OTG: rename Smartcard -> SecurityToken
This commit is contained in:
Nikita Mikhailov
@@ -15,7 +15,7 @@
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.smartcard;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.smartcard;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.smartcard;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import android.nfc.Tag;
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
*/
|
||||
|
||||
|
||||
package org.sufficientlysecure.keychain.smartcard;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import org.bouncycastle.bcpg.HashAlgorithmTags;
|
||||
import org.bouncycastle.util.Arrays;
|
||||
@@ -41,10 +41,10 @@ import nordpol.Apdu;
|
||||
|
||||
/**
|
||||
* This class provides a communication interface to OpenPGP applications on ISO SmartCard compliant
|
||||
* NFC devices.
|
||||
* devices.
|
||||
* For the full specs, see http://g10code.com/docs/openpgp-card-2.0.pdf
|
||||
*/
|
||||
public class SmartcardDevice {
|
||||
public class SecurityTokenHelper {
|
||||
// Fidesmo constants
|
||||
private static final String FIDESMO_APPS_AID_PREFIX = "A000000617";
|
||||
|
||||
@@ -58,11 +58,11 @@ public class SmartcardDevice {
|
||||
private boolean mPw1ValidatedForDecrypt; // Mode 82 does other things; consider renaming?
|
||||
private boolean mPw3Validated;
|
||||
|
||||
protected SmartcardDevice() {
|
||||
protected SecurityTokenHelper() {
|
||||
}
|
||||
|
||||
public static SmartcardDevice getInstance() {
|
||||
return LazyHolder.mSmartcardDevice;
|
||||
public static SecurityTokenHelper getInstance() {
|
||||
return LazyHolder.SECURITY_TOKEN_HELPER;
|
||||
}
|
||||
|
||||
private static String getHex(byte[] raw) {
|
||||
@@ -750,6 +750,6 @@ public class SmartcardDevice {
|
||||
}
|
||||
|
||||
private static class LazyHolder {
|
||||
private static final SmartcardDevice mSmartcardDevice = new SmartcardDevice();
|
||||
private static final SecurityTokenHelper SECURITY_TOKEN_HELPER = new SecurityTokenHelper();
|
||||
}
|
||||
}
|
||||
@@ -15,7 +15,7 @@
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.smartcard;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.smartcard;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import android.hardware.usb.UsbConstants;
|
||||
import android.hardware.usb.UsbDevice;
|
||||
@@ -15,7 +15,7 @@
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.smartcard;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@@ -47,9 +47,9 @@ public class CreateKeyActivity extends BaseSecurityTokenNfcActivity {
|
||||
public static final String EXTRA_SECURITY_TOKEN_PIN = "yubi_key_pin";
|
||||
public static final String EXTRA_SECURITY_TOKEN_ADMIN_PIN = "yubi_key_admin_pin";
|
||||
|
||||
public static final String EXTRA_NFC_USER_ID = "nfc_user_id";
|
||||
public static final String EXTRA_NFC_AID = "nfc_aid";
|
||||
public static final String EXTRA_NFC_FINGERPRINTS = "nfc_fingerprints";
|
||||
public static final String EXTRA_SECURITY_TOKEN_USER_ID = "nfc_user_id";
|
||||
public static final String EXTRA_SECURITY_TOKEN_AID = "nfc_aid";
|
||||
public static final String EXTRA_SECURITY_FINGERPRINTS = "nfc_fingerprints";
|
||||
|
||||
public static final String FRAGMENT_TAG = "currentFragment";
|
||||
|
||||
@@ -66,8 +66,8 @@ public class CreateKeyActivity extends BaseSecurityTokenNfcActivity {
