From a344fd6e410e3bb2d387d37d67a52d410f871bf5 Mon Sep 17 00:00:00 2001 From: Bruce Benjamin Date: Tue, 16 Sep 2014 12:02:14 -0400 Subject: [PATCH 1/4] Updated REAME file --- README.rst | 177 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 131 insertions(+), 46 deletions(-) diff --git a/README.rst b/README.rst index ea47b9d..6d2a385 100644 --- a/README.rst +++ b/README.rst @@ -1,46 +1,131 @@ -====== -PyKMIP -====== - -PyKMIP is a Python implementation of the Key Management Interoperability -Protocol (KMIP) specification, supporting version 1.1 of the KMIP standard. -The library currently provides a KMIP client, which supports the following -operations for KMIP SymmetricKey managed objects: - -* create -* register -* get -* destroy - -PyKMIP also provides a software-based KMIP server, which is intended for use -in testing and demonstration environments. The server is NOT intended to be -a substitute for secured hardware-based KMIP appliances. - -Version -======= -This distribution of PyKMIP is version 0.0.1. Future work includes adding -support for basic KMIP profiles, including the basic supporting operations. - -For more information on KMIP profiles, see the `OASIS documentation for -KMIP profiles -`_. - -Platform -======== -PyKMIP has been tested and runs on Ubuntu 12.04 LTS. - -References -========== - -For more information on the KMIP specification, see the `OASIS documentation -for KMIP -`_. - -Contributors -============ - -Many thanks to the developers who created PyKMIP: - -Nathan Reller -Peter Hamilton -Kaitlin Farr +====== +PyKMIP +====== + +PyKMIP is a Python implementation of the Key Management Interoperability +Protocol (KMIP) specification, supporting version 1.1 of the KMIP standard. +KMIP is an OASIS standard specifying a client/server-based protocol to perform +key, certificate, or generic object management relating generally to storage +and maintenance operations. The PyKMIP library currently provides a KMIP +client and server supporting the following operations for the KMIP +SymmetricKey managed object: + +* create +* register +* get +* destroy + +Note that KMIP specifies profiles that tailor the standard to specific use +cases. The KMIP Profile Support section below includes several profiles that +need to be developed for PyKMIP to more fully support the symmetric key storage +and generation capabilities. A list of operations necessary for these profiles +are also included. + +The PyKMIP software-based KMIP server is intended for use only in testing and +demonstration environments. Note that the PyKMIP server is NOT intended to be +a substitute for secured, hardware-based KMIP appliances. The PyKMIP client +should be used for operational purposes only with a hardware-based KMIP server. + +Version +======= +Earlier versions of PyKMIP are not intended to support KMIP profiles. Work +to further mature PyKMIP to add support for basic profiles is underway (see +below.) For more information on KMIP profiles, see the OASIS documentation +in the reference section. + +Note that development of the PyKMIP client and server should take place in +parallel to facilitate testing of each operation as it is developed. + + +Platform +======== +PyKMIP has been tested and runs on Ubuntu 12.04 LTS. + + +KMIP Profile Support +==================== +The KMIP standard includes various profiles that tailor the standard for +specific use cases, such as for symmetric key storage with TLS1.2 specified. +These profiles specify conformance to certain operations and attributes. The +operations listed directly below are needed to support symmetric key profiles +also listed below. We would appreciate help in the development of these +operations, and have listed our recommended order of development prioritization +to consider. This list is in order of decending priority. Since development +is already underway, and code will be merged, please check the code base to +assess the status of operations prior to development. Note that these operations +support KMIP Profiles that are listed at the end of this document. + +KMIP Operations to add to PyKMIP, in our recommended order of priority: +- Discover Versions +- Locate +- Check +- Revoke +- Get Attributes +- Get Attribute List +- Add Attribute +- Modify Attribute +- Delete Attribute +- Activate +- Query + +Note that Create, Register, Get, and Destroy operations were completed with the +initial version of PyKMIP to allow very basic KMIP symmetric key operations. + + +Profiles that support KMIP symmetric key opererations (see link in references +section): + +4.2* "Basic Baseline Server KMIP Profile" (includes TLS 1.0+) +Client to Server