linotp.model package

Module contents

wrt. the column name limitations see:
http://www.gplivna.eu/papers/naming_conventions.htm

Common rules 1. Only letters, numbers, and the underscore are allowed in names. Although

Oracle allows $ and #, they are not necessary and may cause unexpected problems.
  1. All names are in UPPERCASE. Or at least of no importance which case.

    Ignoring this rule usually leads referencing to tables and columns very clumsy because all names must be included in double quotes.

  2. The first character in the name must be letter.

  3. Keep the names meaningful, but in the same time don’t use

    long_names_describing_every_single_detail_of_particular_object.

class linotp.model.Challenge(transid, tokenserial, challenge=u'', data=u'', session=u'')[source]

Bases: object

the generic challange handling

challenge
checkChallengeSignature(hsm)[source]

check the integrity of a challenge

Parameters:hsm – security module
Returns:success - boolean
close()[source]

close a session and make it invisible to the validation

remarks:
we introduce the challenge status ‘closed’. It is set after a first successful authentication. The status is required, as we don’t remove the challenges after validation anymore
classmethod createTransactionId(length=20)[source]
data
get(key=None, fallback=None, save=False)[source]

simulate the dict behaviour to make challenge processing easier, as this will have to deal as well with ‘dict only challenges’

Parameters:
  • key – the attribute name - in case key is not provided, a dict of all class attributes is returned
  • fallback – if the attribute is not found, the fallback is returned
  • save – in case of all attributes and save==True, the timestamp is converted to a string representation
getChallenge()[source]
getData()[source]
getId()[source]
getSession()[source]
getStatus()[source]

check if the session is already closed

Returns:success - boolean
getTanCount()[source]
getTanStatus()[source]
getTokenSerial()[source]
getTransactionId()[source]
get_vars(save=False)[source]

return a dictionary of all vars in the challenge class

Returns:dict of vars
id
is_open()[source]

check if the session is already closed

Returns:success - boolean
received_count
received_tan
save()[source]

enforce the saving of a challenge - will guarantee the uniqness of the transaction id

Returns:transaction id of the stored challenge
session
setChallenge(challenge)[source]
setData(data)[source]
setSession(session)[source]
setTanStatus(received=False, valid=False)[source]
signChallenge(hsm)[source]

create a challenge signature and preserve it

Parameters:hsm – security module, which is able to calc the signature
Returns:
  • nothing -
timestamp
tokenserial
transid
valid_tan
class linotp.model.Config(Key, Value, Type=u'', Description=u'')[source]

Bases: object

Description
Key
Type
Value
class linotp.model.OcraChallenge(transId, challenge, tokenserial, data, session=u'')[source]

Bases: object

challenge
data
getChallenge()[source]
getData()[source]
getSession()[source]
getTanStatus()[source]
getTransactionId()[source]
id
received_count
received_tan
save()[source]
session
setChallenge(challenge)[source]
setData(data)[source]
setSession(session)[source]
setTanStatus(received=False, valid=False)[source]
timestamp
tokenserial
transid
valid_tan
class linotp.model.Realm(realm)[source]

Bases: object

default
id
name
option
storeRealm()[source]
class linotp.model.Reporting(event, realm, parameter=u'', value=u'', count=0, detail=u'', session=u'', description=u'', timestamp=None)[source]

Bases: object

count
description
detail
event
get_vars(save=False)[source]
id
parameter
realm
session
timestamp
value
class linotp.model.Token(serial)[source]

Bases: object

LinOtpCount
LinOtpCountWindow
LinOtpFailCount
LinOtpIdResClass
LinOtpIdResolver
LinOtpIsactive
LinOtpKeyEnc
LinOtpKeyIV
LinOtpMaxFail
LinOtpOtpLen
LinOtpPinHash
LinOtpSeed
LinOtpSyncWindow
LinOtpTokenDesc
LinOtpTokenId
LinOtpTokenInfo
LinOtpTokenPinSO
LinOtpTokenPinSOIV
LinOtpTokenPinUser
LinOtpTokenPinUserIV
LinOtpTokenSerialnumber
LinOtpTokenType
LinOtpUserid
addRealm(realm)[source]
static copy_pin(src, target)[source]
deleteToken()[source]
get(key=None, fallback=None, save=False)[source]

simulate the dict behaviour to make challenge processing easier, as this will have to deal as well with ‘dict only challenges’

Parameters:
  • key – the attribute name - in case key is not provided, a dict of all class attributes is returned
  • fallback – if the attribute is not found, the fallback is returned
  • save – in case all attributes are returned and save==True, the timestamp is converted to a string representation
getCountWindow()[source]
getHashedPin(pin)[source]
getInfo()[source]
getOtpCounter()[source]
getRealmNames()[source]
getRealms()[source]
getSerial()[source]
getSyncWindow()[source]
getType()[source]
getUserPin()[source]
get_encrypted_pin()[source]
get_encrypted_seed()[source]
get_hashed_pin()[source]
get_vars(save=False)[source]
isPinEncrypted(pin=None)[source]
realms
setCountWindow(counter)[source]
setDescription(desc)[source]
setHashedPin(pin)[source]
setInfo(info)[source]
setOtpLen(otplen)[source]
setRealms(realms)[source]
setSoPin(enc_soPin, iv)[source]
setType(typ)[source]
setUserPin(enc_userPin, iv)[source]
set_encrypted_pin(pin, iv)[source]
set_encrypted_seed(encrypted_seed, iv, reset_failcount=True)[source]

set_encrypted_seed - save the encrypted token seed / secret

Parameters:
  • encrypted_seed – the encrypted seed / secret
  • iv – the initialization value / salt
  • reset_failcount – reset the failcount on token update
set_hashed_pin(pin, iv)[source]
storeToken()[source]
updateType(typ)[source]
class linotp.model.TokenRealm(realmid)[source]

Bases: object

id
realm_id
token_id
linotp.model.createToken(serial)[source]
linotp.model.init_model(engine)[source]

init_model binds the table objects to the class objects - to be called before using any of the tables or classes in the model!!!

Parameters:engine – the sql engine