|
||||
|
||||
|
||||
byte[] mScannedFingerprints;
|
||||
byte[] mNfcAid;
|
||||
String mNfcUserId;
|
||||
byte[] mSecurityTokenAid;
|
||||
String mSecurityTokenUserId;
|
||||
|
||||
@Override
|
||||
public void onCreate(Bundle savedInstanceState) {
|
||||
@@ -107,10 +107,10 @@ public class CreateKeyActivity extends BaseSecurityTokenNfcActivity {
|
||||
mFirstTime = intent.getBooleanExtra(EXTRA_FIRST_TIME, false);
|
||||
mCreateSecurityToken = intent.getBooleanExtra(EXTRA_CREATE_SECURITY_TOKEN, false);
|
||||
|
||||
if (intent.hasExtra(EXTRA_NFC_FINGERPRINTS)) {
|
||||
byte[] nfcFingerprints = intent.getByteArrayExtra(EXTRA_NFC_FINGERPRINTS);
|
||||
String nfcUserId = intent.getStringExtra(EXTRA_NFC_USER_ID);
|
||||
byte[] nfcAid = intent.getByteArrayExtra(EXTRA_NFC_AID);
|
||||
if (intent.hasExtra(EXTRA_SECURITY_FINGERPRINTS)) {
|
||||
byte[] nfcFingerprints = intent.getByteArrayExtra(EXTRA_SECURITY_FINGERPRINTS);
|
||||
String nfcUserId = intent.getStringExtra(EXTRA_SECURITY_TOKEN_USER_ID);
|
||||
byte[] nfcAid = intent.getByteArrayExtra(EXTRA_SECURITY_TOKEN_AID);
|
||||
|
||||
if (containsKeys(nfcFingerprints)) {
|
||||
Fragment frag = CreateSecurityTokenImportResetFragment.newInstance(
|
||||
@@ -143,19 +143,19 @@ public class CreateKeyActivity extends BaseSecurityTokenNfcActivity {
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doSmartcardInBackground() throws IOException {
|
||||
protected void doSecurityTokenInBackground() throws IOException {
|
||||
if (mCurrentFragment instanceof NfcListenerFragment) {
|
||||
((NfcListenerFragment) mCurrentFragment).doNfcInBackground();
|
||||
return;
|
||||
}
|
||||
|
||||
mScannedFingerprints = mSmartcardDevice.getFingerprints();
|
||||
mNfcAid = mSmartcardDevice.getAid();
|
||||
mNfcUserId = mSmartcardDevice.getUserId();
|
||||
mScannedFingerprints = mSecurityTokenHelper.getFingerprints();
|
||||
mSecurityTokenAid = mSecurityTokenHelper.getAid();
|
||||
mSecurityTokenUserId = mSecurityTokenHelper.getUserId();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void onSmartcardPostExecute() {
|
||||
protected void onSecurityTokenPostExecute() {
|
||||
if (mCurrentFragment instanceof NfcListenerFragment) {
|
||||
((NfcListenerFragment) mCurrentFragment).onNfcPostExecute();
|
||||
return;
|
||||
@@ -169,15 +169,15 @@ public class CreateKeyActivity extends BaseSecurityTokenNfcActivity {
|
||||
|
||||
Intent intent = new Intent(this, ViewKeyActivity.class);
|
||||
intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mNfcAid);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mNfcUserId);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mSecurityTokenAid);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mSecurityTokenUserId);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mScannedFingerprints);
|
||||
startActivity(intent);
|
||||
finish();
|
||||
|
||||
} catch (PgpKeyNotFoundException e) {
|
||||
Fragment frag = CreateSecurityTokenImportResetFragment.newInstance(
|
||||
mScannedFingerprints, mNfcAid, mNfcUserId);
|
||||
mScannedFingerprints, mSecurityTokenAid, mSecurityTokenUserId);
|
||||
loadFragment(frag, FragAction.TO_RIGHT);
|
||||
}
|
||||
} else {
|
||||
|
||||
@@ -249,9 +249,9 @@ public class CreateSecurityTokenImportResetFragment
|
||||
@Override
|
||||