Operations needed for this (See 5.2*): +Required operations include Locate, Check, Get, Get Attributes, Get Attribute +List, Add Attribute, Modify Attribute, Delete Attribute, Activate, Revoke, +Destroy, Query, and Discover Versions (but not Register or Create) + +4.14* "Symmetric Key Store and Server TLS 1.2 Authentication KMIP Profile" +Client to Server Operations needed for this (See 5.4*) +- All operations from *4.2 and also Register operation + +4.15* "Symmetric Key Foundry and Server TLS 1.2 Authentication KMIP profile" +Client to Server Operations needed for this (See 5.5*) +- All operations from *4.2 and also Create operation + +4.22* "Basic Baseline Client KMIP Profile" (includes TLS 1.0+) +Client to Server Operations needed for this (See 5.12*): +Required operations include Locate, Check, Get, Get Attributes, Get Attribute +List, Add Attribute, Modify Attribute, Delete Attribute, Activate, Revoke, +Destroy, Query, and Discover Versions (but not Register or Create) + +4.34* "Symmetric Key Store Client TLS 1.2 Authentication KMIP Profile" +Client to Server Operations needed for this (See 5.14*) +- All operations from *4.22 and also Register operation + +4.35* "Symmetric Key Foundry Client TLS 1.2 Authentication KMIP profile" +Client to Server Operations needed for this (See 5.15*) +- All operations from *4.22 and also Create operation + +4.42* "Storage Client TLS 1.2 Authentication KMIP Profile" +Client to Server Operations needed for this (See 5.21*) +- All operations from *4.22, Register from *4.34, and Create from *4.35 + + +* This designator points to a section in the Key Management Interoperability +Profiles Version 1.1. The link to this document is in the references section +below. + +References +========== + +For more information on the KMIP specification, see the `OASIS documentation +for KMIP +`_. +`_. + + +Contributors +============ + +Many thanks to the developers who created PyKMIP: + +Nathan Reller +Peter Hamilton +Kaitlin Farr From 87afc0832eb73c87d3f8a480b113441f7cc5f2b8 Mon Sep 17 00:00:00 2001 From: Peter Hamilton Date: Fri, 19 Sep 2014 18:00:35 -0400 Subject: [PATCH 2/4] Reformatting README to use reStructuredText This change reformats the README to use the syntax and formatting recognized by reStructuredText parsers. Several typos have been fixed along with minor rephrasing and condensing of text. All external references have officially been replaced with direct links to the documents and document sections in question. --- README.rst | 282 ++++++++++++++++++++++++++++------------------------- 1 file changed, 151 insertions(+), 131 deletions(-) diff --git a/README.rst b/README.rst index 6d2a385..0bd85d2 100644 --- a/README.rst +++ b/README.rst @@ -1,131 +1,151 @@ -====== -PyKMIP -====== - -PyKMIP is a Python implementation of the Key Management Interoperability -Protocol (KMIP) specification, supporting version 1.1 of the KMIP standard. -KMIP is an OASIS standard specifying a client/server-based protocol to perform -key, certificate, or generic object management relating generally to storage -and maintenance operations. The PyKMIP library currently provides a KMIP -client and server supporting the following operations for the KMIP -SymmetricKey managed object: - -* create -* register -* get -* destroy - -Note that KMIP specifies profiles that tailor the standard to specific use -cases. The KMIP Profile Support section below includes several profiles that -need to be developed for PyKMIP to more fully support the symmetric key storage -and generation capabilities. A list of operations necessary for these profiles -are also included. - -The PyKMIP software-based KMIP server is intended for use only in testing and -demonstration environments. Note that the PyKMIP server is NOT intended to be -a substitute for secured, hardware-based KMIP appliances. The PyKMIP client -should be used for operational purposes only with a hardware-based KMIP server. - -Version -======= -Earlier versions of PyKMIP are not intended to support KMIP profiles. Work -to further mature PyKMIP to add support for basic profiles is underway (see -below.) For more information on KMIP profiles, see the OASIS documentation -in the reference section. - -Note that development of the PyKMIP client and server should take place in -parallel to facilitate testing of each operation as it is developed. - - -Platform -======== -PyKMIP has been tested and runs on Ubuntu 12.04 LTS. - - -KMIP Profile Support -==================== -The KMIP standard includes various profiles that tailor the standard for -specific use cases, such as for symmetric key storage with TLS1.2 specified. -These