add routines to unlock security token
This commit is contained in:
parent
4d0a686220
commit
36bec236f4
|
@ -806,6 +806,13 @@
|
|||
android:taskAffinity=":Nfc"
|
||||
android:theme="@style/Theme.Keychain.Light.Dialog" />
|
||||
|
||||
<activity
|
||||
android:name=".ui.SecurityTokenChangePinOperationActivity"
|
||||
android:allowTaskReparenting="true"
|
||||
android:launchMode="singleTop"
|
||||
android:taskAffinity=":Nfc"
|
||||
android:theme="@style/Theme.Keychain.Light.Dialog" />
|
||||
|
||||
<activity
|
||||
android:name=".ui.HelpActivity"
|
||||
android:label="@string/title_help" />
|
||||
|
|
|
@ -217,6 +217,28 @@ public class SecurityTokenHelper {
|
|||
|
||||
}
|
||||
|
||||
public void resetPin(String newPinStr) throws IOException {
|
||||
if (!mPw3Validated) {
|
||||
verifyPin(0x83); // (Verify PW1 with mode 82 for decryption)
|
||||
}
|
||||
|
||||
byte[] newPin = newPinStr.getBytes();
|
||||
|
||||
final int MAX_PW1_LENGTH_INDEX = 1;
|
||||
byte[] pwStatusBytes = getPwStatusBytes();
|
||||
if (newPin.length < 6 || newPin.length > pwStatusBytes[MAX_PW1_LENGTH_INDEX]) {
|
||||
throw new IOException("Invalid PIN length");
|
||||
}
|
||||
|
||||
// Command APDU for RESET RETRY COUNTER command (page 33)
|
||||
CommandAPDU changePin = new CommandAPDU(0x00, 0x2C, 0x02, 0x81, newPin);
|
||||
ResponseAPDU response = communicate(changePin);
|
||||
|
||||
if (response.getSW() != APDU_SW_SUCCESS) {
|
||||
throw new CardException("Failed to change PIN", response.getSW());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Modifies the user's PW1 or PW3. Before sending, the new PIN will be validated for
|
||||
* conformance to the token's requirements for key length.
|
||||
|
|
|
@ -1,21 +1,22 @@
|
|||
package org.sufficientlysecure.keychain.service.input;
|
||||
|
||||
import android.os.Parcel;
|
||||
import android.os.Parcelable;
|
||||
|
||||
import org.sufficientlysecure.keychain.util.Passphrase;
|
||||
|
||||
import java.nio.ByteBuffer;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
|
||||
import android.os.Parcel;
|
||||
import android.os.Parcelable;
|
||||
|
||||
import org.sufficientlysecure.keychain.util.Passphrase;
|
||||
|
||||
|
||||
public class RequiredInputParcel implements Parcelable {
|
||||
|
||||
public enum RequiredInputType {
|
||||
PASSPHRASE, PASSPHRASE_SYMMETRIC, BACKUP_CODE, SECURITY_TOKEN_SIGN, SECURITY_TOKEN_DECRYPT,
|
||||
SECURITY_TOKEN_MOVE_KEY_TO_CARD, SECURITY_TOKEN_RESET_CARD, ENABLE_ORBOT, UPLOAD_FAIL_RETRY,
|
||||
SECURITY_TOKEN_MOVE_KEY_TO_CARD, SECURITY_TOKEN_RESET_CARD, ENABLE_ORBOT, UPLOAD_FAIL_RETRY
|
||||
}
|
||||
|
||||
public Date mSignatureTime;
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
package org.sufficientlysecure.keychain.service.input;
|
||||
|
||||
|
||||
import android.os.Parcelable;
|
||||
|
||||
import com.google.auto.value.AutoValue;
|
||||
|
||||
|
||||
@AutoValue
|
||||
public abstract class SecurityTokenChangePinParcel implements Parcelable {
|
||||
public abstract String getAdminPin();
|
||||
public abstract String getNewPin();
|
||||
|
||||
public static SecurityTokenChangePinParcel createSecurityTokenUnlock(String adminPin, String newPin) {
|
||||
return new AutoValue_SecurityTokenChangePinParcel(adminPin, newPin);
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,210 @@
|
|||
/*
|
||||
* Copyright (C) 2017 Vincent Breitmoser <look@my.amazin.horse>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.ui;
|
||||
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import android.content.Intent;
|
||||
import android.os.AsyncTask;
|
||||
import android.os.Bundle;
|
||||
import android.view.View;
|
||||
import android.view.WindowManager;
|
||||
import android.widget.Button;
|
||||
import android.widget.TextView;
|
||||
import android.widget.ViewAnimator;
|
||||
|
||||
import nordpol.android.NfcGuideView;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.R;
|
||||
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo;
|
||||
import org.sufficientlysecure.keychain.service.input.SecurityTokenChangePinParcel;
|
||||
import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity;
|
||||
import org.sufficientlysecure.keychain.ui.util.ThemeChanger;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.OrientationUtils;
|
||||
import org.sufficientlysecure.keychain.util.Passphrase;
|
||||
|
||||
|
||||
/**
|
||||
* This class provides a communication interface to OpenPGP applications on ISO SmartCard compliant
|
||||
* NFC devices.
