def makeCred(account, password): cred = Credential() cred.prf = "HMAC+SHA256" cred.salt = crypto.get_random_string() cred.iterations = 20000 cred.hash = base64.b64encode(crypto.pbkdf2(password, cred.salt, iterations=cred.iterations)) cred.account = account return cred
def makeUsers(numUsers, maxCredentialsPerUser, priority): Users = {} for u in range(numUsers): memberId = memberid = randomId(4) Users[memberId] = [] for un in range(1): #range(randint(0,maxCredentialsPerUser)): start = now - timedelta(days=randint(0, 12)) end = now + timedelta(days=randint(0, 36)) c = Credential(facility="frontdoor", memberid=memberId, credential=randomId(9), type="fob", effective=start, expiration=end, tag=str(uuid4()), priority=priority) session.add(c) Users[memberId].append(c) session.commit() return Users
def create_credential(repo): credential = Credential(repository_id=repo.id, private_key=PRIVATE_KEY, public_key=PUBLIC_KEY) credential.save() return credential
def _parse_credentials(self, data): credentials = [] for row in data: credential = Credential() credential.id = row["id"] credential.ukey = row["ukey"] credential.credential_id = row["credential_id"] credential.display_name = row["display_name"] credential.pub_key = row["pub_key"] credential.sign_count = row["sign_count"] credential.username = row["username"] credential.rp_id = row["rp_id"] credential.icon_url = row["icon_url"] credentials.append(credential) return credentials
expiration=end, tag=str(uuid4()), priority=priority) session.add(c) Users[memberId].append(c) session.commit() return Users members = makeUsers(35, 8, 4) cfob = Credential(facility="frontdoor", memberid="3870", credential="16294934", type="fob", effective=now - timedelta(days=5), expiration=now + timedelta(days=360), tag=str(uuid4()), priority=4) ccode = Credential(facility="frontdoor", memberid="1337", credential="4455661", type="passcode", effective=now - timedelta(days=5), expiration=now + timedelta(days=360), tag=str(uuid4()), priority=4) session.add(cfob) session.add(ccode) session.commit()
def run(self): self.log(logging.INFO, "Running with a polling interval of {0} seconds".format(POLL_INTERVAL)) self.log(logging.INFO, "Credential waiting timeout is {0} seconds".format(WAITING_TIMEOUT)) self.log(logging.INFO, "Credential using timeout is {0} seconds".format(USING_TIMEOUT)) connection = mongo.connect_db() db = connection.vinz_clortho signal.signal(signal.SIGTERM, self.graceful_term) self.SHOULD_BE_RUNNING = True while self.SHOULD_BE_RUNNING: self.IS_RUNNING = True new_requests = CMRequest.find(db, filter={'status': CMRequest.SUBMITTED}) self.PROCESS_STEP = "New Requests" self.PROCESS_COUNT = len(new_requests) self.PROCESS_INDEX = 0 if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Processing {0} new requests".format(self.PROCESS_COUNT)) self.log(logging.DEBUG, "Ids: {0}".format(', '.join([str(r.id) for r in new_requests]))) for new_request in new_requests: self.PROCESS_INDEX += 1 credentials = Credential.find(db, filter={'key': new_request.key}) # If we didn't find any credentials, then error out this request if len(credentials) == 0: self.log(logging.ERROR, "No such key found: {0}".format(new_request.key), new_request) new_request.update(status=CMRequest.NO_SUCH_KEY) continue self.log(logging.INFO, "Putting into queue", new_request) new_request.update(status=CMRequest.QUEUING) if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Done processing new requests") # This is mainly a formality, but just mark all the ones that are a # status of CANCEL to CANCELED instead. This indicates that the # server acknowledged the order to cancel cancel_requests = CMRequest.find(db, filter={'status': CMRequest.CANCEL}) self.PROCESS_STEP = "Cancel Requests" self.PROCESS_COUNT = len(cancel_requests) self.PROCESS_INDEX = 0 if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Processing {0} cancel requests".format(self.PROCESS_COUNT)) self.log(logging.DEBUG, "Ids: {0}".format(', '.join([str(r.id) for r in cancel_requests]))) for cancel_request in cancel_requests: self.PROCESS_INDEX += 1 