def setPin(self, pin, hashed=True, oldpin = None): # TODO: we could log the PIN here log.debug("setPin()") upin = "" if pin != "" and pin is not None: upin = pin # For Elm, we crypt the IV with the PIN. if (self.LinOtpKeyIV): iv = binascii.unhexlify(self.LinOtpKeyIV) # If we have an existing PIN hash, we need to # re-encrypt the IV with the new PIN. if (self.LinOtpPinHash): if (oldpin): # Decrypt the IV using the old PIN. iv = xor_crypt(iv, oldpin) else: # We *need* the old PIN or we can't recover the IV. raise Exception("Old PIN is required to change an existing PIN!") # Encrypt the IV with the new PIN self.LinOtpKeyIV = binascii.hexlify(xor_crypt(iv, upin)) if hashed == True: self.setHashedPin(upin) log.debug("setPin(HASH:%r)" % self.LinOtpPinHash) elif hashed == False: self.LinOtpPinHash = "@@" + encryptPin(upin) log.debug("setPin(ENCR:%r)" % self.LinOtpPinHash) return self.LinOtpPinHash
def setPin(self, pin, hashed=True, oldpin=None): # TODO: we could log the PIN here log.debug("setPin()") upin = "" if pin != "" and pin is not None: upin = pin # For Elm, we crypt the IV with the PIN. if (self.LinOtpKeyIV): iv = binascii.unhexlify(self.LinOtpKeyIV) # If we have an existing PIN hash, we need to # re-encrypt the IV with the new PIN. if (self.LinOtpPinHash): if (oldpin): # Decrypt the IV using the old PIN. iv = xor_crypt(iv, oldpin) else: # We *need* the old PIN or we can't recover the IV. raise Exception( "Old PIN is required to change an existing PIN!") # Encrypt the IV with the new PIN self.LinOtpKeyIV = binascii.hexlify(xor_crypt(iv, upin)) if hashed == True: self.setHashedPin(upin) log.debug("setPin(HASH:%r)" % self.LinOtpPinHash) elif hashed == False: self.LinOtpPinHash = "@@" + encryptPin(upin) log.debug("setPin(ENCR:%r)" % self.LinOtpPinHash) return self.LinOtpPinHash
def _rollout_1(self, params): ''' do the rollout 1 step 1. https://linotpserver/admin/init? type=ocra& genkey=1& sharedsecret=1& user=BENUTZERNAME& session=SESSIONKEY =>> "serial" : SERIENNUMMER, "sharedsecret" : DATAOBJECT, "app_import" : IMPORTURL - genSharedSecret - vom HSM oder urandom ? - app_import : + linotp:// + ocrasuite ->> default aus dem config: (DefaultOcraSuite) + sharedsecret (Länge wie ???) + seriennummer - seriennummer: uuid ?? - token wird angelegt ist aber nicht aktiv!!! (counter == 0) ''' log.debug('[_rollout_1] %r ' % (params)) sharedSecret = params.get('sharedsecret', None) if sharedSecret == '1': ## preserve the rollout state self.addToTokenInfo('rollout', '1') ## preseerver the current key as sharedSecret secObj = self.token.getHOtpKey() key = secObj.getKey() encSharedSecret = encryptPin(key) self.addToTokenInfo('sharedSecret', encSharedSecret) info = {} uInfo = {} info['sharedsecret'] = key uInfo['sh'] = key info['ocrasuite'] = self.getOcraSuiteSuite() uInfo['os'] = self.getOcraSuiteSuite() info['serial'] = self.getSerial() uInfo['se'] = self.getSerial() info['app_import'] = 'lseqr://init?%s' % (urllib.urlencode(uInfo)) del info['ocrasuite'] self.info = info self.token.LinOtpIsactive = False log.debug('[_rollout_1]:') return
def setPin(self, pin, hashed=True): # TODO: we could log the PIN here log.debug("setPin()") upin = "" if pin != "" and pin is not None: upin = pin if hashed == True: self.setHashedPin(upin) log.debug("setPin(HASH:%r)" % self.LinOtpPinHash) elif hashed == False: self.LinOtpPinHash = "@@" + encryptPin(upin) log.debug("setPin(ENCR:%r)" % self.LinOtpPinHash) return self.LinOtpPinHash
def _transform_action(action): """ transform the action, especialy the secret parameter of the url """ servers = [] name, _sep, values = action.partition('=') for value in values.split(' '): # decompose the server url to identify, if there is a secret inside parsed_server = urlparse.urlparse(value) # the urlparse has a bug,, where in elder versions, the # path is not split from the query if not parsed_server.query: path, _sep, query = parsed_server.path.partition('?') else: path = parsed_server.path query = parsed_server.query # in gereal url parsing allows mutiple entries per key # but we support here only one params = urlparse.parse_qs(query) for key, entry in params.items(): params[key] = entry[0] # finally we found the query parameters if 'secret' in params: secret = params['secret'] params['encsecret'] = encryptPin(secret) del params['secret'] # build the server url with the encrypted param: # as the named tuple is not updateable, we have to convert this # into an list to make the update and then back to a tuple to # create an url from this parsed_list = list(parsed_server[:]) parsed_list[ForwardServerPolicy.Path_index] = path.strip() parsed_list[ForwardServerPolicy.Query_index] = \ urllib.urlencode(params) server_url = urlparse.urlunparse(tuple(parsed_list)) servers.append(server_url) ret = '='.join([name, ' '.join(servers)]) return ret