本文整理汇总了Python中privacyidea.lib.tokens.HMAC.HmacOtp类的典型用法代码示例。如果您正苦于以下问题:Python HmacOtp类的具体用法?Python HmacOtp怎么用?Python HmacOtp使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了HmacOtp类的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_otp
def get_otp(self, current_time=None, do_truncation=True, time_seconds=None, challenge=None):
"""
get the next OTP value
:param current_time: the current time, for which the OTP value
should be calculated for.
:type current_time: datetime object
:param time_seconds: the current time, for which the OTP value
should be calculated for (date +%s)
:type: time_seconds: int, unix system time seconds
:return: next otp value, and PIN, if possible
:rtype: tuple
"""
otplen = int(self.token.otplen)
secretHOtp = self.token.get_otpkey()
hmac2Otp = HmacOtp(secretHOtp, self.get_otp_count(), otplen, self.get_hashlib(self.hashlib))
if time_seconds is None:
time_seconds = self._time2float(datetime.datetime.now())
if current_time:
time_seconds = self._time2float(current_time)
# we don't need to round here as we have already float
counter = int(((time_seconds - self.timeshift) / self.timestep))
otpval = hmac2Otp.generate(counter=counter, inc_counter=False, do_truncation=do_truncation, challenge=challenge)
pin = self.token.get_pin()
combined = "%s%s" % (otpval, pin)
if get_from_config("PrependPin") == "True":
combined = "%s%s" % (pin, otpval)
return 1, pin, otpval, combined示例2: get_multi_otp
def get_multi_otp(self, count=0, epoch_start=0, epoch_end=0,
curTime=None, timestamp=None):
"""
return a dictionary of multiple future OTP values
of the HOTP/HMAC token
:param count: how many otp values should be returned
:type count: int
:param epoch_start: not implemented
:param epoch_end: not implemented
:param curTime: Simulate the servertime
:type curTime: datetime
:param timestamp: Simulate the servertime
:type timestamp: epoch time
:return: tuple of status: boolean, error: text and the OTP dictionary
"""
otp_dict = {"type": "TOTP", "otp": {}}
ret = False
error = "No count specified"
otplen = int(self.token.otplen)
secretHOtp = self.token.get_otpkey()
hmac2Otp = HmacOtp(secretHOtp, self.get_otp_count(),
otplen, self.get_hashlib(self.hashlib))
if curTime:
# datetime object provided for simulation
tCounter = self._time2float(curTime)
elif timestamp:
# epoch time provided for simulation
tCounter = int(timestamp)
else:
# use the current server time
tCounter = self._time2float(datetime.datetime.now())
# we don't need to round here as we have alread float
counter = int(((tCounter - self.timeshift) / self.timestep))
otp_dict["shift"] = self.timeshift
otp_dict["timeStepping"] = self.timeshift
if count > 0:
error = "OK"
for i in range(0, count):
otpval = hmac2Otp.generate(counter=counter + i,
inc_counter=False)
timeCounter = ((counter + i) * self.timestep) + self.timeshift
val_time = datetime.datetime.\
fromtimestamp(timeCounter).strftime("%Y-%m-%d %H:%M:%S")
otp_dict["otp"][counter + i] = {'otpval': otpval,
'time': val_time}
ret = True
return ret, error, otp_dict示例3: __init__
def __init__(self, ocrasuite, key=None, security_object=None):
"""
Creates an OCRA Object that can be used to calculate OTP response or
verify a response.