self.log(logging.INFO, "Canceled by client", cancel_request) cancel_request.update(status=CMRequest.CANCELED) if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Done processing cancel requests") returned_credentials = CMRequest.find(db, filter={'status': CMRequest.RETURNED}) self.PROCESS_STEP = "Returned Credentials" self.PROCESS_COUNT = len(returned_credentials) self.PROCESS_INDEX = 0 if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Processing {0} returned credentials".format(self.PROCESS_COUNT)) self.log(logging.DEBUG, "Ids: {0}".format(', '.join([str(r.id) for r in returned_credentials]))) for returned_credential in returned_credentials: self.PROCESS_INDEX += 1 credential = Credential.find_one(db, filter={'_id': returned_credential.credential}) returned_credential.status = CMRequest.COMPLETED returned_credential.checkin_timestamp = datetime.now() self.log(logging.INFO, "CredentialId {0} returned by client (Elapsed: {1:.1f}s)".format( credential.id, (returned_credential.checkin_timestamp - returned_credential.checkout_timestamp).total_seconds() ), returned_credential) returned_credential.release() if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Done processing returned credentials") pending_credentials = CMRequest.find(db, filter={'status': CMRequest.GIVEN_OUT}) self.PROCESS_STEP = "Pending Credentials" self.PROCESS_COUNT = len(pending_credentials) self.PROCESS_INDEX = 0 if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Testing {0} given out credentials for time-out".format(self.PROCESS_COUNT)) self.log(logging.DEBUG, "Ids: {0}".format(', '.join([str(r.id) for r in pending_credentials]))) for pending_credential in pending_credentials: self.PROCESS_INDEX += 1 if (datetime.now() - pending_credential.checkout_timestamp).total_seconds() > WAITING_TIMEOUT: self.log(logging.WARNING, "Timed out waiting for client to receive credentials", pending_credential) pending_credential.update(status=CMRequest.TIMED_OUT_WAITING) if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Done testing given-out credentials for time-out") in_use_credentials = CMRequest.find(db, filter={ 'status': {'$in': (CMRequest.IN_USE, CMRequest.CANCEL)}, 'checkout_timestamp': {'$exists': True} }) self.PROCESS_STEP = "In-use Credentials" self.PROCESS_COUNT = len(in_use_credentials) self.PROCESS_INDEX = 0 if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Testing {0} in-use credentials for time-out".format(self.PROCESS_COUNT)) self.log(logging.DEBUG, "Ids: {0}".format(', '.join([str(r.id) for r in in_use_credentials]))) for in_use_credential in in_use_credentials: self.PROCESS_INDEX += 1 if (datetime.now() - in_use_credential.checkup_timestamp).total_seconds() > USING_TIMEOUT: self.log(logging.WARNING, "Timed out waiting for client to return credentials", in_use_credential) in_use_credential.update(status=CMRequest.TIMED_OUT_USING) if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Done testing in-use credentials for time-out") # This is the meat of the big loop. This section is the one that # will be doling out the credentials on a first-come, first-serve # basis, with priority overriding that. queued_requests = CMRequest.find(db, filter={'status': CMRequest.QUEUING}, sort= [('priority', mongo.DESCENDING), ('submission_timestamp', mongo.ASCENDING), ('_id', mongo.ASCENDING)] ) self.PROCESS_STEP = "Queued Requests" self.PROCESS_COUNT = len(queued_requests) self.PROCESS_INDEX = 0 if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Checking credentials to give out for {0} queued requests".format( self.PROCESS_COUNT) ) self.log(logging.DEBUG, "Ids: {0}".format(', '.join([str(r.id) for r in queued_requests]))) for queued_request in queued_requests: self.PROCESS_INDEX += 1 available_credentials = Credential.find(db, filter={'key': queued_request.key}) if len(available_credentials) > 0: self.log(logging.DEBUG, "Testing {0} available credentials for queued request".format( len(available_credentials) ), queued_request) self.log(logging.DEBUG, "Ids: {0}".format(', '.join([str(c.id) for c in available_credentials]))) for