def init_key_partition(config, partition, key_type="ed25519"):
"""
create an elliptic curve secret + public key pair and
store it in the linotp config
"""
if not key_type == "ed25519":
raise ValueError("Unsupported keytype: %s", key_type)
import linotp.lib.config
public_key, secret_key = gen_dsa_keypair()
secret_key_entry = base64.b64encode(secret_key).decode("utf-8")
linotp.lib.config.storeConfig(
key="SecretKey.Partition.%d" % partition,
val=secret_key_entry,
typ="encrypted_data",
)
public_key_entry = base64.b64encode(public_key).decode("utf-8")
linotp.lib.config.storeConfig(
key="PublicKey.Partition.%d" % partition,
val=public_key_entry,
typ="encrypted_data",
)
def setUp(self):
self.delete_all_policies()
self.delete_all_token()
self.delete_all_realms()
self.delete_all_resolvers()
super(TestPushToken, self).setUp()
self.create_common_resolvers()
self.create_common_realms()
self.create_dummy_cb_policies()
# ------------------------------------------------------------------ --
self.gda = 'DEADBEEF'
self.tokens = defaultdict(dict)
# ------------------------------------------------------------------ --
pk, sk = gen_dsa_keypair()
self.secret_key = sk
self.public_key = pk
# ----------------------------------------------------------------- --
# we need a dummy file to sneak past the file existence check
# in the initial provider configuration
self.dummy_temp_cert = NamedTemporaryFile()
# ------------------------------------------------------------------ --
# make dummy provider config
p_config = {"push_url": "https://pushproxy.keyidentity.com",
"access_certificate": self.dummy_temp_cert.name,
"server_certificate": ""}
params = {'name': 'dummy_provider',
'class': 'DefaultPushProvider',
'config': json.dumps(p_config),
'timeout': '120',
'type': 'push'}
self.make_system_request('setProvider', params=params)
# ------------------------------------------------------------------ --
params = {'name': 'dummy_push_policy',
'scope': 'authentication',
'action': 'push_provider=dummy_provider',
'user': '******',
'realm': '*',
'client': '',
'time': ''}
self.create_policy(params=params)
self.uri = self.appconf.get('mobile_app_protocol_id', 'lseqr')
def setUp(self):
self.delete_all_policies()
self.delete_all_token()
self.delete_all_realms()
self.delete_all_resolvers()
super(TestPushToken, self).setUp()
self.create_common_resolvers()
self.create_common_realms()
self.create_dummy_cb_policies()
# ------------------------------------------------------------------- --
self.gda = 'DEADBEEF'
self.tokens = defaultdict(dict)
# ------------------------------------------------------------------- --
pk, sk = gen_dsa_keypair()
self.secret_key = sk
self.public_key = pk
# ------------------------------------------------------------------ --
# we need a dummy file to sneak past the file existence check
# in the initial provider configuration
self.dummy_temp_cert = NamedTemporaryFile()
# ------------------------------------------------------------------ --
# make dummy provider config
p_config = {"push_url": "http://pushproxy.keyidentity.com",
"access_certificate": self.dummy_temp_cert.name,
"server_certificate": ""}
params = {'name': 'dummy_provider',
'class': 'DefaultPushProvider',
'config': json.dumps(p_config),
'timeout': '120',
'type': 'push'}
self.make_system_request('setProvider', params=params)
# ------------------------------------------------------------------ --
params = {'name': 'dummy_push_policy',
'scope': 'authentication',
'action': 'push_provider=dummy_provider',
'user': '******',
'realm': '*',
'client': '',
'time': ''}
self.create_policy(params=params)
def test_repairing_fail_pubkey(self):
""" PushToken: Check if repairing fails correctly (wrong pubkey) """
user_token_id = self.execute_correct_pairing()
# temporarily switch the keypair (used for signature)
tmp_secret_key = self.secret_key
tmp_public_key = self.public_key
pk, sk = gen_dsa_keypair()
self.secret_key = sk
self.public_key = pk
# ------------------------------------------------------------------ --
# send repairing pairing response
pairing_response = self.create_pairing_response_by_serial(
user_token_id)
response_dict = self.send_pairing_response(pairing_response)
# ------------------------------------------------------------------ --
# check if returned json is correct
self.assertIn('result', response_dict)
result = response_dict.get('result')
self.assertIn('value', result)
value = result.get('value')
self.assertFalse(value)
self.assertIn('status', result)
status = result.get('status')
self.assertFalse(status)
# ------------------------------------------------------------------ --
# reset the secret key
self.secret_key = tmp_secret_key
self.public_key = tmp_public_key
def test_repairing_fail_pubkey(self):
""" PushToken: Check if repairing fails correctly (wrong pubkey) """
user_token_id = self.execute_correct_pairing()
# temporarily switch the keypair (used for signature)
tmp_secret_key = self.secret_key
tmp_public_key = self.public_key
pk, sk = gen_dsa_keypair()
self.secret_key = sk
self.public_key = pk
# ------------------------------------------------------------------ --
# send repairing pairing response
pairing_response = self.create_pairing_response_by_serial(
user_token_id)
response_dict = self.send_pairing_response(pairing_response)
# ------------------------------------------------------------------ --
# check if returned json is correct
self.assertIn('result', response_dict)
