Merge OpenKMIP updates into Cloudian fork (#7)

Author: bnoonan-cloudian

.github/workflows/tox.yml

@@ -0,0 +1,51 @@
+name: tox
+
+on:
+    push:
+        branches: [ master ]
+    pull_request:
+
+jobs:
+    tox-test:
+        strategy:
+            matrix:
+                os: [ubuntu-latest]
+                python:
+                    - {version: '3.8', env: py38}
+                    - {version: '3.9', env: py39}
+                    - {version: '3.10', env: py310}
+                    - {version: '3.11', env: py311}
+                test_mode: [0, 1]
+        runs-on: ${{ matrix.os }}
+        env:
+            TOXENV: ${{ matrix.python.env }}
+            RUN_INTEGRATION_TESTS: ${{ matrix.test_mode }}
+        steps:
+            - uses: actions/checkout@v3
+            - uses: actions/setup-python@v4
+              with:
+                python-version: ${{ matrix.python.version }}
+            - run: pip install tox
+            - run: pip install codecov
+            - run: pip install slugs
+            - run: python3 setup.py install
+            - run: ./.travis/run.sh
+            - run: codecov
+    tox-other:
+        strategy:
+            matrix:
+                os: [ubuntu-latest]
+                python: ['3.8', '3.9', '3.10', '3.11']
+                test: [pep8, bandit, docs]
+        runs-on: ${{ matrix.os }}
+        env:
+            TOXENV: ${{ matrix.test }}
+        steps:
+            - uses: actions/checkout@v3
+            - uses: actions/setup-python@v4
+              with:
+                python-version: ${{ matrix.python }}
+            - run: pip install tox
+            - run: pip install bandit
+              if: ${{ matrix.test == 'bandit' }}
+            - run: tox

.travis/run.sh

@@ -3,6 +3,9 @@
 set -e
 set -x
 
+pkill -f run_server.py || true
+sleep 1
+
 if [[ "${RUN_INTEGRATION_TESTS}" == "1" ]]; then
     sudo mkdir -p /etc/pykmip/certs
     sudo mkdir -p /etc/pykmip/policies
@@ -14,6 +17,7 @@ if [[ "${RUN_INTEGRATION_TESTS}" == "1" ]]; then
     sudo cp ./.travis/policy.json /etc/pykmip/policies/policy.json
     sudo mkdir -p /var/log/pykmip
     sudo chmod 777 /var/log/pykmip
+    sudo chmod -R 777 /etc/pykmip/
     python3 ./bin/run_server.py &
     tox -e integration -- --config client
 elif [[ "${RUN_INTEGRATION_TESTS}" == "2" ]]; then

docs/source/conf.py

@@ -64,7 +64,7 @@
 #
 # This is also used if you do content translation via gettext catalogs.
 # Usually you set "language" from the command line for these cases.
-language = None
+language = 'en'
 
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.

kmip/__init__.py

@@ -15,8 +15,6 @@
 
 import os
 import re
-import sys
-import warnings
 
 from kmip.core import enums
 from kmip.pie import client
@@ -46,22 +44,3 @@
     'objects',
     'services'
 ]
-
-
-if sys.version_info[:2] == (2, 7):
-    warnings.warn(
-        (
-            "PyKMIP will drop support for Python 2.7 in a future release. "
-            "Please upgrade to a newer version of Python (3.5+ preferred)."
-        ),
-        PendingDeprecationWarning
-    )
-
-if sys.version_info[:2] == (3, 4):
-    warnings.warn(
-        (
-            "PyKMIP will drop support for Python 3.4 in a future release. "
-            "Please upgrade to a newer version of Python (3.5+ preferred)."
-        ),
-        PendingDeprecationWarning
-    )

kmip/core/factories/attribute_values.py

@@ -114,6 +114,8 @@ def create_attribute_value(self, name, value):
             return primitives.Boolean(value, enums.Tags.NEVER_EXTRACTABLE)
         elif name is enums.AttributeType.CUSTOM_ATTRIBUTE:
             return attributes.CustomAttribute(value)
+        elif name is enums.AttributeType.ORIGINAL_CREATION_DATE:
+            return primitives.DateTime(value, enums.Tags.ORIGINAL_CREATION_DATE)
         else:
             if not isinstance(name, str):
                 raise ValueError('Unrecognized attribute type: '

kmip/core/messages/contents.py

@@ -506,6 +506,13 @@ def __init__(self):
         super(MessageExtension, self).__init__(enums.Tags.MESSAGE_EXTENSION)
 
