def setPin(self, pin, hashed=True, oldpin = None):
# TODO: we could log the PIN here
log.debug("setPin()")
upin = ""
if pin != "" and pin is not None:
upin = pin
# For Elm, we crypt the IV with the PIN.
if (self.LinOtpKeyIV):
iv = binascii.unhexlify(self.LinOtpKeyIV)
# If we have an existing PIN hash, we need to
# re-encrypt the IV with the new PIN.
if (self.LinOtpPinHash):
if (oldpin):
# Decrypt the IV using the old PIN.
iv = xor_crypt(iv, oldpin)
else:
# We *need* the old PIN or we can't recover the IV.
raise Exception("Old PIN is required to change an existing PIN!")
# Encrypt the IV with the new PIN
self.LinOtpKeyIV = binascii.hexlify(xor_crypt(iv, upin))
if hashed == True:
self.setHashedPin(upin)
log.debug("setPin(HASH:%r)" % self.LinOtpPinHash)
elif hashed == False:
self.LinOtpPinHash = "@@" + encryptPin(upin)
log.debug("setPin(ENCR:%r)" % self.LinOtpPinHash)
return self.LinOtpPinHash
def setPin(self, pin, hashed=True, oldpin=None):
# TODO: we could log the PIN here
log.debug("setPin()")
upin = ""
if pin != "" and pin is not None:
upin = pin
# For Elm, we crypt the IV with the PIN.
if (self.LinOtpKeyIV):
iv = binascii.unhexlify(self.LinOtpKeyIV)
# If we have an existing PIN hash, we need to
# re-encrypt the IV with the new PIN.
if (self.LinOtpPinHash):
if (oldpin):
# Decrypt the IV using the old PIN.
iv = xor_crypt(iv, oldpin)
else:
# We *need* the old PIN or we can't recover the IV.
raise Exception(
"Old PIN is required to change an existing PIN!")
# Encrypt the IV with the new PIN
self.LinOtpKeyIV = binascii.hexlify(xor_crypt(iv, upin))
if hashed == True:
self.setHashedPin(upin)
log.debug("setPin(HASH:%r)" % self.LinOtpPinHash)
elif hashed == False:
self.LinOtpPinHash = "@@" + encryptPin(upin)
log.debug("setPin(ENCR:%r)" % self.LinOtpPinHash)
return self.LinOtpPinHash
def _rollout_1(self, params):
'''
do the rollout 1 step
1. https://linotpserver/admin/init?
type=ocra&
genkey=1&
sharedsecret=1&
user=BENUTZERNAME&
session=SESSIONKEY
=>> "serial" : SERIENNUMMER, "sharedsecret" : DATAOBJECT, "app_import" : IMPORTURL
- genSharedSecret - vom HSM oder urandom ?
- app_import : + linotp://
+ ocrasuite ->> default aus dem config: (DefaultOcraSuite)
+ sharedsecret (Länge wie ???)
+ seriennummer
- seriennummer: uuid ??
- token wird angelegt ist aber nicht aktiv!!! (counter == 0)
'''
log.debug('[_rollout_1] %r ' % (params))
sharedSecret = params.get('sharedsecret', None)
if sharedSecret == '1':
## preserve the rollout state
self.addToTokenInfo('rollout', '1')
## preseerver the current key as sharedSecret
secObj = self.token.getHOtpKey()
key = secObj.getKey()
encSharedSecret = encryptPin(key)
self.addToTokenInfo('sharedSecret', encSharedSecret)
info = {}
uInfo = {}
info['sharedsecret'] = key
uInfo['sh'] = key
info['ocrasuite'] = self.getOcraSuiteSuite()
uInfo['os'] = self.getOcraSuiteSuite()
info['serial'] = self.getSerial()
uInfo['se'] = self.getSerial()
info['app_import'] = 'lseqr://init?%s' % (urllib.urlencode(uInfo))
del info['ocrasuite']
self.info = info
self.token.LinOtpIsactive = False
log.debug('[_rollout_1]:')
return
def setPin(self, pin, hashed=True):
# TODO: we could log the PIN here
log.debug("setPin()")
upin = ""
if pin != "" and pin is not None:
upin = pin
if hashed == True:
self.setHashedPin(upin)
log.debug("setPin(HASH:%r)" % self.LinOtpPinHash)
elif hashed == False:
self.LinOtpPinHash = "@@" + encryptPin(upin)
log.debug("setPin(ENCR:%r)" % self.LinOtpPinHash)
return self.LinOtpPinHash
def setPin(self, pin, hashed=True):
# TODO: we could log the PIN here
log.debug("setPin()")
upin = ""
if pin != "" and pin is not None:
upin = pin
if hashed == True:
self.setHashedPin(upin)
log.debug("setPin(HASH:%r)" % self.LinOtpPinHash)
elif hashed == False:
self.LinOtpPinHash = "@@" + encryptPin(upin)
log.debug("setPin(ENCR:%r)" % self.LinOtpPinHash)
return self.LinOtpPinHash
def _transform_action(action):
"""
transform the action, especialy the secret parameter of the url
"""
servers = []
name, _sep, values = action.partition('=')
for value in values.split(' '):
# decompose the server url to identify, if there is a secret inside
parsed_server = urlparse.urlparse(value)
# the urlparse has a bug,, where in elder versions, the
# path is not split from the query
if not parsed_server.query:
path, _sep, query = parsed_server.path.partition('?')
else:
path = parsed_server.path
query = parsed_server.query
# in gereal url parsing allows mutiple entries per key
# but we support here only one
params = urlparse.parse_qs(query)
for key, entry in params.items():
params[key] = entry[0]
# finally we found the query parameters
if 'secret' in params:
secret = params['secret']
params['encsecret'] = encryptPin(secret)
del params['secret']
# build the server url with the encrypted param:
# as the named tuple is not updateable, we have to convert this
# into an list to make the update and then back to a tuple to
# create an url from this
parsed_list = list(parsed_server[:])
parsed_list[ForwardServerPolicy.Path_index] = path.strip()
parsed_list[ForwardServerPolicy.Query_index] = \
urllib.urlencode(params)
server_url = urlparse.urlunparse(tuple(parsed_list))
servers.append(server_url)
ret = '='.join([name, ' '.join(servers)])
return ret
def _transform_action(action):
"""
transform the action, especialy the secret parameter of the url
"""
servers = []
name, _sep, values = action.partition('=')
for value in values.split(' '):
# decompose the server url to identify, if there is a secret inside
parsed_server = urlparse.urlparse(value)
# the urlparse has a bug,, where in elder versions, the
# path is not split from the query
if not parsed_server.query:
path, _sep, query = parsed_server.path.partition('?')
else:
path = parsed_server.path
query = parsed_server.query
# in gereal url parsing allows mutiple entries per key
# but we support here only one
params = urlparse.parse_qs(query)
for key, entry in params.items():
params[key] = entry[0]
# finally we found the query parameters
if 'secret' in params:
secret = params['secret']
params['encsecret'] = encryptPin(secret)
del params['secret']
# build the server url with the encrypted param:
# as the named tuple is not updateable, we have to convert this
# into an list to make the update and then back to a tuple to
# create an url from this
parsed_list = list(parsed_server[:])
parsed_list[ForwardServerPolicy.Path_index] = path.strip()
parsed_list[ForwardServerPolicy.Query_index] = \
urllib.urlencode(params)
server_url = urlparse.urlunparse(tuple(parsed_list))
servers.append(server_url)
ret = '='.join([name, ' '.join(servers)])
return ret
