def get_gpg_keys(): """ Returns the GPG keys in the config directory specified by PI_GNUPG_HOME. :return: A json list of the public GPG keys """ GPG = GPGImport(current_app.config) keys = GPG.get_publickeys() g.audit_object.log({"success": True}) return send_result(keys)
def test_00_gpg_decrypt(self): GPG = GPGImport({"PI_GNUPG_HOME": "tests/testdata/gpg"}) pubkeys = GPG.get_publickeys() self.assertEqual(len(pubkeys), 1) self.assertTrue("2F25BAF8645350BB" in pubkeys) r = GPG.decrypt(HALLO_PAYLOAD) self.assertEqual(r, b"Hallo\n") self.assertRaises(Exception, GPG.decrypt, WRONG_PAYLOAD)
def test_00_gpg_decrypt(self): GPG = GPGImport({"PI_GNUPG_HOME": "tests/testdata/gpg"}) pubkeys = GPG.get_publickeys() self.assertEqual(len(pubkeys), 1) self.assertTrue("2F25BAF8645350BB" in pubkeys) r = GPG.decrypt(str(HALLO_PAYLOAD)) self.assertEqual(r, "Hallo\n") self.assertRaises(Exception, GPG.decrypt, WRONG_PAYLOAD)
def loadtokens_api(filename=None): """ The call imports the given file containing token definitions. The file can be an OATH CSV file, an aladdin XML file or a Yubikey CSV file exported from the yubikey initialization tool. The function is called as a POST request with the file upload. :jsonparam filename: The name of the token file, that is imported :jsonparam type: The file type. Can be "aladdin-xml", "oathcsv" or "yubikeycsv". :jsonparam tokenrealms: comma separated list of tokens. :jsonparam psk: Pre Shared Key, when importing PSKC :return: The number of the imported tokens :rtype: int """ if not filename: filename = getParam(request.all_data, "filename", required) known_types = [ 'aladdin-xml', 'oathcsv', "OATH CSV", 'yubikeycsv', 'Yubikey CSV', 'pskc' ] file_type = getParam(request.all_data, "type", required) hashlib = getParam(request.all_data, "aladdin_hashlib") aes_psk = getParam(request.all_data, "psk") aes_password = getParam(request.all_data, "password") if aes_psk and len(aes_psk) != 32: raise TokenAdminError("The Pre Shared Key must be 128 Bit hex " "encoded. It must be 32 characters long!") trealms = getParam(request.all_data, "tokenrealms") or "" tokenrealms = [] if trealms: tokenrealms = trealms.split(",") TOKENS = {} token_file = request.files['file'] file_contents = "" # In case of form post requests, it is a "instance" of FieldStorage # i.e. the Filename is selected in the browser and the data is # transferred # in an iframe. see: http://jquery.malsup.com/form/#sample4 # if type(token_file) == FieldStorage: # pragma: no cover log.debug("Field storage file: %s", token_file) file_contents = token_file.value elif type(token_file) == FileStorage: log.debug("Werkzeug File storage file: %s", token_file) file_contents = token_file.read() else: # pragma: no cover file_contents = token_file if file_contents == "": log.error( "Error loading/importing token file. file {0!s} empty!".format( filename)) raise ParameterError("Error loading token file. File empty!") if file_type not in known_types: log.error( "Unknown file type: >>{0!s}<<. We only know the types: {1!s}". format(file_type, ', '.join(known_types))) raise TokenAdminError("Unknown file type: >>%s<<. We only know the " "types: %s" % (file_type, ', '.join(known_types))) # Decrypt file, if necessary if file_contents.startswith("-----BEGIN PGP MESSAGE-----"): GPG = GPGImport(current_app.config) file_contents = GPG.decrypt(file_contents) # Parse the tokens from file and get dictionary if file_type == "aladdin-xml": TOKENS = parseSafeNetXML(file_contents) elif file_type in ["oathcsv", "OATH CSV"]: TOKENS = parseOATHcsv(file_contents) elif file_type in ["yubikeycsv", "Yubikey CSV"]: TOKENS = parseYubicoCSV(file_contents) elif file_type in ["pskc"]: TOKENS = parsePSKCdata(file_contents, preshared_key_hex=aes_psk, password=aes_password) # Now import the Tokens from the dictionary ret = "" for serial in TOKENS: log.debug("importing token {0!s}".format(TOKENS[serial])) log.info("initialize token. serial: {0!s}, realm: {1!s}".format( serial, tokenrealms)) init_param = { 'serial': serial, 