diff options
| author | Jiangge Zhang <tonyseek@gmail.com> | 2015-05-25 18:38:54 +0800 |
|---|---|---|
| committer | Jiangge Zhang <tonyseek@gmail.com> | 2015-05-26 16:06:29 +0800 |
| commit | 09617e98d361d8277ea056e9e0f657c6e38f1178 (patch) | |
| tree | f965159e23670511cae11ec875e633a36da7ac4e /src/cryptography/hazmat/primitives/twofactor | |
| parent | b56a611cba58c2439dd826415d632f5044283706 (diff) | |
| download | cryptography-09617e98d361d8277ea056e9e0f657c6e38f1178.tar.gz cryptography-09617e98d361d8277ea056e9e0f657c6e38f1178.tar.bz2 cryptography-09617e98d361d8277ea056e9e0f657c6e38f1178.zip | |
Add "generate_key_uri" utility for HOTP/TOTP.
Diffstat (limited to 'src/cryptography/hazmat/primitives/twofactor')
| -rw-r--r-- | src/cryptography/hazmat/primitives/twofactor/utils.py | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/src/cryptography/hazmat/primitives/twofactor/utils.py b/src/cryptography/hazmat/primitives/twofactor/utils.py new file mode 100644 index 00000000..43f50b30 --- /dev/null +++ b/src/cryptography/hazmat/primitives/twofactor/utils.py @@ -0,0 +1,50 @@ +from __future__ import unicode_literals + +import base64 + +from six.moves.urllib.parse import quote, urlencode + + +__all__ = ['get_provisioning_uri'] + + +def get_provisioning_uri(otp, account_name, issuer=None, counter=None): + """Generates a provisioning URI which can be recognized by Two-Factor + Authentication Apps. See also: http://git.io/vkvvY + + :param otp: An instance of + :class:`cryptography.hazmat.primitives.twofactor.hotp.HOTP` or + :class:`cryptography.hazmat.primitives.twofactor.totp.TOTP`. + :param account_name: The display name of account, such as + ``'Alice Smith'`` or ``'alice@example.com'``. + :param issuer: The display name of issuer. + :param counter: The current value of counter. It is required for HOTP. + :return: The URI string. + :raises RuntimeError: if counter is missing but otp type is HOTP + """ + hotp = getattr(otp, '_hotp', otp) + + parameters = [ + ('digits', hotp._length), + ('secret', base64.b32encode(hotp._key)), + ('algorithm', hotp._algorithm.name.upper()), + ] + + if issuer is not None: + parameters.append(('issuer', issuer)) + + if hotp is otp: + if counter is None: + raise RuntimeError('"counter" is required for HOTP') + parameters.append(('counter', int(counter))) + + if hasattr(otp, '_time_step'): + parameters.append(('period', int(otp._time_step))) + + uriparts = { + 'type': otp.__class__.__name__.lower(), + 'label': ('%s:%s' % (quote(issuer), quote(account_name)) if issuer + else quote(account_name)), + 'parameters': urlencode(parameters), + } + return 'otpauth://{type}/{label}?{parameters}'.format(**uriparts) |