public void doNfcInBackground() throws IOException {
|
||||
|
||||
mTokenFingerprints = mCreateKeyActivity.getSmartcardDevice().getFingerprints();
|
||||
mTokenAid = mCreateKeyActivity.getSmartcardDevice().getAid();
|
||||
mTokenUserId = mCreateKeyActivity.getSmartcardDevice().getUserId();
|
||||
mTokenFingerprints = mCreateKeyActivity.getSecurityTokenHelper().getFingerprints();
|
||||
mTokenAid = mCreateKeyActivity.getSecurityTokenHelper().getAid();
|
||||
mTokenUserId = mCreateKeyActivity.getSecurityTokenHelper().getUserId();
|
||||
|
||||
byte[] fp = new byte[20];
|
||||
ByteBuffer.wrap(fp).put(mTokenFingerprints, 0, 20);
|
||||
|
||||
@@ -172,20 +172,20 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onSmartcardPreExecute() {
|
||||
public void onSecurityTokenPreExecute() {
|
||||
// start with indeterminate progress
|
||||
vAnimator.setDisplayedChild(1);
|
||||
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.TRANSFERRING);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doSmartcardInBackground() throws IOException {
|
||||
protected void doSecurityTokenInBackground() throws IOException {
|
||||
|
||||
switch (mRequiredInput.mType) {
|
||||
case SMARTCARD_DECRYPT: {
|
||||
for (int i = 0; i < mRequiredInput.mInputData.length; i++) {
|
||||
byte[] encryptedSessionKey = mRequiredInput.mInputData[i];
|
||||
byte[] decryptedSessionKey = mSmartcardDevice.decryptSessionKey(encryptedSessionKey);
|
||||
byte[] decryptedSessionKey = mSecurityTokenHelper.decryptSessionKey(encryptedSessionKey);
|
||||
mInputParcel.addCryptoData(encryptedSessionKey, decryptedSessionKey);
|
||||
}
|
||||
break;
|
||||
@@ -196,15 +196,15 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
|
||||
for (int i = 0; i < mRequiredInput.mInputData.length; i++) {
|
||||
byte[] hash = mRequiredInput.mInputData[i];
|
||||
int algo = mRequiredInput.mSignAlgos[i];
|
||||
byte[] signedHash = mSmartcardDevice.calculateSignature(hash, algo);
|
||||
byte[] signedHash = mSecurityTokenHelper.calculateSignature(hash, algo);
|
||||
mInputParcel.addCryptoData(hash, signedHash);
|
||||
}
|
||||
break;
|
||||
}
|
||||
case SMARTCARD_MOVE_KEY_TO_CARD: {
|
||||
// TODO: assume PIN and Admin PIN to be default for this operation
|
||||
mSmartcardDevice.setPin(new Passphrase("123456"));
|
||||
mSmartcardDevice.setAdminPin(new Passphrase("12345678"));
|
||||
mSecurityTokenHelper.setPin(new Passphrase("123456"));
|
||||
mSecurityTokenHelper.setAdminPin(new Passphrase("12345678"));
|
||||
|
||||
ProviderHelper providerHelper = new ProviderHelper(this);
|
||||
CanonicalizedSecretKeyRing secretKeyRing;
|
||||
@@ -225,7 +225,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
|
||||
long subkeyId = buf.getLong();
|
||||
|
||||
CanonicalizedSecretKey key = secretKeyRing.getSecretKey(subkeyId);
|
||||
byte[] tokenSerialNumber = Arrays.copyOf(mSmartcardDevice.getAid(), 16);
|
||||
byte[] tokenSerialNumber = Arrays.copyOf(mSecurityTokenHelper.getAid(), 16);
|
||||
|
||||
Passphrase passphrase;
|
||||
try {
|
||||
@@ -235,20 +235,20 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
|
||||
throw new IOException("Unable to get cached passphrase!");
|
||||
}
|
||||
|
||||
mSmartcardDevice.changeKey(key, passphrase);
|
||||
mSecurityTokenHelper.changeKey(key, passphrase);
|
||||
|
||||
// TODO: Is this really used anywhere?
