def init_key_partition(config, partition, key_type="ed25519"): """ create an elliptic curve secret + public key pair and store it in the linotp config """ if not key_type == "ed25519": raise ValueError("Unsupported keytype: %s", key_type) import linotp.lib.config public_key, secret_key = gen_dsa_keypair() secret_key_entry = base64.b64encode(secret_key).decode("utf-8") linotp.lib.config.storeConfig( key="SecretKey.Partition.%d" % partition, val=secret_key_entry, typ="encrypted_data", ) public_key_entry = base64.b64encode(public_key).decode("utf-8") linotp.lib.config.storeConfig( key="PublicKey.Partition.%d" % partition, val=public_key_entry, typ="encrypted_data", )
def setUp(self): self.delete_all_policies() self.delete_all_token() self.delete_all_realms() self.delete_all_resolvers() super(TestPushToken, self).setUp() self.create_common_resolvers() self.create_common_realms() self.create_dummy_cb_policies() # ------------------------------------------------------------------ -- self.gda = 'DEADBEEF' self.tokens = defaultdict(dict) # ------------------------------------------------------------------ -- pk, sk = gen_dsa_keypair() self.secret_key = sk self.public_key = pk # ----------------------------------------------------------------- -- # we need a dummy file to sneak past the file existence check # in the initial provider configuration self.dummy_temp_cert = NamedTemporaryFile() # ------------------------------------------------------------------ -- # make dummy provider config p_config = {"push_url": "https://pushproxy.keyidentity.com", "access_certificate": self.dummy_temp_cert.name, "server_certificate": ""} params = {'name': 'dummy_provider', 'class': 'DefaultPushProvider', 'config': json.dumps(p_config), 'timeout': '120', 'type': 'push'} self.make_system_request('setProvider', params=params) # ------------------------------------------------------------------ -- params = {'name': 'dummy_push_policy', 'scope': 'authentication', 'action': 'push_provider=dummy_provider', 'user': '******', 'realm': '*', 'client': '', 'time': ''} self.create_policy(params=params) self.uri = self.appconf.get('mobile_app_protocol_id', 'lseqr')
def setUp(self): self.delete_all_policies() self.delete_all_token() self.delete_all_realms() self.delete_all_resolvers() super(TestPushToken, self).setUp() self.create_common_resolvers() self.create_common_realms() self.create_dummy_cb_policies() # ------------------------------------------------------------------- -- self.gda = 'DEADBEEF' self.tokens = defaultdict(dict) # ------------------------------------------------------------------- -- pk, sk = gen_dsa_keypair() self.secret_key = sk self.public_key = pk # ------------------------------------------------------------------ -- # we need a dummy file to sneak past the file existence check # in the initial provider configuration self.dummy_temp_cert = NamedTemporaryFile() # ------------------------------------------------------------------ -- # make dummy provider config p_config = {"push_url": "http://pushproxy.keyidentity.com", "access_certificate": self.dummy_temp_cert.name, "server_certificate": ""} params = {'name': 'dummy_provider', 'class': 'DefaultPushProvider', 'config': json.dumps(p_config), 'timeout': '120', 'type': 'push'} self.make_system_request('setProvider', params=params) # ------------------------------------------------------------------ -- params = {'name': 'dummy_push_policy', 'scope': 'authentication', 'action': 'push_provider=dummy_provider', 'user': '******', 'realm': '*', 'client': '', 'time': ''} self.create_policy(params=params)
def test_repairing_fail_pubkey(self): """ PushToken: Check if repairing fails correctly (wrong pubkey) """ user_token_id = self.execute_correct_pairing() # temporarily switch the keypair (used for signature) tmp_secret_key = self.secret_key tmp_public_key = self.public_key pk, sk = gen_dsa_keypair() self.secret_key = sk self.public_key = pk # ------------------------------------------------------------------ -- # send repairing pairing response pairing_response = self.create_pairing_response_by_serial( user_token_id) response_dict = self.send_pairing_response(pairing_response) # ------------------------------------------------------------------ -- # check if returned json is correct self.assertIn('result', response_dict) result = response_dict.get('result') self.assertIn('value', result) value = result.get('value') self.assertFalse(value) self.assertIn('status', result) status = result.get('status') self.assertFalse(status) # ------------------------------------------------------------------ -- # reset the secret key self.secret_key = tmp_secret_key self.public_key = tmp_public_key