profiles specify conformance to certain operations and attributes. The -operations listed directly below are needed to support symmetric key profiles -also listed below. We would appreciate help in the development of these -operations, and have listed our recommended order of development prioritization -to consider. This list is in order of decending priority. Since development -is already underway, and code will be merged, please check the code base to -assess the status of operations prior to development. Note that these operations -support KMIP Profiles that are listed at the end of this document. - -KMIP Operations to add to PyKMIP, in our recommended order of priority: -- Discover Versions -- Locate -- Check -- Revoke -- Get Attributes -- Get Attribute List -- Add Attribute -- Modify Attribute -- Delete Attribute -- Activate -- Query - -Note that Create, Register, Get, and Destroy operations were completed with the -initial version of PyKMIP to allow very basic KMIP symmetric key operations. - - -Profiles that support KMIP symmetric key opererations (see link in references -section): - -4.2* "Basic Baseline Server KMIP Profile" (includes TLS 1.0+) -Client to Server Operations needed for this (See 5.2*): -Required operations include Locate, Check, Get, Get Attributes, Get Attribute -List, Add Attribute, Modify Attribute, Delete Attribute, Activate, Revoke, -Destroy, Query, and Discover Versions (but not Register or Create) - -4.14* "Symmetric Key Store and Server TLS 1.2 Authentication KMIP Profile" -Client to Server Operations needed for this (See 5.4*) -- All operations from *4.2 and also Register operation - -4.15* "Symmetric Key Foundry and Server TLS 1.2 Authentication KMIP profile" -Client to Server Operations needed for this (See 5.5*) -- All operations from *4.2 and also Create operation - -4.22* "Basic Baseline Client KMIP Profile" (includes TLS 1.0+) -Client to Server Operations needed for this (See 5.12*): -Required operations include Locate, Check, Get, Get Attributes, Get Attribute -List, Add Attribute, Modify Attribute, Delete Attribute, Activate, Revoke, -Destroy, Query, and Discover Versions (but not Register or Create) - -4.34* "Symmetric Key Store Client TLS 1.2 Authentication KMIP Profile" -Client to Server Operations needed for this (See 5.14*) -- All operations from *4.22 and also Register operation - -4.35* "Symmetric Key Foundry Client TLS 1.2 Authentication KMIP profile" -Client to Server Operations needed for this (See 5.15*) -- All operations from *4.22 and also Create operation - -4.42* "Storage Client TLS 1.2 Authentication KMIP Profile" -Client to Server Operations needed for this (See 5.21*) -- All operations from *4.22, Register from *4.34, and Create from *4.35 - - -* This designator points to a section in the Key Management Interoperability -Profiles Version 1.1. The link to this document is in the references section -below. - -References -========== - -For more information on the KMIP specification, see the `OASIS documentation -for KMIP -`_. -`_. - - -Contributors -============ - -Many thanks to the developers who created PyKMIP: - -Nathan Reller -Peter Hamilton -Kaitlin Farr +------ +PyKMIP +------ + +PyKMIP is a Python implementation of the Key Management Interoperability Protocol (KMIP) specification, supporting version 1.1 of the KMIP standard. The KMIP standard is governed by the `Organization for the Advancement of Structured Information Standards`_ (OASIS) and specifies a client/server-based protocol to perform key, certificate, and secret object management, including storage and maintenance operations. + +The PyKMIP library currently provides a KMIP client and server supporting the following operations for the KMIP SymmetricKey managed object: + +* Create +* Register +* Get +* Destroy + +Note that KMIP specifies profiles that tailor the standard to specific use cases. The `KMIP Profile Support`_ section includes several profiles that need to be developed for PyKMIP to fully support symmetric key storage and generation capabilities. A list of operations necessary for these profiles is included. + +The PyKMIP software-based KMIP server is intended for use only in testing and demonstration environments. Note that the PyKMIP server is **NOT** intended to be a substitute for secured, hardware-based KMIP appliances. The PyKMIP client should be used for operational purposes only with a hardware-based KMIP server. The development of the PyKMIP client and server should take place in parallel to facilitate testing of each operation as it is developed. + +Platforms +========= +PyKMIP has been tested and runs on Ubuntu 12.04 LTS. + +.. _KMIP