def __enable_u2f(self, user):
if user.uuid not in self.__settings:
self.__settings[user.uuid] = {}
user_settings = self.__settings[user.uuid]
devices = [DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])]
enroll = begin_registration(self.app_id, devices)
user_settings['_u2f_enroll_'] = enroll.json
self.__save_settings()
return enroll.json
def __enable_u2f(self, user):
if user.uuid not in self.__settings:
self.__settings[user.uuid] = {}
user_settings = self.__settings[user.uuid]
devices = [
DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])
]
enroll = begin_registration(self.app_id, devices)
user_settings['_u2f_enroll_'] = enroll.json
self.__save_settings()
return enroll.json
def sign(self, user_name, object_dn):
# Do we have read permissions for the requested attribute
self.__check_acl(user_name, object_dn, "r")
uuid = self.__dn_to_uuid(object_dn)
user_settings = self.__settings[uuid] if uuid in self.__settings else {}
devices = [DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])]
challenge = begin_authentication(self.app_id, devices)
user_settings['_u2f_challenge_'] = challenge.json
self.__save_settings()
return challenge.json
def sign(self, user_name, object_dn):
# Do we have read permissions for the requested attribute
self.__check_acl(user_name, object_dn, "r")
uuid = self.__dn_to_uuid(object_dn)
user_settings = self.__settings[
uuid] if uuid in self.__settings else {}
devices = [
DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])
]
challenge = begin_authentication(self.app_id, devices)
user_settings['_u2f_challenge_'] = challenge.json
self.__save_settings()
return challenge.json
def completeU2FRegistration(self, user_name, object_dn, data):
# Do we have write permissions for the requested attribute
self.__check_acl(user_name, object_dn, "w")
uuid = self.__dn_to_uuid(object_dn)
user_settings = self.__settings[uuid]
data = loads(data)
binding, cert = complete_registration(user_settings.pop('_u2f_enroll_'), data,
[self.facet])
devices = [DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])]
devices.append(binding)
user_settings['_u2f_devices_'] = [d.json for d in devices]
self.__save_settings()
self.__log.info("U2F device enrolled. Username: %s", user_name)
self.__log.debug("Attestation certificate:\n%s", cert.public_bytes(Encoding.PEM))
return True
def completeU2FRegistration(self, user_name, object_dn, data):
# Do we have write permissions for the requested attribute
self.__check_acl(user_name, object_dn, "w")
uuid = self.__dn_to_uuid(object_dn)
user_settings = self.__settings[uuid]
data = loads(data)
binding, cert = complete_registration(
user_settings.pop('_u2f_enroll_'), data, [self.facet])
devices = [
DeviceRegistration.wrap(device)
for device in user_settings.get('_u2f_devices_', [])
]
devices.append(binding)
user_settings['_u2f_devices_'] = [d.json for d in devices]
self.__save_settings()
self.__log.info("U2F device enrolled. Username: %s", user_name)
self.__log.debug("Attestation certificate:\n%s",
cert.public_bytes(Encoding.PEM))
return True