|
||||
mInputParcel.addCryptoData(subkeyBytes, tokenSerialNumber);
|
||||
}
|
||||
|
||||
// change PINs afterwards
|
||||
mSmartcardDevice.modifyPin(0x81, newPin);
|
||||
mSmartcardDevice.modifyPin(0x83, newAdminPin);
|
||||
mSecurityTokenHelper.modifyPin(0x81, newPin);
|
||||
mSecurityTokenHelper.modifyPin(0x83, newAdminPin);
|
||||
|
||||
break;
|
||||
}
|
||||
case SMARTCARD_RESET_CARD: {
|
||||
mSmartcardDevice.resetAndWipeToken();
|
||||
mSecurityTokenHelper.resetAndWipeToken();
|
||||
|
||||
break;
|
||||
}
|
||||
@@ -260,7 +260,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
|
||||
}
|
||||
|
||||
@Override
|
||||
protected final void onSmartcardPostExecute() {
|
||||
protected final void onSecurityTokenPostExecute() {
|
||||
handleResult(mInputParcel);
|
||||
|
||||
// show finish
|
||||
@@ -268,7 +268,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
|
||||
|
||||
nfcGuideView.setCurrentStatus(NfcGuideView.NfcGuideViewStatus.DONE);
|
||||
|
||||
if (mSmartcardDevice.isPersistentConnectionAllowed()) {
|
||||
if (mSecurityTokenHelper.isPersistentConnectionAllowed()) {
|
||||
// Just close
|
||||
finish();
|
||||
} else {
|
||||
@@ -309,7 +309,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void onSmartcardError(String error) {
|
||||
protected void onSecurityTokenError(String error) {
|
||||
pauseTagHandling();
|
||||
|
||||
vErrorText.setText(error + "\n\n" + getString(R.string.security_token_nfc_try_again_text));
|
||||
@@ -319,8 +319,8 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
|
||||
}
|
||||
|
||||
@Override
|
||||
public void onSmartcardPinError(String error) {
|
||||
onSmartcardError(error);
|
||||
public void onSecurityTokenPinError(String error) {
|
||||
onSecurityTokenError(error);
|
||||
|
||||
// clear (invalid) passphrase
|
||||
PassphraseCacheService.clearCachedPassphrase(
|
||||
|
||||
@@ -32,7 +32,6 @@ import android.app.ActivityOptions;
|
||||
import android.content.Intent;
|
||||
import android.database.Cursor;
|
||||
import android.graphics.Bitmap;
|
||||
import android.graphics.Color;
|
||||
import android.graphics.PorterDuff;
|
||||
import android.net.Uri;
|
||||
import android.nfc.NfcAdapter;
|
||||
@@ -172,9 +171,9 @@ public class ViewKeyActivity extends BaseSecurityTokenNfcActivity implements
|
||||
private byte[] mFingerprint;
|
||||
private String mFingerprintString;
|
||||
|
||||
private byte[] mNfcFingerprints;
|
||||
private String mNfcUserId;
|
||||
private byte[] mNfcAid;
|
||||
private byte[] mSecurityTokenFingerprints;
|
||||
private String mSecurityTokenUserId;
|
||||
private byte[] mSecurityTokenAid;
|
||||
|
||||
@SuppressLint("InflateParams")
|
||||
@Override
|
||||
@@ -647,17 +646,17 @@ public class ViewKeyActivity extends BaseSecurityTokenNfcActivity implements
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doSmartcardInBackground() throws IOException {
|
||||
protected void doSecurityTokenInBackground() throws IOException {
|
||||
|
||||
mNfcFingerprints = mSmartcardDevice.getFingerprints();
|
||||
mNfcUserId = mSmartcardDevice.getUserId();
|
||||
mNfcAid = mSmartcardDevice.getAid();
|
||||
mSecurityTokenFingerprints = mSecurityTokenHelper.getFingerprints();
|
||||
mSecurityTokenUserId = mSecurityTokenHelper.getUserId();
|
||||
mSecurityTokenAid = mSecurityTokenHelper.getAid();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void onSmartcardPostExecute() {
|
||||
protected void onSecurityTokenPostExecute() {
|
||||
|
||||
long tokenId = KeyFormattingUtils.getKeyIdFromFingerprint(mNfcFingerprints);
|
||||
long tokenId = KeyFormattingUtils.getKeyIdFromFingerprint(mSecurityTokenFingerprints);
|
||||
|
||||
try {
|
||||
|
||||
@@ -668,7 +667,7 @@ public class ViewKeyActivity extends BaseSecurityTokenNfcActivity implements
|
||||
|
||||
// if the master key of that key matches this one, just show the token dialog
|
||||
if (KeyFormattingUtils.convertFingerprintToHex(candidateFp).equals(mFingerprintString)) {
|
||||
showSecurityTokenFragment(mNfcFingerprints, mNfcUserId, mNfcAid);
|
||||
showSecurityTokenFragment(mSecurityTokenFingerprints, mSecurityTokenUserId, mSecurityTokenAid);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -681,9 +680,9 @@ public class ViewKeyActivity extends BaseSecurityTokenNfcActivity implements
