def test_02_fault_recovery(self):
with self.pkcs11:
hsm = get_hsm()
self.assertIsInstance(hsm, AESHardwareSecurityModule)
# encryption initially works
r = encryptPin("test")
pin = decryptPin(r)
self.assertEqual(pin, "test")
self.assertTrue(hsm.is_ready)
# the HSM disappears
generate_random_call_count = self.pkcs11.session_mock.generateRandom.call_count
open_session_call_count = self.pkcs11.mock.openSession.call_count
with self.pkcs11.simulate_disconnect(100):
with self.assertRaises(PyKCS11Error):
encryptPin("test")
# we have tried to generate a random number once
self.assertEqual(
self.pkcs11.session_mock.generateRandom.call_count,
generate_random_call_count + 1)
# we have tried to open a new session once
self.assertEqual(self.pkcs11.mock.openSession.call_count,
open_session_call_count + 1)
# HSM is now defunct
# try to recover now
r = encryptPin("test")
pin = decryptPin(r)
self.assertEqual(pin, "test")
def test_02_fault_recovery(self):
with self.pkcs11:
hsm = get_hsm()
self.assertIsInstance(hsm, AESHardwareSecurityModule)
# encryption initially works
r = encryptPin("test")
pin = decryptPin(r)
self.assertEqual(pin, "test")
self.assertTrue(hsm.is_ready)
# the HSM disappears
generate_random_call_count = self.pkcs11.session_mock.generateRandom.call_count
open_session_call_count = self.pkcs11.mock.openSession.call_count
with self.pkcs11.simulate_disconnect(100):
with self.assertRaises(PyKCS11Error):
encryptPin("test")
# we have tried to generate a random number once
self.assertEqual(self.pkcs11.session_mock.generateRandom.call_count,
generate_random_call_count + 1)
# we have tried to open a new session once
self.assertEqual(self.pkcs11.mock.openSession.call_count,
open_session_call_count + 1)
# HSM is now defunct
# try to recover now
r = encryptPin("test")
pin = decryptPin(r)
self.assertEqual(pin, "test")
def test_01_simple(self):
with self.pkcs11:
self.assertIsInstance(get_hsm(), AESHardwareSecurityModule)
r = encryptPin("test")
pin = decryptPin(r)
self.assertEqual(pin, "test")
self.assertTrue(get_hsm().is_ready)
self.assertEqual(self.pkcs11.session_mock.encrypt.call_count, 1)
def test_01_simple(self):
with self.pkcs11:
self.assertIsInstance(get_hsm(), AESHardwareSecurityModule)
r = encryptPin("test")
pin = decryptPin(r)
self.assertEqual(pin, "test")
self.assertTrue(get_hsm().is_ready)
self.assertEqual(self.pkcs11.session_mock.encrypt.call_count, 1)
def test_00_encrypt_decrypt_pin(self):
r = encryptPin("test")
pin = decryptPin(r)
self.assertTrue(pin == "test", (r, pin))
# decrypt some pins generated with 2.23
pin1 = 'd2c920ad10513c8ea322b522751185a3:54f068cffb43ada1edd024087da614ec'
self.assertEqual(decryptPin(pin1), 'test')
pin2 = '223f414872122ad112eb9f17b05da0b8:123079d997cd18601414830ab7c97678'
self.assertEqual(decryptPin(pin2), 'test')
pin3 = '4af7590600286becde70b99b10493104:09e4133652c609f9697e1923cde72904'
self.assertEqual(decryptPin(pin3), '1234')
def test_00_encrypt_decrypt_pin(self):
r = encryptPin("test")
pin = decryptPin(r)
self.assertTrue(pin == "test", (r, pin))
# decrypt some pins generated with 2.23
pin1 = 'd2c920ad10513c8ea322b522751185a3:54f068cffb43ada1edd024087da614ec'
self.assertEqual(decryptPin(pin1), 'test')
pin2 = '223f414872122ad112eb9f17b05da0b8:123079d997cd18601414830ab7c97678'
self.assertEqual(decryptPin(pin2), 'test')
pin3 = '4af7590600286becde70b99b10493104:09e4133652c609f9697e1923cde72904'
self.assertEqual(decryptPin(pin3), '1234')
def _rollout_1(self, params):
'''
do the rollout 1 step
1. https://privacyideaserver/admin/init?
type=ocra&
genkey=1&
sharedsecret=1&
user=BENUTZERNAME&
session=SESSIONKEY
=>> "serial" : SERIENNUMMER, "sharedsecret" : DATAOBJECT, "app_import" : IMPORTURL
- genSharedSecret - vom HSM oder urandom ?
- app_import : + privacyidea://
+ ocrasuite ->> default aus dem config: (DefaultOcraSuite)
+ sharedsecret (Länge wie ???)
+ seriennummer
- seriennummer: uuid ??
- token wird angelegt ist aber nicht aktiv!!! (counter == 0)
'''
sharedSecret = params.get('sharedsecret', None)
if sharedSecret == '1':
## preserve the rollout state
self.addToTokenInfo('rollout', '1')
## preseerver the current key as sharedSecret
secObj = self.token.getHOtpKey()
key = secObj.getKey()
encSharedSecret = encryptPin(key)
self.addToTokenInfo('sharedSecret', encSharedSecret)
info = {}
uInfo = {}
info['sharedsecret'] = key
uInfo['sh'] = key
info['ocrasuite'] = self.getOcraSuiteSuite()
uInfo['os'] = self.getOcraSuiteSuite()
info['serial'] = self.getSerial()
uInfo['se'] = self.getSerial()
info['app_import'] = 'lseqr://init?%s' % (urllib.urlencode(uInfo))
del info['ocrasuite']
self.info = info
self.token.privacyIDEAIsactive = False
return
def setPin(self, pin, hashed=True):
# TODO: we could log the PIN here
log.debug("setPin()")
upin = ""
if pin != "" and pin is not None:
upin = pin
if hashed is True:
self.setHashedPin(upin)
log.debug("setPin(HASH:%r)" % self.privacyIDEAPinHash)
elif hashed is False:
self.privacyIDEAPinHash = "@@" + encryptPin(upin)
log.debug("setPin(ENCR:%r)" % self.privacyIDEAPinHash)
return self.privacyIDEAPinHash
def test_00_encrypt_decrypt_pin(self):
r = encryptPin("test")
pin = decryptPin(r)
self.assertTrue(pin == "test", (r, pin))
def test_00_encrypt_decrypt_pin(self):
r = encryptPin("test")
pin = decryptPin(r)
self.assertTrue(pin == "test", (r, pin))
