OtpExternalAuthenticator.PersonAuthentication の継承関係図

OtpExternalAuthenticator.PersonAuthentication 連携図

公開メンバ関数
def	__init__ (self, currentTimeMillis)

def	init (self, configurationAttributes)

def	destroy (self, configurationAttributes)

def	getApiVersion (self)

def	isValidAuthenticationMethod (self, usageType, configurationAttributes)

def	getAlternativeAuthenticationMethod (self, usageType, configurationAttributes)

def	authenticate (self, configurationAttributes, requestParameters, step)

def	prepareForStep (self, configurationAttributes, requestParameters, step)

def	getExtraParametersForStep (self, configurationAttributes, step)

def	getCountAuthenticationSteps (self, configurationAttributes)

def	getPageForStep (self, configurationAttributes, step)

def	logout (self, configurationAttributes, requestParameters)

def	setRequestScopedParameters (self, identity)

def	loadOtpConfiguration (self, configurationAttributes)

def	processBasicAuthentication (self, credentials)

def	findEnrollments (self, user_name, skipPrefix=True)

def	validateSessionId (self, identity)

def	processOtpAuthentication (self, requestParameters, user_name, identity, otp_auth_method)

def	generateSecretKey (self, keyLength)

def	generateSecretHotpKey (self)

def	generateHotpKey (self, secretKey, movingFactor)

def	validateHotpKey (self, secretKey, movingFactor, totpKey)

def	generateHotpSecretKeyUri (self, secretKey, issuer, userDisplayName)

def	generateSecretTotpKey (self)

def	generateTotpKey (self, secretKey)

def	validateTotpKey (self, secretKey, totpKey)

def	generateTotpSecretKeyUri (self, secretKey, issuer, userDisplayName)

def	toBase32 (self, bytes)

def	toBase64Url (self, bytes)

def	fromBase64Url (self, chars)

公開変数類
	currentTimeMillis

	otpType

	otpIssuer

	customLabel

	customQrOptions

	registrationUri

	hotpConfiguration

	totpConfiguration

詳解

構築子と解体子

◆ init()

def OtpExternalAuthenticator.PersonAuthentication.__init__	(	self,
		currentTimeMillis
	)

     def __init__(self, currentTimeMillis):
         self.currentTimeMillis = currentTimeMillis
 

関数詳解

◆ authenticate()

def OtpExternalAuthenticator.PersonAuthentication.authenticate	(	self,
		configurationAttributes,
		requestParameters,
		step
	)

     def authenticate(self, configurationAttributes, requestParameters, step):
         authenticationService = CdiUtil.bean(AuthenticationService)
 
         identity = CdiUtil.bean(Identity)
         credentials = identity.getCredentials()
 
         self.setRequestScopedParameters(identity)
 
         if step == 1:
             print "OTP. Authenticate for step 1"
             authenticated_user = self.processBasicAuthentication(credentials)
             if authenticated_user == None:
                 return False
 
             otp_auth_method = "authenticate"
             # Uncomment this block if you need to allow user second OTP registration
             #enrollment_mode = ServerUtil.getFirstValue(requestParameters, "loginForm:registerButton")
             #if StringHelper.isNotEmpty(enrollment_mode):
             #    otp_auth_method = "enroll"
             
             if otp_auth_method == "authenticate":
                 user_enrollments = self.findEnrollments(authenticated_user.getUserId())
                 if len(user_enrollments) == 0:
                     otp_auth_method = "enroll"
                     print "OTP. Authenticate for step 1. There is no OTP enrollment for user '%s'. Changing otp_auth_method to '%s'" % (authenticated_user.getUserId(), otp_auth_method)
                     
             if otp_auth_method == "enroll":
                 print "OTP. Authenticate for step 1. Setting count steps: '%s'" % 3
                 identity.setWorkingParameter("otp_count_login_steps", 3)
 
             print "OTP. Authenticate for step 1. otp_auth_method: '%s'" % otp_auth_method
             identity.setWorkingParameter("otp_auth_method", otp_auth_method)
 
             return True
         elif step == 2:
             print "OTP. Authenticate for step 2"
 
             authenticationService = CdiUtil.bean(AuthenticationService)
             user = authenticationService.getAuthenticatedUser()
             if user == None:
                 print "OTP. Authenticate for step 2. Failed to determine user name"
                 return False
 
             session_id_validation = self.validateSessionId(identity)
             if not session_id_validation:
                 return False
 
