From d26f8fc73e2a15314c44688e372f9d4613dcfdd8 Mon Sep 17 00:00:00 2001
From: Szczepan Zalega <szczepan@nitrokey.com>
Date: Wed, 27 Jul 2016 11:48:33 +0200
Subject: Tested OTP codes PIN protected

Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
---
 unittest/test_bindings.py | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/unittest/test_bindings.py b/unittest/test_bindings.py
index da3bc83..839b9c3 100644
--- a/unittest/test_bindings.py
+++ b/unittest/test_bindings.py
@@ -14,6 +14,7 @@ class DefaultPasswords(Enum):
     ADMIN_TEMP = '123123123'
     USER_TEMP = '234234234'
 
+
 class DeviceErrorCode(Enum):
     STATUS_OK = 0
     NOT_PROGRAMMED = 3
@@ -47,6 +48,7 @@ def C(request):
         print ('\nFinishing connection to device')
         C.NK_logout()
         print ('Finished')
+
     request.addfinalizer(fin)
 
     return C
@@ -100,7 +102,8 @@ def test_password_safe_slot_status(C):
     assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
     is_slot_programmed = list(ffi.cast("uint8_t [16]", safe_slot_status)[0:16])
     print ((is_slot_programmed, len(is_slot_programmed)))
-    assert is_slot_programmed[0] == 0  # FIXME not programmed, assuming erased in preceeding test, add writing and erasing
+    assert is_slot_programmed[
+               0] == 0  # FIXME not programmed, assuming erased in preceeding test, add writing and erasing
     assert is_slot_programmed[1] == 1  # FIXME assuming slot 1 is programmed, not writing there in this tests, same as ^
     C.NK_set_debug(False)
 
@@ -196,3 +199,23 @@ def test_get_OTP_codes(C):
         code = C.NK_get_hotp_code(i)
         if code == 0:
             assert C.NK_get_last_command_status() == DeviceErrorCode.NOT_PROGRAMMED
+
+
+def test_get_code_user_authorize(C):
+    C.NK_set_debug(True)
+    assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    assert C.NK_write_totp_slot(0, 'python_otp_auth', RFC_SECRET, 30, True,
+                                DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    # enable PIN protection of OTP codes with write_config
+    # TODO create convinience function on C API side to enable/disable OTP USER_PIN protection
+    assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    assert C.NK_write_config(True, True, True, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    code = C.NK_get_totp_code(0, 0, 0, 0)
+    assert code == 0
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED
+    assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    # disable PIN protection with write_config
+    assert C.NK_write_config(True, True, True, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK
+    code = C.NK_get_totp_code(0, 0, 0, 0)
+    assert code != 0
+    assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK
-- 
cgit v1.2.1