add routines to unlock security token

OpenKeychain/src/main/AndroidManifest.xml

@@ -806,6 +806,13 @@
             android:taskAffinity=":Nfc"
             android:theme="@style/Theme.Keychain.Light.Dialog" />
 
+        <activity
+            android:name=".ui.SecurityTokenChangePinOperationActivity"
+            android:allowTaskReparenting="true"
+            android:launchMode="singleTop"
+            android:taskAffinity=":Nfc"
+            android:theme="@style/Theme.Keychain.Light.Dialog" />
+
         <activity
             android:name=".ui.HelpActivity"
             android:label="@string/title_help" />

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenHelper.java

@@ -217,6 +217,28 @@ public class SecurityTokenHelper {
 
     }
 
+    public void resetPin(String newPinStr) throws IOException {
+        if (!mPw3Validated) {
+            verifyPin(0x83); // (Verify PW1 with mode 82 for decryption)
+        }
+
+        byte[] newPin = newPinStr.getBytes();
+
+        final int MAX_PW1_LENGTH_INDEX = 1;
+        byte[] pwStatusBytes = getPwStatusBytes();
+        if (newPin.length < 6 || newPin.length > pwStatusBytes[MAX_PW1_LENGTH_INDEX]) {
+            throw new IOException("Invalid PIN length");
+        }
+
+        // Command APDU for RESET RETRY COUNTER command (page 33)
+        CommandAPDU changePin = new CommandAPDU(0x00, 0x2C, 0x02, 0x81, newPin);
+        ResponseAPDU response = communicate(changePin);
+
+        if (response.getSW() != APDU_SW_SUCCESS) {
+            throw new CardException("Failed to change PIN", response.getSW());
+        }
+    }
+
     /**
      * Modifies the user's PW1 or PW3. Before sending, the new PIN will be validated for
      * conformance to the token's requirements for key length.

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java

@@ -1,21 +1,22 @@
 package org.sufficientlysecure.keychain.service.input;
 
-import android.os.Parcel;
-import android.os.Parcelable;
-
-import org.sufficientlysecure.keychain.util.Passphrase;
 
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
 
+import android.os.Parcel;
+import android.os.Parcelable;
+
+import org.sufficientlysecure.keychain.util.Passphrase;
+
 
 public class RequiredInputParcel implements Parcelable {
 
     public enum RequiredInputType {
         PASSPHRASE, PASSPHRASE_SYMMETRIC, BACKUP_CODE, SECURITY_TOKEN_SIGN, SECURITY_TOKEN_DECRYPT,
-        SECURITY_TOKEN_MOVE_KEY_TO_CARD, SECURITY_TOKEN_RESET_CARD, ENABLE_ORBOT, UPLOAD_FAIL_RETRY,
+        SECURITY_TOKEN_MOVE_KEY_TO_CARD, SECURITY_TOKEN_RESET_CARD, ENABLE_ORBOT, UPLOAD_FAIL_RETRY
     }
 
     public Date mSignatureTime;

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/SecurityTokenChangePinParcel.java

@@ -0,0 +1,18 @@
+package org.sufficientlysecure.keychain.service.input;
+
+
+import android.os.Parcelable;
+
+import com.google.auto.value.AutoValue;
+
+
+@AutoValue
+public abstract class SecurityTokenChangePinParcel implements Parcelable {
+    public abstract String getAdminPin();
+    public abstract String getNewPin();
+
+    public static SecurityTokenChangePinParcel createSecurityTokenUnlock(String adminPin, String newPin) {
+        return new AutoValue_SecurityTokenChangePinParcel(adminPin, newPin);
+    }
+
+}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenChangePinOperationActivity.java

