def get_gpg_keys():
"""
Returns the GPG keys in the config directory specified by PI_GNUPG_HOME.
:return: A json list of the public GPG keys
"""
GPG = GPGImport(current_app.config)
keys = GPG.get_publickeys()
g.audit_object.log({"success": True})
return send_result(keys)
def test_00_gpg_decrypt(self):
GPG = GPGImport({"PI_GNUPG_HOME": "tests/testdata/gpg"})
pubkeys = GPG.get_publickeys()
self.assertEqual(len(pubkeys), 1)
self.assertTrue("2F25BAF8645350BB" in pubkeys)
r = GPG.decrypt(HALLO_PAYLOAD)
self.assertEqual(r, b"Hallo\n")
self.assertRaises(Exception, GPG.decrypt, WRONG_PAYLOAD)
def test_00_gpg_decrypt(self):
GPG = GPGImport({"PI_GNUPG_HOME": "tests/testdata/gpg"})
pubkeys = GPG.get_publickeys()
self.assertEqual(len(pubkeys), 1)
self.assertTrue("2F25BAF8645350BB" in pubkeys)
r = GPG.decrypt(str(HALLO_PAYLOAD))
self.assertEqual(r, "Hallo\n")
self.assertRaises(Exception, GPG.decrypt, WRONG_PAYLOAD)
def get_gpg_keys():
"""
Returns the GPG keys in the config directory specified by PI_GNUPG_HOME.
:return: A json list of the public GPG keys
"""
GPG = GPGImport(current_app.config)
keys = GPG.get_publickeys()
g.audit_object.log({"success": True})
return send_result(keys)
def loadtokens_api(filename=None):
"""
The call imports the given file containing token definitions.
The file can be an OATH CSV file, an aladdin XML file or a Yubikey CSV file
exported from the yubikey initialization tool.
The function is called as a POST request with the file upload.
:jsonparam filename: The name of the token file, that is imported
:jsonparam type: The file type. Can be "aladdin-xml",
"oathcsv" or "yubikeycsv".
:jsonparam tokenrealms: comma separated list of tokens.
:jsonparam psk: Pre Shared Key, when importing PSKC
:return: The number of the imported tokens
:rtype: int
"""
if not filename:
filename = getParam(request.all_data, "filename", required)
known_types = [
'aladdin-xml', 'oathcsv', "OATH CSV", 'yubikeycsv', 'Yubikey CSV',
'pskc'
]
file_type = getParam(request.all_data, "type", required)
hashlib = getParam(request.all_data, "aladdin_hashlib")
aes_psk = getParam(request.all_data, "psk")
aes_password = getParam(request.all_data, "password")
if aes_psk and len(aes_psk) != 32:
raise TokenAdminError("The Pre Shared Key must be 128 Bit hex "
"encoded. It must be 32 characters long!")
trealms = getParam(request.all_data, "tokenrealms") or ""
tokenrealms = []
if trealms:
tokenrealms = trealms.split(",")
TOKENS = {}
token_file = request.files['file']
file_contents = ""
# In case of form post requests, it is a "instance" of FieldStorage
# i.e. the Filename is selected in the browser and the data is
# transferred
# in an iframe. see: http://jquery.malsup.com/form/#sample4
#
if type(token_file) == FieldStorage: # pragma: no cover
log.debug("Field storage file: %s", token_file)
file_contents = token_file.value
elif type(token_file) == FileStorage:
log.debug("Werkzeug File storage file: %s", token_file)
file_contents = token_file.read()
else: # pragma: no cover
file_contents = token_file
if file_contents == "":
log.error(
"Error loading/importing token file. file {0!s} empty!".format(
filename))
raise ParameterError("Error loading token file. File empty!")
if file_type not in known_types:
log.error(
"Unknown file type: >>{0!s}<<. We only know the types: {1!s}".
