diff options
Diffstat (limited to 'ipatests')
-rw-r--r-- | ipatests/test_ipaserver/data/full.xml | 48 | ||||
-rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure3.xml | 32 | ||||
-rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure4.xml | 31 | ||||
-rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure5.xml | 57 | ||||
-rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure6.xml | 47 | ||||
-rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure7.xml | 68 | ||||
-rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure8.xml | 53 | ||||
-rw-r--r-- | ipatests/test_ipaserver/data/pskc-invalid.xml | 3 | ||||
-rw-r--r-- | ipatests/test_ipaserver/data/pskc-mini.xml | 4 | ||||
-rw-r--r-- | ipatests/test_ipaserver/test_otptoken_import.py | 151 |
10 files changed, 494 insertions, 0 deletions
diff --git a/ipatests/test_ipaserver/data/full.xml b/ipatests/test_ipaserver/data/full.xml new file mode 100644 index 000000000..0281b2881 --- /dev/null +++ b/ipatests/test_ipaserver/data/full.xml @@ -0,0 +1,48 @@ +<?xml version="1.0"?> +<KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0" Id="KCID"> + <KeyPackage> + <DeviceInfo> + <Manufacturer>iana.dummy</Manufacturer> + <SerialNo>SerialNo</SerialNo> + <Model>Model</Model> + <IssueNo>IssueNo</IssueNo> + <DeviceBinding>DeviceBinding</DeviceBinding> + <StartDate>2006-05-01T00:00:00Z</StartDate> + <ExpiryDate>2012-05-01T00:00:00Z</ExpiryDate> + <UserId>DeviceUserId</UserId> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CMID</Id> + </CryptoModuleInfo> + <Key Id="KID1" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <Suite>Suite</Suite> + <ChallengeFormat Encoding="DECIMAL" Min="42" Max="4711" CheckDigits="true"/> + <ResponseFormat Encoding="DECIMAL" Length="8" CheckDigits="true"/> + </AlgorithmParameters> + <KeyProfileId>KeyProfileId</KeyProfileId> + <KeyReference>KeyReference</KeyReference> + <FriendlyName>FriendlyName</FriendlyName> + <Data> + <Secret> + <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + <TimeInterval> + <PlainValue>200</PlainValue> + </TimeInterval> + <TimeDrift> + <PlainValue>300</PlainValue> + </TimeDrift> + </Data> + <UserId>KeyUserId</UserId> + <Policy> + <StartDate>2006-05-01T00:00:00Z</StartDate> + <ExpiryDate>2006-05-31T00:00:00Z</ExpiryDate> + </Policy> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure3.xml b/ipatests/test_ipaserver/data/pskc-figure3.xml new file mode 100644 index 000000000..b02ac7945 --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure3.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8"?> +<KeyContainer Version="1.0" + Id="exampleID1" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc"> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + <UserId>DC=example-bank,DC=net</UserId> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="12345678" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="8" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= + </PlainValue> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + <UserId>UID=jsmith,DC=example-bank,DC=net</UserId> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure4.xml b/ipatests/test_ipaserver/data/pskc-figure4.xml new file mode 100644 index 000000000..186e02901 --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure4.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<KeyContainer Version="1.0" Id="exampleID1" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc"> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="12345678" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="8" Encoding="DECIMAL"/> + </AlgorithmParameters> + <KeyProfileId>keyProfile1</KeyProfileId> + <KeyReference>MasterKeyLabel + </KeyReference> + <Data> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + <Policy> + <KeyUsage>OTP</KeyUsage> + </Policy> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure5.xml b/ipatests/test_ipaserver/data/pskc-figure5.xml new file mode 100644 index 000000000..16ab9bb3c --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure5.xml @@ -0,0 +1,57 @@ +<?xml version="1.0" encoding="UTF-8"?> +<KeyContainer + Version="1.0" Id="exampleID1" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc"> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="12345678" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="8" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= + </PlainValue> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + <Policy> + <PINPolicy MinLength="4" MaxLength="4" + PINKeyId="123456781" PINEncoding="DECIMAL" + PINUsageMode="Local"/> + <KeyUsage>OTP</KeyUsage> + </Policy> + </Key> + </KeyPackage> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="123456781" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:pin"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="4" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <PlainValue>MTIzNA==</PlainValue> + </Secret> + </Data> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure6.xml b/ipatests/test_ipaserver/data/pskc-figure6.xml new file mode 100644 index 000000000..0f4cd334f --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure6.