def get_public_key(partition):
"""
reads the password config entry 'linotp.PublicKey.Partition.<partition>',
extracts and decodes the public key and returns it as a 32 bytes.
"""
import linotp.lib.config
key = 'linotp.PublicKey.Partition.%d' % partition
# FIXME: unencryption should not happen at this early stage
public_key_b64 = linotp.lib.config.getFromConfig(key).get_unencrypted()
if not public_key_b64:
raise ConfigAdminError('No public key found for %d' % partition)
public_key = base64.b64decode(public_key_b64)
# TODO: key type checking
if len(public_key) != 32:
raise ValidateError('Public key has an invalid '
'format. Key must be 32 bytes long')
return public_key
def _removeConfigDB(key):
log.debug('removeConfigDB %r' % key)
num = 0
if (not key.startswith("linotp.")):
if not key.startswith('enclinotp.'):
key = u"linotp." + key
confEntries = Session.query(Config).filter(Config.Key == unicode(key))
num = confEntries.count()
if num == 1:
theConf = confEntries[0]
try:
# Session.add(theConf)
Session.delete(theConf)
except Exception as e:
log.exception('[removeConfigDB] failed')
raise ConfigAdminError("remove Config failed for %r: %r" %
(key, e),
id=1133)
return num
def get_secret_key(partition):
"""
reads the password config entry 'linotp.SecretKey.Partition.<partition>',
extracts and decodes the secret key and returns it as a 32 bytes.
"""
import linotp.lib.config
key = "linotp.SecretKey.Partition.%d" % partition
# FIXME: unencryption should not happen at this early stage
secret_key_b64 = linotp.lib.config.getFromConfig(key).get_unencrypted()
if not secret_key_b64:
raise ConfigAdminError("No secret key found for %d" % partition)
secret_key = base64.b64decode(secret_key_b64)
# TODO: key type checking
if len(secret_key) != 64:
raise ValidateError(
"Secret key has an invalid format. Key must be 64 bytes long")
return secret_key
def _removeConfigDB(key):
"""
remove entry from config table
:param key: the name of the entry
:return: number of deleted entries
"""
log.debug('removing config entry %r from database table' % key)
if (not key.startswith("linotp.")):
if not key.startswith('enclinotp.'):
key = u"linotp." + key
if isinstance(key, str):
key = u'' + key
confEntries = Session.query(Config).filter(
Config.Key == unicode(key)).all()
if not confEntries:
return 0
theConf = confEntries[0]
to_be_deleted = []
to_be_deleted.append(theConf)
# if entry is a contious type, delete all of this kind
if theConf.Type == u'C' and theConf.Description[:len('0:')] == '0:':
_start, end = theConf.Description.split(':')
search_key = u"%s__[%%:%s]" % (key, end)
cont_entries = Session.query(Config).filter(
Config.Key.like(search_key)).all()
to_be_deleted.extend(cont_entries)
try:
for entry in to_be_deleted:
# Session.add(theConf)
Session.delete(entry)
except Exception as e:
raise ConfigAdminError("remove Config failed for %r: %r"
% (key, e), id=1133)
return len(to_be_deleted)
def get_qrtoken_public_key(cert_id='system'):
"""
reads the config entry 'linotp.QrTokenPublicKey',
extracts and decodes the public key and returns it as a 32 bytes.
"""
import linotp.lib.config
public_key_b64 = linotp.lib.config.getFromConfig('QrTokenPublicKey.' +
cert_id)
if not public_key_b64:
raise ConfigAdminError('Missing entry QrTokenPublicKey')
if not public_key_b64.startswith('qrtokenpk:'):
raise ValidateError('Curve 25519 / QR secret key has an invalid '
'format. Must begin with \'qrtokenpk:\'')
public_key = base64.b64decode(public_key_b64[len('qrtokenpk:'):])
if len(public_key) != 32:
raise ValidateError('Curve 25519 / QR public key has an invalid '
'format. Key must be 32 bytes long')
return public_key
def get_qrtoken_secret_key(cert_id='system'):
"""
reads the config entry 'enclinotp.QrTokenSecretKey',
extracts and decodes the secret key and returns it as a 32 bytes.
"""
import linotp.lib.config
secret_key_b64 = linotp.lib.config.getFromConfig(
'enclinotp.QrTokenSecretKey.' + cert_id)
if not secret_key_b64:
raise ConfigAdminError('Missing entry QrTokenSecretKey')
if not secret_key_b64.startswith('qrtokensk:'):
raise ValidateError('QR secret key has an invalid '
'format. Must begin with \'qrtokensk:\'')
secret_key = base64.b64decode(secret_key_b64[len('qrtokensk:'):])
if len(secret_key) != 64:
raise ValidateError('QR secret key has an invalid '
'format. Key must be 64 bytes long')
return secret_key
def get_public_key(partition):
"""
reads the config entry 'enclinotp.PublicKey.Partition.<partition>',
extracts and decodes the public key and returns it as a 32 bytes.
"""
import linotp.lib.config
public_key_b64 = linotp.lib.config.getFromConfig(
'enclinotp.PublicKey.Partition.%d' % partition)
if not public_key_b64:
raise ConfigAdminError('No public key found for %d' % partition)
public_key = base64.b64decode(public_key_b64)
# TODO: key type checking
if len(public_key) != 32:
raise ValidateError('Public key has an invalid '
'format. Key must be 32 bytes long')
return public_key
def get_secret_key(partition):
"""
reads the config entry 'enclinotp.SecretKey.Partition.<partition>',
extracts and decodes the secret key and returns it as a 32 bytes.
"""
import linotp.lib.config
secret_key_b64 = linotp.lib.config.getFromConfig(
'enclinotp.SecretKey.Partition.%d' % partition)
if not secret_key_b64:
raise ConfigAdminError('No secret key found for %d' % partition)
secret_key = base64.b64decode(secret_key_b64)
# TODO: key type checking
if len(secret_key) != 64:
raise ValidateError('Secret key has an invalid '
'format. Key must be 64 bytes long')
return secret_key
