def data2randomChallenge(self, data):
'''
build a random challenge according to the challenge definition
'''
digits = '0123456789'
lower_alpha = 'abcdefghijklmnopqrstuvwxyz'
upper_alpha = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
alphnum = "%s%s%s" % (lower_alpha, upper_alpha, digits)
hexs = digits + 'abcdef'
challenge = ''
c_type = self.Q[0]
c_len = self.Q[1]
if c_type == 'A':
for _c in range(0, c_len):
challenge += urandom.choice(alphnum)
elif c_type == 'N':
for _c in range(0, c_len):
challenge += urandom.choice(digits)
elif c_type == 'H':
for _c in range(0, c_len):
challenge += urandom.choice(hexs)
challenge = challenge[:c_len]
return unicode(challenge)
def generate_password(size=6, characters=None):
if not characters:
characters = string.ascii_lowercase + \
string.ascii_uppercase + string.digits
return ''.join(urandom.choice(characters) for _x in range(size))
def challenge(self, data, session='', typ='raw', challenge=None):
'''
the challenge method is for creating an transaction / challenge object
remark: the transaction has a maximum lifetime and a reference to
the OcraSuite token (serial)
:param data: data, which is the base for the challenge or None
:type data: string or None
:param session: session support for ocratokens
:type session: string
:type typ: define, which kind of challenge base should be used
could be raw - take the data input as is
(extract chars accordind challenge definition Q)
or random - will generate a random input
or hased - will take the hash of the input data
:return: challenge response containing the transcation id and
the challenge for the ocrasuite
:rtype : tuple of (transId(string), challenge(string))
'''
s_data = 'None'
s_session = 'None'
s_challenge = 'None'
if data is not None:
s_data = data
if session is not None:
s_session = session
if challenge is None:
s_challenge = challenge
secObj = self._get_secret_object()
ocraSuite = OcraSuite(self.getOcraSuiteSuite(), secObj)
if not data:
typ = 'random'
if challenge is None:
if typ == 'raw':
challenge = ocraSuite.data2rawChallenge(data)
elif typ == 'random':
challenge = ocraSuite.data2randomChallenge(data)
elif typ == 'hash':
challenge = ocraSuite.data2hashChallenge(data)
serial = self.getSerial()
counter = self.getOtpCount()
# set the pin onyl in the compliant hashed mode
pin = ''
if ocraSuite.P is not None:
key, iv = self.token.getUserPin()
secObj = SecretObj(key, iv, hsm=context.get('hsm'))
pin = secObj.getKey()
try:
param = {}
param['C'] = counter
param['Q'] = challenge
param['P'] = pin
param['S'] = session
if ocraSuite.T is not None:
now = datetime.datetime.now()
stime = now.strftime("%s")
itime = int(stime)
param['T'] = itime
''' verify that the data is compliant with the OcraSuitesuite
and the client is able to calc the otp
'''
c_data = ocraSuite.combineData(**param)
ocraSuite.compute(c_data)
except Exception as ex:
log.exception(
"[OcraTokenClass] Failed to create ocrasuite challenge")
raise Exception('[OcraTokenClass] Failed to create ocrasuite'
'challenge: %r' % (ex))
# save the object
digits = '0123456789'
transid = ''
transactionIdLen = 12
try:
transactionIdLen = int(getFromConfig("OcraDefaultSuite", '12'))
except:
transactionIdLen = 12
log.debug("[OcraTokenClass] Failed to set transactionId length"
" from config - using fallback %d" % (transactionIdLen))
# create a non exisiting challenge
try:
while True:
for _c in range(0, transactionIdLen):
transid += urandom.choice(digits)
chall = OcraTokenClass.getTransaction(transid)
if chall is None:
break
ddata = ''
if data is not None:
ddata = data
chall = OcraChallenge(transid=transid,
tokenserial=serial,
challenge=typ + ':' + challenge,
data=typ + ':' + ddata)
chall.save()
except Exception as ex:
# this might happen if we have a db problem or
# the uniqnes constrain does not fit
log.exception("[OcraTokenClass] Failed to create challenge")