|
||||
Intent intent = new Intent(
|
||||
ViewKeyActivity.this, ViewKeyActivity.class);
|
||||
intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mNfcAid);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mNfcUserId);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mNfcFingerprints);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mSecurityTokenAid);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mSecurityTokenUserId);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mSecurityTokenFingerprints);
|
||||
startActivity(intent);
|
||||
finish();
|
||||
}
|
||||
@@ -696,9 +695,9 @@ public class ViewKeyActivity extends BaseSecurityTokenNfcActivity implements
|
||||
public void onAction() {
|
||||
Intent intent = new Intent(
|
||||
ViewKeyActivity.this, CreateKeyActivity.class);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mNfcAid);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mNfcUserId);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mNfcFingerprints);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mSecurityTokenAid);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mSecurityTokenUserId);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mSecurityTokenFingerprints);
|
||||
startActivity(intent);
|
||||
finish();
|
||||
}
|
||||
|
||||
@@ -24,7 +24,6 @@ package org.sufficientlysecure.keychain.ui.base;
|
||||
import android.app.Activity;
|
||||
import android.content.Intent;
|
||||
import android.content.pm.PackageManager;
|
||||
import android.hardware.usb.UsbManager;
|
||||
import android.nfc.NfcAdapter;
|
||||
import android.nfc.Tag;
|
||||
import android.nfc.TagLostException;
|
||||
@@ -40,12 +39,12 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
||||
import org.sufficientlysecure.keychain.service.PassphraseCacheService;
|
||||
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
|
||||
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
|
||||
import org.sufficientlysecure.keychain.smartcard.CardException;
|
||||
import org.sufficientlysecure.keychain.smartcard.NfcTransport;
|
||||
import org.sufficientlysecure.keychain.smartcard.SmartcardDevice;
|
||||
import org.sufficientlysecure.keychain.smartcard.Transport;
|
||||
import org.sufficientlysecure.keychain.securitytoken.CardException;
|
||||
import org.sufficientlysecure.keychain.securitytoken.NfcTransport;
|
||||
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenHelper;
|
||||
import org.sufficientlysecure.keychain.securitytoken.Transport;
|
||||
import org.sufficientlysecure.keychain.util.UsbConnectionDispatcher;
|
||||
import org.sufficientlysecure.keychain.smartcard.UsbTransport;
|
||||
import org.sufficientlysecure.keychain.securitytoken.UsbTransport;
|
||||
import org.sufficientlysecure.keychain.ui.CreateKeyActivity;
|
||||
import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
|
||||
import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
|
||||
@@ -70,36 +69,36 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
|
||||
private static final String FIDESMO_APP_PACKAGE = "com.fidesmo.sec.android";
|
||||
|
||||
protected SmartcardDevice mSmartcardDevice = SmartcardDevice.getInstance();
|
||||
protected SecurityTokenHelper mSecurityTokenHelper = SecurityTokenHelper.getInstance();
|
||||
protected TagDispatcher mTagDispatcher;
|
||||
protected UsbConnectionDispatcher mUsbDispatcher;
|
||||
private boolean mTagHandlingEnabled;
|
||||
|
||||
private byte[] mSmartcardFingerprints;
|
||||
private String mSmartcardUserId;
|
||||
private byte[] mSmartcardAid;
|
||||
private byte[] mSecurityTokenFingerprints;
|
||||
private String mSecurityTokenUserId;
|
||||
private byte[] mSecurityTokenAid;
|
||||
|
||||
/**
|
||||
* Override to change UI before NFC handling (UI thread)
|
||||
* Override to change UI before SecurityToken handling (UI thread)
|
||||
*/
|
||||
protected void onSmartcardPreExecute() {
|
||||
protected void onSecurityTokenPreExecute() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Override to implement NFC operations (background thread)
|
||||
* Override to implement SecurityToken operations (background thread)
