def test_17_update_token(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) # Failed update: genkey wrong self.assertRaises(Exception, token.update, { "description": "new desc", "genkey": "17" }) # genkey and otpkey used at the same time token.update({"otpkey": self.otpkey, "genkey": "1"}) self.assertTrue(token.token.otplen == 6) token.update({"otpkey": self.otpkey, "pin": "654321", "otplen": 6}) self.assertTrue(token.check_pin("654321")) self.assertTrue(token.token.otplen == 6) # update hashlib token.update({"otpkey": self.otpkey, "hashlib": "sha1"}) self.assertTrue( token.get_tokeninfo("hashlib") == "sha1", token.get_tokeninfo()) # save pin encrypted token.update({"genkey": 1, "pin": "secret", "encryptpin": "true"}) # check if the PIN is encrypted self.assertTrue(token.token.pin_hash.startswith("@@"), token.token.pin_hash) # update token without otpkey raises an error self.assertRaises(Exception, token.update, {"description": "test"})
def test_17_update_token(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) # Failed update: genkey wrong self.assertRaises(Exception, token.update, {"description": "new desc", "genkey": "17"}) # genkey and otpkey used at the same time token.update({"otpkey": self.otpkey, "genkey": "1"}) self.assertTrue(token.token.otplen == 6) token.update({"otpkey": self.otpkey, "pin": "654321", "otplen": 6}) self.assertTrue(token.check_pin("654321")) self.assertTrue(token.token.otplen == 6) # update hashlib token.update({"otpkey": self.otpkey, "hashlib": "sha1"}) self.assertTrue(token.get_tokeninfo("hashlib") == "sha1", token.get_tokeninfo()) # save pin encrypted token.update({"genkey": 1, "pin": "secret", "encryptpin": "true"}) # check if the PIN is encrypted self.assertTrue(token.token.pin_hash.startswith("@@"), token.token.pin_hash) # update token without otpkey raises an error self.assertRaises(Exception, token.update, {"description": "test"})
def test_30_2step_otpkeyformat(self): serial = "2step3" db_token = Token(serial, tokentype="hotp") db_token.save() token = HotpTokenClass(db_token) token.update({ "2stepinit": "1", "2step_clientsize": "12", "hashlib": "sha512", }) self.assertEqual(token.token.rollout_state, "clientwait") self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12") # fetch the server component for later tests server_component = binascii.unhexlify( token.token.get_otpkey().getKey()) # generate a 12-byte client component client_component = b'abcdefghijkl' checksum = hashlib.sha1(client_component).digest()[:4] # wrong checksum with warnings.catch_warnings(): warnings.simplefilter('ignore', category=DeprecationWarning) self.assertRaisesRegexp( ParameterError, "Incorrect checksum", token.update, { "otpkey": b32encode_and_unicode(b"\x37" + checksum[1:] + client_component).strip("="), "otpkeyformat": "base32check", }) # construct a secret token.update({ "otpkey": b32encode_and_unicode(checksum + client_component).strip("="), "otpkeyformat": "base32check", # the following values are ignored "2step_serversize": "23", "2step_difficulty": "666666", "2step_clientsize": "13" }) # check the generated secret secret = binascii.unhexlify(token.token.get_otpkey().getKey()) # check the correct lengths self.assertEqual(len(server_component), 64) # because of SHA-512 self.assertEqual(len(client_component), 12) self.assertEqual(len(secret), 64) # because of SHA-512 # check the secret has been generated according to the specification expected_secret = pbkdf2_hmac('sha1', binascii.hexlify(server_component), client_component, 10000, len(secret)) self.assertEqual(secret, expected_secret) self.assertTrue(token.token.active)
def test_30_2step_otpkeyformat(self): serial = "2step3" db_token = Token(serial, tokentype="hotp") db_token.save() token = HotpTokenClass(db_token) token.update({ "2stepinit": "1", "2step_clientsize": "12", "hashlib": "sha512", }) self.assertEqual(token.token.rollout_state, "clientwait") self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12") # fetch the server component for later tests server_component = binascii.unhexlify(token.token.get_otpkey().getKey()) # generate a 12-byte client component client_component = b'abcdefghijkl' checksum = hashlib.sha1(client_component).digest()[:4] # wrong checksum self.assertRaisesRegexp( ParameterError, "Incorrect checksum", token.update, { "otpkey": base64.b32encode("\x37" + checksum[1:] + client_component).strip("="), "otpkeyformat": "base32check", }) # construct a secret token.update({ "otpkey": base64.b32encode(checksum + client_component).strip("="), "otpkeyformat": "base32check", # the following values are ignored "2step_serversize": "23", "2step_difficulty": "666666", "2step_clientsize": "13" }) # check the generated secret secret = binascii.unhexlify(token.token.get_otpkey().getKey()) # check the correct lengths self.assertEqual(len(server_component), 64) # because of SHA-512 self.assertEqual(len(client_component), 12) self.assertEqual(len(secret), 64) # because of SHA-512 # check the secret has been generated according to the specification expected_secret = pbkdf2(binascii.hexlify(server_component), client_component, 10000, len(secret)) self.assertEqual(secret, expected_secret) self.assertTrue(token.token.active)
def test_29_2step_generation_custom(self): serial = "2step2" db_token = Token(serial, tokentype="hotp") db_token.save() token = HotpTokenClass(db_token) token.update({ "2stepinit": "1", "2step_serversize": "40", "2step_difficulty": "12345", "2step_clientsize": "12", "hashlib": "sha512", }) self.assertEqual(token.token.rollout_state, "clientwait") self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12") self.assertEqual(token.get_tokeninfo("2step_difficulty"), "12345") # fetch the server component for later tests server_component = binascii.unhexlify( token.token.get_otpkey().getKey()) # too short self.assertRaises(ParameterError, token.update, {"otpkey": binascii.hexlify(b"=" * 8)}) # generate a 12-byte client component client_component = b'abcdefghijkl' # construct a secret token.update({ "otpkey": binascii.hexlify(client_component), # the following values are ignored "2step_serversize": "23", "2step_difficulty": "666666", "2step_clientsize": "13" }) # check the generated secret secret = binascii.unhexlify(token.token.get_otpkey().getKey()) # check the correct lengths self.assertEqual(len(server_component), 40) self.assertEqual(len(client_component), 12) self.assertEqual(len(secret), 64) # because of SHA-512 # check the secret has been generated according to the specification expected_secret = pbkdf2_hmac('sha1', binascii.hexlify(server_component), client_component, 12345, len(secret)) self.assertEqual(secret, expected_secret) self.assertTrue(token.token.active)
def test_29_2step_generation_custom(self): serial = "2step2" db_token = Token(serial, tokentype="hotp") db_token.save() token = HotpTokenClass(db_token) token.update({ "2stepinit": "1", "2step_serversize": "40", "2step_difficulty": "12345", "2step_clientsize": "12", "hashlib": "sha512", }) self.assertEqual(token.token.rollout_state, "clientwait") self.assertEqual(token.get_tokeninfo("2step_clientsize"), "12") self.assertEqual(token.get_tokeninfo("2step_difficulty"), "12345") # fetch the server component for later tests server_component = binascii.unhexlify(token.token.get_otpkey().getKey()) # too short self.assertRaises(ParameterError, token.update, { "otpkey": binascii.hexlify("="*8) }) # generate a 12-byte client component client_component = b'abcdefghijkl' # construct a secret token.update({ "otpkey": binascii.hexlify(client_component), # the following values are ignored "2step_serversize": "23", "2step_difficulty": "666666", "2step_clientsize": "13" }) # check the generated secret secret = binascii.unhexlify(token.token.get_otpkey().getKey()) # check the correct lengths self.assertEqual(len(server_component), 40) self.assertEqual(len(client_component), 12) self.assertEqual(len(secret), 64) # because of SHA-512 # check the secret has been generated according to the specification expected_secret = pbkdf2(binascii.hexlify(server_component), client_component, 12345, len(secret)) self.assertEqual(secret, expected_secret) self.assertTrue(token.token.active)
def test_11_tokeninfo(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) token.add_tokeninfo("key1", "value2") info1 = token.get_tokeninfo() self.assertTrue("key1" in info1, info1) token.add_tokeninfo("key2", "value3") info2 = token.get_tokeninfo() self.assertTrue("key2" in info2, info2) token.set_tokeninfo(info1) info2 = token.get_tokeninfo() self.assertTrue("key2" not in info2, info2) self.assertTrue(token.get_tokeninfo("key1") == "value2", info2) # auth counter token.set_count_auth_success_max(200) token.set_count_auth_max(1000) token.set_count_auth_success(100) token.inc_count_auth_success() token.set_count_auth(200) token.inc_count_auth() self.assertTrue(token.get_count_auth_success_max() == 200) self.assertTrue(token.get_count_auth_success() == 101) self.assertTrue(token.get_count_auth_max() == 1000) self.assertTrue(token.get_count_auth() == 