Merge "Addition of OTS Token activation procedure"

2024-03-18 22:06:07 +00:00 · 2024-03-18 22:06:07 +00:00 · 78d3acbb5d
parent ae8bb0f4d5 56e2d1e2cd
commit 78d3acbb5d
2 changed files with 30 additions and 7 deletions
--- a/sysinv/sysinv/sysinv/sysinv/ipsec_auth/common/objects.py
+++ b/sysinv/sysinv/sysinv/sysinv/ipsec_auth/common/objects.py
@ -11,6 +11,10 @@ import string
 import time
 import threading

+from oslo_log import log as logging
+
+LOG = logging.getLogger(__name__)
+

 class State(enum.Enum):
    STAGE_1 = 1
@ -64,16 +68,17 @@ class State(enum.Enum):

 class Token(object):
    VERSION = int(1).to_bytes(1, 'little')
-    EXPIRY_TIME = 5000
+    EXPIRY_TIME = 7000

    def __init__(self):
        self.__nonce = secrets.token_bytes(16)  # 128-bit nonce
-        self.__start_time = int(time.time() * 1000)  # 64-bit utc time
+        self.__creation_time = int(time.time() * 1000)  # 64-bit utc time
        self.__content = bytearray(self.VERSION + self.__nonce
-                                   + self.__start_time.to_bytes(8, 'little'))
+                                   + self.__creation_time.to_bytes(8, 'little'))
        self.__used = False
        self.__expired = False
-        self.__timer = self.__set_timer()
+        self.__start_time = 0
+        self.__timer = None

        random.shuffle(self.__content)

@ -88,18 +93,32 @@ class Token(object):

    def __expire_token(self):
        self.__expired = True
-        self.__timer.cancel()
+        if self.__timer and self.__timer.is_alive():
+            self.__timer.cancel()
+            LOG.info("OTS Token set as expired")
+        else:
+            LOG.info("OTS Token expired")
+        return None
+
+    def activate(self):
+        '''Activate OTS Token timer.'''
+        self.__start_time = int(time.time() * 1000)
+        self.__timer = self.__set_timer()
+        LOG.info("OTS Token activated")
        return None

    def purge(self):
        '''Purge the token.'''
        self.__used = True
-        self.__expired = True
        self.__content = bytearray()
+        self.__expire_token()
+        LOG.info("OTS Token purged")
+        return None

    def set_as_used(self):
        '''Set token as used.'''
        self.__used = True
+        LOG.info("OTS Token set as used")
        return None

    def get_content(self):
@ -111,7 +130,7 @@ class Token(object):
        time and its usage flag.'''
        period = int(time.time() * 1000) - self.__start_time
        if period >= self.EXPIRY_TIME and not self.__expired:
-            self.__expired = True
+            self.__expire_token()

        return not (self.__expired or self.__used)

--- a/sysinv/sysinv/sysinv/sysinv/ipsec_auth/server/server.py
+++ b/sysinv/sysinv/sysinv/sysinv/ipsec_auth/server/server.py
@ -114,9 +114,13 @@ class IPsecConnection(object):
                # A readable client socket has data
                LOG.debug("Received {!r}".format(data))
                self.state = State.get_next_state(self.state)
+
                LOG.debug("Preparing payload")
                msg = self._handle_write(data)
                sock.sendall(msg)
+
+                if self.state == State.STAGE_2:
+                    self.ots_token.activate()
                self.state = State.get_next_state(self.state)
            elif self.state == State.STAGE_5 or not data:
                self.ots_token.purge()