|
||||
*/
|
||||
protected void doSmartcardInBackground() throws IOException {
|
||||
mSmartcardFingerprints = mSmartcardDevice.getFingerprints();
|
||||
mSmartcardUserId = mSmartcardDevice.getUserId();
|
||||
mSmartcardAid = mSmartcardDevice.getAid();
|
||||
protected void doSecurityTokenInBackground() throws IOException {
|
||||
mSecurityTokenFingerprints = mSecurityTokenHelper.getFingerprints();
|
||||
mSecurityTokenUserId = mSecurityTokenHelper.getUserId();
|
||||
mSecurityTokenAid = mSecurityTokenHelper.getAid();
|
||||
}
|
||||
|
||||
/**
|
||||
* Override to handle result of NFC operations (UI thread)
|
||||
* Override to handle result of SecurityToken operations (UI thread)
|
||||
*/
|
||||
protected void onSmartcardPostExecute() {
|
||||
protected void onSecurityTokenPostExecute() {
|
||||
|
||||
final long subKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mSmartcardFingerprints);
|
||||
final long subKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mSecurityTokenFingerprints);
|
||||
|
||||
try {
|
||||
CachedPublicKeyRing ring = new ProviderHelper(this).getCachedPublicKeyRing(
|
||||
@@ -108,15 +107,15 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
|
||||
Intent intent = new Intent(this, ViewKeyActivity.class);
|
||||
intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mSmartcardAid);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mSmartcardUserId);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mSmartcardFingerprints);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mSecurityTokenAid);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mSecurityTokenUserId);
|
||||
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mSecurityTokenFingerprints);
|
||||
startActivity(intent);
|
||||
} catch (PgpKeyNotFoundException e) {
|
||||
Intent intent = new Intent(this, CreateKeyActivity.class);
|
||||
intent.putExtra(CreateKeyActivity.EXTRA_NFC_AID, mSmartcardAid);
|
||||
intent.putExtra(CreateKeyActivity.EXTRA_NFC_USER_ID, mSmartcardUserId);
|
||||
intent.putExtra(CreateKeyActivity.EXTRA_NFC_FINGERPRINTS, mSmartcardFingerprints);
|
||||
intent.putExtra(CreateKeyActivity.EXTRA_SECURITY_TOKEN_AID, mSecurityTokenAid);
|
||||
intent.putExtra(CreateKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mSecurityTokenUserId);
|
||||
intent.putExtra(CreateKeyActivity.EXTRA_SECURITY_FINGERPRINTS, mSecurityTokenFingerprints);
|
||||
startActivity(intent);
|
||||
}
|
||||
}
|
||||
@@ -124,15 +123,15 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
/**
|
||||
* Override to use something different than Notify (UI thread)
|
||||
*/
|
||||
protected void onSmartcardError(String error) {
|
||||
protected void onSecurityTokenError(String error) {
|
||||
Notify.create(this, error, Style.WARN).show();
|
||||
}
|
||||
|
||||
/**
|
||||
* Override to do something when PIN is wrong, e.g., clear passphrases (UI thread)
|
||||
*/
|
||||
protected void onSmartcardPinError(String error) {
|
||||
onSmartcardError(error);
|
||||
protected void onSecurityTokenPinError(String error) {
|
||||
onSecurityTokenError(error);
|
||||
}
|
||||
|
||||
public void tagDiscovered(final Tag tag) {
|
||||
@@ -140,7 +139,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
if (!mTagHandlingEnabled)
|
||||
return;
|
||||
|
||||
smartcardDiscovered(new NfcTransport(tag));
|
||||
securityTokenDiscovered(new NfcTransport(tag));
|
||||
}
|
||||
|
||||
public void usbDeviceDiscovered(final UsbTransport transport) {
|
||||
@@ -148,10 +147,10 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
if (!mTagHandlingEnabled)
|
||||
return;
|
||||
|
||||
smartcardDiscovered(transport);
|
||||
securityTokenDiscovered(transport);
|
||||
}
|
||||
|
||||
public void smartcardDiscovered(final Transport transport) {
|
||||
public void securityTokenDiscovered(final Transport transport) {
|
||||
// Actual Smartcard operations are executed in doInBackground to not block the UI thread
|
||||
if (!mTagHandlingEnabled)
|
||||
return;
|
||||
@@ -159,7 +158,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
@Override
|
||||
protected void onPreExecute() {
|
||||
super.onPreExecute();
|
||||
onSmartcardPreExecute();
|
||||
