From f1b57d21fca2b83ba2c204d6aab02223e50356b4 Mon Sep 17 00:00:00 2001 From: Peter Hamilton Date: Tue, 18 Jun 2019 10:39:56 -0400 Subject: [PATCH] Fix a bug with how the server retrieves attributes under KMIP 2.0 This change fixes a bug in the server attribute handling logic that manifests when attributes are deprecated and removed in KMIP 2.0. Now these attributes are effectively ignored for KMIP 2.0 messages, complying with the KMIP 2.0 specification. --- kmip/services/server/engine.py | 4 ++++ kmip/services/server/policy.py | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/kmip/services/server/engine.py b/kmip/services/server/engine.py index 839b90e1..71e47853 100644 --- a/kmip/services/server/engine.py +++ b/kmip/services/server/engine.py @@ -593,10 +593,14 @@ def _get_attributes_from_managed_object(self, managed_object, attr_names): for attribute_name in attr_names: object_type = managed_object._object_type + # TODO (ph) Create the policy once and just pass these calls the + # KMIP version for the current request. if not self._attribute_policy.is_attribute_supported( attribute_name ): continue + if self._attribute_policy.is_attribute_deprecated(attribute_name): + continue if self._attribute_policy.is_attribute_applicable_to_object_type( attribute_name, diff --git a/kmip/services/server/policy.py b/kmip/services/server/policy.py index a2666483..1fa021db 100644 --- a/kmip/services/server/policy.py +++ b/kmip/services/server/policy.py @@ -521,7 +521,8 @@ def __init__(self, version): enums.ObjectType.SECRET_DATA, enums.ObjectType.OPAQUE_DATA ), - contents.ProtocolVersion(1, 0) + contents.ProtocolVersion(1, 0), + contents.ProtocolVersion(2, 0) ), 'Cryptographic Usage Mask': AttributeRuleSet( True,