IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

OTP import: support hash names with HMAC- prefix

Browse Source 
Refactor convertHashName() method to accept hash names prefixed with
HMAC- or any other prefix. Extending the method should be easier in
future.

Add tests proposed by Rob Crittenden to make sure we don't regress
with expected behavior of convertHashName().

Fixes https://pagure.io/freeipa/issue/7146

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Alexander Bokovoy
2017-09-14 17:31:57 +03:00
committed by Stanislav Laznicka
parent 93be966daf
commit 8661611d3e
2 changed files with 40 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
ipaserver/install/ipa_otptoken_import.py
View File

@@ -95,7 +95,9 @@ def convertTokenType(value):
def convertHashName(value): def convertHashName(value):
"Converts hash names to their canonical names." "Converts hash names to their canonical names."
return { default_hash = u"sha1"
known_prefixes = ("", "hmac-",)
known_hashes = {
"sha1": u"sha1", "sha1": u"sha1",
"sha224": u"sha224", "sha224": u"sha224",
"sha256": u"sha256", "sha256": u"sha256",
@@ -106,7 +108,24 @@ def convertHashName(value):
"sha-256": u"sha256", "sha-256": u"sha256",
"sha-384": u"sha384", "sha-384": u"sha384",
"sha-512": u"sha512", "sha-512": u"sha512",
}.get(value.lower(), u"sha1") }
if value is None:
return default_hash
v = value.lower()
for prefix in known_prefixes:
if prefix:
w = v[len(prefix):]
else:
w = v
result = known_hashes.get(w)
if result is not None:
break
else:
result = default_hash
return result
def convertHMACType(value): def convertHMACType(value):

19
ipatests/test_ipaserver/test_otptoken_import.py
View File

@@ -22,6 +22,7 @@ import os
import pytest import pytest
from ipaserver.install.ipa_otptoken_import import PSKCDocument, ValidationError from ipaserver.install.ipa_otptoken_import import PSKCDocument, ValidationError
from ipaserver.install.ipa_otptoken_import import convertHashName
basename = os.path.join(os.path.dirname(__file__), "data") basename = os.path.join(os.path.dirname(__file__), "data")
@@ -129,3 +130,21 @@ class test_otptoken_import(object):
'ipatokenotpdigits': 8, 'ipatokenotpdigits': 8,
'type': u'hotp', 'type': u'hotp',
})] })]
def test_valid_tokens(self):
assert convertHashName('sha1') == u'sha1'
assert convertHashName('hmac-sha1') == u'sha1'
assert convertHashName('sha224') == u'sha224'
assert convertHashName('hmac-sha224') == u'sha224'
assert convertHashName('sha256') == u'sha256'
assert convertHashName('hmac-sha256') == u'sha256'
assert convertHashName('sha384') == u'sha384'
assert convertHashName('hmac-sha384') == u'sha384'
assert convertHashName('sha512') == u'sha512'
assert convertHashName('hmac-sha512') == u'sha512'
def test_invalid_tokens(self):
"""The conversion defaults to sha1 on unknown hashing"""
assert convertHashName('something-sha256') == u'sha1'
assert convertHashName('') == u'sha1'
assert convertHashName(None) == u'sha1'