当前位置: 首页>>代码示例>>Python>>正文


Python HMAC.HmacOtp类代码示例

本文整理汇总了Python中privacyidea.lib.tokens.HMAC.HmacOtp的典型用法代码示例。如果您正苦于以下问题:Python HmacOtp类的具体用法?Python HmacOtp怎么用?Python HmacOtp使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


在下文中一共展示了HmacOtp类的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: get_otp

    def get_otp(self, current_time=None, do_truncation=True, time_seconds=None, challenge=None):
        """
        get the next OTP value

        :param current_time: the current time, for which the OTP value
        should be calculated for.
        :type current_time: datetime object
        :param time_seconds: the current time, for which the OTP value
        should be calculated for (date +%s)
        :type: time_seconds: int, unix system time seconds
        :return: next otp value, and PIN, if possible
        :rtype: tuple
        """
        otplen = int(self.token.otplen)
        secretHOtp = self.token.get_otpkey()

        hmac2Otp = HmacOtp(secretHOtp, self.get_otp_count(), otplen, self.get_hashlib(self.hashlib))

        if time_seconds is None:
            time_seconds = self._time2float(datetime.datetime.now())
        if current_time:
            time_seconds = self._time2float(current_time)

        # we don't need to round here as we have already float
        counter = int(((time_seconds - self.timeshift) / self.timestep))
        otpval = hmac2Otp.generate(counter=counter, inc_counter=False, do_truncation=do_truncation, challenge=challenge)

        pin = self.token.get_pin()
        combined = "%s%s" % (otpval, pin)
        if get_from_config("PrependPin") == "True":
            combined = "%s%s" % (pin, otpval)

        return 1, pin, otpval, combined
开发者ID:ask0n,项目名称:privacyidea,代码行数:33,代码来源:totptoken.py

示例2: get_multi_otp

    def get_multi_otp(self, count=0, epoch_start=0, epoch_end=0,
                      curTime=None, timestamp=None):
        """
        return a dictionary of multiple future OTP values
        of the HOTP/HMAC token

        :param count: how many otp values should be returned
        :type count: int
        :param epoch_start: not implemented
        :param epoch_end: not implemented
        :param curTime: Simulate the servertime
        :type curTime: datetime
        :param timestamp: Simulate the servertime
        :type timestamp: epoch time
        :return: tuple of status: boolean, error: text and the OTP dictionary

        """
        otp_dict = {"type": "TOTP", "otp": {}}
        ret = False
        error = "No count specified"

        otplen = int(self.token.otplen)
        secretHOtp = self.token.get_otpkey()

        hmac2Otp = HmacOtp(secretHOtp, self.get_otp_count(),
                           otplen, self.get_hashlib(self.hashlib))

        if curTime:
            # datetime object provided for simulation
            tCounter = self._time2float(curTime)
        elif timestamp:
            # epoch time provided for simulation
            tCounter = int(timestamp)
        else:
            # use the current server time
            tCounter = self._time2float(datetime.datetime.now())

        # we don't need to round here as we have alread float
        counter = int(((tCounter - self.timeshift) / self.timestep))

        otp_dict["shift"] = self.timeshift
        otp_dict["timeStepping"] = self.timeshift

        if count > 0:
            error = "OK"
            for i in range(0, count):
                otpval = hmac2Otp.generate(counter=counter + i,
                                           inc_counter=False)
                timeCounter = ((counter + i) * self.timestep) + self.timeshift
                
                val_time = datetime.datetime.\
                    fromtimestamp(timeCounter).strftime("%Y-%m-%d %H:%M:%S")
                otp_dict["otp"][counter + i] = {'otpval': otpval,
                                                'time': val_time}
            ret = True
            
        return ret, error, otp_dict
开发者ID:R00tAK,项目名称:privacyidea,代码行数:57,代码来源:totptoken.py

示例3: __init__

    def __init__(self, ocrasuite, key=None, security_object=None):
        """
        Creates an OCRA Object that can be used to calculate OTP response or
        verify a response.

        :param ocrasuite: The ocrasuite description
        :type ocrasuite: basestring
        :param security_object: A privacyIDEA security object, that can be
            used to look up the key in the database
        :type security_object: secObject as defined in privacyidea.lib.crypto
        :param key: The HMAC Key
        :type key: binary
        :return: OCRA Object
        """
        self.ocrasuite_obj = OCRASuite(ocrasuite)
        self.ocrasuite = str(ocrasuite)
        self.key = key
        self.security_obj = security_object

        digits = self.ocrasuite_obj.truncation
        self.hmac_obj = HmacOtp(secObj=self.security_obj,
                                digits=digits,
                                hashfunc=SHA_FUNC.get(self.ocrasuite_obj.sha))
开发者ID:STRML,项目名称:privacyidea,代码行数:23,代码来源:ocra.py

示例4: resync

    def resync(self, otp1, otp2, options=None):
        """
        resync the token based on two otp values
        external method to do the resync of the token