             # Restore state from session
             otp_auth_method = identity.getWorkingParameter("otp_auth_method")
             if otp_auth_method == 'enroll':
                 auth_result = ServerUtil.getFirstValue(requestParameters, "auth_result")
                 if not StringHelper.isEmpty(auth_result):
                     print "OTP. Authenticate for step 2. User not enrolled OTP"
                     return False
 
                 print "OTP. Authenticate for step 2. Skipping this step during enrollment"
                 return True
 
             otp_auth_result = self.processOtpAuthentication(requestParameters, user.getUserId(), identity, otp_auth_method)
             print "OTP. Authenticate for step 2. OTP authentication result: '%s'" % otp_auth_result
 
             return otp_auth_result
         elif step == 3:
             print "OTP. Authenticate for step 3"
 
             authenticationService = CdiUtil.bean(AuthenticationService)
             user = authenticationService.getAuthenticatedUser()
             if user == None:
                 print "OTP. Authenticate for step 2. Failed to determine user name"
                 return False
 
             session_id_validation = self.validateSessionId(identity)
             if not session_id_validation:
                 return False
 
             # Restore state from session
             otp_auth_method = identity.getWorkingParameter("otp_auth_method")
             if otp_auth_method != 'enroll':
                 return False
 
             otp_auth_result = self.processOtpAuthentication(requestParameters, user.getUserId(), identity, otp_auth_method)
             print "OTP. Authenticate for step 3. OTP authentication result: '%s'" % otp_auth_result
 
             return otp_auth_result
         else:
             return False
 

◆ destroy()

def OtpExternalAuthenticator.PersonAuthentication.destroy	(	self,
		configurationAttributes
	)

     def destroy(self, configurationAttributes):
         print "OTP. Destroy"
         print "OTP. Destroyed successfully"
         return True
 

◆ findEnrollments()

def OtpExternalAuthenticator.PersonAuthentication.findEnrollments	(	self,
		user_name,
		skipPrefix = `True`
	)

     def findEnrollments(self, user_name, skipPrefix = True):
         result = []
 
         userService = CdiUtil.bean(UserService)
         user = userService.getUser(user_name, "oxExternalUid")
         if user == None:
             print "OTP. Find enrollments. Failed to find user"
             return result
         
         user_custom_ext_attribute = userService.getCustomAttribute(user, "oxExternalUid")
         if user_custom_ext_attribute == None:
             return result
 
         otp_prefix = "%s:" % self.otpType
         
         otp_prefix_length = len(otp_prefix) 
         for user_external_uid in user_custom_ext_attribute.getValues():
             index = user_external_uid.find(otp_prefix)
             if index != -1:
                 if skipPrefix:
                     enrollment_uid = user_external_uid[otp_prefix_length:]
                 else:
                     enrollment_uid = user_external_uid
 
                 result.append(enrollment_uid)
         
         return result
 

◆ fromBase64Url()

def OtpExternalAuthenticator.PersonAuthentication.fromBase64Url	(	self,
		chars
	)

     def fromBase64Url(self, chars):
         return BaseEncoding.base64Url().decode(chars)
 

◆ generateHotpKey()

def OtpExternalAuthenticator.PersonAuthentication.generateHotpKey	(	self,
		secretKey,
		movingFactor
	)

     def generateHotpKey(self, secretKey, movingFactor):
         digits = self.hotpConfiguration["digits"]
 
         hotp = HOTP.key(secretKey).digits(digits).movingFactor(movingFactor).build()
         
         return hotp.value()

◆ generateHotpSecretKeyUri()

def OtpExternalAuthenticator.PersonAuthentication.generateHotpSecretKeyUri	(	self,
		secretKey,
		issuer,
		userDisplayName
	)

     def generateHotpSecretKeyUri(self, secretKey, issuer, userDisplayName):
         digits = self.hotpConfiguration["digits"]
 
         secretKeyBase32 = self.toBase32(secretKey)
         otpKey = OTPKey(secretKeyBase32, OTPType.HOTP)
         label = issuer + " %s" % userDisplayName
 
         otpAuthURI = OTPAuthURIBuilder.fromKey(otpKey).label(label).issuer(issuer).digits(digits).build()
 
         return otpAuthURI.toUriString()
 

