteration_count(self, value): if value is None: self._iteration_count = None elif isinstance(value, six.integer_types): self._iteration_count = Integer( value=value, tag=Tags.ITERATION_COUNT ) else: raise TypeError("iteration count must be an integer") def read(self, input_stream): """ Read the data encoding the DerivationParameters struct and decode it into its constituent parts. Args: input_stream (stream): A data stream containing encoded object data, supporting a read method; usually a BytearrayStream object. """ super(DerivationParameters, self).read(input_stream) local_stream = BytearrayStream(input_stream.read(self.length)) if self.is_tag_next( enums.Tags.CRYPTOGRAPHIC_PARAMETERS, local_stream ): self._cryptographic_parameters = CryptographicParameters() self._cryptographic_parameters.read(local_stream) if self.is_tag_next(enums.Tags.INITIALIZATION_VECTOR, local_stream): self._initialization_vector = ByteString( tag=enums.Tags.INITIALIZATION_VECTOR ) self._initialization_vector.read(local_stream) if self.is_tag_next(enums.Tags.DERIVATION_DATA, local_stream): self._derivation_data = ByteString(tag=enums.Tags.DERIVATION_DATA) self._derivation_data.read(local_stream) if self.is_tag_next(enums.Tags.SALT, local_stream): self._salt = ByteString(tag=enums.Tags.SALT) self._salt.read(local_stream) if self.is_tag_next(Tags.ITERATION_COUNT, local_stream): self._iteration_count = Integer(tag=Tags.ITERATION_COUNT) self._iteration_count.read(local_stream) self.is_oversized(local_stream) def write(self, output_stream): """ Write the data encoding the DerivationParameters struct to a stream. Args: output_stream (stream): A data stream in which to encode object data, supporting a write method; usually a BytearrayStream object. """ local_stream = BytearrayStream() if self._cryptographic_parameters: self._cryptographic_parameters.write(local_stream) if self._initialization_vector: self._initialization_vector.write(local_stream) if self._derivation_data: self._derivation_data.write(local_stream) if self._salt: self._salt.write(local_stream) if self._iteration_count: self._iteration_count.write(local_stream) self.length = local_stream.length() super(DerivationParameters, self).write(output_stream) output_stream.write(local_stream.buffer) def __eq__(self, other): if isinstance(other, DerivationParameters): if self.cryptographic_parameters != other.cryptographic_parameters: return False elif self.initialization_vector != other.initialization_vector: return False elif self.derivation_data != other.derivation_data: return False elif self.salt != other.salt: return False elif self.iteration_count != other.iteration_count: return False else: return True def __ne__(self, other): if isinstance(other, DerivationParameters): return not self == other else: return NotImplemented def __repr__(self): args = ", ".join([ "cryptographic_parameters={0}".format( repr(self.cryptographic_parameters) ), "initialization_vector={0}".format(self.initialization_vector), "derivation_data={0}".format(self.derivation_data), "salt={0}".format(self.salt), "iteration_count={0}".format( self.iteration_count ) ]) return "DerivationParameters({0})".format(args) def __str__(self): return str({ 'cryptographic_parameters': self.cryptographic_parameters, 'initialization_vector': self.initialization_vector, 'derivation_data': self.derivation_data, 'salt': self.salt, 'iteration_count': self.iteration_count })