        :param otp1: the first otp value
        :type otp1: string
        :param otp2: the second otp value
        :type otp2: string
        :param options: optional token specific parameters
        :type options:  dict or None
        :return: counter or -1 if otp does not exist
        :rtype:  int
        """
        ret = False
        options = options or {}
        otplen = int(self.token.otplen)
        secretHOtp = self.token.get_otpkey()

        log.debug("timestep: %r, syncWindow: %r, timeShift: %r"
                  % (self.timestep, self.timewindow, self.timeshift))

        initTime = int(options.get('initTime', -1))
        if initTime != -1:
            server_time = int(initTime)
        else:
            server_time = time.time() + self.timeshift

        counter = int((server_time / self.timestep) + 0.5)
        log.debug("counter (current time): %i" % counter)

        oCount = self.get_otp_count()

        log.debug("tokenCounter: %r" % oCount)
        log.debug("now checking window %s, timeStepping %s" %
                  (self.timewindow, self.timestep))
        # check 2nd value
        hmac2Otp = HmacOtp(secretHOtp,
                           counter,
                           otplen,
                           self.get_hashlib(self.hashlib))
        log.debug("%s in otpkey: %s " % (otp2, secretHOtp))
        res2 = hmac2Otp.checkOtp(otp2,
                                 int(self.timewindow / self.timestep),
                                 symetric=True)  # TEST -remove the 10
        log.debug("res 2: %r" % res2)
        # check 1st value
        hmac2Otp = HmacOtp(secretHOtp,
                           counter - 1,
                           otplen,
                           self.get_hashlib(self.hashlib))
        log.debug("%s in otpkey: %s " % (otp1, secretHOtp))
        res1 = hmac2Otp.checkOtp(otp1,
                                 int(self.timewindow / self.timestep),
                                 symetric=True)  # TEST -remove the 10
        log.debug("res 1: %r" % res1)

        if res1 < oCount:
            # A previous OTP value was used again!
            log.warning("a previous OTP value was used again! tokencounter: "
                        "%i, presented counter %i" %
                        (oCount, res1))
            res1 = -1

        if res1 != -1 and res1 + 1 == res2:
            # here we calculate the new drift/shift between the server time
            # and the tokentime
            tokentime = (res2 + 0.5) * self.timestep
            currenttime = server_time - self.timeshift
            new_shift = (tokentime - currenttime)
            log.debug("the counters %r and %r matched. New shift: %r"
                      % (res1, res2, new_shift))
            self.add_tokeninfo('timeShift', new_shift)

            # The OTP value that was used for resync must not be used again!
            self.set_otp_count(res2 + 1)

            ret = True

        if ret is True:
            msg = "resync was successful"
        else:
            msg = "resync was not successful"

        log.debug("end. %s: ret: %r" % (msg, ret))
        return ret
开发者ID:R00tAK,项目名称:privacyidea,代码行数:86,代码来源:totptoken.py

示例5: check_otp

    def check_otp(self, anOtpVal, counter=None, window=None, options=None):
        """
        validate the token otp against a given otpvalue

        :param anOtpVal: the to be verified otpvalue
        :type anOtpVal:  string
        :param counter: the counter state, that should be verified. For TOTP
        this is the unix system time (seconds) divided by 30/60
        :type counter: int
        :param window: the counter +window (sec), which should be checked
        :type window: int
        :param options: the dict, which could contain token specific info
        :type options: dict
        :return: the counter or -1
        :rtype: int
        """
        otplen = int(self.token.otplen)
        options = options or {}
        secretHOtp = self.token.get_otpkey()
        # oldCounter we have to remove one, as the normal otp handling will
        # increment
        # TODO: Migration: Really?
        # oCount = self.get_otp_count() - 1
        oCount = self.get_otp_count()
        inow = int(time.time())
        window = window or self.timewindow

        initTime = int(options.get('initTime', -1))
        if initTime != -1:
            server_time = int(initTime)
        else:
            server_time = time.time() + self.timeshift

        # If we have a counter from the parameter list
        if not counter:
            # No counter, so we take the current token_time
            counter = self._time2counter(server_time,
                                         timeStepping=self.timestep)
        otime = self._getTimeFromCounter(oCount, timeStepping=self.timestep)
        ttime = self._getTimeFromCounter(counter, timeStepping=self.timestep)

        hmac2Otp = HmacOtp(secretHOtp,
                           counter,
                           otplen,
                           self.get_hashlib(self.hashlib))
        res = hmac2Otp.checkOtp(anOtpVal,
                                int(window / self.timestep),
                                symetric=True)

        if res != -1 and oCount != 0 and res <= oCount:
            log.warning("a previous OTP value was used again! former "
                        "tokencounter: %i, presented counter %i" %
                        (oCount, res))
            res = -1
            return res

        if -1 == res:
            # _autosync: test if two consecutive otps have been provided
            res = self._autosync(hmac2Otp, anOtpVal)

        if res != -1:
            # on success, we have to save the last attempt
            self.set_otp_count(res)
            # and we reset the fail counter
            self.reset()
            # We could also store it temporarily
            # self.auth_details["matched_otp_counter"] = res

