2017-01-31 14:48:19 -08:00

584 lines
24 KiB
Python

# Copyright (c) 2015 The Johns Hopkins University/Applied Physics Laboratory
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import binascii
import logging
import optparse
import sys
from kmip.core.attributes import CryptographicAlgorithm
from kmip.core.attributes import CryptographicLength
from kmip.core.enums import AttributeType
from kmip.core.enums import CertificateTypeEnum
from kmip.core.enums import CryptographicAlgorithm as CryptoAlgorithmEnum
from kmip.core.enums import CryptographicUsageMask
from kmip.core.enums import ObjectType
from kmip.core.enums import Operation
from kmip.core.enums import SecretDataType
from kmip.core.factories.attributes import AttributeFactory
from kmip.core.misc import KeyFormatType
from kmip.core.objects import KeyBlock
from kmip.core.objects import KeyMaterial
from kmip.core.objects import KeyValue
from kmip.core.secrets import Certificate
from kmip.core.secrets import PrivateKey
from kmip.core.secrets import PublicKey
from kmip.core.secrets import SymmetricKey
from kmip.core.secrets import SecretData
def build_console_logger(level):
logger = logging.getLogger('demo')
logger.setLevel(level)
handler = logging.StreamHandler()
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s'
)
handler.setFormatter(formatter)
logger.addHandler(handler)
return logger
def build_cli_parser(operation=None):
# Build the argument parser and setup expected options
parser = optparse.OptionParser(
usage="%prog [options]",
description="Run KMIP client operation")
parser.add_option(
"-u",
"--username",
action="store",
type="str",
default=None,
dest="username",
help="Username for KMIP server account")
parser.add_option(
"-p",
"--password",
action="store",
type="str",
default=None,
dest="password",
help="Password for KMIP server account")
parser.add_option(
"-c",
"--config",
action="store",
type="str",
default="client",
dest="config",
help="Client configuration group to load from configuration file")
if operation is Operation.CREATE:
parser.add_option(
"-a",
"--algorithm",
action="store",
type="str",
default=None,
dest="algorithm",
help="Encryption algorithm for the secret (e.g., AES)")
parser.add_option(
"-l",
"--length",
action="store",
type="int",
default=None,
dest="length",
help="Key length in bits (e.g., 128, 256)")
elif operation is Operation.CREATE_KEY_PAIR:
parser.add_option(
"-a",
"--algorithm",
action="store",
type="str",
default=None,
dest="algorithm",
help="Encryption algorithm for the secret (e.g., AES)")
parser.add_option(
"-l",
"--length",
action="store",
type="int",
default=None,
dest="length",
help="Key length in bits (e.g., 128, 256)")
parser.add_option(
"-n",
"--name",
action="store",
type="str",
default=None,
dest="name",
help="Name of key pair to create")
elif operation is Operation.DESTROY:
parser.add_option(
"-i",
"--uuid",
action="store",
type="str",
default=None,
dest="uuid",
help="UUID of secret to delete from the KMIP server")
elif operation is Operation.ACTIVATE:
parser.add_option(
"-i",
"--uuid",
action="store",
type="str",
default=None,
dest="uuid",
help="UUID of secret to activate on the KMIP server")
elif operation is Operation.REVOKE:
parser.add_option(
"-i",
"--uuid",
action="store",
type="str",
default=None,
dest="uuid",
help="UUID of secret to revoke on the KMIP server")
elif operation is Operation.GET:
parser.add_option(
"-i",
"--uuid",
action="store",
type="str",
default=None,
dest="uuid",
help="UUID of secret to retrieve from the KMIP server")
parser.add_option(
"-f",
"--format",
action="store",
type="str",
default=None,
dest="format",
help=("Format in which to retrieve the secret. Supported formats "
"include: RAW, PKCS_1, PKCS_8, X_509"))
elif operation is Operation.GET_ATTRIBUTE_LIST:
parser.add_option(
"-i",
"--uuid",
action="store",
type="str",
default=None,
dest="uuid",
help="UID of a managed object")
elif operation is Operation.LOCATE:
parser.add_option(
"-n",
"--name",
action="store",
type="str",
default=None,
dest="name",
