diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/cryptography/hazmat/primitives/twofactor/hotp.py | 6 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/twofactor/totp.py | 6 | ||||
| -rw-r--r-- | src/cryptography/hazmat/primitives/twofactor/utils.py | 30 |
3 files changed, 15 insertions, 27 deletions
diff --git a/src/cryptography/hazmat/primitives/twofactor/hotp.py b/src/cryptography/hazmat/primitives/twofactor/hotp.py index ba228b40..f59f551c 100644 --- a/src/cryptography/hazmat/primitives/twofactor/hotp.py +++ b/src/cryptography/hazmat/primitives/twofactor/hotp.py @@ -15,6 +15,7 @@ from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time, hmac from cryptography.hazmat.primitives.hashes import SHA1, SHA256, SHA512 from cryptography.hazmat.primitives.twofactor import InvalidToken +from cryptography.hazmat.primitives.twofactor.utils import generate_uri class HOTP(object): @@ -59,3 +60,8 @@ class HOTP(object): offset = six.indexbytes(hmac_value, len(hmac_value) - 1) & 0b1111 p = hmac_value[offset:offset + 4] return struct.unpack(">I", p)[0] & 0x7fffffff + + def get_provisioning_uri(self, account_name, counter, issuer=None): + return generate_uri(self, 'hotp', account_name, issuer, [ + ('counter', int(counter)), + ]) diff --git a/src/cryptography/hazmat/primitives/twofactor/totp.py b/src/cryptography/hazmat/primitives/twofactor/totp.py index 03df9292..9c8eddad 100644 --- a/src/cryptography/hazmat/primitives/twofactor/totp.py +++ b/src/cryptography/hazmat/primitives/twofactor/totp.py @@ -11,6 +11,7 @@ from cryptography.hazmat.backends.interfaces import HMACBackend from cryptography.hazmat.primitives import constant_time from cryptography.hazmat.primitives.twofactor import InvalidToken from cryptography.hazmat.primitives.twofactor.hotp import HOTP +from cryptography.hazmat.primitives.twofactor.utils import generate_uri class TOTP(object): @@ -31,3 +32,8 @@ class TOTP(object): def verify(self, totp, time): if not constant_time.bytes_eq(self.generate(time), totp): raise InvalidToken("Supplied TOTP value does not match.") + + def get_provisioning_uri(self, account_name, issuer=None): + return generate_uri(self._hotp, 'totp', account_name, issuer, [ + ('period', int(self._time_step)), + ]) diff --git a/src/cryptography/hazmat/primitives/twofactor/utils.py b/src/cryptography/hazmat/primitives/twofactor/utils.py index 43f50b30..89d38ff2 100644 --- a/src/cryptography/hazmat/primitives/twofactor/utils.py +++ b/src/cryptography/hazmat/primitives/twofactor/utils.py @@ -5,25 +5,7 @@ import base64 from six.moves.urllib.parse import quote, urlencode -__all__ = ['get_provisioning_uri'] - - -def get_provisioning_uri(otp, account_name, issuer=None, counter=None): - """Generates a provisioning URI which can be recognized by Two-Factor - Authentication Apps. See also: http://git.io/vkvvY - - :param otp: An instance of - :class:`cryptography.hazmat.primitives.twofactor.hotp.HOTP` or - :class:`cryptography.hazmat.primitives.twofactor.totp.TOTP`. - :param account_name: The display name of account, such as - ``'Alice Smith'`` or ``'alice@example.com'``. - :param issuer: The display name of issuer. - :param counter: The current value of counter. It is required for HOTP. - :return: The URI string. - :raises RuntimeError: if counter is missing but otp type is HOTP - """ - hotp = getattr(otp, '_hotp', otp) - +def generate_uri(hotp, type_name, account_name, issuer, extra_parameters): parameters = [ ('digits', hotp._length), ('secret', base64.b32encode(hotp._key)), @@ -33,16 +15,10 @@ def get_provisioning_uri(otp, account_name, issuer=None, counter=None): if issuer is not None: parameters.append(('issuer', issuer)) - if hotp is otp: - if counter is None: - raise RuntimeError('"counter" is required for HOTP') - parameters.append(('counter', int(counter))) - - if hasattr(otp, '_time_step'): - parameters.append(('period', int(otp._time_step))) + parameters.extend(extra_parameters) uriparts = { - 'type': otp.__class__.__name__.lower(), + 'type': type_name, 'label': ('%s:%s' % (quote(issuer), quote(account_name)) if issuer else quote(account_name)), 'parameters': urlencode(parameters), |