linotp.model package

Submodules

• linotp.model.meta module

Module contents

wrt. the column name limitations see:

http://www.gplivna.eu/papers/naming_conventions.htm

Common rules 1. Only letters, numbers, and the underscore are allowed in names. Although

Oracle allows $ and #, they are not necessary and may cause unexpected problems.

2. All names are in UPPERCASE. Or at least of no importance which case.

   Ignoring this rule usually leads referencing to tables and columns very clumsy because all names must be included in double quotes.

3. The first character in the name must be letter.

4. Keep the names meaningful, but in the same time don’t use

   long_names_describing_every_single_detail_of_particular_object.

class linotp.model.Challenge(transid, tokenserial, challenge=u'', data=u'', session=u'')

Bases: object

the generic challange handling

add_session_info(info)

challenge

checkChallengeSignature(hsm)

check the integrity of a challenge

Parameters:hsm – security module Returns:success - boolean

close()

close a session and make it invisible to the validation

remarks:

we introduce the challenge status ‘closed’. It is set after a first successful authentication. The status is required, as we don’t remove the challenges after validation anymore

classmethod createTransactionId(length=20)

data

get(key=None, fallback=None, save=False)

simulate the dict behaviour to make challenge processing easier, as this will have to deal as well with ‘dict only challenges’

Parameters:

• key – the attribute name - in case key is not provided, a dict of all class attributes is returned
• fallback – if the attribute is not found, the fallback is returned
• save – in case of all attributes and save==True, the timestamp is converted to a string representation

getChallenge()

getData()

getId()

getSession()

getStatus()

check if the session is already closed

Returns:success - boolean

getTanCount()

getTanStatus()

getTokenSerial()

getTransactionId()

get_vars(save=False)

return a dictionary of all vars in the challenge class

Returns:dict of vars

id

is_open()

check if the session is already closed

Returns:success - boolean

ochallenge

odata

oochallenge

ptransid

received_count

received_tan

save()

enforce the saving of a challenge - will guarantee the uniqness of the transaction id

Returns:transaction id of the stored challenge

session

setChallenge(challenge)

setData(data)

setSession(session)

set the session state information like open or closed - contains in addition the mac of the whole challenge entry

Parameters:session – dictionary of the session info

setTanStatus(received=False, valid=False, increment=True)

signChallenge(hsm)

create a challenge signature and preserve it

Parameters:hsm – security module, which is able to calc the signature Returns:

• nothing -

timestamp

tokenserial

transid

valid_tan

class linotp.model.Config(Key, Value, Type=u'', Description=u'')

Bases: object

Description

Key

Type

Value

class linotp.model.LoggingConfig(name, level)

Bases: object

level

name

class linotp.model.OcraChallenge(transId, challenge, tokenserial, data, session=u'')

Bases: object

challenge

data

getChallenge()

getData()

getSession()

getTanStatus()

getTransactionId()

id

received_count

received_tan

save()

session

setChallenge(challenge)

setData(data)

setSession(session)

setTanStatus(received=False, valid=False)

timestamp

tokenserial

transid

valid_tan

class linotp.model.Realm(realm)

Bases: object

default

id

name

option

storeRealm()

class linotp.model.Reporting(event, realm, parameter=u'', value=u'', count=0, detail=u'', session=u'', description=u'', timestamp=None)

Bases: object

count

description

detail

event

get_vars()

id

parameter

realm

session

timestamp

value

class linotp.model.Token(serial)

Bases: object

LinOtpCount

LinOtpCountWindow

LinOtpCreationDate

LinOtpFailCount

LinOtpIdResClass

LinOtpIdResolver

LinOtpIsactive

LinOtpKeyEnc

LinOtpKeyIV

LinOtpLastAuthMatch

LinOtpLastAuthSuccess

LinOtpMaxFail

LinOtpOtpLen

LinOtpPinHash

LinOtpSeed

LinOtpSyncWindow

LinOtpTokenDesc

LinOtpTokenId

LinOtpTokenInfo

LinOtpTokenPinSO

LinOtpTokenPinSOIV

LinOtpTokenPinUser

LinOtpTokenPinUserIV

LinOtpTokenSerialnumber

LinOtpTokenType

LinOtpUserid

addRealm(realm)

static copy_pin(src, target)

deleteToken()

get(key=None, fallback=None, save=False)

simulate the dict behaviour to make challenge processing easier, as this will have to deal as well with ‘dict only challenges’

Parameters:

• key – the attribute name - in case key is not provided, a dict of all class attributes is returned
• fallback – if the attribute is not found, the fallback is returned
• save – in case all attributes are returned and save==True, the timestamp is converted to a string representation

getCountWindow()

getHashedPin(pin)

getInfo()

getOtpCounter()

getRealmNames()

getRealms()

getSerial()

getSyncWindow()

getType()

getUserPin()

get_encrypted_pin()

get_encrypted_seed()

get_hashed_pin()

get_vars(save=False)

isPinEncrypted(pin=None)

realms

setCountWindow(counter)

setDescription(desc)

setHashedPin(pin)

setInfo(info)

setOtpLen(otplen)

setRealms(realms)

setSoPin(enc_soPin, iv)

setType(typ)

setUserPin(enc_userPin, iv)

set_encrypted_pin(pin, iv)

set_encrypted_seed(encrypted_seed, iv, reset_failcount=True, reset_counter=True)

set_encrypted_seed - save the encrypted token seed / secret

Parameters:

• encrypted_seed – the encrypted seed / secret
• iv – the initialization value / salt
• reset_failcount – reset the failcount on token update
• reset_counter – reset the otp counter on token update

set_hashed_pin(pin, iv)

storeToken()

updateType(typ)

class linotp.model.TokenRealm(realmid)

Bases: object

id

realm_id

token_id

linotp.model.createToken(serial)

linotp.model.init_model(engine)

init_model binds the table objects to the class objects - to be called before using any of the tables or classes in the model!!!

Parameters:engine – the sql engine