diff options
author | Abhishek Koneru <akoneru@redhat.com> | 2014-06-24 09:37:07 -0400 |
---|---|---|
committer | Abhishek Koneru <akoneru@redhat.com> | 2014-06-27 09:08:39 -0400 |
commit | 700caa5fcc213a2f5768a6142a5d71380e81a467 (patch) | |
tree | 6fcf70fcd87753f35c138873755ece450c823f72 /base/kra/functional | |
parent | 5c86d1aa946d7bf1eff3e8b30c28ae3dc003f919 (diff) | |
download | pki-700caa5fcc213a2f5768a6142a5d71380e81a467.tar.gz pki-700caa5fcc213a2f5768a6142a5d71380e81a467.tar.xz pki-700caa5fcc213a2f5768a6142a5d71380e81a467.zip |
Fixes for #1040 and #1041 in cert and key python modules
Ticket 1040 - Perform null checks on JSON attributes.
Ticket 1041 - Rename module kraclient to kra.
Also refactored the code in cert module removing the usage of
property. Achieved the conversion of names(camelCase to '_' separated )
using a dictionaries in the objects. The default method in encoder module
has also been modified to perform the reverse conversion.
Diffstat (limited to 'base/kra/functional')
-rw-r--r-- | base/kra/functional/drmtest.py | 73 | ||||
-rw-r--r-- | base/kra/functional/drmtest.readme.txt | 6 |
2 files changed, 48 insertions, 31 deletions
diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py index 0fff95c2e..9ef096194 100644 --- a/base/kra/functional/drmtest.py +++ b/base/kra/functional/drmtest.py @@ -1,21 +1,23 @@ -# Authors: -# Ade Lee <alee@redhat.com> -# -# Copyright (C) 2012 Red Hat -# see file 'COPYING' for use and warranty information +#!/usr/bin/python # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. +# the Free Software Foundation; version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2013 Red Hat, Inc. +# All rights reserved. +# +# Authors: +# Ade Lee <alee@redhat.com> """ ========================================================================= @@ -36,7 +38,7 @@ import pki.key as key import time from pki.client import PKIConnection -from pki.kraclient import KRAClient +from pki.kra import KRAClient def print_key_request(request): @@ -44,7 +46,7 @@ def print_key_request(request): print "RequestURL: " + str(request.request_url) print "RequestType: " + str(request.request_type) print "RequestStatus: " + str(request.request_status) - print "KeyURL: " + str(request.keyURL) + print "KeyURL: " + str(request.key_url) def print_key_info(key_info): @@ -62,7 +64,8 @@ def print_key_data(key_data): print "Key Algorithm: " + str(key_data.algorithm) print "Key Size: " + str(key_data.size) print "Nonce Data: " + base64.encodestring(key_data.nonce_data) - print "Wrapped Private Data: " + base64.encodestring(key_data.encrypted_data) + print "Wrapped Private Data: " + \ + base64.encodestring(key_data.encrypted_data) if key_data.data is not None: print "Private Data: " + base64.encodestring(key_data.data) @@ -72,12 +75,13 @@ def main(): # set up the connection to the DRM, including authentication credentials connection = PKIConnection('https', 'localhost', '8443', 'kra') - connection.set_authentication_cert('/tmp/temp4.pem') + connection.set_authentication_cert('/tmp/auth.pem') # create an NSS DB for crypto operations certdb_dir = "/tmp/drmtest-certdb" certdb_password = "redhat123" - cryptoutil.NSSCryptoUtil.setup_database(certdb_dir, certdb_password, over_write=True) + cryptoutil.NSSCryptoUtil.setup_database(certdb_dir, certdb_password, + over_write=True) #create kraclient crypto = cryptoutil.NSSCryptoUtil(certdb_dir, certdb_password) @@ -87,7 +91,9 @@ def main(): # Get transport cert and insert in the certdb transport_nick = "kra transport cert" transport_cert = kraclient.system_certs.get_transport_cert() - tcert = transport_cert[len(pki.CERT_HEADER):len(transport_cert) - len(pki.CERT_FOOTER)] + print transport_cert + tcert = transport_cert[len(pki.CERT_HEADER):len(transport_cert) - len( + pki.CERT_FOOTER)] crypto.import_cert(transport_nick, base64.decodestring(tcert), "u,u,u") # initialize the certdb for crypto operations @@ -117,18 +123,20 @@ def main(): client_key_id = "Vek #1" + time.strftime('%c') algorithm = "AES" key_size = 128 - usages = [key.SymKeyGenerationRequest.DECRYPT_USAGE, key.SymKeyGenerationRequest.ENCRYPT_USAGE] + usages = [key.SymKeyGenerationRequest.DECRYPT_USAGE, + key.SymKeyGenerationRequest.ENCRYPT_USAGE] response = keyclient.generate_symmetric_key(client_key_id, algorithm=algorithm, size=key_size, usages=usages) - print_key_request(response.requestInfo) - print "Request ID is " + response.requestInfo.get_request_id() + print_key_request(response.request_info) + print "Request ID is " + response.request_info.get_request_id() key_id = response.get_key_id() # Test 5: Confirm the key_id matches print "Now getting key ID for clientKeyID=\"" + client_key_id + "\"" - key_infos = keyclient.list_keys(client_key_id=client_key_id, status=keyclient.KEY_STATUS_ACTIVE) + key_infos = keyclient.list_keys(client_key_id=client_key_id, + status=keyclient.KEY_STATUS_ACTIVE) key_id2 = None for key_info in key_infos.key_infos: print_key_info(key_info) @@ -138,11 +146,14 @@ def main(): else: print "Failure - key_ids for generation do not match!" - # Test 6: Barbican_decode() - Retrieve while providing trans_wrapped_session_key + # Test 6: Barbican_decode() - Retrieve while providing + # trans_wrapped_session_key session_key = crypto.generate_session_key() - wrapped_session_key = crypto.asymmetric_wrap(session_key, keyclient.transport_cert) + wrapped_session_key = crypto.asymmetric_wrap(session_key, + keyclient.transport_cert) print "My key id is " + str(key_id) - key_data = keyclient.retrieve_key(key_id, trans_wrapped_session_key=wrapped_session_key) + key_data = keyclient.retrieve_key( + key_id, trans_wrapped_session_key=wrapped_session_key) print_key_data(key_data) unwrapped_key = crypto.symmetric_unwrap(key_data.encrypted_data, session_key, @@ -170,21 +181,24 @@ def main(): size=key_size, usages=usages) except pki.BadRequestException as exc: - print "BadRequestException thrown - Code:" + exc.code + " Message: " + exc.message + print "BadRequestException thrown - Code:" + exc.code +\ + " Message: " + exc.message # Test 11 - Test RequestNotFoundException on get_request_info print "Try to list a nonexistent request" try: keyclient.get_request_info('200000034') except pki.RequestNotFoundException as exc: - print "RequestNotFoundException thrown - Code:" + exc.code + " Message: " + exc.message + print "RequestNotFoundException thrown - Code:" + exc.code +\ + " Message: " + exc.message # Test 12 - Test exception on retrieve_key. print "Try to retrieve an invalid key" try: keyclient.retrieve_key('2000003434') except pki.KeyNotFoundException as exc: - print "KeyNotFoundException thrown - Code:" + exc.code + " Message: " + exc.message + print "KeyNotFoundException thrown - Code:" + exc.code + \ + " Message: " + exc.message #Test 13 = getKeyInfo print "Get key info for existing key" @@ -206,7 +220,8 @@ def main(): try: keyclient.get_key_info('200004556') except pki.KeyNotFoundException as exc: - print "KeyNotFoundException thrown - Code:" + exc.code + " Message: " + exc.message + print "KeyNotFoundException thrown - Code:" + exc.code +\ + " Message: " + exc.message # Test 17: Get key info for non-existent active key print "Get non-existent active key" @@ -214,7 +229,8 @@ def main(): key_info = keyclient.get_active_key_info(client_key_id) print_key_info(key_info) except pki.ResourceNotFoundException as exc: - print "ResourceNotFoundException thrown - Code: " + exc.code + "Message: " + exc.message + print "ResourceNotFoundException thrown - Code: " + exc.code +\ + "Message: " + exc.message #Test 18: Generate a symmetric key with default parameters client_key_id = "Vek #3" + time.strftime('%c') @@ -226,7 +242,8 @@ def main(): print "key to archive: " + key1 client_key_id = "Vek #4" + time.strftime('%c') - response = keyclient.archive_key(client_key_id, keyclient.SYMMETRIC_KEY_TYPE, + response = keyclient.archive_key(client_key_id, + keyclient.SYMMETRIC_KEY_TYPE, base64.decodestring(key1), key_algorithm=keyclient.AES_ALGORITHM, key_size=128) diff --git a/base/kra/functional/drmtest.readme.txt b/base/kra/functional/drmtest.readme.txt index 4e5c5f308..46debaa2b 100644 --- a/base/kra/functional/drmtest.readme.txt +++ b/base/kra/functional/drmtest.readme.txt @@ -1,6 +1,6 @@ You will need to set up a few things first though: -1. Install a CA/KRA. It this is not on the default ports, you will -need to modify the connection information in KRAClient.__main__ +1. Install a CA/KRA. If this is not on the default ports, you will +need to modify the connection information in drmtest.__main__ 2. The python code uses python-requests to talk to the server, and requests uses openssl. That means you need to export your DRM admin @@ -25,4 +25,4 @@ chmod +r /tmp/drmtest/certdb/* certutil -L -d /var/lib/pki/pki-tomcat/alias/ -n "transportCert cert-pki-tomcat KRA" -a > transport_cert.txt certutil -A -d /tmp/drmtest/certdb/ -n "kra transport cert" -i ./transport_cert.txt -a -t "u,u,u" -4. Then just run kraclient.__main__ with no arguments.
\ No newline at end of file +4. Then just run drmtest.__main__ with no arguments.
\ No newline at end of file |