◆ generateSecretHotpKey()

def OtpExternalAuthenticator.PersonAuthentication.generateSecretHotpKey ( self )

     def generateSecretHotpKey(self):
         keyLength = self.hotpConfiguration["keyLength"]
         
         return self.generateSecretKey(keyLength)
 

◆ generateSecretKey()

def OtpExternalAuthenticator.PersonAuthentication.generateSecretKey	(	self,
		keyLength
	)

     def generateSecretKey(self, keyLength):
         bytes = jarray.zeros(keyLength, "b")
         secureRandom = SecureRandom()
         secureRandom.nextBytes(bytes)
         
         return bytes
     

◆ generateSecretTotpKey()

def OtpExternalAuthenticator.PersonAuthentication.generateSecretTotpKey ( self )

     def generateSecretTotpKey(self):
         keyLength = self.totpConfiguration["keyLength"]
         
         return self.generateSecretKey(keyLength)
 

◆ generateTotpKey()

def OtpExternalAuthenticator.PersonAuthentication.generateTotpKey	(	self,
		secretKey
	)

     def generateTotpKey(self, secretKey):
         digits = self.totpConfiguration["digits"]
         timeStep = self.totpConfiguration["timeStep"]
         hmacShaAlgorithmType = self.totpConfiguration["hmacShaAlgorithmType"]
 
         totp = TOTP.key(secretKey).digits(digits).timeStep(TimeUnit.SECONDS.toMillis(timeStep)).hmacSha(hmacShaAlgorithmType).build()
         
         return totp.value()
 

◆ generateTotpSecretKeyUri()

def OtpExternalAuthenticator.PersonAuthentication.generateTotpSecretKeyUri	(	self,
		secretKey,
		issuer,
		userDisplayName
	)

     def generateTotpSecretKeyUri(self, secretKey, issuer, userDisplayName):
         digits = self.totpConfiguration["digits"]
         timeStep = self.totpConfiguration["timeStep"]
 
         secretKeyBase32 = self.toBase32(secretKey)
         otpKey = OTPKey(secretKeyBase32, OTPType.TOTP)
         label = issuer + " %s" % userDisplayName
 
         otpAuthURI = OTPAuthURIBuilder.fromKey(otpKey).label(label).issuer(issuer).digits(digits).timeStep(TimeUnit.SECONDS.toMillis(timeStep)).build()
 
         return otpAuthURI.toUriString()
 

◆ getAlternativeAuthenticationMethod()

def OtpExternalAuthenticator.PersonAuthentication.getAlternativeAuthenticationMethod	(	self,
		usageType,
		configurationAttributes
	)

     def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):
         return None
 

◆ getApiVersion()

def OtpExternalAuthenticator.PersonAuthentication.getApiVersion ( self )

     def getApiVersion(self):
         return 1
 

◆ getCountAuthenticationSteps()

def OtpExternalAuthenticator.PersonAuthentication.getCountAuthenticationSteps	(	self,
		configurationAttributes
	)

     def getCountAuthenticationSteps(self, configurationAttributes):
         identity = CdiUtil.bean(Identity)
 
         if identity.isSetWorkingParameter("otp_count_login_steps"):
             return StringHelper.toInteger("%s" % identity.getWorkingParameter("otp_count_login_steps"))
         else:
             return 2
 

◆ getExtraParametersForStep()

def OtpExternalAuthenticator.PersonAuthentication.getExtraParametersForStep	(	self,
		configurationAttributes,
		step
	)

     def getExtraParametersForStep(self, configurationAttributes, step):
         return Arrays.asList("otp_auth_method", "otp_count_login_steps", "otp_secret_key", "otp_enrollment_request")
 

◆ getPageForStep()

def OtpExternalAuthenticator.PersonAuthentication.getPageForStep	(	self,
		configurationAttributes,
		step
	)

     def getPageForStep(self, configurationAttributes, step):
         if step == 2:
             identity = CdiUtil.bean(Identity)
     
             otp_auth_method = identity.getWorkingParameter("otp_auth_method")
             print "OTP. Gep page for step 2. otp_auth_method: '%s'" % otp_auth_method
     
             if otp_auth_method == 'enroll':
                 return "/auth/otp/enroll.xhtml"
             else:
                 return "/auth/otp/otplogin.xhtml"
         elif step == 3:
             return "/auth/otp/otplogin.xhtml"
 
         return ""
 