:param ocrasuite: The ocrasuite description
:type ocrasuite: basestring
:param security_object: A privacyIDEA security object, that can be
used to look up the key in the database
:type security_object: secObject as defined in privacyidea.lib.crypto
:param key: The HMAC Key
:type key: binary
:return: OCRA Object
"""
self.ocrasuite_obj = OCRASuite(ocrasuite)
self.ocrasuite = str(ocrasuite)
self.key = key
self.security_obj = security_object
digits = self.ocrasuite_obj.truncation
self.hmac_obj = HmacOtp(secObj=self.security_obj,
digits=digits,
hashfunc=SHA_FUNC.get(self.ocrasuite_obj.sha))示例4: resync
def resync(self, otp1, otp2, options=None):
"""
resync the token based on two otp values
external method to do the resync of the token
:param otp1: the first otp value
:type otp1: string
:param otp2: the second otp value
:type otp2: string
:param options: optional token specific parameters
:type options: dict or None
:return: counter or -1 if otp does not exist
:rtype: int
"""
ret = False
options = options or {}
otplen = int(self.token.otplen)
secretHOtp = self.token.get_otpkey()
log.debug("timestep: %r, syncWindow: %r, timeShift: %r"
% (self.timestep, self.timewindow, self.timeshift))
initTime = int(options.get('initTime', -1))
if initTime != -1:
server_time = int(initTime)
else:
server_time = time.time() + self.timeshift
counter = int((server_time / self.timestep) + 0.5)
log.debug("counter (current time): %i" % counter)
oCount = self.get_otp_count()
log.debug("tokenCounter: %r" % oCount)
log.debug("now checking window %s, timeStepping %s" %
(self.timewindow, self.timestep))
# check 2nd value
hmac2Otp = HmacOtp(secretHOtp,
counter,
otplen,
self.get_hashlib(self.hashlib))
log.debug("%s in otpkey: %s " % (otp2, secretHOtp))
res2 = hmac2Otp.checkOtp(otp2,
int(self.timewindow / self.timestep),
symetric=True) # TEST -remove the 10
log.debug("res 2: %r" % res2)
# check 1st value
hmac2Otp = HmacOtp(secretHOtp,
counter - 1,
otplen,
self.get_hashlib(self.hashlib))
log.debug("%s in otpkey: %s " % (otp1, secretHOtp))
res1 = hmac2Otp.checkOtp(otp1,
int(self.timewindow / self.timestep),
symetric=True) # TEST -remove the 10
log.debug("res 1: %r" % res1)
if res1 < oCount:
# A previous OTP value was used again!
log.warning("a previous OTP value was used again! tokencounter: "
"%i, presented counter %i" %
(oCount, res1))
res1 = -1
if res1 != -1 and res1 + 1 == res2:
# here we calculate the new drift/shift between the server time
# and the tokentime
tokentime = (res2 + 0.5) * self.timestep
currenttime = server_time - self.timeshift
new_shift = (tokentime - currenttime)
log.debug("the counters %r and %r matched. New shift: %r"
% (res1, res2, new_shift))
self.add_tokeninfo('timeShift', new_shift)
# The OTP value that was used for resync must not be used again!
self.set_otp_count(res2 + 1)
ret = True
if ret is True:
msg = "resync was successful"
else:
msg = "resync was not successful"
log.debug("end. %s: ret: %r" % (msg, ret))
return ret示例5: check_otp
def check_otp(self, anOtpVal, counter=None, window=None, options=None):
"""
validate the token otp against a given otpvalue
:param anOtpVal: the to be verified otpvalue
:type anOtpVal: string
:param counter: the counter state, that should be verified. For TOTP
this is the unix system time (seconds) divided by 30/60
:type counter: int
:param window: the counter +window (sec), which should be checked
:type window: int
:param options: the dict, which could contain token specific info
:type options: dict
:return: the counter or -1
:rtype: int
"""
otplen = int(self.token.otplen)
options = options or {}
secretHOtp = self.token.get_otpkey()
# oldCounter we have to remove one, as the normal otp handling will
# increment
# TODO: Migration: Really?
# oCount = self.get_otp_count() - 1
oCount = self.get_otp_count()
inow = int(time.time())
window = window or self.timewindow
initTime = int(options.get('initTime', -1))
if initTime != -1:
server_time = int(initTime)
else:
server_time = time.time() + self.timeshift
# If we have a counter from the parameter list
if not counter:
# No counter, so we take the current token_time
counter = self._time2counter(server_time,
timeStepping=self.timestep)
otime = self._getTimeFromCounter(oCount, timeStepping=self.timestep)
ttime = self._getTimeFromCounter(counter, timeStepping=self.timestep)
hmac2Otp = HmacOtp(secretHOtp,
counter,
otplen,
self.get_hashlib(self.hashlib))
res = hmac2Otp.checkOtp(anOtpVal,
int(window / self.timestep),
symetric=True)
if res != -1 and oCount != 0 and res <= oCount:
log.warning("a previous OTP value was used again! former "
"tokencounter: %i, presented counter %i" %
(oCount, res))
res = -1
return res
if -1 == res:
# _autosync: test if two consecutive otps have been provided
res = self._autosync(hmac2Otp, anOtpVal)
if res != -1:
# on success, we have to save the last attempt
self.set_otp_count(res)
# and we reset the fail counter
self.reset()
# We could also store it temporarily
# self.auth_details["matched_otp_counter"] = res
# here we calculate the new drift/shift between the server time
# and the tokentime
tokentime = self._counter2time(res, self.timestep)
tokenDt = datetime.datetime.fromtimestamp(tokentime / 1.0)
nowDt = datetime.datetime.fromtimestamp(inow / 1.0)
lastauth = self._counter2time(oCount, self.timestep)
lastauthDt = datetime.datetime.fromtimestamp(lastauth / 1.0)
log.debug("last auth : %r" % lastauthDt)
log.debug("tokentime : %r" % tokenDt)
log.debug("now : %r" % nowDt)
log.debug("delta : %r" % (tokentime - inow))
new_shift = (tokentime - inow)
log.debug("the counter %r matched. New shift: %r" %
(res, new_shift))
self.add_tokeninfo('timeShift', new_shift)
return res示例6: OCRA
class OCRA(object):
def __init__(self, ocrasuite, key=None, security_object=None):
"""
Creates an OCRA Object that can be used to calculate OTP response or
verify a response.