Profile Support: + +KMIP Profile Support +==================== +The KMIP standard includes various profiles that tailor the standard for specific use cases (e.g., symmetric key storage with TLS 1.2). These profiles specify conformance to certain operations and attributes. The operations listed below are needed to support symmetric key profiles, which are also provided below. We would appreciate help in the development of these operations, and have listed our recommended order of development prioritization in descending order. Since active development of these features is already underway, please check the `code base`_ to assess the status of operations prior to development. + +KMIP operations to add to PyKMIP: + +* Discover Versions +* List +* Locate +* Check +* Revoke +* Get Attributes +* Get Attribute List +* Add Attribute +* Modify Attribute +* Delete Attribute +* Activate +* Query + +Note that the Create, Register, Get, and Destroy operations were completed with the initial version of PyKMIP to allow very basic KMIP symmetric key operations. + +Server Profiles +--------------- +Server profiles that support KMIP symmetric key operations: + +* `Basic Baseline Server KMIP Profile`_ (includes TLS 1.0+) + + * Client-to-Server operations needed for this (see the `Baseline Server Clause`_) include: + + * Locate + * Check + * Get + * Get Attributes + * Get Attribute + * List + * Add Attribute + * Modify Attribute + * Delete Attribute + * Activate + * Revoke + * Destroy + * Query + * Discover Versions + +* `Symmetric Key Store and Server TLS 1.2 Authentication KMIP Profile`_ + + * Client-to-Server operations needed for this (see the `Symmetric Key Store and Server Conformance Clause`_) include all operations from the `Basic Baseline Server KMIP Profile`_ and also the Register operation. + +* `Symmetric Key Foundry and Server TLS 1.2 Authentication KMIP profile`_ + + * Client-to-Server operations needed for this (see the `Symmetric Key Foundry and Server Conformance Clause`_) include all operations from the `Basic Baseline Server KMIP Profile`_ and also the Create operation. + +Client Profiles +--------------- +Client profiles that support KMIP symmetric key operations: + +* `Basic Baseline Client KMIP Profile`_ (includes TLS 1.0+) + + * Client-to-Server operations needed for this (see the `Baseline Client Clause`_) include: + + * Locate + * Check + * Get + * Get Attributes + * Get Attribute + * List + * Add Attribute + * Modify Attribute + * Delete Attribute + * Activate + * Revoke + * Destroy + * Query + * Discover Versions + +* `Symmetric Key Store Client TLS 1.2 Authentication KMIP Profile`_ + + * Client-to-Server operations needed for this (see the `Symmetric Key Store Client Conformance Clause`_) include all operations from the `Basic Baseline Client KMIP Profile`_ and also the Register operation. + +* `Symmetric Key Foundry Client TLS 1.2 Authentication KMIP Profile`_ + + * Client-to-Server operations needed for this (see the `Symmetric Key Foundry Client Conformance Clause`_) include all operations from the `Basic Baseline Client KMIP Profile`_ and also the Create operation. + +* `Storage Client TLS 1.2 Authentication KMIP Profile`_ + + * Client-to-Server operations needed for this (see the `Storage Client Conformance Clauses`_) include all operations from the `Basic Baseline Client KMIP Profile`_, the Register operation from the `Symmetric Key Store Client TLS 1.2 Authentication KMIP Profile`_, and the Create operation from the `Symmetric Key Foundry Client TLS 1.2 Authentication KMIP Profile`_. + +References +========== +The source code for PyKMIP is hosted on GitHub and the library is available for installation from the Python Package Index (PyPI): + +* `GitHub `_ +* `PyPI `_ + +For more information on KMIP version 1.1, see the following documentation: + +* `Key Management Interoperability Protocol Specification Version 1.1`_ +* `Key Management Interoperability Protocol Profiles Version 1.1`_ +* `Key Management Interoperability Protocol Test Cases Version 1.1`_ + +Contributors +============ + +Many thanks to the developers who created PyKMIP: + +* `Nathan Reller `_ +* `Peter Hamilton `_ +* `Kaitlin Farr `_ + +.. _code base: https://github.com/OpenKMIP/PyKMIP +.. _Organization for the Advancement of Structured Information Standards: https://www.oasis-open.org/ +.. _Key Management Interoperability Protocol Specification Version 1.1: http://docs.oasis-open.org/kmip/spec/v1.1/os/kmip-spec-v1.1-os.html +.. _Key Management Interoperability Protocol Profiles Version 1.1: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html +.. _Key Management Interoperability