raise Exception('[OcraTokenClass] Failed to create challenge'
' object: %s' % (ex))
realms = []
tokenrealms = self.token.getRealms()
for realm in tokenrealms:
realms.append(realm.name)
url = get_qrtan_url(realms)
return (transid, challenge, True, url)
def generate_password(size=6, characters=None):
if not characters:
characters = string.ascii_lowercase + \
string.ascii_uppercase + string.digits
return ''.join(urandom.choice(characters) for _x in range(size))
def randchar():
import string
chars = string.letters + string.digits
return urandom.choice(chars)
def challenge(self, data, session='', typ='raw', challenge=None):
'''
the challenge method is for creating an transaction / challenge object
remark: the transaction has a maximum lifetime and a reference to
the OcraSuite token (serial)
:param data: data, which is the base for the challenge or None
:type data: string or None
:param session: session support for ocratokens
:type session: string
:type typ: define, which kind of challenge base should be used
could be raw - take the data input as is
(extract chars accordind challenge definition Q)
or random - will generate a random input
or hased - will take the hash of the input data
:return: challenge response containing the transcation id and
the challenge for the ocrasuite
:rtype : tuple of (transId(string), challenge(string))
'''
s_data = 'None'
s_session = 'None'
s_challenge = 'None'
if data is not None:
s_data = data
if session is not None:
s_session = session
if challenge is None:
s_challenge = challenge
secObj = self._get_secret_object()
ocraSuite = OcraSuite(self.getOcraSuiteSuite(), secObj)
if not data:
typ = 'random'
if challenge is None:
if typ == 'raw':
challenge = ocraSuite.data2rawChallenge(data)
elif typ == 'random':
challenge = ocraSuite.data2randomChallenge(data)
elif typ == 'hash':
challenge = ocraSuite.data2hashChallenge(data)
serial = self.getSerial()
counter = self.getOtpCount()
# set the pin onyl in the compliant hashed mode
pin = ''
if ocraSuite.P is not None:
key, iv = self.token.getUserPin()
secObj = SecretObj(key, iv, hsm=context.get('hsm'))
pin = secObj.getKey()
try:
param = {}
param['C'] = counter
param['Q'] = challenge
param['P'] = pin
param['S'] = session
if ocraSuite.T is not None:
now = datetime.datetime.now()
stime = now.strftime("%s")
itime = int(stime)
param['T'] = itime
''' verify that the data is compliant with the OcraSuitesuite
and the client is able to calc the otp
'''
c_data = ocraSuite.combineData(**param)
ocraSuite.compute(c_data)
except Exception as ex:
log.exception("[OcraTokenClass] Failed to create ocrasuite challenge")
raise Exception('[OcraTokenClass] Failed to create ocrasuite'
'challenge: %r' % (ex))
# save the object
digits = '0123456789'
transid = ''
transactionIdLen = 12
try:
transactionIdLen = int(getFromConfig("OcraDefaultSuite", '12'))
except:
transactionIdLen = 12
log.debug("[OcraTokenClass] Failed to set transactionId length"
" from config - using fallback %d" % (transactionIdLen))
# create a non exisiting challenge
try:
while True:
for _c in range(0, transactionIdLen):
transid += urandom.choice(digits)
chall = OcraTokenClass.getTransaction(transid)
if chall is None:
break
ddata = ''
if data is not None:
ddata = data
chall = OcraChallenge(transid=transid,
tokenserial=serial,
challenge=typ + ':' + challenge,
data=typ + ':' + ddata)
chall.save()
except Exception as ex:
# this might happen if we have a db problem or
# the uniqnes constrain does not fit
log.exception("[OcraTokenClass] Failed to create challenge")
raise Exception('[OcraTokenClass] Failed to create challenge'
' object: %s' % (ex))
realms = []
tokenrealms = self.token.getRealms()
for realm in tokenrealms:
realms.append(realm.name)
url = get_qrtan_url(realms)
return (transid, challenge, True, url)