◆ init()

def OtpExternalAuthenticator.PersonAuthentication.init	(	self,
		configurationAttributes
	)

     def init(self, configurationAttributes):
         print "OTP. Initialization"
 
         if not configurationAttributes.containsKey("otp_type"):
             print "OTP. Initialization. Property otp_type is mandatory"
             return False
         self.otpType = configurationAttributes.get("otp_type").getValue2()
 
         if not self.otpType in ["hotp", "totp"]:
             print "OTP. Initialization. Property value otp_type is invalid"
             return False
 
         if not configurationAttributes.containsKey("issuer"):
             print "OTP. Initialization. Property issuer is mandatory"
             return False
         self.otpIssuer = configurationAttributes.get("issuer").getValue2()
 
         self.customLabel = None
         if configurationAttributes.containsKey("label"):
             self.customLabel = configurationAttributes.get("label").getValue2()
 
         self.customQrOptions = {}
         if configurationAttributes.containsKey("qr_options"):
             self.customQrOptions = configurationAttributes.get("qr_options").getValue2()
 
         self.registrationUri = None
         if configurationAttributes.containsKey("registration_uri"):
             self.registrationUri = configurationAttributes.get("registration_uri").getValue2()
 
         validOtpConfiguration = self.loadOtpConfiguration(configurationAttributes)
         if not validOtpConfiguration:
             return False
         
         print "OTP. Initialized successfully"
         return True
 

◆ isValidAuthenticationMethod()

def OtpExternalAuthenticator.PersonAuthentication.isValidAuthenticationMethod	(	self,
		usageType,
		configurationAttributes
	)

     def isValidAuthenticationMethod(self, usageType, configurationAttributes):
         return True
 

◆ loadOtpConfiguration()

def OtpExternalAuthenticator.PersonAuthentication.loadOtpConfiguration	(	self,
		configurationAttributes
	)

     def loadOtpConfiguration(self, configurationAttributes):
         print "OTP. Load OTP configuration"
         if not configurationAttributes.containsKey("otp_conf_file"):
             return False
 
         otp_conf_file = configurationAttributes.get("otp_conf_file").getValue2()
 
         # Load configuration from file
         f = open(otp_conf_file, 'r')
         try:
             otpConfiguration = json.loads(f.read())
         except:
             print "OTP. Load OTP configuration. Failed to load configuration from file:", otp_conf_file
             return False
         finally:
             f.close()
         
         # Check configuration file settings
         try:
             self.hotpConfiguration = otpConfiguration["htop"]
             self.totpConfiguration = otpConfiguration["totp"]
             
             hmacShaAlgorithm = self.totpConfiguration["hmacShaAlgorithm"]
             hmacShaAlgorithmType = None
 
             if StringHelper.equalsIgnoreCase(hmacShaAlgorithm, "sha1"):
                 hmacShaAlgorithmType = HmacShaAlgorithm.HMAC_SHA_1
             elif StringHelper.equalsIgnoreCase(hmacShaAlgorithm, "sha256"):
                 hmacShaAlgorithmType = HmacShaAlgorithm.HMAC_SHA_256
             elif StringHelper.equalsIgnoreCase(hmacShaAlgorithm, "sha512"):
                 hmacShaAlgorithmType = HmacShaAlgorithm.HMAC_SHA_512
             else:
                 print "OTP. Load OTP configuration. Invalid TOTP HMAC SHA algorithm: '%s'" % hmacShaAlgorithm
                  
             self.totpConfiguration["hmacShaAlgorithmType"] = hmacShaAlgorithmType
         except:
             print "OTP. Load OTP configuration. Invalid configuration file '%s' format. Exception: '%s'" % (otp_conf_file, sys.exc_info()[1])
             return False
         
 
         return True
 

◆ logout()

def OtpExternalAuthenticator.PersonAuthentication.logout	(	self,
		configurationAttributes,
		requestParameters
	)

     def logout(self, configurationAttributes, requestParameters):
         return True
 