|
||||
* For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf
|
||||
*/
|
||||
public class SecurityTokenChangePinOperationActivity extends BaseSecurityTokenActivity {
|
||||
public static final String EXTRA_CHANGE_PIN_PARCEL = "change_pin_parcel";
|
||||
|
||||
public static final String RESULT_TOKEN_INFO = "token_info";
|
||||
|
||||
public ViewAnimator vAnimator;
|
||||
public TextView vErrorText;
|
||||
private TextView vErrorTextPin;
|
||||
public Button vErrorTryAgainButton;
|
||||
public NfcGuideView nfcGuideView;
|
||||
|
||||
private SecurityTokenChangePinParcel changePinInput;
|
||||
|
||||
private SecurityTokenInfo resultTokenInfo;
|
||||
|
||||
@Override
|
||||
protected void initTheme() {
|
||||
mThemeChanger = new ThemeChanger(this);
|
||||
mThemeChanger.setThemes(R.style.Theme_Keychain_Light_Dialog,
|
||||
R.style.Theme_Keychain_Dark_Dialog);
|
||||
mThemeChanger.changeTheme();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void onCreate(Bundle savedInstanceState) {
|
||||
super.onCreate(savedInstanceState);
|
||||
Log.d(Constants.TAG, "NfcOperationActivity.onCreate");
|
||||
|
||||
nfcGuideView = (NfcGuideView) findViewById(R.id.nfc_guide_view);
|
||||
|
||||
// prevent annoying orientation changes while fumbling with the device
|
||||
OrientationUtils.lockOrientation(this);
|
||||
// prevent close when touching outside of the dialog (happens easily when fumbling with the device)
|
||||
setFinishOnTouchOutside(false);
|
||||
// keep screen on
|
||||
getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON);
|
||||
|
||||
setTitle(R.string.security_token_nfc_text);
|
||||
|
||||
vAnimator = (ViewAnimator) findViewById(R.id.view_animator);
|
||||
vAnimator.setDisplayedChild(0);
|
||||
|
||||
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.STARTING_POSITION);
|
||||
|
||||
vErrorText = (TextView) findViewById(R.id.security_token_activity_3_error_text);
|
||||
vErrorTextPin = (TextView) findViewById(R.id.security_token_activity_4_error_text);
|
||||
vErrorTryAgainButton = (Button) findViewById(R.id.security_token_activity_3_error_try_again);
|
||||
vErrorTryAgainButton.setOnClickListener(new View.OnClickListener() {
|
||||
@Override
|
||||
public void onClick(View v) {
|
||||
resumeTagHandling();
|
||||
|
||||
vAnimator.setDisplayedChild(0);
|
||||
|
||||
nfcGuideView.setVisibility(View.VISIBLE);
|
||||
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.STARTING_POSITION);
|
||||
}
|
||||
});
|
||||
Button vCancel = (Button) findViewById(R.id.security_token_activity_0_cancel);
|
||||
vCancel.setOnClickListener(new View.OnClickListener() {
|
||||
@Override
|
||||
public void onClick(View v) {
|
||||
setResult(RESULT_CANCELED);
|
||||
finish();
|
||||
}
|
||||
});
|
||||
findViewById(R.id.security_token_activity_4_back).setOnClickListener(new View.OnClickListener() {
|
||||
@Override
|
||||
public void onClick(View v) {
|
||||
Intent result = new Intent();
|
||||
result.putExtra(RESULT_TOKEN_INFO, resultTokenInfo);
|
||||
setResult(RESULT_CANCELED, result);
|
||||
finish();
|
||||
}
|
||||
});
|
||||
|
||||
changePinInput = getIntent().getParcelableExtra(EXTRA_CHANGE_PIN_PARCEL);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void initLayout() {
|
||||
setContentView(R.layout.security_token_operation_activity);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onSecurityTokenPreExecute() {
|
||||
// start with indeterminate progress
|
||||
vAnimator.setDisplayedChild(1);
|
||||
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.TRANSFERRING);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doSecurityTokenInBackground() throws IOException {