@@ -0,0 +1,210 @@
+/*
+ * Copyright (C) 2017 Vincent Breitmoser <look@my.amazin.horse>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.ui;
+
+
+import java.io.IOException;
+
+import android.content.Intent;
+import android.os.AsyncTask;
+import android.os.Bundle;
+import android.view.View;
+import android.view.WindowManager;
+import android.widget.Button;
+import android.widget.TextView;
+import android.widget.ViewAnimator;
+
+import nordpol.android.NfcGuideView;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo;
+import org.sufficientlysecure.keychain.service.input.SecurityTokenChangePinParcel;
+import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity;
+import org.sufficientlysecure.keychain.ui.util.ThemeChanger;
+import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.OrientationUtils;
+import org.sufficientlysecure.keychain.util.Passphrase;
+
+
+/**
+ * This class provides a communication interface to OpenPGP applications on ISO SmartCard compliant
+ * NFC devices.
+ * For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf
+ */
+public class SecurityTokenChangePinOperationActivity extends BaseSecurityTokenActivity {
+    public static final String EXTRA_CHANGE_PIN_PARCEL = "change_pin_parcel";
+
+    public static final String RESULT_TOKEN_INFO = "token_info";
+
+    public ViewAnimator vAnimator;
+    public TextView vErrorText;
+    private TextView vErrorTextPin;
+    public Button vErrorTryAgainButton;
+    public NfcGuideView nfcGuideView;
+
+    private SecurityTokenChangePinParcel changePinInput;
+
+    private SecurityTokenInfo resultTokenInfo;
+
+    @Override
+    protected void initTheme() {
+        mThemeChanger = new ThemeChanger(this);
+        mThemeChanger.setThemes(R.style.Theme_Keychain_Light_Dialog,
+                R.style.Theme_Keychain_Dark_Dialog);
+        mThemeChanger.changeTheme();
+    }
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        Log.d(Constants.TAG, "NfcOperationActivity.onCreate");
+
+        nfcGuideView = (NfcGuideView) findViewById(R.id.nfc_guide_view);
+
+        // prevent annoying orientation changes while fumbling with the device
+        OrientationUtils.lockOrientation(this);
+        // prevent close when touching outside of the dialog (happens easily when fumbling with the device)
+        setFinishOnTouchOutside(false);
+        // keep screen on
+        getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON);
+
+        setTitle(R.string.security_token_nfc_text);
+
+        vAnimator = (ViewAnimator) findViewById(R.id.view_animator);
+        vAnimator.setDisplayedChild(0);
+
+        nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.STARTING_POSITION);
+
+        vErrorText = (TextView) findViewById(R.id.security_token_activity_3_error_text);
+        vErrorTextPin = (TextView) findViewById(R.id.security_token_activity_4_error_text);
+        vErrorTryAgainButton = (Button) findViewById(R.id.security_token_activity_3_error_try_again);
+        vErrorTryAgainButton.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                resumeTagHandling();
+
+                vAnimator.setDisplayedChild(0);
+
+                nfcGuideView.setVisibility(View.VISIBLE);
+                nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.STARTING_POSITION);
+            }
+        });
+        Button vCancel = (Button) findViewById(R.id.security_token_activity_0_cancel);
+        vCancel.setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                setResult(RESULT_CANCELED);
+                finish();
+            }
+        });
+        findViewById(R.id.security_token_activity_4_back).setOnClickListener(new View.OnClickListener() {
+            @Override
+            public void onClick(View v) {
+                Intent result = new Intent();
+                result.putExtra(RESULT_TOKEN_INFO, resultTokenInfo);
+                setResult(RESULT_CANCELED, result);
+                finish();
+            }
+        });
+
+        changePinInput = getIntent().getParcelableExtra(EXTRA_CHANGE_PIN_PARCEL);
+    }
+
+    @Override
+    protected void initLayout() {
+        setContentView(R.layout.security_token_operation_activity);
+    }
+
+    @Override
+    public void onSecurityTokenPreExecute() {
+        // start with indeterminate progress
+        vAnimator.setDisplayedChild(1);
+        nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.TRANSFERRING);
+    }
+
+    @Override
+    protected void doSecurityTokenInBackground() throws IOException {
+        mSecurityTokenHelper.setAdminPin(new Passphrase(changePinInput.getAdminPin()));
+        mSecurityTokenHelper.resetPin(changePinInput.getNewPin());
+
+        resultTokenInfo = mSecurityTokenHelper.getTokenInfo();
+    }
+
+    @Override
+    protected final void onSecurityTokenPostExecute() {
+        Intent result = new Intent();
+        result.putExtra(RESULT_TOKEN_INFO, resultTokenInfo);
+        setResult(RESULT_OK, result);
+
+        // show finish
+        vAnimator.setDisplayedChild(2);
+
+        nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.DONE);
+
+        if (mSecurityTokenHelper.isPersistentConnectionAllowed()) {
+            // Just close
+            finish();
+        } else {
+            mSecurityTokenHelper.clearSecureMessaging();
+            new AsyncTask<Void, Void, Void>() {
+                @Override
+                protected Void doInBackground(Void... params) {
+                    // check all 200ms if Security Token has been taken away
+                    while (true) {
+                        if (isSecurityTokenConnected()) {
+                            try {
+                                Thread.sleep(200);
+                            } catch (InterruptedException ignored) {
+                            }
+                        } else {
+                            return null;
+                        }
+                    }
+                }
+
+                @Override
+                protected void onPostExecute(Void result) {
+                    super.onPostExecute(result);
+                    finish();
+                }
+            }.execute();
+        }
+    }
+
+    @Override
+    protected void onSecurityTokenError(String error) {
+        pauseTagHandling();
+
+        vErrorText.setText(error + "\n\n" + getString(R.string.security_token_nfc_try_again_text));
+        vAnimator.setDisplayedChild(3);
+
+        nfcGuideView.setVisibility(View.GONE);
+    }
+
+    @Override
+    public void onSecurityTokenPinError(String error, SecurityTokenInfo tokeninfo) {
+        resultTokenInfo = tokeninfo;
+
+        pauseTagHandling();
+
+        vErrorTextPin.setText(error);
+        vAnimator.setDisplayedChild(4);
+
+        nfcGuideView.setVisibility(View.GONE);
+    }
+}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java

