Ejemplo n.º 1
0
Archivo: main.py Proyecto: gonicus/gosa
    def __enable_u2f(self, user):
        if user.uuid not in self.__settings:
            self.__settings[user.uuid] = {}

        user_settings = self.__settings[user.uuid]
        devices = [DeviceRegistration.wrap(device)
                   for device in user_settings.get('_u2f_devices_', [])]
        enroll = begin_registration(self.app_id, devices)
        user_settings['_u2f_enroll_'] = enroll.json
        self.__save_settings()
        return enroll.json
Ejemplo n.º 2
0
    def __enable_u2f(self, user):
        if user.uuid not in self.__settings:
            self.__settings[user.uuid] = {}

        user_settings = self.__settings[user.uuid]
        devices = [
            DeviceRegistration.wrap(device)
            for device in user_settings.get('_u2f_devices_', [])
        ]
        enroll = begin_registration(self.app_id, devices)
        user_settings['_u2f_enroll_'] = enroll.json
        self.__save_settings()
        return enroll.json
Ejemplo n.º 3
0
Archivo: main.py Proyecto: gonicus/gosa
    def sign(self, user_name, object_dn):

        # Do we have read permissions for the requested attribute
        self.__check_acl(user_name, object_dn, "r")

        uuid = self.__dn_to_uuid(object_dn)
        user_settings = self.__settings[uuid] if uuid in self.__settings else {}
        devices = [DeviceRegistration.wrap(device)
                   for device in user_settings.get('_u2f_devices_', [])]
        challenge = begin_authentication(self.app_id, devices)
        user_settings['_u2f_challenge_'] = challenge.json
        self.__save_settings()
        return challenge.json
Ejemplo n.º 4
0
    def sign(self, user_name, object_dn):

        # Do we have read permissions for the requested attribute
        self.__check_acl(user_name, object_dn, "r")

        uuid = self.__dn_to_uuid(object_dn)
        user_settings = self.__settings[
            uuid] if uuid in self.__settings else {}
        devices = [
            DeviceRegistration.wrap(device)
            for device in user_settings.get('_u2f_devices_', [])
        ]
        challenge = begin_authentication(self.app_id, devices)
        user_settings['_u2f_challenge_'] = challenge.json
        self.__save_settings()
        return challenge.json
Ejemplo n.º 5
0
Archivo: main.py Proyecto: gonicus/gosa
    def completeU2FRegistration(self, user_name, object_dn, data):

        # Do we have write permissions for the requested attribute
        self.__check_acl(user_name, object_dn, "w")

        uuid = self.__dn_to_uuid(object_dn)
        user_settings = self.__settings[uuid]
        data = loads(data)
        binding, cert = complete_registration(user_settings.pop('_u2f_enroll_'), data,
                                          [self.facet])
        devices = [DeviceRegistration.wrap(device)
                   for device in user_settings.get('_u2f_devices_', [])]
        devices.append(binding)
        user_settings['_u2f_devices_'] = [d.json for d in devices]
        self.__save_settings()

        self.__log.info("U2F device enrolled. Username: %s", user_name)
        self.__log.debug("Attestation certificate:\n%s", cert.public_bytes(Encoding.PEM))

        return True
Ejemplo n.º 6
0
    def completeU2FRegistration(self, user_name, object_dn, data):

        # Do we have write permissions for the requested attribute
        self.__check_acl(user_name, object_dn, "w")

        uuid = self.__dn_to_uuid(object_dn)
        user_settings = self.__settings[uuid]
        data = loads(data)
        binding, cert = complete_registration(
            user_settings.pop('_u2f_enroll_'), data, [self.facet])
        devices = [
            DeviceRegistration.wrap(device)
            for device in user_settings.get('_u2f_devices_', [])
        ]
        devices.append(binding)
        user_settings['_u2f_devices_'] = [d.json for d in devices]
        self.__save_settings()

        self.__log.info("U2F device enrolled. Username: %s", user_name)
        self.__log.debug("Attestation certificate:\n%s",
                         cert.public_bytes(Encoding.PEM))

        return True