onSecurityTokenPreExecute();
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -182,7 +181,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
return;
|
||||
}
|
||||
|
||||
onSmartcardPostExecute();
|
||||
onSecurityTokenPostExecute();
|
||||
}
|
||||
}.execute();
|
||||
}
|
||||
@@ -237,12 +236,12 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
private void handleSmartcardError(IOException e) {
|
||||
|
||||
if (e instanceof TagLostException) {
|
||||
onSmartcardError(getString(R.string.security_token_error_tag_lost));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_tag_lost));
|
||||
return;
|
||||
}
|
||||
|
||||
if (e instanceof IsoDepNotSupportedException) {
|
||||
onSmartcardError(getString(R.string.security_token_error_iso_dep_not_supported));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_iso_dep_not_supported));
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -257,7 +256,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
if ((status & (short) 0xFFF0) == 0x63C0) {
|
||||
int tries = status & 0x000F;
|
||||
// hook to do something different when PIN is wrong
|
||||
onSmartcardPinError(getResources().getQuantityString(R.plurals.security_token_error_pin, tries, tries));
|
||||
onSecurityTokenPinError(getResources().getQuantityString(R.plurals.security_token_error_pin, tries, tries));
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -266,61 +265,61 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
// These errors should not occur in everyday use; if they are returned, it means we
|
||||
// made a mistake sending data to the token, or the token is misbehaving.
|
||||
case 0x6A80: {
|
||||
onSmartcardError(getString(R.string.security_token_error_bad_data));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_bad_data));
|
||||
break;
|
||||
}
|
||||
case 0x6883: {
|
||||
onSmartcardError(getString(R.string.security_token_error_chaining_error));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_chaining_error));
|
||||
break;
|
||||
}
|
||||
case 0x6B00: {
|
||||
onSmartcardError(getString(R.string.security_token_error_header, "P1/P2"));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_header, "P1/P2"));
|
||||
break;
|
||||
}
|
||||
case 0x6D00: {
|
||||
onSmartcardError(getString(R.string.security_token_error_header, "INS"));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_header, "INS"));
|
||||
break;
|
||||
}
|
||||
case 0x6E00: {
|
||||
onSmartcardError(getString(R.string.security_token_error_header, "CLA"));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_header, "CLA"));
|
||||
break;
|
||||
}
|
||||
// These error conditions are more likely to be experienced by an end user.
|
||||
case 0x6285: {
|
||||
onSmartcardError(getString(R.string.security_token_error_terminated));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_terminated));
|
||||
break;
|
||||
}
|
||||
case 0x6700: {
|
||||
onSmartcardPinError(getString(R.string.security_token_error_wrong_length));
|
||||
onSecurityTokenPinError(getString(R.string.security_token_error_wrong_length));
|
||||
break;
|
||||
}
|
||||
case 0x6982: {
|
||||
onSmartcardError(getString(R.string.security_token_error_security_not_satisfied));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_security_not_satisfied));
|
||||
break;
|
||||
}
|
||||
case 0x6983: {
|
||||
onSmartcardError(getString(R.string.security_token_error_authentication_blocked));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_authentication_blocked));
|
||||
break;
|
||||
}
|
||||
case 0x6985: {
|
||||
onSmartcardError(getString(R.string.security_token_error_conditions_not_satisfied));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_conditions_not_satisfied));
|
||||
break;
|
||||
}
|
||||
// 6A88 is "Not Found" in the spec, but Yubikey also returns 6A83 for this in some cases.
|
||||
case 0x6A88:
|
||||
case 0x6A83: {
|
||||
onSmartcardError(getString(R.string.security_token_error_data_not_found));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_data_not_found));
|
||||
break;
|
||||
}
|
||||
// 6F00 is a JavaCard proprietary status code, SW_UNKNOWN, and usually represents an
|
||||
// unhandled exception on the security token.