:param ocrasuite: The ocrasuite description
:type ocrasuite: basestring
:param security_object: A privacyIDEA security object, that can be
used to look up the key in the database
:type security_object: secObject as defined in privacyidea.lib.crypto
:param key: The HMAC Key
:type key: binary
:return: OCRA Object
"""
self.ocrasuite_obj = OCRASuite(ocrasuite)
self.ocrasuite = str(ocrasuite)
self.key = key
self.security_obj = security_object
digits = self.ocrasuite_obj.truncation
self.hmac_obj = HmacOtp(secObj=self.security_obj,
digits=digits,
hashfunc=SHA_FUNC.get(self.ocrasuite_obj.sha))
def create_data_input(self, question, pin=None, pin_hash=None,
counter=None, timesteps=None):
"""
Create the data_input to be used in the HMAC function
In case of QN the question would be "111111"
In case of QA the question would be "123ASD"
In case of QH the question would be "BEEF"
The question is transformed internally.
:param question: The question can be
:type question: basestring
:param pin_hash: The hash of the pin
:type pin_hash: basestring (hex)
:param timesteps: timestemps
:type timesteps: hex string
:return: data_input
:rytpe: binary
"""
# In case the ocrasuite comes as a unicode (like from the webui) we
# need to convert it!
data_input = str(self.ocrasuite) + b'\0'
# Check for counter
if self.ocrasuite_obj.counter == "C":
if counter:
counter = int(counter)
counter = struct.pack('>Q', int(counter))
data_input += counter
else:
raise Exception("The ocrasuite {0!s} requires a counter".format(
self.ocrasuite))
# Check for Question
if self.ocrasuite_obj.challenge_type == "QN":
# In case of QN
question = '{0:x}'.format(int(question))
question += '0' * (len(question) % 2)
question = binascii.unhexlify(question)
question += '\0' * (128-len(question))
data_input += question
elif self.ocrasuite_obj.challenge_type == "QA":
question += '\0' * (128-len(question))
data_input += question
elif self.ocrasuite_obj.challenge_type == "QH": # pragma: no cover
question = binascii.unhexlify(question)
question += '\0' * (128-len(question))
data_input += question
# in case of PIN
if self.ocrasuite_obj.signature_type == "P":
if pin_hash:
data_input += binascii.unhexlify(pin_hash)
elif pin:
pin_hash = SHA_FUNC.get(self.ocrasuite_obj.signature_hash)(
pin).digest()
data_input += pin_hash
else:
raise Exception("The ocrasuite {0!s} requires a PIN!".format(
self.ocrasuite))
elif self.ocrasuite_obj.signature_type == "T":
if not timesteps:
raise Exception("The ocrasuite {0!s} requires timesteps".format(
self.ocrasuite))
# In case of Time
timesteps = int(timesteps, 16)
timesteps = struct.pack('>Q', int(timesteps))
data_input += timesteps
elif self.ocrasuite_obj.signature_type == "S": # pragma: no cover
# In case of session
# TODO: Session not yet implemented
raise NotImplementedError("OCRA Session not implemented, yet.")
return data_input
def get_response(self, question, pin=None, pin_hash=None, counter=None,
#.........这里部分代码省略.........