◆ prepareForStep()

def OtpExternalAuthenticator.PersonAuthentication.prepareForStep	(	self,
		configurationAttributes,
		requestParameters,
		step
	)

     def prepareForStep(self, configurationAttributes, requestParameters, step):
         identity = CdiUtil.bean(Identity)
         credentials = identity.getCredentials()
 
         self.setRequestScopedParameters(identity)
 
         if step == 1:
             print "OTP. Prepare for step 1"
 
             return True
         elif step == 2:
             print "OTP. Prepare for step 2"
 
             session_id_validation = self.validateSessionId(identity)
             if not session_id_validation:
                 return False
 
             otp_auth_method = identity.getWorkingParameter("otp_auth_method")
             print "OTP. Prepare for step 2. otp_auth_method: '%s'" % otp_auth_method
 
             if otp_auth_method == 'enroll':
                 authenticationService = CdiUtil.bean(AuthenticationService)
                 user = authenticationService.getAuthenticatedUser()
                 if user == None:
                     print "OTP. Prepare for step 2. Failed to load user enty"
                     return False
 
                 if self.otpType == "hotp":
                     otp_secret_key = self.generateSecretHotpKey()
                     otp_enrollment_request = self.generateHotpSecretKeyUri(otp_secret_key, self.otpIssuer, user.getAttribute("displayName"))
                 elif self.otpType == "totp":
                     otp_secret_key = self.generateSecretTotpKey()
                     otp_enrollment_request = self.generateTotpSecretKeyUri(otp_secret_key, self.otpIssuer, user.getAttribute("displayName"))
                 else:
                     print "OTP. Prepare for step 2. Unknown OTP type: '%s'" % self.otpType
                     return False
 
                 print "OTP. Prepare for step 2. Prepared enrollment request for user: '%s'" % user.getUserId()
                 identity.setWorkingParameter("otp_secret_key", self.toBase64Url(otp_secret_key))
                 identity.setWorkingParameter("otp_enrollment_request", otp_enrollment_request)
 
             return True
         elif step == 3:
             print "OTP. Prepare for step 3"
 
             session_id_validation = self.validateSessionId(identity)
             if not session_id_validation:
                 return False
 
             otp_auth_method = identity.getWorkingParameter("otp_auth_method")
             print "OTP. Prepare for step 3. otp_auth_method: '%s'" % otp_auth_method
 
             if otp_auth_method == 'enroll':
                 return True
 
         return False
 

◆ processBasicAuthentication()

def OtpExternalAuthenticator.PersonAuthentication.processBasicAuthentication	(	self,
		credentials
	)

     def processBasicAuthentication(self, credentials):
         userService = CdiUtil.bean(UserService)
         authenticationService = CdiUtil.bean(AuthenticationService)
 
         user_name = credentials.getUsername()
         user_password = credentials.getPassword()
 
         logged_in = False
         if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):
             logged_in = authenticationService.authenticate(user_name, user_password)
 
         if not logged_in:
             return None
 
         find_user_by_uid = authenticationService.getAuthenticatedUser()
         if find_user_by_uid == None:
             print "OTP. Process basic authentication. Failed to find user '%s'" % user_name
             return None
         
         return find_user_by_uid
 

◆ processOtpAuthentication()

def OtpExternalAuthenticator.PersonAuthentication.processOtpAuthentication	(	self,
		requestParameters,
		user_name,
		identity,
		otp_auth_method
	)

     def processOtpAuthentication(self, requestParameters, user_name, identity, otp_auth_method):
         facesMessages = CdiUtil.bean(FacesMessages)
         facesMessages.setKeepMessages()
 
         userService = CdiUtil.bean(UserService)
 
         otpCode = ServerUtil.getFirstValue(requestParameters, "loginForm:otpCode")
         if StringHelper.isEmpty(otpCode):
             facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to authenticate. OTP code is empty")
             print "OTP. Process OTP authentication. otpCode is empty"
 
             return False
         
         if otp_auth_method == "enroll":
             # Get key from session
             otp_secret_key_encoded = identity.getWorkingParameter("otp_secret_key")
             if otp_secret_key_encoded == None:
                 print "OTP. Process OTP authentication. OTP secret key is invalid"
                 return False
             
             otp_secret_key = self.fromBase64Url(otp_secret_key_encoded)
 
             if self.otpType == "hotp":
                 validation_result = self.validateHotpKey(otp_secret_key, 1, otpCode)
                 
                 if (validation_result != None) and validation_result["result"]:
                     print "OTP. Process HOTP authentication during enrollment. otpCode is valid"
                     # Store HOTP Secret Key and moving factor in user entry
                     otp_user_external_uid = "hotp:%s;%s" % ( otp_secret_key_encoded, validation_result["movingFactor"] )
 
