def add_credential(self, name, key, oath_type, digits, algo, touch, password_key): dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) if controller.locked and password_key is not None: controller.validate(a2b_hex(password_key)) try: key = parse_b32_key(key) except Exception as e: return str(e) try: controller.put(key, name, oath_type, digits, algo=algo, require_touch=touch) except APDUError as e: # NEO doesn't return a no space error if full, # but a command aborted error. Assume it's because of # no space in this context. if e.sw == SW.NO_SPACE or e.sw == SW.COMMAND_ABORTED: return 'No space' else: raise
def _calculate(self, credential, timestamp, password_key): dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) if controller.locked and password_key is not None: controller.validate(a2b_hex(password_key)) cred = controller.calculate(credential, timestamp) return cred
def _calculate_all(self, timestamp, password_key): dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) if controller.locked and password_key is not None: controller.validate(a2b_hex(password_key)) creds = controller.calculate_all(timestamp) creds = [c for c in creds if not c.hidden] return creds
def validate(self, key): dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) if key is not None: try: controller.validate(a2b_hex(key)) return True except: return False
def set_password(self, new_password, password_key): dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) if controller.locked and password_key is not None: controller.validate(a2b_hex(password_key)) if new_password is not None: key = derive_key(controller.id, new_password) controller.set_password(key) else: controller.clear_password()
def calculate(self, credential, timestamp, password_key): try: dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) if controller.locked and password_key is not None: controller.validate(a2b_hex(password_key)) except: return None return controller.calculate(Credential.from_dict(credential), timestamp).to_dict()
def refresh_credentials(self, timestamp, password_key=None): try: dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) if controller.locked and password_key is not None: controller.validate(a2b_hex(password_key)) creds = controller.calculate_all(timestamp) return [c.to_dict() for c in creds if not c.is_hidden()] except: return []
def provide_password(self, password, remember=False): dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) self._key = controller.derive_key(password) try: controller.validate(self._key) except Exception: return False if remember: keys = self.settings.setdefault('keys', {}) keys[controller.id] = b2a_hex(self._key).decode() self.settings.write() return True
def add_credential(self, name, key, oath_type, digits, algo, touch, password_key): dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) if controller.locked and password_key is not None: controller.validate(a2b_hex(password_key)) try: key = parse_b32_key(key) except Exception as e: return str(e) controller.put(key, name, oath_type, digits, algo=algo, require_touch=touch)
def delete_credential(self, credential, password_key): dev = self._descriptor.open_device(TRANSPORT.CCID) controller = OathController(dev.driver) if controller.locked and password_key is not None: controller.validate(a2b_hex(password_key)) controller.delete(Credential.from_dict(credential))