help="Name of secret to retrieve from the KMIP server")
elif operation is Operation.REGISTER:
parser.add_option(
"-f",
"--format",
action="store",
type="str",
default="RAW",
dest="format",
help=("Format in which to store the secret. Supported formats "
"include: RAW, PKCS_1, PKCS_8, X_509"))
parser.add_option(
"-t",
"--type",
action="store",
type="str",
default="SYMMETRIC_KEY",
dest="type",
help=("Type of the object to register. Supported types include: "
"CERTIFICATE, PRIVATE_KEY, PUBLIC_KEY, SYMMETRIC_KEY, "
"SECRET_DATA"))
elif operation is Operation.DISCOVER_VERSIONS:
parser.add_option(
"-v",
"--protocol-versions",
action="store",
type="str",
default=None,
dest="protocol_versions",
help=("Protocol versions supported by client. "
"ex. '1.1,1.2 1.3'"))
elif operation is Operation.MAC:
parser.add_option(
"-i",
"--uuid",
action="store",
type="str",
default=None,
dest="uuid",
help="The unique ID of the managed object that is the key"
"to use for the MAC operation")
parser.add_option(
"-a",
"--algorithm",
action="store",
type="str",
default=None,
dest="algorithm",
help="Encryption algorithm for the secret (e.g., AES)")
return parser
def build_cryptographic_usage_mask(logger, object_type):
if object_type == ObjectType.CERTIFICATE:
flags = [CryptographicUsageMask.ENCRYPT,
CryptographicUsageMask.VERIFY]
elif (object_type == ObjectType.SYMMETRIC_KEY or
object_type == ObjectType.SECRET_DATA):
flags = [CryptographicUsageMask.ENCRYPT,
CryptographicUsageMask.DECRYPT]
elif object_type == ObjectType.PUBLIC_KEY:
flags = [CryptographicUsageMask.VERIFY]
elif object_type == ObjectType.PRIVATE_KEY:
flags = [CryptographicUsageMask.SIGN]
else:
logger.error("Unrecognized object type, could not build cryptographic "
"usage mask")
sys.exit()
attribute_type = AttributeType.CRYPTOGRAPHIC_USAGE_MASK
attribute_factory = AttributeFactory()
usage_mask = attribute_factory.create_attribute(attribute_type, flags)
return usage_mask
def build_object(logger, object_type, key_format_type):
if object_type == ObjectType.CERTIFICATE:
value = build_secret_value(logger, object_type)
return Certificate(
certificate_type=CertificateTypeEnum.X_509,
certificate_value=value)
else:
return build_key(logger, object_type, key_format_type)
def build_key(logger, object_type, key_format_type):
key_value = build_secret_value(logger, object_type)
cryptographic_algorithm = build_cryptographic_algorithm(
logger, object_type)
cryptographic_length = build_cryptographic_length(logger, object_type)
key_block = build_key_block(
key_format_type,
key_value,
cryptographic_algorithm,
cryptographic_length)
if object_type == ObjectType.SYMMETRIC_KEY:
return SymmetricKey(key_block)
elif object_type == ObjectType.PUBLIC_KEY:
return PublicKey(key_block)
elif object_type == ObjectType.PRIVATE_KEY:
return PrivateKey(key_block)
elif object_type == ObjectType.SECRET_DATA:
kind = SecretData.SecretDataType(SecretDataType.PASSWORD)
return SecretData(secret_data_type=kind,
key_block=key_block)
else:
logger.error("Unrecognized object type, could not build key")
sys.exit()
def build_cryptographic_length(logger, object_type):
if (object_type == ObjectType.SYMMETRIC_KEY or
object_type == ObjectType.SECRET_DATA):
return CryptographicLength(128)
elif object_type == ObjectType.PUBLIC_KEY:
return CryptographicLength(1024)
elif object_type == ObjectType.PRIVATE_KEY:
return CryptographicLength(1024)
else:
logger.error("Unrecognized object type, could not build cryptographic "
"length")
sys.exit()
def build_cryptographic_algorithm(logger, object_type):
if (object_type == ObjectType.SYMMETRIC_KEY or
object_type == ObjectType.SECRET_DATA):
return CryptographicAlgorithm(CryptoAlgorithmEnum.AES)
elif object_type == ObjectType.PUBLIC_KEY:
return CryptographicAlgorithm(CryptoAlgorithmEnum.RSA)
elif object_type == ObjectType.PRIVATE_KEY:
return CryptographicAlgorithm(CryptoAlgorithmEnum.RSA)
else:
logger.error("Unrecognized object type, could not build cryptographic "
"algorithm")
sys.exit()
def build_secret_value(logger, object_type):
if object_type == ObjectType.CERTIFICATE:
