638-rebased

.github/workflows/codeql-analysis.yml

@@ -39,7 +39,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -50,7 +50,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v2
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/tox.yml

@@ -0,0 +1,41 @@
+name: "tox.yml"
+
+on:
+    push:
+        branches: [ master ]
+    pull_request:
+        branches: [ master ]
+
+jobs:
+    build:
+        runs-on: ${{ matrix.os }}
+        env: 
+            TOXENV: ${{ matrix.test }}
+            RUN_INTEGRATION_TESTS: ${{ matrix.test_number}}
+        steps:
+            - uses: actions/checkout@v3
+            - run: pip install "tox"
+            - run: pip install bandit
+            - run: pip install codecov
+            - run: pip install slugs
+            - run: sudo chmod -R 777 /usr/local/lib/
+            - run: python3 setup.py install
+            - run: ./.travis/run.sh
+            - run: codecov
+        strategy:
+            matrix:
+                test: ["pep8", "bandit", "docs"]
+                os: [ubuntu-22.04,ubuntu-20.04]
+                include:
+                    - test: "py38"
+                      test_number: "0"
+                      os: ubuntu-20.04
+                    - test: "py38"
+                      test_number: "1"
+                      os: ubuntu-20.04
+                    - test: "py310"
+                      test_number: "0"
+                      os: ubuntu-22.04
+                    - test: "py310"
+                      test_number: "1"
+                      os: ubuntu-22.04

.travis/run.sh

@@ -3,6 +3,9 @@
 set -e
 set -x
 
+pkill -f run_server.py || true
+sleep 1
+
 if [[ "${RUN_INTEGRATION_TESTS}" == "1" ]]; then
     sudo mkdir -p /etc/pykmip/certs
     sudo mkdir -p /etc/pykmip/policies
@@ -12,9 +15,10 @@ if [[ "${RUN_INTEGRATION_TESTS}" == "1" ]]; then
     sudo cp ./.travis/pykmip.conf /etc/pykmip/pykmip.conf
     sudo cp ./.travis/server.conf /etc/pykmip/server.conf
     sudo cp ./.travis/policy.json /etc/pykmip/policies/policy.json
-    sudo mkdir /var/log/pykmip
+    sudo mkdir -p /var/log/pykmip
     sudo chmod 777 /var/log/pykmip
-    python ./bin/run_server.py &
+    sudo chmod -R 777 /etc/pykmip/
+    python3 ./bin/run_server.py &
     tox -e integration -- --config client
 elif [[ "${RUN_INTEGRATION_TESTS}" == "2" ]]; then
     # Set up the SLUGS instance
@@ -23,9 +27,9 @@ elif [[ "${RUN_INTEGRATION_TESTS}" == "2" ]]; then
 
     # Set up the PyKMIP server
     cp -r ./.travis/functional/pykmip /tmp/
-    python ./bin/create_certificates.py
+    python3 ./bin/create_certificates.py
     mv *.pem /tmp/pykmip/certs/
-    sudo mkdir /var/log/pykmip
+    sudo mkdir -p /var/log/pykmip
     sudo chmod 777 /var/log/pykmip
     pykmip-server -f /tmp/pykmip/server.conf -l /tmp/pykmip/server.log &
 

.travis/server.conf

@@ -4,6 +4,6 @@ port=5696
 certificate_path=/etc/pykmip/certs/cert.pem
 key_path=/etc/pykmip/certs/key.pem
 ca_path=/etc/pykmip/certs/cert.pem
-auth_suite=Basic
+auth_suite=TLS1.2
 enable_tls_client_auth=False
 policy_path=/etc/pykmip/policies/

bin/create_certificates.py

@@ -47,7 +47,8 @@ def create_certificate(subject_name,
                        signing_certificate,
                        signing_key,
                        days_valid=365,
-                       client_auth=False):
+                       client_auth=False,
+                       hostname=None):
     subject = x509.Name([
         x509.NameAttribute(x509.NameOID.ORGANIZATION_NAME, u"Test, Inc."),
         x509.NameAttribute(x509.NameOID.COMMON_NAME, subject_name)
@@ -72,6 +73,12 @@ def create_certificate(subject_name,
             critical=True
         )
 
+    if hostname:
+        builder = builder.add_extension(
+            x509.SubjectAlternativeName([x509.DNSName(hostname)]),
+            critical=False,
+        )
+
     certificate = builder.sign(
         signing_key,
         hashes.SHA256(),
@@ -92,7 +99,8 @@ def main():
         u"Server Certificate",
         server_key,
         root_certificate,
-        root_key
+        root_key,
+        hostname=u"localhost"
     )
 
     john_doe_client_key = create_rsa_private_key()

docs/source/conf.py

@@ -64,7 +64,7 @@
 #
 # This is also used if you do content translation via gettext catalogs.
 # Usually you set "language" from the command line for these cases.
-language = None
+language = 'en'
 
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.