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<KeyContainer Version="1.0" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> + <EncryptionKey> + <ds:KeyName>Pre-shared-key</ds:KeyName> + </EncryptionKey> + <MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> + <MACKey> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue>ESIzRFVmd4iZABEiM0RVZgKn6WjLaTC1sbeBMSvIhRejN9vJa2BOlSaMrR7I5wSX</xenc:CipherValue> + </xenc:CipherData> + </MACKey> + </MACMethod> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="12345678" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="8" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <EncryptedValue> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue>AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv</xenc:CipherValue> + </xenc:CipherData> + </EncryptedValue> + <ValueMAC>Su+NvtQfmvfJzF6bmQiJqoLRExc=</ValueMAC> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure7.xml b/ipatests/test_ipaserver/data/pskc-figure7.xml new file mode 100644 index 000000000..1fb04fc31 --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure7.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pskc:KeyContainer + xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" + xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" + xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Version="1.0"> + <pskc:EncryptionKey> + <xenc11:DerivedKey> + <xenc11:KeyDerivationMethod + Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2"> + <xenc11:PBKDF2-params> + <xenc11:Salt> + <xenc11:Specified>Ej7/PEpyEpw=</xenc11:Specified> + </xenc11:Salt> + <xenc11:IterationCount>1000</xenc11:IterationCount> + <xenc11:KeyLength>16</xenc11:KeyLength> + <xenc11:PRF/> + </xenc11:PBKDF2-params> + </xenc11:KeyDerivationMethod> + <xenc:ReferenceList> + <xenc:DataReference URI="#ED"/> + </xenc:ReferenceList> + <xenc11:MasterKeyName>My Password 1</xenc11:MasterKeyName> + </xenc11:DerivedKey> + </pskc:EncryptionKey> + <pskc:MACMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> + <pskc:MACKey> + <xenc:EncryptionMethod + Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue> + 2GTTnLwM3I4e5IO5FkufoOEiOhNj91fhKRQBtBJYluUDsPOLTfUvoU2dStyOwYZx + </xenc:CipherValue> + </xenc:CipherData> + </pskc:MACKey> + </pskc:MACMethod> + <pskc:KeyPackage> + <pskc:DeviceInfo> + <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> + <pskc:SerialNo>987654321</pskc:SerialNo> + </pskc:DeviceInfo> + <pskc:CryptoModuleInfo> + <pskc:Id>CM_ID_001</pskc:Id> + </pskc:CryptoModuleInfo> + <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp" Id="123456"> + <pskc:Issuer>Example-Issuer</pskc:Issuer> + <pskc:AlgorithmParameters> + <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/> + </pskc:AlgorithmParameters> + <pskc:Data> + <pskc:Secret> + <pskc:EncryptedValue Id="ED"> + <xenc:EncryptionMethod + Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue> + oTvo+S22nsmS2Z/RtcoF8Hfh+jzMe0RkiafpoDpnoZTjPYZu6V+A4aEn032yCr4f + </xenc:CipherValue> + </xenc:CipherData> + </pskc:EncryptedValue> + <pskc:ValueMAC>LP6xMvjtypbfT9PdkJhBZ+D6O4w= + </pskc:ValueMAC> + </pskc:Secret> + </pskc:Data> + </pskc:Key> + </pskc:KeyPackage> +</pskc:KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure8.xml b/ipatests/test_ipaserver/data/pskc-figure8.xml new file mode 100644 index 000000000..c9f63cf02 --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure8.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<KeyContainer + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + Id="KC0001" + Version="1.0"> + <EncryptionKey> + <ds:X509Data> + <ds:X509Certificate>MIIB5zCCAVCgAwIBAgIESZp/vDANBgkqhkiG9w0BAQUFADA4M + Q0wCwYDVQQKEwRJRVRGMRMwEQYDVQQLEwpLZXlQcm92IFdHMRIwEAYDVQQDEwlQU0tDIF + Rlc3QwHhcNMDkwMjE3MDkxMzMyWhcNMTEwMjE3MDkxMzMyWjA4MQ0wCwYDVQQKEwRJRVR + GMRMwEQYDVQQLEwpLZXlQcm92IFdHMRIwEAYDVQQDEwlQU0tDIFRlc3QwgZ8wDQYJKoZI + hvcNAQEBBQADgY0AMIGJAoGBALCWLDa2ItYJ6su80hd1gL4cggQYdyyKK17btt/aS6Q/e + DsKjsPyFIODsxeKVV/uA3wLT4jQJM5euKJXkDajzGGOy92+ypfzTX4zDJMkh61SZwlHNJ + xBKilAM5aW7C+BQ0RvCxvdYtzx2LTdB+X/KMEBA7uIYxLfXH2Mnub3WIh1AgMBAAEwDQY + JKoZIhvcNAQEFBQADgYEAe875m84sYUJ8qPeZ+NG7REgTvlHTmoCdoByU0LBBLotUKuqf + rnRuXJRMeZXaaEGmzY1kLonVjQGzjAkU4dJ+RPmiDlYuHLZS41Pg6VMwY+03lhk6I5A/w + 4rnqdkmwZX/NgXg06alnc2pBsXWhL4O7nk0S2ZrLMsQZ6HcsXgdmHo= + </ds:X509Certificate> + </ds:X509Data> + </EncryptionKey> + <KeyPackage> + <DeviceInfo> + <Manufacturer>TokenVendorAcme</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <Key Id="MBK000000001" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Example-Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="6" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <EncryptedValue> + <xenc:EncryptionMethod + Algorithm="http://www.w3.org/2001/04/xmlenc#rsa_1_5"/> + <xenc:CipherData> + <xenc:CipherValue>hJ+fvpoMPMO9BYpK2rdyQYGIxiATYHTHC7e/sPLKYo5/r1v+4 + xTYG3gJolCWuVMydJ7Ta0GaiBPHcWa8ctCVYmHKfSz5fdeV5nqbZApe6dofTqhRwZK6 + Yx4ufevi91cjN2vBpSxYafvN3c3+xIgk0EnTV4iVPRCR0rBwyfFrPc4= + </xenc:CipherValue> + </xenc:CipherData> + </EncryptedValue> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-invalid.xml b/ipatests/test_ipaserver/data/pskc-invalid.xml new file mode 100644 index 000000000..688e3479d --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-invalid.xml @@ -0,0 +1,3 @@ +<?xml version="1.0"?