# Encoding from Section 13.2 of the KMIP 1.1 Test Cases document.
return (
b'\x30\x82\x03\x12\x30\x82\x01\xFA\xA0\x03\x02\x01\x02\x02\x01\x01'
b'\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30'
b'\x3B\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D'
b'\x30\x0B\x06\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30'
b'\x0C\x06\x03\x55\x04\x0B\x13\x05\x4F\x41\x53\x49\x53\x31\x0D\x30'
b'\x0B\x06\x03\x55\x04\x03\x13\x04\x4B\x4D\x49\x50\x30\x1E\x17\x0D'
b'\x31\x30\x31\x31\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x17\x0D\x32'
b'\x30\x31\x31\x30\x31\x32\x33\x35\x39\x35\x39\x5A\x30\x3B\x31\x0B'
b'\x30\x09\x06\x03\x55\x04\x06\x13\x02\x55\x53\x31\x0D\x30\x0B\x06'
b'\x03\x55\x04\x0A\x13\x04\x54\x45\x53\x54\x31\x0E\x30\x0C\x06\x03'
b'\x55\x04\x0B\x13\x05\x4F\x41\x53\x49\x53\x31\x0D\x30\x0B\x06\x03'
b'\x55\x04\x03\x13\x04\x4B\x4D\x49\x50\x30\x82\x01\x22\x30\x0D\x06'
b'\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x01\x0F'
b'\x00\x30\x82\x01\x0A\x02\x82\x01\x01\x00\xAB\x7F\x16\x1C\x00\x42'
b'\x49\x6C\xCD\x6C\x6D\x4D\xAD\xB9\x19\x97\x34\x35\x35\x77\x76\x00'
b'\x3A\xCF\x54\xB7\xAF\x1E\x44\x0A\xFB\x80\xB6\x4A\x87\x55\xF8\x00'
b'\x2C\xFE\xBA\x6B\x18\x45\x40\xA2\xD6\x60\x86\xD7\x46\x48\x34\x6D'
b'\x75\xB8\xD7\x18\x12\xB2\x05\x38\x7C\x0F\x65\x83\xBC\x4D\x7D\xC7'
b'\xEC\x11\x4F\x3B\x17\x6B\x79\x57\xC4\x22\xE7\xD0\x3F\xC6\x26\x7F'
b'\xA2\xA6\xF8\x9B\x9B\xEE\x9E\x60\xA1\xD7\xC2\xD8\x33\xE5\xA5\xF4'
b'\xBB\x0B\x14\x34\xF4\xE7\x95\xA4\x11\x00\xF8\xAA\x21\x49\x00\xDF'
b'\x8B\x65\x08\x9F\x98\x13\x5B\x1C\x67\xB7\x01\x67\x5A\xBD\xBC\x7D'
b'\x57\x21\xAA\xC9\xD1\x4A\x7F\x08\x1F\xCE\xC8\x0B\x64\xE8\xA0\xEC'
b'\xC8\x29\x53\x53\xC7\x95\x32\x8A\xBF\x70\xE1\xB4\x2E\x7B\xB8\xB7'
b'\xF4\xE8\xAC\x8C\x81\x0C\xDB\x66\xE3\xD2\x11\x26\xEB\xA8\xDA\x7D'
b'\x0C\xA3\x41\x42\xCB\x76\xF9\x1F\x01\x3D\xA8\x09\xE9\xC1\xB7\xAE'
b'\x64\xC5\x41\x30\xFB\xC2\x1D\x80\xE9\xC2\xCB\x06\xC5\xC8\xD7\xCC'
b'\xE8\x94\x6A\x9A\xC9\x9B\x1C\x28\x15\xC3\x61\x2A\x29\xA8\x2D\x73'
b'\xA1\xF9\x93\x74\xFE\x30\xE5\x49\x51\x66\x2A\x6E\xDA\x29\xC6\xFC'
b'\x41\x13\x35\xD5\xDC\x74\x26\xB0\xF6\x05\x02\x03\x01\x00\x01\xA3'
b'\x21\x30\x1F\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\x04\xE5'
b'\x7B\xD2\xC4\x31\xB2\xE8\x16\xE1\x80\xA1\x98\x23\xFA\xC8\x58\x27'