@@ -44,6 +44,7 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.provider.KeyRepository;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.securitytoken.KeyType;
+import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
@@ -65,6 +66,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
     public static final String EXTRA_CRYPTO_INPUT = "crypto_input";
 
     public static final String RESULT_CRYPTO_INPUT = "result_data";
+    public static final String RESULT_TOKEN_INFO = "token_info";
 
     public ViewAnimator vAnimator;
     public TextView vErrorText;
@@ -74,6 +76,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
     private RequiredInputParcel mRequiredInput;
 
     private CryptoInputParcel mInputParcel;
+    private SecurityTokenInfo mResultTokenInfo;
 
     @Override
     protected void initTheme() {
@@ -277,6 +280,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
             }
             case SECURITY_TOKEN_RESET_CARD: {
                 mSecurityTokenHelper.resetAndWipeToken();
+                mResultTokenInfo = mSecurityTokenHelper.getTokenInfo();
 
                 break;
             }
@@ -334,6 +338,9 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
         Intent result = new Intent();
         // send back the CryptoInputParcel we received
         result.putExtra(RESULT_CRYPTO_INPUT, inputParcel);
+        if (mResultTokenInfo != null) {
+            result.putExtra(RESULT_TOKEN_INFO, mResultTokenInfo);
+        }
         setResult(RESULT_OK, result);
     }
 
@@ -348,7 +355,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
     }
 
     @Override
-    public void onSecurityTokenPinError(String error) {
+    public void onSecurityTokenPinError(String error, SecurityTokenInfo tokeninfo) {
         onSecurityTokenError(error);
 
         // clear (invalid) passphrase

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenContract.java

@@ -68,6 +68,7 @@ class ManageSecurityTokenContract {
         void operationImportKey(byte[] importKeyData);
         void operationPromote(long masterKeyId, byte[] cardAid);
         void operationResetSecurityToken();
+        void operationChangePinSecurityToken(String adminPin, String newPin);
 
         void finishAndShowKey(long masterKeyId);
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenFragment.java

@@ -54,10 +54,12 @@ import org.sufficientlysecure.keychain.service.ImportKeyringParcel;
 import org.sufficientlysecure.keychain.service.PromoteKeyringParcel;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.service.input.SecurityTokenChangePinParcel;
 import org.sufficientlysecure.keychain.ui.CreateKeyActivity;
 import org.sufficientlysecure.keychain.ui.LogDisplayActivity;
 import org.sufficientlysecure.keychain.ui.LogDisplayFragment;
 import org.sufficientlysecure.keychain.ui.SecurityTokenOperationActivity;
+import org.sufficientlysecure.keychain.ui.SecurityTokenChangePinOperationActivity;
 import org.sufficientlysecure.keychain.ui.base.CryptoOperationHelper;
 import org.sufficientlysecure.keychain.ui.base.CryptoOperationHelper.AbstractCallback;
 import org.sufficientlysecure.keychain.ui.keyview.ViewKeyActivity;
@@ -76,6 +78,7 @@ public class ManageSecurityTokenFragment extends Fragment implements ManageSecur
     private static final String ARG_TOKEN_INFO = "token_info";
     public static final int REQUEST_CODE_OPEN_FILE = 0;
     public static final int REQUEST_CODE_RESET = 1;
+    public static final int REQUEST_CODE_CHANGE_PIN = 2;
     public static final int PERMISSION_READ_STORAGE = 0;
 
     ManageSecurityTokenMvpPresenter presenter;
@@ -303,6 +306,15 @@ public class ManageSecurityTokenFragment extends Fragment implements ManageSecur
         startActivityForResult(intent, REQUEST_CODE_RESET);
     }
 
+    @Override
+    public void operationChangePinSecurityToken(String adminPin, String newPin) {
+        Intent intent = new Intent(getActivity(), SecurityTokenChangePinOperationActivity.class);
+        SecurityTokenChangePinParcel changePinParcel =
+                SecurityTokenChangePinParcel.createSecurityTokenUnlock(adminPin, newPin);
+        intent.putExtra(SecurityTokenChangePinOperationActivity.EXTRA_CHANGE_PIN_PARCEL, changePinParcel);
+        startActivityForResult(intent, REQUEST_CODE_CHANGE_PIN);
+    }
+
     @Override
     public void showFileSelectDialog() {
         FileHelper.openDocument(this, null, "*/*", false, REQUEST_CODE_OPEN_FILE);

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/token/ManageSecurityTokenPresenter.java

@@ -147,7 +147,7 @@ class ManageSecurityTokenPresenter implements ManageSecurityTokenMvpPresenter {
 
     @Override
     public void onClickUnlockToken() {
-        // TODO
+        view.showAdminPinDialog();
     }
 
     private LoaderCallbacks<KeyRetrievalResult> loaderCallbacks = new LoaderCallbacks<KeyRetrievalResult>() {