|
||||
mSecurityTokenHelper.setAdminPin(new Passphrase(changePinInput.getAdminPin()));
|
||||
mSecurityTokenHelper.resetPin(changePinInput.getNewPin());
|
||||
|
||||
resultTokenInfo = mSecurityTokenHelper.getTokenInfo();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected final void onSecurityTokenPostExecute() {
|
||||
Intent result = new Intent();
|
||||
result.putExtra(RESULT_TOKEN_INFO, resultTokenInfo);
|
||||
setResult(RESULT_OK, result);
|
||||
|
||||
// show finish
|
||||
vAnimator.setDisplayedChild(2);
|
||||
|
||||
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.DONE);
|
||||
|
||||
if (mSecurityTokenHelper.isPersistentConnectionAllowed()) {
|
||||
// Just close
|
||||
finish();
|
||||
} else {
|
||||
mSecurityTokenHelper.clearSecureMessaging();
|
||||
new AsyncTask<Void, Void, Void>() {
|
||||
@Override
|
||||
protected Void doInBackground(Void... params) {
|
||||
// check all 200ms if Security Token has been taken away
|
||||
while (true) {
|
||||
if (isSecurityTokenConnected()) {
|
||||
try {
|
||||
Thread.sleep(200);
|
||||
} catch (InterruptedException ignored) {
|
||||
}
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void onPostExecute(Void result) {
|
||||
super.onPostExecute(result);
|
||||
finish();
|
||||
}
|
||||
}.execute();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void onSecurityTokenError(String error) {
|
||||
pauseTagHandling();
|
||||
|
||||
vErrorText.setText(error + "\n\n" + getString(R.string.security_token_nfc_try_again_text));
|
||||
vAnimator.setDisplayedChild(3);
|
||||
|
||||
nfcGuideView.setVisibility(View.GONE);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onSecurityTokenPinError(String error, SecurityTokenInfo tokeninfo) {
|
||||
resultTokenInfo = tokeninfo;
|
||||
|
||||
pauseTagHandling();
|
||||
|
||||
vErrorTextPin.setText(error);
|
||||
vAnimator.setDisplayedChild(4);
|
||||
|
||||
nfcGuideView.setVisibility(View.GONE);
|
||||
}
|
||||
}
|
|
@ -44,6 +44,7 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
|
|||
import org.sufficientlysecure.keychain.provider.KeyRepository;
|
||||
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
||||
import org.sufficientlysecure.keychain.securitytoken.KeyType;
|
||||
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo;
|
||||
import org.sufficientlysecure.keychain.service.PassphraseCacheService;
|
||||
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
|
||||
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
|
||||
|
@ -65,6 +66,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
|
|||
public static final String EXTRA_CRYPTO_INPUT = "crypto_input";
|
||||
|
||||
public static final String RESULT_CRYPTO_INPUT = "result_data";
|
||||
public static final String RESULT_TOKEN_INFO = "token_info";
|
||||
|
||||
public ViewAnimator vAnimator;
|
||||
public TextView vErrorText;
|
||||
|
@ -74,6 +76,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
|
|||
private RequiredInputParcel mRequiredInput;
|
||||
|
||||
private CryptoInputParcel mInputParcel;
|
||||
private SecurityTokenInfo mResultTokenInfo;
|
||||
|
||||
@Override
|
||||
protected void initTheme() {
|
||||
|
@ -277,6 +280,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
|
|||
}
|
||||
case SECURITY_TOKEN_RESET_CARD: {
|
||||
mSecurityTokenHelper.resetAndWipeToken();
|
||||
mResultTokenInfo = mSecurityTokenHelper.getTokenInfo();
|
||||
|
||||
break;
|
||||
}
|
||||
|
@ -334,6 +338,9 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
|
|||
Intent result = new Intent();
|
||||
// send back the CryptoInputParcel we received