b'\x3F\x6B\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05'
b'\x00\x03\x82\x01\x01\x00\xA8\x76\xAD\xBC\x6C\x8E\x0F\xF0\x17\x21'
b'\x6E\x19\x5F\xEA\x76\xBF\xF6\x1A\x56\x7C\x9A\x13\xDC\x50\xD1\x3F'
b'\xEC\x12\xA4\x27\x3C\x44\x15\x47\xCF\xAB\xCB\x5D\x61\xD9\x91\xE9'
b'\x66\x31\x9D\xF7\x2C\x0D\x41\xBA\x82\x6A\x45\x11\x2F\xF2\x60\x89'
b'\xA2\x34\x4F\x4D\x71\xCF\x7C\x92\x1B\x4B\xDF\xAE\xF1\x60\x0D\x1B'
b'\xAA\xA1\x53\x36\x05\x7E\x01\x4B\x8B\x49\x6D\x4F\xAE\x9E\x8A\x6C'
b'\x1D\xA9\xAE\xB6\xCB\xC9\x60\xCB\xF2\xFA\xE7\x7F\x58\x7E\xC4\xBB'
b'\x28\x20\x45\x33\x88\x45\xB8\x8D\xD9\xAE\xEA\x53\xE4\x82\xA3\x6E'
b'\x73\x4E\x4F\x5F\x03\xB9\xD0\xDF\xC4\xCA\xFC\x6B\xB3\x4E\xA9\x05'
b'\x3E\x52\xBD\x60\x9E\xE0\x1E\x86\xD9\xB0\x9F\xB5\x11\x20\xC1\x98'
b'\x34\xA9\x97\xB0\x9C\xE0\x8D\x79\xE8\x13\x11\x76\x2F\x97\x4B\xB1'
b'\xC8\xC0\x91\x86\xC4\xD7\x89\x33\xE0\xDB\x38\xE9\x05\x08\x48\x77'
b'\xE1\x47\xC7\x8A\xF5\x2F\xAE\x07\x19\x2F\xF1\x66\xD1\x9F\xA9\x4A'
b'\x11\xCC\x11\xB2\x7E\xD0\x50\xF7\xA2\x7F\xAE\x13\xB2\x05\xA5\x74'
b'\xC4\xEE\x00\xAA\x8B\xD6\x5D\x0D\x70\x57\xC9\x85\xC8\x39\xEF\x33'
b'\x6A\x44\x1E\xD5\x3A\x53\xC6\xB6\xB6\x96\xF1\xBD\xEB\x5F\x7E\xA8'
b'\x11\xEB\xB2\x5A\x7F\x86')
elif (object_type == ObjectType.SYMMETRIC_KEY or
object_type == ObjectType.SECRET_DATA):
return (
b'\x30\x82\x02\x76\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7'
b'\x0D\x01\x01\x01\x05\x00\x04\x82\x02\x60\x30\x82\x02\x5C\x02\x01'
b'\x00\x02\x81\x81\x00\x93\x04\x51\xC9\xEC\xD9\x4F\x5B\xB9\xDA\x17'
b'\xDD\x09\x38\x1B\xD2\x3B\xE4\x3E\xCA\x8C\x75\x39\xF3\x01\xFC\x8A'
b'\x8C\xD5\xD5\x27\x4C\x3E\x76\x99\xDB\xDC\x71\x1C\x97\xA7\xAA\x91'
b'\xE2\xC5\x0A\x82\xBD\x0B\x10\x34\xF0\xDF\x49\x3D\xEC\x16\x36\x24'
b'\x27\xE5\x8A\xCC\xE7\xF6\xCE\x0F\x9B\xCC\x61\x7B\xBD\x8C\x90\xD0'
b'\x09\x4A\x27\x03\xBA\x0D\x09\xEB\x19\xD1\x00\x5F\x2F\xB2\x65'
b'\x52')
elif object_type == ObjectType.PUBLIC_KEY:
return (
b'\x30\x81\x9F\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01'
b'\x05\x00\x03\x81\x8D\x00\x30\x81\x89\x02\x81\x81\x00\x93\x04\x51'
b'\xC9\xEC\xD9\x4F\x5B\xB9\xDA\x17\xDD\x09\x38\x1B\xD2\x3B\xE4\x3E'
b'\xCA\x8C\x75\x39\xF3\x01\xFC\x8A\x8C\xD5\xD5\x27\x4C\x3E\x76\x99'
b'\xDB\xDC\x71\x1C\x97\xA7\xAA\x91\xE2\xC5\x0A\x82\xBD\x0B\x10\x34'