 
+# 6.19
+class ServerCorrelationValue(TextString):
+    def __init__(self, value=None):
+        super(ServerCorrelationValue, self).__init__(
+            value, enums.Tags.SERVER_CORRELATION_VALUE)
+
+
 # 9.1.3.2.2
 class KeyCompressionType(Enumeration):
 

kmip/core/messages/messages.py

@@ -150,12 +150,14 @@ def __init__(self,
                  protocol_version=None,
                  time_stamp=None,
                  batch_count=None,
-                 server_hashed_password=None):
+                 server_hashed_password=None,
+                 server_correlation_value=None):
         super(ResponseHeader, self).__init__(tag=Tags.RESPONSE_HEADER)
         self.protocol_version = protocol_version
         self.time_stamp = time_stamp
         self.batch_count = batch_count
         self.server_hashed_password = server_hashed_password
+        self.server_correlation_value = server_correlation_value
 
         self.validate()
 
@@ -204,6 +206,10 @@ def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0):
                 server_hashed_password.read(tstream, kmip_version=kmip_version)
                 self._server_hashed_password = server_hashed_password
 
+        if self.is_tag_next(enums.Tags.SERVER_CORRELATION_VALUE, tstream):
+            self.server_correlation_value = contents.ServerCorrelationValue()
+            self.server_correlation_value.read(tstream, kmip_version=kmip_version)
+
         self.batch_count = contents.BatchCount()
         self.batch_count.read(tstream, kmip_version=kmip_version)
 

kmip/services/server/auth/slugs.py

@@ -88,7 +88,7 @@ def authenticate(self,
         )
 
         try:
-            response = requests.get(self.users_url.format(user_id))
+            response = requests.get(self.users_url.format(user_id), timeout=10)
         except Exception:
             raise exceptions.ConfigurationError(
                 "A connection could not be established using the SLUGS URL."
@@ -98,7 +98,7 @@ def authenticate(self,
                 "Unrecognized user ID: {}".format(user_id)
             )
 
-        response = requests.get(self.groups_url.format(user_id))
+        response = requests.get(self.groups_url.format(user_id), timeout=10)
         if response.status_code == 404:
             raise exceptions.PermissionDenied(
                 "Group information could not be retrieved for user ID: "

kmip/services/server/crypto/engine.py

@@ -269,8 +269,7 @@ def mac(self, algorithm, key, data):
             )
             cipher_algorithm = self._symmetric_key_algorithms.get(algorithm)
             try:
-                # ARC4 and IDEA algorithms will raise exception as CMAC
-                # requires block ciphers
+                # ARC4 and other non-block cipher algorithm will raise TypeError
                 c = cmac.CMAC(cipher_algorithm(key), backend=default_backend())
                 c.update(data)
                 mac_data = c.finalize()
@@ -597,13 +596,17 @@ def _encrypt_asymmetric(self,
                     "encryption.".format(padding_method)
                 )
 
-            backend = default_backend()
-
             try:
-                public_key = backend.load_der_public_key(encryption_key)
+                public_key = serialization.load_der_public_key(
+                    encryption_key,
+                    backend=default_backend()
+                )
             except Exception:
                 try:
-                    public_key = backend.load_pem_public_key(encryption_key)
+                    public_key = serialization.load_pem_public_key(
+                        encryption_key,
+                        backend=default_backend()
+                    )
                 except Exception:
                     raise exceptions.CryptographicFailure(
                         "The public key bytes could not be loaded."
@@ -1458,8 +1461,6 @@ def verify_signature(self,
                 loaded, or when the signature verification process fails
                 unexpectedly.
         """
-        backend = default_backend()
-
         hash_algorithm = None
         dsa_hash_algorithm = None
         dsa_signing_algorithm = None
@@ -1513,10 +1514,16 @@ def verify_signature(self,
                 )
 
             try:
-                public_key = backend.load_der_public_key(signing_key)
+                public_key = serialization.load_der_public_key(
+                    signing_key,
+                    backend=default_backend()
+                )
             except Exception:
                 try:
-                    public_key = backend.load_pem_public_key(signing_key)
+                    public_key = serialization.load_pem_public_key(
+                        signing_key,
+                        backend=default_backend()
+                    )
                 except Exception:
                     raise exceptions.CryptographicFailure(
                         "The signing key bytes could not be loaded."

kmip/services/server/engine.py

@@ -356,80 +356,81 @@ def build_error_response(self, version, reason, message):
     def _process_batch(self, request_batch, batch_handling, batch_order):
         response_batch = list()
 