|
||||
result.putExtra(RESULT_CRYPTO_INPUT, inputParcel);
|
||||
if (mResultTokenInfo != null) {
|
||||
result.putExtra(RESULT_TOKEN_INFO, mResultTokenInfo);
|
||||
}
|
||||
setResult(RESULT_OK, result);
|
||||
}
|
||||
|
||||
|
@ -348,7 +355,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void onSecurityTokenPinError(String error) {
|
||||
public void onSecurityTokenPinError(String error, SecurityTokenInfo tokeninfo) {
|
||||
onSecurityTokenError(error);
|
||||
|
||||
// clear (invalid) passphrase
|
||||
|
|
|
@ -68,6 +68,7 @@ class ManageSecurityTokenContract {
|
|||
void operationImportKey(byte[] importKeyData);
|
||||
void operationPromote(long masterKeyId, byte[] cardAid);
|
||||
void operationResetSecurityToken();
|
||||
void operationChangePinSecurityToken(String adminPin, String newPin);
|
||||
|
||||
void finishAndShowKey(long masterKeyId);
|
||||
|
||||
|
|
|
@ -54,10 +54,12 @@ import org.sufficientlysecure.keychain.service.ImportKeyringParcel;
|
|||
import org.sufficientlysecure.keychain.service.PromoteKeyringParcel;
|
||||
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
|
||||
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
|
||||
import org.sufficientlysecure.keychain.service.input.SecurityTokenChangePinParcel;
|
||||
import org.sufficientlysecure.keychain.ui.CreateKeyActivity;
|
||||
import org.sufficientlysecure.keychain.ui.LogDisplayActivity;
|
||||
import org.sufficientlysecure.keychain.ui.LogDisplayFragment;
|
||||
import org.sufficientlysecure.keychain.ui.SecurityTokenOperationActivity;
|
||||
import org.sufficientlysecure.keychain.ui.SecurityTokenChangePinOperationActivity;
|
||||
import org.sufficientlysecure.keychain.ui.base.CryptoOperationHelper;
|
||||
import org.sufficientlysecure.keychain.ui.base.CryptoOperationHelper.AbstractCallback;
|
||||
import org.sufficientlysecure.keychain.ui.keyview.ViewKeyActivity;
|
||||
|
@ -76,6 +78,7 @@ public class ManageSecurityTokenFragment extends Fragment implements ManageSecur
|
|||
private static final String ARG_TOKEN_INFO = "token_info";
|
||||
public static final int REQUEST_CODE_OPEN_FILE = 0;
|
||||
public static final int REQUEST_CODE_RESET = 1;
|
||||
public static final int REQUEST_CODE_CHANGE_PIN = 2;
|
||||
public static final int PERMISSION_READ_STORAGE = 0;
|
||||
|
||||
ManageSecurityTokenMvpPresenter presenter;
|
||||
|
@ -303,6 +306,15 @@ public class ManageSecurityTokenFragment extends Fragment implements ManageSecur
|
|||
startActivityForResult(intent, REQUEST_CODE_RESET);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void operationChangePinSecurityToken(String adminPin, String newPin) {
|
||||
Intent intent = new Intent(getActivity(), SecurityTokenChangePinOperationActivity.class);
|
||||
SecurityTokenChangePinParcel changePinParcel =
|
||||
SecurityTokenChangePinParcel.createSecurityTokenUnlock(adminPin, newPin);
|
||||
intent.putExtra(SecurityTokenChangePinOperationActivity.EXTRA_CHANGE_PIN_PARCEL, changePinParcel);
|
||||
startActivityForResult(intent, REQUEST_CODE_CHANGE_PIN);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void showFileSelectDialog() {
|
||||
FileHelper.openDocument(this, null, "*/*", false, REQUEST_CODE_OPEN_FILE);
|
||||
|
|
|
@ -147,7 +147,7 @@ class ManageSecurityTokenPresenter implements ManageSecurityTokenMvpPresenter {
|
|||
|
||||
@Override
|
||||
public void onClickUnlockToken() {
|
||||
// TODO
|
||||
view.showAdminPinDialog();
|
||||
}
|
||||
|
||||
private LoaderCallbacks<KeyRetrievalResult> loaderCallbacks = new LoaderCallbacks<KeyRetrievalResult>() {
|
||||
|
|
Loading…
Reference in a new issue