kmip/core/enums.py

@@ -127,6 +127,9 @@ class AttributeType(enum.Enum):
     KEY_VALUE_LOCATION               = 'Key Value Location'
     ORIGINAL_CREATION_DATE           = 'Original Creation Date'
     SENSITIVE                        = "Sensitive"
+    ALWAYS_SENSITIVE                 = 'Always Sensitive'
+    EXTRACTABLE                      = 'Extractable'
+    NEVER_EXTRACTABLE                = 'Never Extractable'
 
 
 class AuthenticationSuite(enum.Enum):

kmip/core/factories/attribute_values.py

@@ -106,8 +106,16 @@ def create_attribute_value(self, name, value):
             return primitives.DateTime(value, enums.Tags.LAST_CHANGE_DATE)
         elif name is enums.AttributeType.SENSITIVE:
             return primitives.Boolean(value, enums.Tags.SENSITIVE)
+        elif name is enums.AttributeType.ALWAYS_SENSITIVE:
+            return primitives.Boolean(value, enums.Tags.ALWAYS_SENSITIVE)
+        elif name is enums.AttributeType.EXTRACTABLE:
+            return primitives.Boolean(value, enums.Tags.EXTRACTABLE)
+        elif name is enums.AttributeType.NEVER_EXTRACTABLE:
+            return primitives.Boolean(value, enums.Tags.NEVER_EXTRACTABLE)
         elif name is enums.AttributeType.CUSTOM_ATTRIBUTE:
             return attributes.CustomAttribute(value)
+        elif name is enums.AttributeType.ORIGINAL_CREATION_DATE:
+            return primitives.DateTime(value, enums.Tags.ORIGINAL_CREATION_DATE)
         else:
             if not isinstance(name, str):
                 raise ValueError('Unrecognized attribute type: '

kmip/core/messages/contents.py

@@ -506,6 +506,13 @@ def __init__(self):
         super(MessageExtension, self).__init__(enums.Tags.MESSAGE_EXTENSION)
 
 
+# 6.19
+class ServerCorrelationValue(TextString):
+    def __init__(self, value=None):
+        super(ServerCorrelationValue, self).__init__(
+            value, enums.Tags.SERVER_CORRELATION_VALUE)
+
+
 # 9.1.3.2.2
 class KeyCompressionType(Enumeration):
 

kmip/core/messages/messages.py

@@ -150,12 +150,14 @@ def __init__(self,
                  protocol_version=None,
                  time_stamp=None,
                  batch_count=None,
-                 server_hashed_password=None):
+                 server_hashed_password=None,
+                 server_correlation_value=None):
         super(ResponseHeader, self).__init__(tag=Tags.RESPONSE_HEADER)
         self.protocol_version = protocol_version
         self.time_stamp = time_stamp
         self.batch_count = batch_count
         self.server_hashed_password = server_hashed_password
+        self.server_correlation_value = server_correlation_value
 
         self.validate()
 
@@ -204,6 +206,10 @@ def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0):
                 server_hashed_password.read(tstream, kmip_version=kmip_version)
                 self._server_hashed_password = server_hashed_password
 
+        if self.is_tag_next(enums.Tags.SERVER_CORRELATION_VALUE, tstream):
+            self.server_correlation_value = contents.ServerCorrelationValue()
+            self.server_correlation_value.read(tstream, kmip_version=kmip_version)
+
         self.batch_count = contents.BatchCount()
         self.batch_count.read(tstream, kmip_version=kmip_version)
 

kmip/core/messages/payloads/discover_versions.py

@@ -40,7 +40,7 @@ def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0):
         )
         tstream = BytearrayStream(istream.read(self.length))
 
-        while(self.is_tag_next(enums.Tags.PROTOCOL_VERSION, tstream)):
+        while (self.is_tag_next(enums.Tags.PROTOCOL_VERSION, tstream)):
             protocol_version = ProtocolVersion()
             protocol_version.read(tstream, kmip_version=kmip_version)
             self.protocol_versions.append(protocol_version)
@@ -99,7 +99,7 @@ def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0):
         )
         tstream = BytearrayStream(istream.read(self.length))
 
-        while(self.is_tag_next(enums.Tags.PROTOCOL_VERSION, tstream)):
+        while (self.is_tag_next(enums.Tags.PROTOCOL_VERSION, tstream)):
             protocol_version = ProtocolVersion()
             protocol_version.read(tstream, kmip_version=kmip_version)
             self.protocol_versions.append(protocol_version)

kmip/core/messages/payloads/query.py

@@ -105,7 +105,7 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
         local_buffer = utils.BytearrayStream(input_buffer.read(self.length))
 
         query_functions = []
-        while(self.is_tag_next(enums.Tags.QUERY_FUNCTION, local_buffer)):
+        while (self.is_tag_next(enums.Tags.QUERY_FUNCTION, local_buffer)):
             query_function = primitives.Enumeration(
                 enums.QueryFunction,
                 tag=enums.Tags.QUERY_FUNCTION
@@ -709,7 +709,7 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
         local_buffer = utils.BytearrayStream(input_buffer.read(self.length))
 