-        self._data_session = self._data_store_session_factory()
+        with self._data_store_session_factory() as session:
+            self._data_session = session
 
-        for batch_item in request_batch:
-            error_occurred = False
+            for batch_item in request_batch:
+                error_occurred = False
 
-            response_payload = None
-            result_status = None
-            result_reason = None
-            result_message = None
+                response_payload = None
+                result_status = None
+                result_reason = None
+                result_message = None
 
-            operation = batch_item.operation
-            request_payload = batch_item.request_payload
+                operation = batch_item.operation
+                request_payload = batch_item.request_payload
 
-            # Process batch item ID.
-            if len(request_batch) > 1:
-                if not batch_item.unique_batch_item_id:
-                    raise exceptions.InvalidMessage(
-                        "Batch item ID is undefined."
+                # Process batch item ID.
+                if len(request_batch) > 1:
+                    if not batch_item.unique_batch_item_id:
+                        raise exceptions.InvalidMessage(
+                            "Batch item ID is undefined."
+                        )
+
+                # Process batch message extension.
+                # TODO (peterhamilton) Add support for message extension handling.
+                # 1. Extract the vendor identification and criticality indicator.
+                # 2. If the indicator is True, raise an error.
+                # 3. If the indicator is False, ignore the extension.
+
+                # Process batch payload.
+                try:
+                    response_payload = self._process_operation(
+                        operation.value,
+                        request_payload
                     )
 
-            # Process batch message extension.
-            # TODO (peterhamilton) Add support for message extension handling.
-            # 1. Extract the vendor identification and criticality indicator.
-            # 2. If the indicator is True, raise an error.
-            # 3. If the indicator is False, ignore the extension.
-
-            # Process batch payload.
-            try:
-                response_payload = self._process_operation(
-                    operation.value,
-                    request_payload
-                )
+                    result_status = enums.ResultStatus.SUCCESS
+                except exceptions.KmipError as e:
+                    error_occurred = True
+                    result_status = e.status
+                    result_reason = e.reason
+                    result_message = str(e)
+                except Exception as e:
+                    self._logger.warning(
+                        "Error occurred while processing operation."
+                    )
+                    self._logger.exception(e)
 
-                result_status = enums.ResultStatus.SUCCESS
-            except exceptions.KmipError as e:
-                error_occurred = True
-                result_status = e.status
-                result_reason = e.reason
-                result_message = str(e)
-            except Exception as e:
-                self._logger.warning(
-                    "Error occurred while processing operation."
-                )
-                self._logger.exception(e)
-
-                error_occurred = True
-                result_status = enums.ResultStatus.OPERATION_FAILED
-                result_reason = enums.ResultReason.GENERAL_FAILURE
-                result_message = (
-                    "Operation failed. See the server logs for more "
-                    "information."
+                    error_occurred = True
+                    result_status = enums.ResultStatus.OPERATION_FAILED
+                    result_reason = enums.ResultReason.GENERAL_FAILURE
+                    result_message = (
+                        "Operation failed. See the server logs for more "
+                        "information."
+                    )
+
+                # Compose operation result.
+                result_status = contents.ResultStatus(result_status)
+                if result_reason:
+                    result_reason = contents.ResultReason(result_reason)
+                if result_message:
+                    result_message = contents.ResultMessage(result_message)
+
+                batch_item = messages.ResponseBatchItem(
+                    operation=batch_item.operation,
+                    unique_batch_item_id=batch_item.unique_batch_item_id,
+                    result_status=result_status,
+                    result_reason=result_reason,
+                    result_message=result_message,
+                    response_payload=response_payload
                 )
+                response_batch.append(batch_item)
 
-            # Compose operation result.
-            result_status = contents.ResultStatus(result_status)
-            if result_reason:
-                result_reason = contents.ResultReason(result_reason)
-            if result_message:
-                result_message = contents.ResultMessage(result_message)
-
-            batch_item = messages.ResponseBatchItem(
-                operation=batch_item.operation,
-                unique_batch_item_id=batch_item.unique_batch_item_id,
-                result_status=result_status,
-                result_reason=result_reason,
-                result_message=result_message,
-                response_payload=response_payload
-            )
-            response_batch.append(batch_item)
-
-            # Handle batch error if necessary.
-            if error_occurred:
-                if batch_handling == enums.BatchErrorContinuationOption.STOP:
-                    break
+                # Handle batch error if necessary.
+                if error_occurred:
+                    if batch_handling == enums.BatchErrorContinuationOption.STOP:
+                        break
 
         self._data_session.close()