available_credential in available_credentials: # Only give out credentials if there are any available to give out in_use_credentials = available_credential.in_use # Also, throttle how frequently we are allowed to give out this credential credential_frequency = len(CMRequest.find(db, filter={ 'credential': available_credential.id, 'status': { '$in': ( CMRequest.GIVEN_OUT, CMRequest.TIMED_OUT_WAITING, CMRequest.IN_USE, CMRequest.TIMED_OUT_USING, CMRequest.RETURNED, CMRequest.COMPLETED ) }, 'checkout_timestamp': { '$gte': datetime.now() - available_credential.throttle_timespan } })) if (available_credential.max_checkouts == 0 or in_use_credentials < available_credential.max_checkouts) and \ (available_credential.throttle_seconds == 0 or credential_frequency == 0): # We found a credential available to be used! Yay! queued_request.check_out(available_credential) self.log(logging.INFO, "Assigning CredentialId: {0} to client (waited {1:.1f}s)".format( available_credential.id, (queued_request.checkout_timestamp - queued_request.submission_timestamp).total_seconds() ), queued_request) break if self.PROCESS_COUNT > 0: self.log(logging.DEBUG, "Done checking credentials to give out for queued requests") self.IS_RUNNING = False self.log(logging.DEBUG, "Going to sleep for {0} seconds".format(POLL_INTERVAL)) time.sleep(POLL_INTERVAL)
def add_creds(): cred = Credential(name='empty') cred.put()
def verify_credential_info(): ''' This url is called to verify and register the token ''' challenge = session['challenge'] username = session['register_username'] display_name = session['register_display_name'] ukey = session['register_ukey'] user_exists = database.user_exists(username) if not user_exists or not current_user.is_authenticated or not username == current_user.id: return make_response(jsonify({'fail': 'User not logged in.'}), 401) registration_response = request.form trust_anchor_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), TRUST_ANCHOR_DIR) trusted_attestation_cert_required = True self_attestation_permitted = True none_attestation_permitted = True webauthn_registration_response = webauthn.WebAuthnRegistrationResponse( RP_ID, ORIGIN, registration_response, challenge, trust_anchor_dir, trusted_attestation_cert_required, self_attestation_permitted, none_attestation_permitted, uv_required=False) # User Verification try: webauthn_credential = webauthn_registration_response.verify() except Exception as e: return jsonify({'fail': 'Registration failed. Error: {}'.format(e)}) credential_id_exists = database.credential_exists( webauthn_credential.credential_id) if credential_id_exists: return make_response( jsonify({'fail': 'Credential ID already exists.'}), 401) existing_user = database.user_exists(username) credential = Credential() if not existing_user or True: if sys.version_info >= (3, 0): webauthn_credential.credential_id = str( webauthn_credential.credential_id, "utf-8") webauthn_credential.public_key = str( webauthn_credential.public_key, "utf-8") credential.id = randint(1, 100000) credential.ukey = ukey credential.username = username credential.display_name = display_name credential.pub_key = webauthn_credential.public_key credential.credential_id = webauthn_credential.credential_id credential.sign_count = webauthn_credential.sign_count credential.rp_id = RP_ID credential.icon_url = 'https://example.com' database.save_credential(credential) database.turn_on(credential.username) else: return make_response(jsonify({'fail': 'User already exists.'}), 401) satosa_request = Request() satosa_request.userId = credential.username database.make_success(satosa_request) user = database.get_user(credential.username) login_user(user) return jsonify({'success': 'User successfully registered.'})
def record_voting(self, credential: Credential, vote_datetime: datetime): credential.last_vote_datetime = vote_datetime session.add(credential) session.commit()
def create_credential(repo): credential = Credential(repository_id = repo.id, private_key = PRIVATE_KEY, public_key = PUBLIC_KEY ) credential.save() return credential