format(file_type, ', '.join(known_types)))
raise TokenAdminError("Unknown file type: >>%s<<. We only know the "
"types: %s" %
(file_type, ', '.join(known_types)))
# Decrypt file, if necessary
if file_contents.startswith("-----BEGIN PGP MESSAGE-----"):
GPG = GPGImport(current_app.config)
file_contents = GPG.decrypt(file_contents)
# Parse the tokens from file and get dictionary
if file_type == "aladdin-xml":
TOKENS = parseSafeNetXML(file_contents)
elif file_type in ["oathcsv", "OATH CSV"]:
TOKENS = parseOATHcsv(file_contents)
elif file_type in ["yubikeycsv", "Yubikey CSV"]:
TOKENS = parseYubicoCSV(file_contents)
elif file_type in ["pskc"]:
TOKENS = parsePSKCdata(file_contents,
preshared_key_hex=aes_psk,
password=aes_password)
# Now import the Tokens from the dictionary
ret = ""
for serial in TOKENS:
log.debug("importing token {0!s}".format(TOKENS[serial]))
log.info("initialize token. serial: {0!s}, realm: {1!s}".format(
serial, tokenrealms))
init_param = {
'serial': serial,
'type': TOKENS[serial]['type'],
'description': TOKENS[serial].get("description", "imported"),
'otpkey': TOKENS[serial]['otpkey'],
'otplen': TOKENS[serial].get('otplen'),
'timeStep': TOKENS[serial].get('timeStep'),
'hashlib': TOKENS[serial].get('hashlib')
}
if hashlib and hashlib != "auto":
init_param['hashlib'] = hashlib
#if tokenrealm:
# self.Policy.checkPolicyPre('admin', 'loadtokens',
# {'tokenrealm': tokenrealm })
init_token(init_param, tokenrealms=tokenrealms)
g.audit_object.log({
'info':
"{0!s}, {1!s} (imported: {2:d})".format(file_type, token_file,
len(TOKENS)),
'serial':
', '.join(TOKENS.keys())
})
# logTokenNum()
return send_result(len(TOKENS))
def loadtokens_api(filename=None):
"""
The call imports the given file containing token definitions.
The file can be an OATH CSV file, an aladdin XML file or a Yubikey CSV file
exported from the yubikey initialization tool.
The function is called as a POST request with the file upload.
:jsonparam filename: The name of the token file, that is imported
:jsonparam type: The file type. Can be "aladdin-xml",
"oathcsv" or "yubikeycsv".
:jsonparam tokenrealms: comma separated list of tokens.
:jsonparam psk: Pre Shared Key, when importing PSKC
:return: The number of the imported tokens
:rtype: int
"""
if not filename:
filename = getParam(request.all_data, "filename", required)
known_types = ['aladdin-xml', 'oathcsv', "OATH CSV", 'yubikeycsv',
'Yubikey CSV', 'pskc']
file_type = getParam(request.all_data, "type", required)
hashlib = getParam(request.all_data, "aladdin_hashlib")
aes_psk = getParam(request.all_data, "psk")
aes_password = getParam(request.all_data, "password")
if aes_psk and len(aes_psk) != 32:
raise TokenAdminError("The Pre Shared Key must be 128 Bit hex "
"encoded. It must be 32 characters long!")
trealms = getParam(request.all_data, "tokenrealms") or ""
tokenrealms = []
if trealms:
tokenrealms = trealms.split(",")
TOKENS = {}
token_file = request.files['file']
file_contents = ""
# In case of form post requests, it is a "instance" of FieldStorage
# i.e. the Filename is selected in the browser and the data is
# transferred
# in an iframe. see: http://jquery.malsup.com/form/#sample4
#
if type(token_file) == FieldStorage: # pragma: no cover
log.debug("Field storage file: %s", token_file)
file_contents = token_file.value
elif type(token_file) == FileStorage:
log.debug("Werkzeug File storage file: %s", token_file)
file_contents = token_file.read()
else: # pragma: no cover
file_contents = token_file
file_contents = to_unicode(file_contents)
if file_contents == "":
log.error("Error loading/importing token file. file {0!s} empty!".format(
filename))
raise ParameterError("Error loading token file. File empty!")
if file_type not in known_types:
log.error("Unknown file type: >>{0!s}<<. We only know the types: {1!s}".format(file_type, ', '.join(known_types)))
raise TokenAdminError("Unknown file type: >>%s<<. We only know the "
"types: %s" % (file_type,
', '.join(known_types)))
# Decrypt file, if necessary
if file_contents.startswith("-----BEGIN PGP MESSAGE-----"):
GPG = GPGImport(current_app.config)
file_contents = GPG.decrypt(file_contents)
# Parse the tokens from file and get dictionary
if file_type == "aladdin-xml":
TOKENS = parseSafeNetXML(file_contents)
elif file_type in ["oathcsv", "OATH CSV"]:
TOKENS = parseOATHcsv(file_contents)
elif file_type in ["yubikeycsv", "Yubikey CSV"]:
TOKENS = parseYubicoCSV(file_contents)
elif file_type in ["pskc"]:
TOKENS = parsePSKCdata(file_contents, preshared_key_hex=aes_psk,
password=aes_password)
# Now import the Tokens from the dictionary
ret = ""
for serial in TOKENS:
log.debug("importing token {0!s}".format(TOKENS[serial]))
log.info("initialize token. serial: {0!s}, realm: {1!s}".format(serial,
tokenrealms))
import_token(serial,
TOKENS[serial],
tokenrealms=tokenrealms,
default_hashlib=hashlib)
g.audit_object.log({'info': u"{0!s}, {1!s} (imported: {2:d})".format(file_type,
token_file,
len(TOKENS)),
'serial': ', '.join(TOKENS)})
# logTokenNum()
return send_result(len(TOKENS))
