search

OpenKMIP / PyKMIP

A Python implementation of the KMIP specification.
Apache License 2.0
272 stars 134 forks source link

Very wonderful project #653

Open pkking opened 3 years ago

pkking commented 3 years ago

Dear team, Im looking for a opensource impl of KMIP protocol, this repo is great!! Im not a KMIP expert, want to know if there is plan to support the LINK attribute? When i invoke the rekey API, next time i call get_attributes will raise a NotImplementedError.

>>> c=client.ProxyKmipClient(config='client', config_file='D:\\git\\pykmip\\kmip-safenet.conf', kmip_version=enums.KMIPVersion.KMIP_1_0)
>>> c.open()
>>> id = c.create(enums.CryptographicAlgorithm.AES, 256, name="testpykmip4safenet{}".format(int(time.time()))) 
>>> newid=c.rekey(id) 
>>> c.get_attributes(newid)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "D:\git\pykmip\kmip\pie\client.py", line 41, in wrapper
    return function(self, *args, **kwargs)
  File "D:\git\pykmip\kmip\pie\client.py", line 1031, in get_attributes
    result = self.proxy.get_attributes(uid, attribute_names)
  File "D:\git\pykmip\kmip\services\kmip_client.py", line 754, in get_attributes
    response = self._send_and_receive_message(request)
  File "D:\git\pykmip\kmip\services\kmip_client.py", line 1735, in _send_and_receive_message
    response.read(data, self.kmip_version)
  File "D:\git\pykmip\kmip\core\messages\messages.py", line 529, in read
    batch_item.read(istream, kmip_version=kmip_version)
  File "D:\git\pykmip\kmip\core\messages\messages.py", line 415, in read
    self.response_payload.read(tstream, kmip_version=kmip_version)
  File "D:\git\pykmip\kmip\core\messages\payloads\get_attributes.py", line 382, in read
    attribute.read(local_buffer, kmip_version=kmip_version)
  File "D:\git\pykmip\kmip\core\objects.py", line 115, in read
    value = self.value_factory.create_attribute_value(enum_type, None)
  File "D:\git\pykmip\kmip\core\factories\attribute_values.py", line 100, in create_attribute_value
    raise NotImplementedError()
NotImplementedError

Thanks!

pkking commented 3 years ago

ping @PeterHamilton

PeterHamilton commented 3 years ago

Hi @pkking, thanks for filing this issue. Adding support for the Link attribute is on the todo list but I can't say at this point when I'll be able to get to it. I'm assuming you're using PyKMIP with a SafeNet key server and its returning KMIP attributes that PyKMIP does not support. Is the Link attribute one of these? Are there others?

pkking commented 3 years ago

yes, the reproduction is:

  1. create a new key
  2. activate the key
  3. rekey
  4. get_attribute of the new key(as described by the KMIP spec the new key's attributions will contain a link that refer to the replaced key) will fail
pkking commented 3 years ago

for now, the link attr is the only failed case. other features seems ok, I will try more key servers and reply if I meet any issues else.

PeterHamilton commented 3 years ago

Thanks for the update. I'll look into how much effort it'll take to get Link support in place on the client side. I may be able to squeeze something in the short term if it's not too much effort.