Protocol Test Cases Version 1.1: http://docs.oasis-open.org/kmip/testcases/v1.1/cn01/kmip-testcases-v1.1-cn01.html +.. _Basic Baseline Server KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820691 +.. _Symmetric Key Store and Server TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820703 +.. _Symmetric Key Foundry and Server TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820704 +.. _Basic Baseline Client KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820711 +.. _Symmetric Key Store Client TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820723 +.. _Symmetric Key Foundry Client TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820724 +.. _Storage Client TLS 1.2 Authentication KMIP Profile: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820731 +.. _Baseline Server Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820736 +.. _Symmetric Key Store and Server Conformance Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820742 +.. _Symmetric Key Foundry and Server Conformance Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820745 +.. _Baseline Client Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820766 +.. _Symmetric Key Store Client Conformance Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820772 +.. _Symmetric Key Foundry Client Conformance Clause: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820775 +.. _Storage Client Conformance Clauses: http://docs.oasis-open.org/kmip/profiles/v1.1/os/kmip-profiles-v1.1-os.html#_Toc332820793 \ No newline at end of file From 02c818a5fc4f984588525c1d9c22e4510d190870 Mon Sep 17 00:00:00 2001 From: Peter Hamilton Date: Mon, 22 Sep 2014 12:30:27 -0400 Subject: [PATCH 3/4] Formatting line breaks in README This change adds line breaks to the intro paragraphs of the README. Lines that contain internal/external rST links are ignored, as are bulleted lines, since line breaks would break rST formatting. --- README.rst | 41 ++++++++++++++++++++++++++++++++++------- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/README.rst b/README.rst index 0bd85d2..3794113 100644 --- a/README.rst +++ b/README.rst @@ -2,18 +2,34 @@ PyKMIP ------ -PyKMIP is a Python implementation of the Key Management Interoperability Protocol (KMIP) specification, supporting version 1.1 of the KMIP standard. The KMIP standard is governed by the `Organization for the Advancement of Structured Information Standards`_ (OASIS) and specifies a client/server-based protocol to perform key, certificate, and secret object management, including storage and maintenance operations. +PyKMIP is a Python implementation of the Key Management Interoperability +Protocol (KMIP) specification, supporting version 1.1 of the KMIP standard. +The KMIP standard is governed by the `Organization for the Advancement of +Structured Information Standards`_ (OASIS) and specifies a +client/server-based protocol to perform key, certificate, and secret object +management, including storage and maintenance operations. -The PyKMIP library currently provides a KMIP client and server supporting the following operations for the KMIP SymmetricKey managed object: +The PyKMIP library currently provides a KMIP client and server supporting +the following operations for the KMIP SymmetricKey managed object: * Create * Register * Get * Destroy -Note that KMIP specifies profiles that tailor the standard to specific use cases. The `KMIP Profile Support`_ section includes several profiles that need to be developed for PyKMIP to fully support symmetric key storage and generation capabilities. A list of operations necessary for these profiles is included. +Note that KMIP specifies profiles that tailor the standard to specific use +cases. The `KMIP Profile Support`_ section includes several profiles that +need to be developed for PyKMIP to fully support symmetric key storage and +generation capabilities. A list of operations necessary for these profiles +is included. -The PyKMIP software-based KMIP server is intended for use only in testing and demonstration environments. Note that the PyKMIP server is **NOT** intended to be a substitute for secured, hardware-based KMIP appliances. The PyKMIP client should be used for operational purposes only with a hardware-based KMIP server. The development of the PyKMIP client and server should take place in parallel to facilitate testing of each operation as it is developed. +The PyKMIP software-based KMIP server is intended for use only in testing +and demonstration environments. Note that the PyKMIP server is **NOT** +intended to be a substitute for secured, hardware-based KMIP appliances. +The PyKMIP client should be