def test_credential_serialize_name(self):
self.assertEqual('name', Credential('name').long_name())
self.assertEqual('Issuer:name',
Credential('name', issuer='Issuer').long_name())
self.assertEqual(
'20/Issuer:name',
Credential('name', issuer='Issuer', period=20).long_name())
self.assertEqual(
'Issuer:name',
Credential('name', issuer='Issuer', period=30).long_name())
self.assertEqual('20/name', Credential('name', period=20).long_name())
def _read_slot_cred(self, slot, digits, timestamp):
try:
code = self._read_slot_code(
slot, digits, timestamp, wait_for_touch=False)
return (Credential(self._slot_name(slot), OATH_TYPE.TOTP, False),
code)
except YkpersError as e:
if e.errno == 11:
return (Credential(self._slot_name(slot), OATH_TYPE.TOTP, True
), None)
except Exception as e:
return (Credential(str(e).encode(), OATH_TYPE.TOTP, True), None)
return None
def test_credential_expiration(self):
cred = Credential('name')
cred.update_expiration(0)
self.assertEqual(30, cred.expiration)
cred.update_expiration(30)
self.assertEqual(60, cred.expiration)
cred.update_expiration(60)
self.assertEqual(90, cred.expiration)
def calculate_slot_mode(self, slot, digits, timestamp):
dev = self._descriptor.open_device(TRANSPORT.OTP)
code = dev.driver.calculate(
slot, challenge=timestamp, totp=True, digits=int(digits),
wait_for_touch=True)
return Credential(
self._slot_name(slot), code=code, oath_type='totp', touch=True,
algo='SHA1', expiration=self._expiration(timestamp)).to_dict()
def _read_slot_cred(self, slot, digits, timestamp):
try:
dev = self._descriptor.open_device(TRANSPORT.OTP)
code = dev.driver.calculate(
slot, challenge=timestamp, totp=True, digits=int(digits),
wait_for_touch=False)
return Credential(
self._slot_name(slot), code=code, oath_type='totp',
touch=False, algo='SHA1',
expiration=self._expiration(timestamp))
except YkpersError as e:
if e.errno == 11:
return Credential(
self._slot_name(slot), oath_type='totp', touch=True,
algo='SHA1')
except:
pass
return None
def _read_slot_cred(self, slot, digits, timestamp):
try:
dev = self._descriptor.open_device(TRANSPORT.OTP)
code = dev.driver.calculate(
slot, challenge=timestamp, totp=True, digits=int(digits),
wait_for_touch=False)
valid_from = timestamp - (timestamp % 30)
valid_to = valid_from + 30
code = Code(code, valid_from, valid_to)
return (Credential(self._slot_name(slot), OATH_TYPE.TOTP, False),
code)
except YkpersError as e:
if e.errno == 11:
return (Credential(self._slot_name(slot), OATH_TYPE.TOTP, True
), None)
except Exception as e:
return (Credential(str(e).encode(), OATH_TYPE.TOTP, True), None)
return None
def calculate(self, credential, timestamp, password_key):
try:
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
except:
return None
return controller.calculate(Credential.from_dict(credential),
timestamp).to_dict()
def calculate_slot_mode(self, slot, digits, timestamp):
try:
dev = self._descriptor.open_device(TRANSPORT.OTP)
code = dev.driver.calculate(
slot, challenge=timestamp, totp=True, digits=int(digits),
wait_for_touch=True)
except Exception as e:
logger.error('Failed to calculate code in slot mode', exc_info=e)
return None
valid_from = timestamp - (timestamp % 30)
valid_to = valid_from + 30
code = Code(code, valid_from, valid_to)
return pair_to_dict(Credential(self._slot_name(slot),
OATH_TYPE.TOTP, True), code)
def calc(slot, digits, label):
try:
code, touch = self._otp_get_code_or_touch(
slot, digits, timestamp)
entries.append({
'credential': cred_to_dict(
Credential(label.encode(), OATH_TYPE.TOTP, touch)),
'code': code_to_dict(
Code(code, valid_from, valid_to)) if code else None
})
except YkpersError as e:
if e.errno == 4:
pass
else:
raise
def calculate_slot_mode(self, slot, digits, timestamp):
try:
code = self._read_slot_code(
slot, digits, timestamp, wait_for_touch=True)
return pair_to_dict(Credential(self._slot_name(slot),
OATH_TYPE.TOTP, True), code)
except YkpersError as e:
if e.errno == 4:
logger.debug(
'Time out error, user probably did not touch the device.')
else:
logger.error(
'Failed to calculate code in slot mode', exc_info=e)
except Exception as e:
logger.error('Failed to calculate code in slot mode', exc_info=e)
return None
def test_credential_parse_period_and_issuer_and_name(self):
issuer, name, period = Credential.parse_key(b'20/Issuer:name')
self.assertEqual(20, period)
self.assertEqual('Issuer', issuer)
self.assertEqual('name', name)
def test_credential_parse_only_name(self):
issuer, name, period = Credential.parse_key(b'name')
self.assertEqual(30, period)
self.assertIsNone(issuer)
self.assertEqual('name', name)
def test_credential_parse_period_and_name(self):
issuer, name, period = Credential.parse_key(b'20/name')
self.assertEqual(20, period)
self.assertIsNone(issuer)
self.assertEqual('name', name)
def test_credential_parse_weird_issuer_and_name(self):
issuer, name, period = Credential.parse_key(b'weird/Issuer:name')
self.assertEqual(30, period)
self.assertEqual('weird/Issuer', issuer)
self.assertEqual('name', name)
def calculate(self, credential, timestamp, password_key):
return self._calculate(Credential.from_dict(credential), timestamp,
password_key).to_dict()
def test_credential_parse_only_name(self):
period, issuer, name = Credential.parse_long_name('name')
self.assertEqual(30, period)
self.assertEqual(None, issuer)
self.assertEqual('name', name)
def test_credential_parse_period_and_issuer_and_name(self):
period, issuer, name = Credential.parse_long_name('20/Issuer:name')
self.assertEqual(20, period)
self.assertEqual('Issuer', issuer)
self.assertEqual('name', name)
def cred_from_dict(data):
return Credential(data['key'].encode('utf-8'),
OATH_TYPE[data['oath_type']], data['touch'])
def delete_credential(self, credential, password_key):
dev = self._descriptor.open_device(TRANSPORT.CCID)
controller = OathController(dev.driver)
if controller.locked and password_key is not None:
controller.validate(a2b_hex(password_key))
controller.delete(Credential.from_dict(credential))