Module: VacmanController

Extended by:

VacmanController

Included in:

VacmanController

Defined in:

lib/vacman_controller.rb

Overview

Provides VACMAN Controller functionality to identify and authorize user via VASCO DIGIPASS tokens.

Instance Method Summary

• #generate_password(hash) ⇒ Object

  Generate a Password for a user.

• #get_kernel_param(name) ⇒ Object

  Get a kernel parameter, wich is a basically a setting for vacman controller.

• #get_token_property(hash, property) ⇒ Object

  Get a token single property.

• #import(filename, key) ⇒ Object

  Import .dpx file containing the secure token-data.

• #set_kernel_param(name, val) ⇒ Object

  Change a kernel parameter, wich is a basically a setting for vacman controller.

• #verify_password(hash, pw) ⇒ Object

  Verify a password.

Instance Method Details

#generate_password(hash) ⇒ Object

Generate a Password for a user. This does the same as hitting the button on your hardware token

Parameters:

hash

The hash for a specific token (you get these in import)

Returns:

The password string. The password is only valid for a period (todo: add method to change the period, currently its 30 seconds)

# File 'lib/vacman_controller.rb', line 42

def generate_password(hash)
  VacmanLowLevel.generate_password(hash)
end

#get_kernel_param(name) ⇒ Object

Get a kernel parameter, wich is a basically a setting for vacman controller

Parameters:

name

the param name. Most TKernelParms struct elements are accessible.

# File 'lib/vacman_controller.rb', line 73

def get_kernel_param(name)
  VacmanLowLevel.get_kernel_param(name)
end

#get_token_property(hash, property) ⇒ Object

Get a token single property

Parameters:

hash

the hash for a specific token (you get these in import)

property

the property names

possible names:

token_model
use_count
last_time_used
last_time_shift
time_based_algo
event_based_algo
pin_supported
unlock_supported
pin_change_enabled
pin_length
pin_minimum_length
pin_enabled
pin_change_forced
virtual_token_type
virtual_token_grace_period
virtual_token_remain_use
last_response_type
error_count
event_value
last_event_value
sync_windows
primary_token_enabled
virtual_token_supported
virtual_token_enabled
code_word
auth_mode
ocra_suite
derivation_supported
max_dtf_number
response_length
response_format
response_checksum
time_step
use_3des

# File 'lib/vacman_controller.rb', line 138

def get_token_property(hash, property)
  VacmanLowLevel.get_token_property(hash, property)
end

#import(filename, key) ⇒ Object

Import .dpx file containing the secure token-data

Parameters:

filename

The path of the .dpx file to load

key

The secure key to decrypt the dpx file

Returns:

A list of hashes. Each hash contains

serial: the serial number of the token
blob:   the blob containing some secret magic data
app_name: the application name (the security method)
flags1: some flags
flags2: more flags

this hash must be persisted and regained for each call of verify_password and generate_password

# File 'lib/vacman_controller.rb', line 27

def import(filename, key)
  VacmanLowLevel.import(filename, key)
end

#set_kernel_param(name, val) ⇒ Object

Change a kernel parameter, wich is a basically a setting for vacman controller

Parameters:

name

the param name. Most TKernelParms struct elements are accessible.

val

the fixnum value

# File 'lib/vacman_controller.rb', line 87

def set_kernel_param(name, val)
  VacmanLowLevel.set_kernel_param(name, val)
end

#verify_password(hash, pw) ⇒ Object

Verify a password. This is the usecase a user sends you a password generated by his token and we have to verify it.

Parameters:

hash

The hash for a specific token (you get these in import)

pw

The password provided by the user

Returns:

true if the password is valid, false otherwise

ATTENTION: it is very important to persist the hash afterwards!!!

# File 'lib/vacman_controller.rb', line 61

def verify_password(hash, pw)
  VacmanLowLevel.verify_password(hash, pw)
end