used for operational purposes only with a +hardware-based KMIP server. The development of the PyKMIP client and server +should take place in parallel to facilitate testing of each operation as it +is developed. Platforms ========= @@ -23,7 +39,15 @@ PyKMIP has been tested and runs on Ubuntu 12.04 LTS. KMIP Profile Support ==================== -The KMIP standard includes various profiles that tailor the standard for specific use cases (e.g., symmetric key storage with TLS 1.2). These profiles specify conformance to certain operations and attributes. The operations listed below are needed to support symmetric key profiles, which are also provided below. We would appreciate help in the development of these operations, and have listed our recommended order of development prioritization in descending order. Since active development of these features is already underway, please check the `code base`_ to assess the status of operations prior to development. +The KMIP standard includes various profiles that tailor the standard for +specific use cases (e.g., symmetric key storage with TLS 1.2). These +profiles specify conformance to certain operations and attributes. The +operations listed below are needed to support symmetric key profiles, which +are also provided below. We would appreciate help in the development of +these operations, and have listed our recommended order of development +prioritization in descending order. Since active development of these +features is already underway, please check the `code base`_ to assess the +status of operations prior to development. KMIP operations to add to PyKMIP: @@ -40,7 +64,9 @@ KMIP operations to add to PyKMIP: * Activate * Query -Note that the Create, Register, Get, and Destroy operations were completed with the initial version of PyKMIP to allow very basic KMIP symmetric key operations. +Note that the Create, Register, Get, and Destroy operations were completed +with the initial version of PyKMIP to allow very basic KMIP symmetric key +operations. Server Profiles --------------- @@ -110,7 +136,8 @@ Client profiles that support KMIP symmetric key operations: References ========== -The source code for PyKMIP is hosted on GitHub and the library is available for installation from the Python Package Index (PyPI): +The source code for PyKMIP is hosted on GitHub and the library is available +for installation from the Python Package Index (PyPI): * `GitHub `_ * `PyPI `_ From bfb0bb88d708249f6b6a7d0ec28fe36f222342d1 Mon Sep 17 00:00:00 2001 From: Peter Hamilton Date: Thu, 23 Oct 2014 22:28:20 -0400 Subject: [PATCH 4/4] Adding username and password config options This change adds username and password configuration options to the client section of the configuration file. These options are used to create KMIP Credential objects for authenticating connections to a KMIP appliance. The KMIP proxy now uses these options when handling operation calls. If no credential is provided, the proxy will automatically create one from the config file. If either the username or the password is unspecified, an error is generated. If neither are specified, no credential is created. Only username/password credentials are currently supported. The KMIP proxy test suite now includes test cases covering this functionality. --- kmip/core/config_helper.py | 2 + kmip/kmipconfig.ini | 2 + kmip/services/kmip_client.py | 40 +++++++++++++++-- kmip/tests/services/test_kmip_client.py | 60 +++++++++++++++++++++++++ 4 files changed, 101 insertions(+), 3 deletions(-) diff --git a/kmip/core/config_helper.py b/kmip/core/config_helper.py index 90aedbb..7fbb2e8 100644 --- a/kmip/core/config_helper.py +++ b/kmip/core/config_helper.py @@ -35,6 +35,8 @@ class ConfigHelper(object): DEFAULT_CA_CERTS = os.path.normpath(os.path.join( FILE_PATH, '../demos/certs/server.crt')) DEFAULT_SSL_VERSION = 'PROTOCOL_SSLv23' + DEFAULT_USERNAME = None + DEFAULT_PASSWORD = None def __init__(self): self.logger = logging.getLogger(__name__) diff --git a/kmip/kmipconfig.ini b/kmip/kmipconfig.ini index 1e65de9..1adc533 100644 --- a/kmip/kmipconfig.ini +++ b/kmip/kmipconfig.ini @@ -8,6 +8,8 @@ ssl_version=PROTOCOL_SSLv23 ca_certs=../demos/certs/server.crt do_handshake_on_connect=True suppress_ragged_eofs=True +username=None +password=None [server] host=127.0.0.1 diff --git a/kmip/services/kmip_client.py b/kmip/services/kmip_client.py index 51d246c..25fd500 100644 --- a/kmip/services/kmip_client.py +++ b/kmip/services/kmip_client.py @@ -22,6 +22,9 @@ from kmip.services.results import LocateResult from kmip.core import attributes as attr from kmip.core.enums import Operation as OperationEnum +from kmip.core.enums import CredentialType + +from kmip.core.factories.credentials import CredentialFactory from kmip.core import objects from kmip.core.server import KMIP @@ -55,13 +58,17 @@ class KMIPProxy(KMIP): def __init__(self, host=None, port=None, keyfile=None, certfile=None, cert_reqs=None, ssl_version=None, ca_certs=None, do_handshake_on_connect=None, - suppress_ragged_eofs=None): + suppress_ragged_eofs=None, + username=None, + password=None): super(self.