b'\xF0\xDF\x49\x3D\xEC\x16\x36\x24\x27\xE5\x8A\xCC\xE7\xF6\xCE\x0F'
b'\x9B\xCC\x61\x7B\xBD\x8C\x90\xD0\x09\x4A\x27\x03\xBA\x0D\x09\xEB'
b'\x19\xD1\x00\x5F\x2F\xB2\x65\x52\x6A\xAC\x75\xAF\x32\xF8\xBC\x78'
b'\x2C\xDE\xD2\xA5\x7F\x81\x1E\x03\xEA\xF6\x7A\x94\x4D\xE5\xE7\x84'
b'\x13\xDC\xA8\xF2\x32\xD0\x74\xE6\xDC\xEA\x4C\xEC\x9F\x02\x03\x01'
b'\x00\x01')
elif object_type == ObjectType.PRIVATE_KEY:
return (
b'\x30\x82\x02\x76\x02\x01\x00\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7'
b'\x0D\x01\x01\x01\x05\x00\x04\x82\x02\x60\x30\x82\x02\x5C\x02\x01'
b'\x00\x02\x81\x81\x00\x93\x04\x51\xC9\xEC\xD9\x4F\x5B\xB9\xDA\x17'
b'\xDD\x09\x38\x1B\xD2\x3B\xE4\x3E\xCA\x8C\x75\x39\xF3\x01\xFC\x8A'
b'\x8C\xD5\xD5\x27\x4C\x3E\x76\x99\xDB\xDC\x71\x1C\x97\xA7\xAA\x91'
b'\xE2\xC5\x0A\x82\xBD\x0B\x10\x34\xF0\xDF\x49\x3D\xEC\x16\x36\x24'
b'\x27\xE5\x8A\xCC\xE7\xF6\xCE\x0F\x9B\xCC\x61\x7B\xBD\x8C\x90\xD0'
b'\x09\x4A\x27\x03\xBA\x0D\x09\xEB\x19\xD1\x00\x5F\x2F\xB2\x65\x52'
b'\x6A\xAC\x75\xAF\x32\xF8\xBC\x78\x2C\xDE\xD2\xA5\x7F\x81\x1E\x03'
b'\xEA\xF6\x7A\x94\x4D\xE5\xE7\x84\x13\xDC\xA8\xF2\x32\xD0\x74\xE6'
b'\xDC\xEA\x4C\xEC\x9F\x02\x03\x01\x00\x01\x02\x81\x80\x0B\x6A\x7D'
b'\x73\x61\x99\xEA\x48\xA4\x20\xE4\x53\x7C\xA0\xC7\xC0\x46\x78\x4D'
b'\xCB\xEA\xA6\x3B\xAE\xBC\x0B\xC1\x32\x78\x74\x49\xCD\xE8\xD7\xCA'
b'\xD0\xC0\xC8\x63\xC0\xFE\xFB\x06\xC3\x06\x2B\xEF\xC5\x00\x33\xEC'
b'\xF8\x7B\x4E\x33\xA9\xBE\x7B\xCB\xC8\xF1\x51\x1A\xE2\x15\xE8\x0D'
b'\xEB\x5D\x8A\xF2\xBD\x31\x31\x9D\x78\x21\x19\x66\x40\x93\x5A\x0C'
b'\xD6\x7C\x94\x59\x95\x79\xF2\x10\x0D\x65\xE0\x38\x83\x1F\xDA\xFB'
b'\x0D\xBE\x2B\xBD\xAC\x00\xA6\x96\xE6\x7E\x75\x63\x50\xE1\xC9\x9A'
b'\xCE\x11\xA3\x6D\xAB\xAC\x3E\xD3\xE7\x30\x96\x00\x59\x02\x41\x00'
b'\xDD\xF6\x72\xFB\xCC\x5B\xDA\x3D\x73\xAF\xFC\x4E\x79\x1E\x0C\x03'
b'\x39\x02\x24\x40\x5D\x69\xCC\xAA\xBC\x74\x9F\xAA\x0D\xCD\x4C\x25'
b'\x83\xC7\x1D\xDE\x89\x41\xA7\xB9\xAA\x03\x0F\x52\xEF\x14\x51\x46'
b'\x6C\x07\x4D\x4D\x33\x8F\xE6\x77\x89\x2A\xCD\x9E\x10\xFD\x35\xBD'
b'\x02\x41\x00\xA9\x8F\xBC\x3E\xD6\xB4\xC6\xF8\x60\xF9\x71\x65\xAC'
b'\x2F\x7B\xB6\xF2\xE2\xCB\x19\x2A\x9A\xBD\x49\x79\x5B\xE5\xBC\xF3'
b'\x7D\x8E\xE6\x9A\x6E\x16\x9C\x24\xE5\xC3\x2E\x4E\x7F\xA3\x32\x65'