result = response_dict.get('result')
self.assertIn('value', result)
value = result.get('value')
self.assertFalse(value)
self.assertIn('status', result)
status = result.get('status')
self.assertFalse(status)
# ------------------------------------------------------------------ --
# reset the secret key
self.secret_key = tmp_secret_key
self.public_key = tmp_public_key
def test_repairing_fail_pubkey(self):
"""PushToken: Check if repairing fails correctly (wrong pubkey)"""
user_token_id = self.execute_correct_pairing()
# temporarily switch the keypair (used for signature)
tmp_secret_key = self.secret_key
tmp_public_key = self.public_key
pk, sk = gen_dsa_keypair()
self.secret_key = sk
self.public_key = pk
# ------------------------------------------------------------------ --
# send repairing pairing response
pairing_response = self.create_pairing_response_by_serial(
user_token_id)
response_dict = self.send_pairing_response(pairing_response)
# ------------------------------------------------------------------ --
# check if returned json is correct
assert "result" in response_dict
result = response_dict.get("result")
assert "value" in result
value = result.get("value")
assert not value
assert "status" in result
status = result.get("status")
assert not status
# ------------------------------------------------------------------ --
# reset the secret key
self.secret_key = tmp_secret_key
self.public_key = tmp_public_key
def init_qrtoken_secret_key(config, cert_id='system'):
"""
create an elliptic curve secret + public key pair and
store it in the linotp config
"""
import linotp.lib.config
public_key, secret_key = gen_dsa_keypair()
secret_key_entry = 'qrtokensk:' + base64.b64encode(secret_key)
linotp.lib.config.storeConfig(key='QrTokenSecretKey.' + cert_id,
val=secret_key_entry,
typ='password')
public_key_entry = 'qrtokenpk:' + base64.b64encode(public_key)
linotp.lib.config.storeConfig(key='QrTokenPublicKey.' + cert_id,
val=public_key_entry)
return
def init_qrtoken_secret_key(config, cert_id='system'):
"""
create an elliptic curve secret + public key pair and
store it in the linotp config
"""
import linotp.lib.config
public_key, secret_key = gen_dsa_keypair()
secret_key_entry = 'qrtokensk:' + base64.b64encode(secret_key)
linotp.lib.config.storeConfig(key='QrTokenSecretKey.' + cert_id,
val=secret_key_entry,
typ='password')
public_key_entry = 'qrtokenpk:' + base64.b64encode(public_key)
linotp.lib.config.storeConfig(key='QrTokenPublicKey.' + cert_id,
val=public_key_entry)
return
def init_key_partition(config, partition, key_type='ed25519'):
"""
create an elliptic curve secret + public key pair and
store it in the linotp config
"""
if not key_type == 'ed25519':
raise ValueError('Unsupported keytype: %s', key_type)
import linotp.lib.config
public_key, secret_key = gen_dsa_keypair()
secret_key_entry = base64.b64encode(secret_key)
linotp.lib.config.storeConfig(key='SecretKey.Partition.%d' % partition,
val=secret_key_entry,
typ='encrypted_data')
public_key_entry = base64.b64encode(public_key)
linotp.lib.config.storeConfig(key='PublicKey.Partition.%d' % partition,
val=public_key_entry,
typ='encrypted_data')
def init_key_partition(config, partition, key_type='ed25519'):
"""
create an elliptic curve secret + public key pair and
store it in the linotp config
"""
if not key_type == 'ed25519':
raise ValueError('Unsupported keytype: %s', key_type)
import linotp.lib.config
public_key, secret_key = gen_dsa_keypair()
secret_key_entry = base64.b64encode(secret_key)
linotp.lib.config.storeConfig(key='SecretKey.Partition.%d' % partition,
val=secret_key_entry,
typ='encrypted_data')
public_key_entry = base64.b64encode(public_key)
linotp.lib.config.storeConfig(key='PublicKey.Partition.%d' % partition,
val=public_key_entry,
typ='encrypted_data')
def create_keys() -> Tuple[bytes, bytes]:
"""Create a public private key pair."""
return gen_dsa_keypair()
def setUp(self):
self.delete_all_policies()
self.delete_all_token()
self.delete_all_realms()
self.delete_all_resolvers()
super(TestPushToken, self).setUp()
self.create_common_resolvers()
self.create_common_realms()
self.create_dummy_cb_policies()
# ------------------------------------------------------------------ --
self.gda = "DEADBEEF"
self.tokens = defaultdict(dict)
# ------------------------------------------------------------------ --
pk, sk = gen_dsa_keypair()
self.secret_key = sk
self.public_key = pk
# ----------------------------------------------------------------- --
# we need a dummy file to sneak past the file existence check
# in the initial provider configuration
self.dummy_temp_cert = NamedTemporaryFile()
# ------------------------------------------------------------------ --
# make dummy provider config
p_config = {
"push_url": "https://pushproxy.keyidentity.com",
"access_certificate": self.dummy_temp_cert.name,
"server_certificate": "",
}
params = {
"name": "dummy_provider",
"class": "DefaultPushProvider",
"config": json.dumps(p_config),
"timeout": "120",
"type": "push",
}
self.make_system_request("setProvider", params=params)
# ------------------------------------------------------------------ --
params = {
"name": "dummy_push_policy",
"scope": "authentication",
"action": "push_provider=dummy_provider",
"user": "******",
"realm": "*",
"client": "",
"time": "",
}
self.create_policy(params=params)
self.uri = self.app.config.get("MOBILE_APP_PROTOCOLL_ID", "lseqr")