                     # Add otp_user_external_uid to user's external GUID list
                     find_user_by_external_uid = userService.addUserAttribute(user_name, "oxExternalUid", otp_user_external_uid)
                     if find_user_by_external_uid != None:
                         return True
 
                     print "OTP. Process HOTP authentication during enrollment. Failed to update user entry"
             elif self.otpType == "totp":
                 validation_result = self.validateTotpKey(otp_secret_key, otpCode)
                 if (validation_result != None) and validation_result["result"]:
                     print "OTP. Process TOTP authentication during enrollment. otpCode is valid"
                     # Store TOTP Secret Key and moving factor in user entry
                     otp_user_external_uid = "totp:%s" % otp_secret_key_encoded
 
                     # Add otp_user_external_uid to user's external GUID list
                     find_user_by_external_uid = userService.addUserAttribute(user_name, "oxExternalUid", otp_user_external_uid)
                     if find_user_by_external_uid != None:
                         return True
 
                     print "OTP. Process TOTP authentication during enrollment. Failed to update user entry"
         elif otp_auth_method == "authenticate":
             user_enrollments = self.findEnrollments(user_name)
 
             if len(user_enrollments) == 0:
                 print "OTP. Process OTP authentication. There is no OTP enrollment for user '%s'" % user_name
                 facesMessages.add(FacesMessage.SEVERITY_ERROR, "There is no valid OTP user enrollments")
                 return False
 
             if self.otpType == "hotp":
                 for user_enrollment in user_enrollments:
                     user_enrollment_data = user_enrollment.split(";")
                     otp_secret_key_encoded = user_enrollment_data[0]
 
                     # Get current moving factor from user entry
                     moving_factor = StringHelper.toInteger(user_enrollment_data[1])
                     otp_secret_key = self.fromBase64Url(otp_secret_key_encoded)
 
                     # Validate TOTP
                     validation_result = self.validateHotpKey(otp_secret_key, moving_factor, otpCode)
                     if (validation_result != None) and validation_result["result"]:
                         print "OTP. Process HOTP authentication during authentication. otpCode is valid"
                         otp_user_external_uid = "hotp:%s;%s" % ( otp_secret_key_encoded, moving_factor )
                         new_otp_user_external_uid = "hotp:%s;%s" % ( otp_secret_key_encoded, validation_result["movingFactor"] )
     
                         # Update moving factor in user entry
                         find_user_by_external_uid = userService.replaceUserAttribute(user_name, "oxExternalUid", otp_user_external_uid, new_otp_user_external_uid)
                         if find_user_by_external_uid != None:
                             return True
     
                         print "OTP. Process HOTP authentication during authentication. Failed to update user entry"
             elif self.otpType == "totp":
                 for user_enrollment in user_enrollments:
                     otp_secret_key = self.fromBase64Url(user_enrollment)
 
                     # Validate TOTP
                     validation_result = self.validateTotpKey(otp_secret_key, otpCode)
                     if (validation_result != None) and validation_result["result"]:
                         print "OTP. Process TOTP authentication during authentication. otpCode is valid"
                         return True
 
         facesMessages.add(FacesMessage.SEVERITY_ERROR, "Failed to authenticate. OTP code is invalid")
         print "OTP. Process OTP authentication. OTP code is invalid"
 
         return False
 

◆ setRequestScopedParameters()

def OtpExternalAuthenticator.PersonAuthentication.setRequestScopedParameters	(	self,
		identity
	)

     def setRequestScopedParameters(self, identity):
         if self.registrationUri != None:
             identity.setWorkingParameter("external_registration_uri", self.registrationUri)
 
         if self.customLabel != None:
             identity.setWorkingParameter("qr_label", self.customLabel)
 
         identity.setWorkingParameter("qr_options", self.customQrOptions)
 

◆ toBase32()

def OtpExternalAuthenticator.PersonAuthentication.toBase32	(	self,
		bytes
	)

     def toBase32(self, bytes):
         return BaseEncoding.base32().omitPadding().encode(bytes)
 