201) self.assertTrue(token.check_auth_counter()) token.set_count_auth_max(10) self.assertFalse(token.check_auth_counter()) token.set_count_auth_max(1000) token.set_count_auth_success_max(10) self.assertFalse(token.check_auth_counter()) # handle validity end date token.set_validity_period_end("2014-12-30T16:00+0200") end = token.get_validity_period_end() self.assertTrue(end == "2014-12-30T16:00+0200", end) self.assertRaises(Exception, token.set_validity_period_end, "wrong date") # handle validity start date token.set_validity_period_start("2013-12-30T16:00+0200") start = token.get_validity_period_start() self.assertTrue(start == "2013-12-30T16:00+0200", start) self.assertRaises(Exception, token.set_validity_period_start, "wrong date") self.assertFalse(token.check_validity_period()) # check validity period # +5 days end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # - 5 days start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(5) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertTrue(token.check_validity_period()) # check before start date # +5 days end_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(5) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # + 2 days start_date = datetime.datetime.now(tzlocal()) + datetime.timedelta(2) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertFalse(token.check_validity_period()) # check after enddate # -1 day end_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(1) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # - 10 days start_date = datetime.datetime.now(tzlocal()) - datetime.timedelta(10) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertFalse(token.check_validity_period())
def test_08_info(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) token.set_hashlib("sha1") ti = token.get_tokeninfo() self.assertTrue("hashlib" in ti, ti)
def test_11_tokeninfo(self): db_token = Token.query.filter_by(serial=self.serial1).first() token = HotpTokenClass(db_token) token.add_tokeninfo("key1", "value2") info1 = token.get_tokeninfo() self.assertTrue("key1" in info1, info1) token.add_tokeninfo("key2", "value3") info2 = token.get_tokeninfo() self.assertTrue("key2" in info2, info2) token.set_tokeninfo(info1) info2 = token.get_tokeninfo() self.assertTrue("key2" not in info2, info2) self.assertTrue(token.get_tokeninfo("key1") == "value2", info2) # auth counter token.set_count_auth_success_max(200) token.set_count_auth_max(1000) token.set_count_auth_success(100) token.inc_count_auth_success() token.set_count_auth(200) token.inc_count_auth() self.assertTrue(token.get_count_auth_success_max() == 200) self.assertTrue(token.get_count_auth_success() == 101) self.assertTrue(token.get_count_auth_max() == 1000) self.assertTrue(token.get_count_auth() == 201) self.assertTrue(token.check_auth_counter()) token.set_count_auth_max(10) self.assertFalse(token.check_auth_counter()) token.set_count_auth_max(1000) token.set_count_auth_success_max(10) self.assertFalse(token.check_auth_counter()) # handle validity end date token.set_validity_period_end("30/12/14 16:00") end = token.get_validity_period_end() self.assertTrue(end == "30/12/14 16:00", end) self.assertRaises(Exception, token.set_validity_period_end, "wrong date") # handle validity start date token.set_validity_period_start("30/12/13 16:00") start = token.get_validity_period_start() self.assertTrue(start == "30/12/13 16:00", start) self.assertRaises(Exception, token.set_validity_period_start, "wrong date") self.assertFalse(token.check_validity_period()) # check validity period # +5 days end_date = datetime.datetime.now() + datetime.timedelta(5) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # - 5 days start_date = datetime.datetime.now() - datetime.timedelta(5) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertTrue(token.check_validity_period()) # check before start date # +5 days end_date = datetime.datetime.now() + datetime.timedelta(5) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # + 2 days start_date = datetime.datetime.now() + datetime.timedelta(2) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertFalse(token.check_validity_period()) # check after enddate # -1 day end_date = datetime.datetime.now() - datetime.timedelta(1) end = end_date.strftime(DATE_FORMAT) token.set_validity_period_end(end) # - 10 days start_date = datetime.datetime.now() - datetime.timedelta(10) start = start_date.strftime(DATE_FORMAT) token.set_validity_period_start(start) self.assertFalse(token.check_validity_period())