'type': TOKENS[serial]['type'], 'description': TOKENS[serial].get("description", "imported"), 'otpkey': TOKENS[serial]['otpkey'], 'otplen': TOKENS[serial].get('otplen'), 'timeStep': TOKENS[serial].get('timeStep'), 'hashlib': TOKENS[serial].get('hashlib') } if hashlib and hashlib != "auto": init_param['hashlib'] = hashlib #if tokenrealm: # self.Policy.checkPolicyPre('admin', 'loadtokens', # {'tokenrealm': tokenrealm }) init_token(init_param, tokenrealms=tokenrealms) g.audit_object.log({ 'info': "{0!s}, {1!s} (imported: {2:d})".format(file_type, token_file, len(TOKENS)), 'serial': ', '.join(TOKENS.keys()) }) # logTokenNum() return send_result(len(TOKENS))
def loadtokens_api(filename=None): """ The call imports the given file containing token definitions. The file can be an OATH CSV file, an aladdin XML file or a Yubikey CSV file exported from the yubikey initialization tool. The function is called as a POST request with the file upload. :jsonparam filename: The name of the token file, that is imported :jsonparam type: The file type. Can be "aladdin-xml", "oathcsv" or "yubikeycsv". :jsonparam tokenrealms: comma separated list of tokens. :jsonparam psk: Pre Shared Key, when importing PSKC :return: The number of the imported tokens :rtype: int """ if not filename: filename = getParam(request.all_data, "filename", required) known_types = ['aladdin-xml', 'oathcsv', "OATH CSV", 'yubikeycsv', 'Yubikey CSV', 'pskc'] file_type = getParam(request.all_data, "type", required) hashlib = getParam(request.all_data, "aladdin_hashlib") aes_psk = getParam(request.all_data, "psk") aes_password = getParam(request.all_data, "password") if aes_psk and len(aes_psk) != 32: raise TokenAdminError("The Pre Shared Key must be 128 Bit hex " "encoded. It must be 32 characters long!") trealms = getParam(request.all_data, "tokenrealms") or "" tokenrealms = [] if trealms: tokenrealms = trealms.split(",") TOKENS = {} token_file = request.files['file'] file_contents = "" # In case of form post requests, it is a "instance" of FieldStorage # i.e. the Filename is selected in the browser and the data is # transferred # in an iframe. see: http://jquery.malsup.com/form/#sample4 # if type(token_file) == FieldStorage: # pragma: no cover log.debug("Field storage file: %s", token_file) file_contents = token_file.value elif type(token_file) == FileStorage: log.debug("Werkzeug File storage file: %s", token_file) file_contents = token_file.read() else: # pragma: no cover file_contents = token_file file_contents = to_unicode(file_contents) if file_contents == "": log.error("Error loading/importing token file. file {0!s} empty!".format( filename)) raise ParameterError("Error loading token file. File empty!") if file_type not in known_types: log.error("Unknown file type: >>{0!s}<<. We only know the types: {1!s}".format(file_type, ', '.join(known_types))) raise TokenAdminError("Unknown file type: >>%s<<. We only know the " "types: %s" % (file_type, ', '.join(known_types))) # Decrypt file, if necessary if file_contents.startswith("-----BEGIN PGP MESSAGE-----"): GPG = GPGImport(current_app.config) file_contents = GPG.decrypt(file_contents) # Parse the tokens from file and get dictionary if file_type == "aladdin-xml": TOKENS = parseSafeNetXML(file_contents) elif file_type in ["oathcsv", "OATH CSV"]: TOKENS = parseOATHcsv(file_contents) elif file_type in ["yubikeycsv", "Yubikey CSV"]: TOKENS = parseYubicoCSV(file_contents) elif file_type in ["pskc"]: TOKENS = parsePSKCdata(file_contents, preshared_key_hex=aes_psk, password=aes_password) # Now import the Tokens from the dictionary ret = "" for serial in TOKENS: log.debug("importing token {0!s}".format(TOKENS[serial])) log.info("initialize token. serial: {0!s}, realm: {1!s}".format(serial, tokenrealms)) import_token(serial, TOKENS[serial], tokenrealms=tokenrealms, default_hashlib=hashlib) g.audit_object.log({'info': u"{0!s}, {1!s} (imported: {2:d})".format(file_type, token_file, len(TOKENS)), 'serial': ', '.join(TOKENS)}) # logTokenNum() return send_result(len(TOKENS))