◆ toBase64Url()

def OtpExternalAuthenticator.PersonAuthentication.toBase64Url	(	self,
		bytes
	)

     def toBase64Url(self, bytes):
         return BaseEncoding.base64Url().encode(bytes)
 

◆ validateHotpKey()

def OtpExternalAuthenticator.PersonAuthentication.validateHotpKey	(	self,
		secretKey,
		movingFactor,
		totpKey
	)

     def validateHotpKey(self, secretKey, movingFactor, totpKey):
         lookAheadWindow = self.hotpConfiguration["lookAheadWindow"]
         digits = self.hotpConfiguration["digits"]
 
         htopValidationResult = HOTPValidator.lookAheadWindow(lookAheadWindow).validate(secretKey, movingFactor, digits, totpKey)
         if htopValidationResult.isValid():
             return { "result": True, "movingFactor": htopValidationResult.getNewMovingFactor() }
 
         return { "result": False, "movingFactor": None }
 

◆ validateSessionId()

def OtpExternalAuthenticator.PersonAuthentication.validateSessionId	(	self,
		identity
	)

     def validateSessionId(self, identity):
         session_id = CdiUtil.bean(SessionIdService).getSessionIdFromCookie()
         if StringHelper.isEmpty(session_id):
             print "OTP. Validate session id. Failed to determine session_id"
             return False
 
         otp_auth_method = identity.getWorkingParameter("otp_auth_method")
         if not otp_auth_method in ['enroll', 'authenticate']:
             print "OTP. Validate session id. Failed to authenticate user. otp_auth_method: '%s'" % otp_auth_method
             return False
 
         return True
 

◆ validateTotpKey()

def OtpExternalAuthenticator.PersonAuthentication.validateTotpKey	(	self,
		secretKey,
		totpKey
	)

     def validateTotpKey(self, secretKey, totpKey):
         localTotpKey = self.generateTotpKey(secretKey)
         if StringHelper.equals(localTotpKey, totpKey):
             return { "result": True }
 
         return { "result": False }
 

メンバ詳解

◆ currentTimeMillis

OtpExternalAuthenticator.PersonAuthentication.currentTimeMillis

◆ customLabel

OtpExternalAuthenticator.PersonAuthentication.customLabel

◆ customQrOptions

OtpExternalAuthenticator.PersonAuthentication.customQrOptions

◆ hotpConfiguration

OtpExternalAuthenticator.PersonAuthentication.hotpConfiguration

◆ otpIssuer

OtpExternalAuthenticator.PersonAuthentication.otpIssuer

◆ otpType

OtpExternalAuthenticator.PersonAuthentication.otpType

◆ registrationUri

OtpExternalAuthenticator.PersonAuthentication.registrationUri

◆ totpConfiguration

OtpExternalAuthenticator.PersonAuthentication.totpConfiguration

このクラス詳解は次のファイルから抽出されました:

D:/AppData/OpenId/gluu/src/oxAuth/Server/integrations/otp/OtpExternalAuthenticator.py

公開メンバ関数

公開変数類

詳解

構築子と解体子

◆ __init__()

関数詳解

◆ authenticate()

◆ destroy()

◆ findEnrollments()

◆ fromBase64Url()

◆ generateHotpKey()

◆ generateHotpSecretKeyUri()

◆ generateSecretHotpKey()

◆ generateSecretKey()

◆ generateSecretTotpKey()

◆ generateTotpKey()

◆ generateTotpSecretKeyUri()

◆ getAlternativeAuthenticationMethod()

◆ getApiVersion()

◆ getCountAuthenticationSteps()

◆ getExtraParametersForStep()

◆ getPageForStep()

◆ init()

◆ isValidAuthenticationMethod()

◆ loadOtpConfiguration()

◆ logout()

◆ prepareForStep()

◆ processBasicAuthentication()

◆ processOtpAuthentication()

◆ setRequestScopedParameters()

◆ toBase32()

◆ toBase64Url()

◆ validateHotpKey()

◆ validateSessionId()

◆ validateTotpKey()

メンバ詳解

◆ currentTimeMillis

◆ customLabel

◆ customQrOptions

◆ hotpConfiguration

◆ otpIssuer

◆ otpType

◆ registrationUri

◆ totpConfiguration

◆ init()