__class__, self).__init__() self.logger = logging.getLogger(__name__) + self.credential_factory = CredentialFactory() self._set_variables(host, port, keyfile, certfile, cert_reqs, ssl_version, ca_certs, - do_handshake_on_connect, suppress_ragged_eofs) + do_handshake_on_connect, suppress_ragged_eofs, + username, password) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket = ssl.wrap_socket( @@ -327,9 +334,29 @@ class KMIPProxy(KMIP): uuids) return result + # TODO (peter-hamilton) Augment to handle device credentials + def _build_credential(self): + if (self.username is None) and (self.password is None): + return None + if self.username is None: + raise ValueError('cannot build credential, username is None') + if self.password is None: + raise ValueError('cannot build credential, password is None') + + credential_type = CredentialType.USERNAME_AND_PASSWORD + credential_value = {'Username': self.username, + 'Password': self.password} + credential = self.credential_factory.create_credential( + credential_type, + credential_value) + return credential + def _build_request_message(self, credential, batch_items): protocol_version = ProtocolVersion.create(1, 1) + if credential is None: + credential = self._build_credential() + authentication = None if credential is not None: authentication = Authentication(credential) @@ -352,7 +379,8 @@ class KMIPProxy(KMIP): def _set_variables(self, host, port, keyfile, certfile, cert_reqs, ssl_version, ca_certs, - do_handshake_on_connect, suppress_ragged_eofs): + do_handshake_on_connect, suppress_ragged_eofs, + username, password): conf = ConfigHelper() self.host = conf.get_valid_value( @@ -389,3 +417,9 @@ class KMIPProxy(KMIP): self.suppress_ragged_eofs = True else: self.suppress_ragged_eofs = False + + self.username = conf.get_valid_value( + username, 'client', 'username', conf.DEFAULT_USERNAME) + + self.password = conf.get_valid_value( + password, 'client', 'password', conf.DEFAULT_PASSWORD) diff --git a/kmip/tests/services/test_kmip_client.py b/kmip/tests/services/test_kmip_client.py index 4fa3ba8..a8c9b47 100644 --- a/kmip/tests/services/test_kmip_client.py +++ b/kmip/tests/services/test_kmip_client.py @@ -248,6 +248,66 @@ class TestKMIPClient(TestCase): expected, observed, 'value') self.assertEqual(expected, observed, message) + # TODO (peter-hamilton) Modify for credential type and/or add new test + def test_build_credential(self): + username = 'username' + password = 'password' + cred_type = CredentialType.USERNAME_AND_PASSWORD + self.client.username = username + self.client.password = password + + credential = self.client._build_credential() + + message = utils.build_er_error(credential.__class__, 'type', + cred_type, + credential.credential_type.enum, + 'value') + self.assertEqual(CredentialType.USERNAME_AND_PASSWORD, + credential.credential_type.enum, + message) + + message = utils.build_er_error( + credential.__class__, 'type', username, + credential.credential_value.username.value, 'value') + self.assertEqual(username, credential.credential_value.username.value, + message) + + message = utils.build_er_error( + credential.__class__, 'type', password, + credential.credential_value.password.value, 'value') + self.assertEqual(password, credential.credential_value.password.value, + message) + + def test_build_credential_no_username(self): + username = None + password = 'password' + self.client.username = username + self.client.password = password + + exception = self.assertRaises(ValueError, + self.client._build_credential) + self.assertEqual('cannot build credential, username is None', + str(exception)) + + def test_build_credential_no_password(self): + username = 'username' + password = None + self.client.username = username + self.client.password = password + + exception = self.assertRaises(ValueError, + self.client._build_credential) + self.assertEqual('cannot build credential, password is None', + str(exception)) + + def test_build_credential_no_creds(self): + self.client.username = None + self.client.password = None + + credential = self.client._build_credential() + + self.assertEqual(None, credential) + def _shutdown_server(self): if self.server.poll() is not None: return