b'\x46\x14\x07\xF9\x52\xBA\x49\xE2\x04\x81\x8A\x2F\x78\x5F\x11\x3F'
b'\x92\x2B\x8B\x02\x40\x25\x3F\x94\x70\x39\x0D\x39\x04\x93\x03\x77'
b'\x7D\xDB\xC9\x75\x0E\x9D\x64\x84\x9C\xE0\x90\x3E\xAE\x70\x4D\xC9'
b'\xF5\x89\xB7\x68\x0D\xEB\x9D\x60\x9F\xD5\xBC\xD4\xDE\xCD\x6F\x12'
b'\x05\x42\xE5\xCF\xF5\xD7\x6F\x2A\x43\xC8\x61\x5F\xB5\xB3\xA9\x21'
b'\x34\x63\x79\x7A\xA9\x02\x41\x00\xA1\xDD\xF0\x23\xC0\xCD\x94\xC0'
b'\x19\xBB\x26\xD0\x9B\x9E\x3C\xA8\xFA\x97\x1C\xB1\x6A\xA5\x8B\x9B'
b'\xAF\x79\xD6\x08\x1A\x1D\xBB\xA4\x52\xBA\x53\x65\x3E\x28\x04\xBA'
b'\x98\xFF\x69\xE8\xBB\x1B\x3A\x16\x1E\xA2\x25\xEA\x50\x14\x63\x21'
b'\x6A\x8D\xAB\x9B\x88\xA7\x5E\x5F\x02\x40\x61\x78\x64\x6E\x11\x2C'
b'\xF7\x9D\x92\x1A\x8A\x84\x3F\x17\xF6\xE7\xFF\x97\x4F\x68\x81\x22'
b'\x36\x5B\xF6\x69\x0C\xDF\xC9\x96\xE1\x89\x09\x52\xEB\x38\x20\xDD'
b'\x18\x90\xEC\x1C\x86\x19\xE8\x7A\x2B\xD3\x8F\x9D\x03\xB3\x7F\xAC'
b'\x74\x2E\xFB\x74\x8C\x78\x85\x94\x2C\x39')
else:
logger.error("Unrecognized object type, could not build secret value")
sys.exit()
def build_key_block(key_format_type, key_value, cryptographic_algorithm,
cryptographic_length):
key_material = KeyMaterial(key_value)
key_value = KeyValue(key_material)
return KeyBlock(
key_format_type=KeyFormatType(key_format_type),
key_compression_type=None,
key_value=key_value,
cryptographic_algorithm=cryptographic_algorithm,
cryptographic_length=cryptographic_length,
key_wrapping_data=None)
def log_template_attribute(logger, template_attribute):
names = template_attribute.names
attributes = template_attribute.attributes
logger.info('number of template attribute names: {0}'.format(len(names)))
for i in range(len(names)):
name = names[i]
logger.info('name {0}: {1}'.format(i, name))
log_attribute_list(logger, attributes)
def log_attribute_list(logger, attributes):
logger.info('number of attributes: {0}'.format(len(attributes)))
for i in range(len(attributes)):
attribute = attributes[i]
attribute_name = attribute.attribute_name
attribute_index = attribute.attribute_index
attribute_value = attribute.attribute_value
logger.info('attribute {0}:'.format(i))
logger.info(' attribute_name: {0}'.format(attribute_name))
logger.info(' attribute_index: {0}'.format(attribute_index))
logger.info(' attribute_value: {0}'.format(
repr(attribute_value)))