            # here we calculate the new drift/shift between the server time
            # and the tokentime
            tokentime = self._counter2time(res, self.timestep)
            tokenDt = datetime.datetime.fromtimestamp(tokentime / 1.0)

            nowDt = datetime.datetime.fromtimestamp(inow / 1.0)

            lastauth = self._counter2time(oCount, self.timestep)
            lastauthDt = datetime.datetime.fromtimestamp(lastauth / 1.0)

            log.debug("last auth : %r" % lastauthDt)
            log.debug("tokentime : %r" % tokenDt)
            log.debug("now       : %r" % nowDt)
            log.debug("delta     : %r" % (tokentime - inow))

            new_shift = (tokentime - inow)
            log.debug("the counter %r matched. New shift: %r" %
                      (res, new_shift))
            self.add_tokeninfo('timeShift', new_shift)
        return res
开发者ID:R00tAK,项目名称:privacyidea,代码行数:88,代码来源:totptoken.py

示例6: OCRA

class OCRA(object):

    def __init__(self, ocrasuite, key=None, security_object=None):
        """
        Creates an OCRA Object that can be used to calculate OTP response or
        verify a response.

        :param ocrasuite: The ocrasuite description
        :type ocrasuite: basestring
        :param security_object: A privacyIDEA security object, that can be
            used to look up the key in the database
        :type security_object: secObject as defined in privacyidea.lib.crypto
        :param key: The HMAC Key
        :type key: binary
        :return: OCRA Object
        """
        self.ocrasuite_obj = OCRASuite(ocrasuite)
        self.ocrasuite = str(ocrasuite)
        self.key = key
        self.security_obj = security_object

        digits = self.ocrasuite_obj.truncation
        self.hmac_obj = HmacOtp(secObj=self.security_obj,
                                digits=digits,
                                hashfunc=SHA_FUNC.get(self.ocrasuite_obj.sha))

    def create_data_input(self, question, pin=None, pin_hash=None,
                          counter=None, timesteps=None):
        """
        Create the data_input to be used in the HMAC function
        In case of QN the question would be "111111"
        In case of QA the question would be "123ASD"
        In case of QH the question would be "BEEF"

        The question is transformed internally.

        :param question: The question can be
        :type question: basestring

        :param pin_hash: The hash of the pin
        :type pin_hash: basestring (hex)
        :param timesteps: timestemps
        :type timesteps: hex string
        :return: data_input
        :rytpe: binary
        """
        # In case the ocrasuite comes as a unicode (like from the webui) we
        # need to convert it!
        data_input = str(self.ocrasuite) + b'\0'
        # Check for counter
        if self.ocrasuite_obj.counter == "C":
            if counter:
                counter = int(counter)
                counter = struct.pack('>Q', int(counter))
                data_input += counter
            else:
                raise Exception("The ocrasuite {0!s} requires a counter".format(
                                self.ocrasuite))
        # Check for Question
        if self.ocrasuite_obj.challenge_type == "QN":
            # In case of QN
            question = '{0:x}'.format(int(question))
            question += '0' * (len(question) % 2)
            question = binascii.unhexlify(question)
            question += '\0' * (128-len(question))
            data_input += question
        elif self.ocrasuite_obj.challenge_type == "QA":
            question += '\0' * (128-len(question))
            data_input += question
        elif self.ocrasuite_obj.challenge_type == "QH":  # pragma: no cover
            question = binascii.unhexlify(question)
            question += '\0' * (128-len(question))
            data_input += question

        # in case of PIN
        if self.ocrasuite_obj.signature_type == "P":
            if pin_hash:
                data_input += binascii.unhexlify(pin_hash)
            elif pin:
                pin_hash = SHA_FUNC.get(self.ocrasuite_obj.signature_hash)(
                    pin).digest()
                data_input += pin_hash
            else:
                raise Exception("The ocrasuite {0!s} requires a PIN!".format(
                                self.ocrasuite))
        elif self.ocrasuite_obj.signature_type == "T":
            if not timesteps:
                raise Exception("The ocrasuite {0!s} requires timesteps".format(
                                self.ocrasuite))
            # In case of Time
            timesteps = int(timesteps, 16)
            timesteps = struct.pack('>Q', int(timesteps))
            data_input += timesteps
        elif self.ocrasuite_obj.signature_type == "S":  # pragma: no cover
            # In case of session
            # TODO: Session not yet implemented
            raise NotImplementedError("OCRA Session not implemented, yet.")
        return data_input

    def get_response(self, question, pin=None, pin_hash=None, counter=None,
#.........这里部分代码省略.........
开发者ID:STRML,项目名称:privacyidea,代码行数:101,代码来源:ocra.py


注:本文中的privacyidea.lib.tokens.HMAC.HmacOtp类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。