From e8103d83767f2309b120f776bcb25a61b16b17a6 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Fri, 13 Oct 2017 16:40:37 +0200
Subject: [PATCH] use reset instead of modify for changing pw1

---
 .../OpenPgpCommandApduFactory.java            |  6 ----
 .../SecurityTokenConnection.java              | 29 +------------------
 ...curityTokenChangePinOperationActivity.java |  2 +-
 .../ui/SecurityTokenOperationActivity.java    |  2 +-
 4 files changed, 3 insertions(+), 36 deletions(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java
index 2b57dd3f4..dfee53265 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/OpenPgpCommandApduFactory.java
@@ -97,12 +97,6 @@ class OpenPgpCommandApduFactory {
                 MAX_APDU_NE_EXT);
     }
 
-    @NonNull
-    CommandAPDU createChangePw1Command(byte[] pin, byte[] newPin) {
-        return new CommandAPDU(CLA, INS_CHANGE_REFERENCE_DATA, P1_EMPTY,
-                P2_CHANGE_REFERENCE_DATA_PW1, Arrays.concatenate(pin, newPin));
-    }
-
     @NonNull
     CommandAPDU createChangePw3Command(byte[] adminPin, byte[] newAdminPin) {
         return new CommandAPDU(CLA, INS_CHANGE_REFERENCE_DATA, P1_EMPTY,
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java
index 7a0ccbb77..dde5bc9ea 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnection.java
@@ -208,13 +208,11 @@ public class SecurityTokenConnection {
 
     }
 
-    public void resetPin(Passphrase adminPin, String newPinStr) throws IOException {
+    public void resetPin(byte[] newPin, Passphrase adminPin) throws IOException {
         if (!mPw3Validated) {
             verifyAdminPin(adminPin);
         }
 
-        byte[] newPin = newPinStr.getBytes();
-
         final int MAX_PW1_LENGTH_INDEX = 1;
         byte[] pwStatusBytes = getPwStatusBytes();
         if (newPin.length < 6 || newPin.length > pwStatusBytes[MAX_PW1_LENGTH_INDEX]) {
@@ -255,31 +253,6 @@ public class SecurityTokenConnection {
         }
     }
 
-    /**
-     * Modifies the user's PW1. Before sending, the new PIN will be validated for
-     * conformance to the token's requirements for key length.
-     *
-     * @param newPin The new PW1.
-     */
-    public void modifyPw1Pin(byte[] newPin) throws IOException {
-        final int MAX_PW1_LENGTH_INDEX = 1;
-
-        byte[] pwStatusBytes = getPwStatusBytes();
-
-        if (newPin.length < 6 || newPin.length > pwStatusBytes[MAX_PW1_LENGTH_INDEX]) {
-            throw new IOException("Invalid PIN length");
-        }
-
-        byte[] pin = mPin.toStringUnsafe().getBytes();
-
-        CommandAPDU changePin = commandFactory.createChangePw1Command(pin, newPin);
-        ResponseAPDU response = communicate(changePin);
-
-        if (response.getSW() != APDU_SW_SUCCESS) {
-            throw new CardException("Failed to change PIN", response.getSW());
-        }
-    }
-
     /**
      * Call DECIPHER command
      *
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenChangePinOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenChangePinOperationActivity.java
index 1c03b00e7..36cf8bdf5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenChangePinOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenChangePinOperationActivity.java
@@ -141,7 +141,7 @@ public class SecurityTokenChangePinOperationActivity extends BaseSecurityTokenAc
     @Override
     protected void doSecurityTokenInBackground(SecurityTokenConnection stConnection) throws IOException {
         Passphrase adminPin = new Passphrase(changePinInput.getAdminPin());
-        stConnection.resetPin(adminPin, changePinInput.getNewPin());
+        stConnection.resetPin(changePinInput.getNewPin().getBytes(), adminPin);
 
         resultTokenInfo = stConnection.getTokenInfo();
     }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java
index 40d609842..8450f81fa 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java
@@ -273,7 +273,7 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
                 }
 
                 // change PINs afterwards
-                stConnection.modifyPw1Pin(newPin);
+                stConnection.resetPin(newPin, adminPin);
                 stConnection.modifyPw3Pin(newAdminPin, adminPin);
 
                 break;