def log_secret(logger, secret_type, secret_value):
if secret_type is ObjectType.CERTIFICATE:
log_certificate(logger, secret_value)
elif secret_type is ObjectType.PRIVATE_KEY:
log_private_key(logger, secret_value)
elif secret_type is ObjectType.PUBLIC_KEY:
log_public_key(logger, secret_value)
elif secret_type is ObjectType.SYMMETRIC_KEY:
log_symmetric_key(logger, secret_value)
else:
logger.info('generic secret: {0}'.format(secret_value))
def log_certificate(logger, certificate):
logger.info('certificate:')
logger.info('* certificate type: {0}'.format(
certificate.certificate_type))
logger.info('* certificate value: {0}'.format(
binascii.hexlify(certificate.certificate_value.value)))
def log_public_key(logger, public_key):
key_block = public_key.key_block
log_key_block(logger, key_block)
def log_private_key(logger, private_key):
key_block = private_key.key_block
log_key_block(logger, key_block)
def log_symmetric_key(logger, skey):
key_block = skey.key_block
log_key_block(logger, key_block)
def log_key_block(logger, key_block):
if key_block is not None:
logger.info('key block:')
key_format_type = key_block.key_format_type
key_compression_type = key_block.key_compression_type
key_value = key_block.key_value
cryptographic_algorithm = key_block.cryptographic_algorithm
cryptographic_length = key_block.cryptographic_length
key_wrapping_data = key_block.key_wrapping_data
logger.info('* key format type: {0}'.format(key_format_type))
logger.info('* key compression type: {0}'.format(
key_compression_type))
logger.info('* cryptographic algorithm: {0}'.format(
cryptographic_algorithm))
logger.info('* cryptographic length: {0}'.format(
cryptographic_length))
log_key_value(logger, key_value)
log_key_wrapping_data(logger, key_wrapping_data)
else:
logger.info('key block: {0}'.format(key_block))
def log_key_value(logger, key_value):
if key_value is not None:
logger.info('key value:')
key_material = key_value.key_material
attributes = key_value.attributes
logger.info('key material: {0}'.format(repr(key_material)))
log_attribute_list(logger, attributes)
else:
logger.info('key value: {0}'.format(key_value))
def log_key_wrapping_data(logger, key_wrapping_data):
logger.info('key wrapping data: {0}'.format(key_wrapping_data))