def test_02_fault_recovery(self): with self.pkcs11: hsm = get_hsm() self.assertIsInstance(hsm, AESHardwareSecurityModule) # encryption initially works r = encryptPin("test") pin = decryptPin(r) self.assertEqual(pin, "test") self.assertTrue(hsm.is_ready) # the HSM disappears generate_random_call_count = self.pkcs11.session_mock.generateRandom.call_count open_session_call_count = self.pkcs11.mock.openSession.call_count with self.pkcs11.simulate_disconnect(100): with self.assertRaises(PyKCS11Error): encryptPin("test") # we have tried to generate a random number once self.assertEqual( self.pkcs11.session_mock.generateRandom.call_count, generate_random_call_count + 1) # we have tried to open a new session once self.assertEqual(self.pkcs11.mock.openSession.call_count, open_session_call_count + 1) # HSM is now defunct # try to recover now r = encryptPin("test") pin = decryptPin(r) self.assertEqual(pin, "test")
def test_02_fault_recovery(self): with self.pkcs11: hsm = get_hsm() self.assertIsInstance(hsm, AESHardwareSecurityModule) # encryption initially works r = encryptPin("test") pin = decryptPin(r) self.assertEqual(pin, "test") self.assertTrue(hsm.is_ready) # the HSM disappears generate_random_call_count = self.pkcs11.session_mock.generateRandom.call_count open_session_call_count = self.pkcs11.mock.openSession.call_count with self.pkcs11.simulate_disconnect(100): with self.assertRaises(PyKCS11Error): encryptPin("test") # we have tried to generate a random number once self.assertEqual(self.pkcs11.session_mock.generateRandom.call_count, generate_random_call_count + 1) # we have tried to open a new session once self.assertEqual(self.pkcs11.mock.openSession.call_count, open_session_call_count + 1) # HSM is now defunct # try to recover now r = encryptPin("test") pin = decryptPin(r) self.assertEqual(pin, "test")
def test_01_simple(self): with self.pkcs11: self.assertIsInstance(get_hsm(), AESHardwareSecurityModule) r = encryptPin("test") pin = decryptPin(r) self.assertEqual(pin, "test") self.assertTrue(get_hsm().is_ready) self.assertEqual(self.pkcs11.session_mock.encrypt.call_count, 1)
def test_00_encrypt_decrypt_pin(self): r = encryptPin("test") pin = decryptPin(r) self.assertTrue(pin == "test", (r, pin)) # decrypt some pins generated with 2.23 pin1 = 'd2c920ad10513c8ea322b522751185a3:54f068cffb43ada1edd024087da614ec' self.assertEqual(decryptPin(pin1), 'test') pin2 = '223f414872122ad112eb9f17b05da0b8:123079d997cd18601414830ab7c97678' self.assertEqual(decryptPin(pin2), 'test') pin3 = '4af7590600286becde70b99b10493104:09e4133652c609f9697e1923cde72904' self.assertEqual(decryptPin(pin3), '1234')
def _rollout_1(self, params): ''' do the rollout 1 step 1. https://privacyideaserver/admin/init? type=ocra& genkey=1& sharedsecret=1& user=BENUTZERNAME& session=SESSIONKEY =>> "serial" : SERIENNUMMER, "sharedsecret" : DATAOBJECT, "app_import" : IMPORTURL - genSharedSecret - vom HSM oder urandom ? - app_import : + privacyidea:// + ocrasuite ->> default aus dem config: (DefaultOcraSuite) + sharedsecret (Länge wie ???) + seriennummer - seriennummer: uuid ?? - token wird angelegt ist aber nicht aktiv!!! (counter == 0) ''' sharedSecret = params.get('sharedsecret', None) if sharedSecret == '1': ## preserve the rollout state self.addToTokenInfo('rollout', '1') ## preseerver the current key as sharedSecret secObj = self.token.getHOtpKey() key = secObj.getKey() encSharedSecret = encryptPin(key) self.addToTokenInfo('sharedSecret', encSharedSecret) info = {} uInfo = {} info['sharedsecret'] = key uInfo['sh'] = key info['ocrasuite'] = self.getOcraSuiteSuite() uInfo['os'] = self.getOcraSuiteSuite() info['serial'] = self.getSerial() uInfo['se'] = self.getSerial() info['app_import'] = 'lseqr://init?%s' % (urllib.urlencode(uInfo)) del info['ocrasuite'] self.info = info self.token.privacyIDEAIsactive = False return
def setPin(self, pin, hashed=True): # TODO: we could log the PIN here log.debug("setPin()") upin = "" if pin != "" and pin is not None: upin = pin if hashed is True: self.setHashedPin(upin) log.debug("setPin(HASH:%r)" % self.privacyIDEAPinHash) elif hashed is False: self.privacyIDEAPinHash = "@@" + encryptPin(upin) log.debug("setPin(ENCR:%r)" % self.privacyIDEAPinHash) return self.privacyIDEAPinHash
def test_00_encrypt_decrypt_pin(self): r = encryptPin("test") pin = decryptPin(r) self.assertTrue(pin == "test", (r, pin))