def setSoPin(self, soPin):
"""
set the soPin of the token
the soPin is encrypted and the encrypte value is stored in the
Token model
:param soPin: the special so pin
"""
iv, enc_soPin = SecretObj.encrypt(soPin, hsm=context.get('hsm'))
self.token.setSoPin(enc_soPin, iv)
def setSoPin(self, soPin):
"""
set the soPin of the token
the soPin is encrypted and the encrypte value is stored in the
Token model
:param soPin: the special so pin
"""
iv, enc_soPin = SecretObj.encrypt(soPin, hsm=context.get("hsm"))
self.token.setSoPin(enc_soPin, iv)
def set_token_data(self, token_data):
serial = token_data["Serial"]
tokens = Session.query(model_token).\
filter(model_token.LinOtpTokenSerialnumber == serial).all()
token = tokens[0]
if 'TokenPin' in token_data:
enc_pin = token_data['TokenPin']
token_pin = self.crypter.decrypt(enc_pin,
just_mac=serial +
token.LinOtpPinHash)
# prove, we can write
enc_pin = SecretObj.encrypt_pin(token_pin)
iv = enc_pin.split(':')[0]
token.set_encrypted_pin(enc_pin, binascii.unhexlify(iv))
if 'TokenUserPin' in token_data:
token_enc_user_pin = token_data['TokenUserPin']
user_pin = self.crypter.decrypt(token_enc_user_pin,
just_mac=serial +
token.LinOtpTokenPinUser)
# prove, we can write
iv, enc_user_pin = SecretObj.encrypt(user_pin, hsm=self.hsm)
token.setUserPin(enc_user_pin, iv)
# we put the current crypted seed in the mac to check if
# something changed in meantime
encKey = token.LinOtpKeyEnc
enc_seed = token_data['TokenSeed']
token_seed = self.crypter.decrypt(enc_seed, just_mac=serial + encKey)
# the encryption of the token seed is not part of the model anymore
iv, enc_token_seed = SecretObj.encrypt(token_seed)
token.set_encrypted_seed(enc_token_seed,
iv,
reset_failcount=False,
reset_counter=False)
def set_token_data(self, token_data):
serial = token_data["Serial"]
tokens = Session.query(model_token).\
filter(model_token.LinOtpTokenSerialnumber == serial).all()
token = tokens[0]
if 'TokenPin' in token_data:
enc_pin = token_data['TokenPin']
token_pin = self.crypter.decrypt(
enc_pin,
just_mac=serial + token.LinOtpPinHash)
# prove, we can write
enc_pin = SecretObj.encrypt_pin(token_pin)
iv = enc_pin.split(':')[0]
token.set_encrypted_pin(enc_pin, binascii.unhexlify(iv))
if 'TokenUserPin' in token_data:
token_enc_user_pin = token_data['TokenUserPin']
user_pin = self.crypter.decrypt(
token_enc_user_pin,
just_mac=serial + token.LinOtpTokenPinUser)
# prove, we can write
iv, enc_user_pin = SecretObj.encrypt(user_pin, hsm=self.hsm)
token.setUserPin(enc_user_pin, iv)
# we put the current crypted seed in the mac to check if
# something changed in meantime
encKey = token.LinOtpKeyEnc
enc_seed = token_data['TokenSeed']
token_seed = self.crypter.decrypt(enc_seed,
just_mac=serial + encKey)
# the encryption of the token seed is not part of the model anymore
iv, enc_token_seed = SecretObj.encrypt(token_seed)
token.set_encrypted_seed(enc_token_seed, iv,
reset_failcount=False,
reset_counter=False)
def setUserPin(self, userPin):
"""
set the userPin of the token
the userPin is encrypted and the encrypte value is stored in the
Token model
:param userPin: the user pin
"""
iv, enc_user_pin = SecretObj.encrypt(userPin, hsm=context["hsm"])
self.token.setUserPin(enc_user_pin, iv)
def setUserPin(self, userPin):
"""
set the userPin of the token
the userPin is encrypted and the encrypte value is stored in the
Token model
:param userPin: the user pin
"""
iv, enc_user_pin = SecretObj.encrypt(userPin, hsm=context['hsm'])
self.token.setUserPin(enc_user_pin, iv)
def setOtpKey(self, otpKey, reset_failcount=True):
"""
set the token seed / secret
the seed / secret is encrypted and the encrypte value is
stored in the Token model
:param otpKey: the token seed / secret
:param reset_failcount: boolean, if the failcounter should be reseted
"""
iv, enc_otp_key = SecretObj.encrypt(otpKey, hsm=context['hsm'])
self.token.set_encrypted_seed(enc_otp_key, iv,
reset_failcount=reset_failcount)
def setOtpKey(self, otpKey, reset_failcount=True):
"""
set the token seed / secret
the seed / secret is encrypted and the encrypte value is
stored in the Token model
:param otpKey: the token seed / secret
:param reset_failcount: boolean, if the failcounter should be reseted
"""
iv, enc_otp_key = SecretObj.encrypt(otpKey, hsm=context['hsm'])
self.token.set_encrypted_seed(enc_otp_key, iv,
reset_failcount=reset_failcount)