         operations = []
-        while(self.is_tag_next(enums.Tags.OPERATION, local_buffer)):
+        while (self.is_tag_next(enums.Tags.OPERATION, local_buffer)):
             operation = primitives.Enumeration(
                 enums.Operation,
                 tag=enums.Tags.OPERATION
@@ -719,7 +719,7 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
         self._operations = operations
 
         object_types = []
-        while(self.is_tag_next(enums.Tags.OBJECT_TYPE, local_buffer)):
+        while (self.is_tag_next(enums.Tags.OBJECT_TYPE, local_buffer)):
             object_type = primitives.Enumeration(
                 enums.ObjectType,
                 tag=enums.Tags.OBJECT_TYPE
@@ -747,7 +747,7 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
             self._server_information = server_information
 
         application_namespaces = []
-        while(self.is_tag_next(
+        while (self.is_tag_next(
                 enums.Tags.APPLICATION_NAMESPACE,
                 local_buffer
             )
@@ -761,7 +761,7 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
 
         if kmip_version >= enums.KMIPVersion.KMIP_1_1:
             extensions_information = []
-            while(self.is_tag_next(
+            while (self.is_tag_next(
                     enums.Tags.EXTENSION_INFORMATION,
                     local_buffer
                 )
@@ -776,7 +776,11 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
 
         if kmip_version >= enums.KMIPVersion.KMIP_1_2:
             attestation_types = []
-            while(self.is_tag_next(enums.Tags.ATTESTATION_TYPE, local_buffer)):
+            while (self.is_tag_next(
+                    enums.Tags.ATTESTATION_TYPE,
+                    local_buffer
+                )
+            ):
                 attestation_type = primitives.Enumeration(
                     enums.AttestationType,
                     tag=enums.Tags.ATTESTATION_TYPE
@@ -787,14 +791,14 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
 
         if kmip_version >= enums.KMIPVersion.KMIP_1_3:
             rngs_parameters = []
-            while(self.is_tag_next(enums.Tags.RNG_PARAMETERS, local_buffer)):
+            while (self.is_tag_next(enums.Tags.RNG_PARAMETERS, local_buffer)):
                 rng_parameters = objects.RNGParameters()
                 rng_parameters.read(local_buffer, kmip_version=kmip_version)
                 rngs_parameters.append(rng_parameters)
             self._rng_parameters = rngs_parameters
 
             profiles_information = []
-            while(self.is_tag_next(
+            while (self.is_tag_next(
                     enums.Tags.PROFILE_INFORMATION,
                     local_buffer
                 )
@@ -808,7 +812,7 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
             self._profile_information = profiles_information
 
             validations_information = []
-            while(self.is_tag_next(
+            while (self.is_tag_next(
                     enums.Tags.VALIDATION_INFORMATION,
                     local_buffer
                 )
@@ -822,7 +826,7 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
             self._validation_information = validations_information
 
             capabilities_information = []
-            while(self.is_tag_next(
+            while (self.is_tag_next(
                     enums.Tags.CAPABILITY_INFORMATION,
                     local_buffer
                 )
@@ -836,7 +840,7 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
             self._capability_information = capabilities_information
 
             client_registration_methods = []
-            while(self.is_tag_next(
+            while (self.is_tag_next(
                     enums.Tags.CLIENT_REGISTRATION_METHOD,
                     local_buffer
                 )
@@ -862,7 +866,7 @@ def read(self, input_buffer, kmip_version=enums.KMIPVersion.KMIP_1_0):
                 self._defaults_information = defaults_information
 
             protection_storage_masks = []
-            while(self.is_tag_next(
+            while (self.is_tag_next(
                     enums.Tags.PROTECTION_STORAGE_MASK,
                     local_buffer
                 )

kmip/demos/pie/register_certificate.py

@@ -26,7 +26,7 @@
 if __name__ == '__main__':
     logger = utils.build_console_logger(logging.INFO)
 
-    parser = utils.build_cli_parser()
+    parser = utils.build_cli_parser(enums.Operation.REGISTER)
     opts, args = parser.parse_args(sys.argv[1:])
 
     config = opts.config

kmip/demos/pie/register_opaque_object.py

@@ -26,7 +26,7 @@
 if __name__ == '__main__':
     logger = utils.build_console_logger(logging.INFO)
 
-    parser = utils.build_cli_parser()
+    parser = utils.build_cli_parser(enums.Operation.REGISTER)
     opts, args = parser.parse_args(sys.argv[1:])
 
     config = opts.config

kmip/demos/pie/register_private_key.py

@@ -26,7 +26,7 @@
 if __name__ == '__main__':
     logger = utils.build_console_logger(logging.INFO)
 
-    parser = utils.build_cli_parser()
+    parser = utils.build_cli_parser(enums.Operation.REGISTER)
     opts, args = parser.parse_args(sys.argv[1:])
 
     config = opts.config

kmip/demos/pie/register_public_key.py

@@ -26,7 +26,7 @@
 if __name__ == '__main__':
     logger = utils.build_console_logger(logging.INFO)
 
-    parser = utils.build_cli_parser()
+    parser = utils.build_cli_parser(enums.Operation.REGISTER)
     opts, args = parser.parse_args(sys.argv[1:])
 
     config = opts.config