> +<SomethingElse> +</SomethingElse> diff --git a/ipatests/test_ipaserver/data/pskc-mini.xml b/ipatests/test_ipaserver/data/pskc-mini.xml new file mode 100644 index 000000000..e6ee7b55c --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-mini.xml @@ -0,0 +1,4 @@ +<?xml version="1.0"?> +<KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0"> + <KeyPackage/> +</KeyContainer> diff --git a/ipatests/test_ipaserver/test_otptoken_import.py b/ipatests/test_ipaserver/test_otptoken_import.py new file mode 100644 index 000000000..7ee0754da --- /dev/null +++ b/ipatests/test_ipaserver/test_otptoken_import.py @@ -0,0 +1,151 @@ +# Authors: +# Nathaniel McCallum <npmccallum@redhat.com> +# +# Copyright (C) 2014 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import sys +import nose +from nss import nss + +from ipaserver.install.ipa_otptoken_import import PSKCDocument, ValidationError + +basename = os.path.join(os.path.dirname(__file__), "data") + +class test_otptoken_import(object): + def test_figure3(self): + doc = PSKCDocument(os.path.join(basename, "pskc-figure3.xml")) + assert doc.keyname is None + assert [(t.id, t.options) for t in doc.getKeyPackages()] == \ + [(u'12345678', { + 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', + 'ipatokenvendor': u'Manufacturer', + 'ipatokenserial': u'987654321', + 'ipatokenhotpcounter': 0L, + 'ipatokenotpdigits': 8, + 'type': u'hotp', + })] + + def test_figure4(self): + doc = PSKCDocument(os.path.join(basename, "pskc-figure4.xml")) + assert doc.keyname is None + try: + [(t.id, t.options) for t in doc.getKeyPackages()] + except ValidationError: # Referenced keys are not supported. + pass + else: + assert False + + def test_figure5(self): + doc = PSKCDocument(os.path.join(basename, "pskc-figure5.xml")) + assert doc.keyname is None + try: + [(t.id, t.options) for t in doc.getKeyPackages()] + except ValidationError: # PIN Policy is not supported. + pass + else: + assert False + + def test_figure6(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-figure6.xml")) + assert doc.keyname == 'Pre-shared-key' + doc.setKey('12345678901234567890123456789012'.decode('hex')) + assert [(t.id, t.options) for t in doc.getKeyPackages()] == \ + [(u'12345678', { + 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', + 'ipatokenvendor': u'Manufacturer', + 'ipatokenserial': u'987654321', + 'ipatokenhotpcounter': 0L, + 'ipatokenotpdigits': 8, + 'type': u'hotp'})] + finally: + nss.nss_shutdown() + + def test_figure7(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-figure7.xml")) + assert doc.keyname == 'My Password 1' + doc.setKey('qwerty') + assert [(t.id, t.options) for t in doc.getKeyPackages()] == \ + [(u'123456', { + 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', + 'ipatokenvendor': u'TokenVendorAcme', + 'ipatokenserial': u'987654321', + 'ipatokenotpdigits': 8, + 'type': u'hotp'})] + finally: + nss.nss_shutdown() + + def test_figure8(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-figure8.xml")) + except NotImplementedError: # X.509 is not supported. + pass + else: + assert False + finally: + nss.nss_shutdown() + + def test_invalid(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-invalid.xml")) + except ValueError: # File is invalid. + pass + else: + assert False + finally: + nss.nss_shutdown() + + def test_mini(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-mini.xml")) + [(t.id, t.options) for t in doc.getKeyPackages()] + except ValidationError: # Unsupported token type. + pass + else: + assert False + finally: + nss.nss_shutdown() + + def test_full(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "full.xml")) + assert [(t.id, t.options) for t in doc.getKeyPackages()] == \ + [(u'KID1', { + 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', + 'ipatokennotafter': u'20060531000000Z', + 'ipatokennotbefore': u'20060501000000Z', + 'ipatokenserial': u'SerialNo-IssueNo', + 'ipatokentotpclockoffset': 60000, + 'ipatokenotpalgorithm': u'sha1', + 'ipatokenvendor': u'iana.dummy', + 'description': u'FriendlyName', + 'ipatokentotptimestep': 200, + 'ipatokenhotpcounter': 0L, + 'ipatokenmodel': u'Model', + 'ipatokenotpdigits': 8, + 'type': u'hotp', + })] + finally: + nss.nss_shutdown() |