|
||||
case 0x6F00: {
|
||||
onSmartcardError(getString(R.string.security_token_error_unknown));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_unknown));
|
||||
break;
|
||||
}
|
||||
// 6A82 app not installed on security token!
|
||||
case 0x6A82: {
|
||||
if (mSmartcardDevice.isFidesmoToken()) {
|
||||
if (mSecurityTokenHelper.isFidesmoToken()) {
|
||||
// Check if the Fidesmo app is installed
|
||||
if (isAndroidAppInstalled(FIDESMO_APP_PACKAGE)) {
|
||||
promptFidesmoPgpInstall();
|
||||
@@ -328,12 +327,12 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
promptFidesmoAppInstall();
|
||||
}
|
||||
} else { // Other (possibly) compatible hardware
|
||||
onSmartcardError(getString(R.string.security_token_error_pgp_app_not_installed));
|
||||
onSecurityTokenError(getString(R.string.security_token_error_pgp_app_not_installed));
|
||||
}
|
||||
break;
|
||||
}
|
||||
default: {
|
||||
onSmartcardError(getString(R.string.security_token_error, e.getMessage()));
|
||||
onSecurityTokenError(getString(R.string.security_token_error, e.getMessage()));
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -367,7 +366,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
Passphrase passphrase = PassphraseCacheService.getCachedPassphrase(this,
|
||||
requiredInput.getMasterKeyId(), requiredInput.getSubKeyId());
|
||||
if (passphrase != null) {
|
||||
mSmartcardDevice.setPin(passphrase);
|
||||
mSecurityTokenHelper.setPin(passphrase);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -392,7 +391,7 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
return;
|
||||
}
|
||||
CryptoInputParcel input = data.getParcelableExtra(PassphraseDialogActivity.RESULT_CRYPTO_INPUT);
|
||||
mSmartcardDevice.setPin(input.getPassphrase());
|
||||
mSecurityTokenHelper.setPin(input.getPassphrase());
|
||||
break;
|
||||
}
|
||||
default:
|
||||
@@ -402,16 +401,16 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
|
||||
protected void handleSmartcard(Transport transport) throws IOException {
|
||||
// Don't reconnect if device was already connected
|
||||
if (!(mSmartcardDevice.isConnected()
|
||||
&& mSmartcardDevice.getTransport().equals(transport))) {
|
||||
mSmartcardDevice.setTransport(transport);
|
||||
mSmartcardDevice.connectToDevice();
|
||||
if (!(mSecurityTokenHelper.isConnected()
|
||||
&& mSecurityTokenHelper.getTransport().equals(transport))) {
|
||||
mSecurityTokenHelper.setTransport(transport);
|
||||
mSecurityTokenHelper.connectToDevice();
|
||||
}
|
||||
doSmartcardInBackground();
|
||||
doSecurityTokenInBackground();
|
||||
}
|
||||
|
||||
public boolean isSmartcardConnected() {
|
||||
return mSmartcardDevice.isConnected();
|
||||
return mSecurityTokenHelper.isConnected();
|
||||
}
|
||||
|
||||
public static class IsoDepNotSupportedException extends IOException {
|
||||
@@ -470,8 +469,8 @@ public abstract class BaseSecurityTokenNfcActivity extends BaseActivity
|
||||
mUsbDispatcher.onStart();
|
||||
}
|
||||
|
||||
public SmartcardDevice getSmartcardDevice() {
|
||||
return mSmartcardDevice;
|
||||
public SecurityTokenHelper getSecurityTokenHelper() {
|
||||
return mSecurityTokenHelper;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -26,7 +26,7 @@ import android.hardware.usb.UsbDevice;
|
||||
import android.hardware.usb.UsbManager;
|
||||
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.smartcard.UsbTransport;
|
||||
import org.sufficientlysecure.keychain.securitytoken.UsbTransport;
|
||||
import org.sufficientlysecure.keychain.ui.UsbEventReceiverActivity;
|
||||
|
||||
public class UsbConnectionDispatcher {
|
||||
|
||||
Reference in New Issue
Block a user