def test_repairing_fail_pubkey(self): """PushToken: Check if repairing fails correctly (wrong pubkey)""" user_token_id = self.execute_correct_pairing() # temporarily switch the keypair (used for signature) tmp_secret_key = self.secret_key tmp_public_key = self.public_key pk, sk = gen_dsa_keypair() self.secret_key = sk self.public_key = pk # ------------------------------------------------------------------ -- # send repairing pairing response pairing_response = self.create_pairing_response_by_serial( user_token_id) response_dict = self.send_pairing_response(pairing_response) # ------------------------------------------------------------------ -- # check if returned json is correct assert "result" in response_dict result = response_dict.get("result") assert "value" in result value = result.get("value") assert not value assert "status" in result status = result.get("status") assert not status # ------------------------------------------------------------------ -- # reset the secret key self.secret_key = tmp_secret_key self.public_key = tmp_public_key
def init_qrtoken_secret_key(config, cert_id='system'): """ create an elliptic curve secret + public key pair and store it in the linotp config """ import linotp.lib.config public_key, secret_key = gen_dsa_keypair() secret_key_entry = 'qrtokensk:' + base64.b64encode(secret_key) linotp.lib.config.storeConfig(key='QrTokenSecretKey.' + cert_id, val=secret_key_entry, typ='password') public_key_entry = 'qrtokenpk:' + base64.b64encode(public_key) linotp.lib.config.storeConfig(key='QrTokenPublicKey.' + cert_id, val=public_key_entry) return
def init_key_partition(config, partition, key_type='ed25519'): """ create an elliptic curve secret + public key pair and store it in the linotp config """ if not key_type == 'ed25519': raise ValueError('Unsupported keytype: %s', key_type) import linotp.lib.config public_key, secret_key = gen_dsa_keypair() secret_key_entry = base64.b64encode(secret_key) linotp.lib.config.storeConfig(key='SecretKey.Partition.%d' % partition, val=secret_key_entry, typ='encrypted_data') public_key_entry = base64.b64encode(public_key) linotp.lib.config.storeConfig(key='PublicKey.Partition.%d' % partition, val=public_key_entry, typ='encrypted_data')
def create_keys() -> Tuple[bytes, bytes]: """Create a public private key pair.""" return gen_dsa_keypair()
def setUp(self): self.delete_all_policies() self.delete_all_token() self.delete_all_realms() self.delete_all_resolvers() super(TestPushToken, self).setUp() self.create_common_resolvers() self.create_common_realms() self.create_dummy_cb_policies() # ------------------------------------------------------------------ -- self.gda = "DEADBEEF" self.tokens = defaultdict(dict) # ------------------------------------------------------------------ -- pk, sk = gen_dsa_keypair() self.secret_key = sk self.public_key = pk # ----------------------------------------------------------------- -- # we need a dummy file to sneak past the file existence check # in the initial provider configuration self.dummy_temp_cert = NamedTemporaryFile() # ------------------------------------------------------------------ -- # make dummy provider config p_config = { "push_url": "https://pushproxy.keyidentity.com", "access_certificate": self.dummy_temp_cert.name, "server_certificate": "", } params = { "name": "dummy_provider", "class": "DefaultPushProvider", "config": json.dumps(p_config), "timeout": "120", "type": "push", } self.make_system_request("setProvider", params=params) # ------------------------------------------------------------------ -- params = { "name": "dummy_push_policy", "scope": "authentication", "action": "push_provider=dummy_provider", "user": "******", "realm": "*", "client": "", "time": "", } self.create_policy(params=params) self.uri = self.app.config.get("MOBILE_APP_PROTOCOLL_ID", "lseqr")