Use different approach for whitelisting usb security tokens
This commit is contained in:
Vincent Breitmoser
@@ -189,10 +189,11 @@ public class SecurityTokenConnection {
|
||||
@VisibleForTesting
|
||||
void connectToDevice(Context context) throws IOException {
|
||||
// Connect on transport layer
|
||||
mCardCapabilities = new CardCapabilities();
|
||||
|
||||
mTransport.connect();
|
||||
|
||||
// dummy instance for initial communicate() calls
|
||||
mCardCapabilities = new CardCapabilities();
|
||||
|
||||
determineTokenType();
|
||||
|
||||
CommandApdu select = commandFactory.createSelectFileOpenPgpCommand();
|
||||
@@ -546,7 +547,7 @@ public class SecurityTokenConnection {
|
||||
}
|
||||
|
||||
// Now we're ready to communicate with the token.
|
||||
byte[] keyBytes = null;
|
||||
byte[] keyBytes;
|
||||
|
||||
try {
|
||||
secretKey.unlock(passphrase);
|
||||
|
||||
@@ -3,8 +3,10 @@ package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
@@ -100,7 +102,7 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
NITROKEY_START_1_25_AND_NEWER, GNUK_OLD, GNUK_1_25_AND_NEWER, LEDGER_NANO_S, UNKNOWN
|
||||
}
|
||||
|
||||
private static final HashSet<TokenType> SUPPORTED_USB_TOKENS = new HashSet<>(Arrays.asList(
|
||||
public static final Set<TokenType> SUPPORTED_USB_TOKENS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
|
||||
TokenType.YUBIKEY_NEO,
|
||||
TokenType.YUBIKEY_4,
|
||||
TokenType.NITROKEY_PRO,
|
||||
@@ -109,23 +111,16 @@ public abstract class SecurityTokenInfo implements Parcelable {
|
||||
TokenType.NITROKEY_START_1_25_AND_NEWER,
|
||||
TokenType.GNUK_OLD,
|
||||
TokenType.GNUK_1_25_AND_NEWER
|
||||
));
|
||||
)));
|
||||
|
||||
private static final HashSet<TokenType> SUPPORTED_USB_SETUP = new HashSet<>(Arrays.asList(
|
||||
private static final Set<TokenType> SUPPORTED_USB_SETUP = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
|
||||
TokenType.YUBIKEY_NEO,
|
||||
TokenType.YUBIKEY_4,
|
||||
TokenType.NITROKEY_PRO,
|
||||
TokenType.NITROKEY_STORAGE,
|
||||
TokenType.NITROKEY_START_1_25_AND_NEWER,
|
||||
TokenType.GNUK_1_25_AND_NEWER
|
||||
));
|
||||
|
||||
public boolean isSecurityTokenSupported() {
|
||||
boolean isKnownSupported = SUPPORTED_USB_TOKENS.contains(getTokenType());
|
||||
boolean isNfcTransport = getTransportType() == TransportType.NFC;
|
||||
|
||||
return isKnownSupported || isNfcTransport;
|
||||
}
|
||||
)));
|
||||
|
||||
public boolean isPutKeySupported() {
|
||||
boolean isKnownSupported = SUPPORTED_USB_SETUP.contains(getTokenType());
|
||||
|
||||
@@ -0,0 +1,8 @@
|
||||
package org.sufficientlysecure.keychain.securitytoken.usb;
|
||||
|
||||
|
||||
public class UnsupportedUsbTokenException extends UsbTransportException {
|
||||
UnsupportedUsbTokenException() {
|
||||
super("This USB token is not supported!");
|
||||
}
|
||||
}
|
||||
@@ -134,6 +134,13 @@ public class UsbTransport implements Transport {
|
||||
throw new UsbTransportException("USB error: failed to connect to device");
|
||||
}
|
||||
|
||||
boolean tokenTypeSupported = SecurityTokenInfo.SUPPORTED_USB_TOKENS.contains(getTokenTypeIfAvailable());
|
||||
if (!tokenTypeSupported) {
|
||||
usbConnection.close();
|
||||
usbConnection = null;
|
||||
throw new UnsupportedUsbTokenException();
|
||||
}
|
||||
|
||||
if (!usbConnection.claimInterface(usbInterface, true)) {
|
||||
throw new UsbTransportException("USB error: failed to claim interface");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user