2023-04-27 10:13:38 +03:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2023 Yubico.
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
import 'dart:io';
|
|
|
|
|
|
|
|
import 'package:file_picker/file_picker.dart';
|
|
|
|
import 'package:flutter/material.dart';
|
2023-06-05 16:56:13 +03:00
|
|
|
import 'package:flutter_gen/gen_l10n/app_localizations.dart';
|
2023-11-27 13:41:05 +03:00
|
|
|
import 'package:flutter_riverpod/flutter_riverpod.dart';
|
2024-03-08 11:30:47 +03:00
|
|
|
import 'package:material_symbols_icons/symbols.dart';
|
2023-04-27 10:13:38 +03:00
|
|
|
|
|
|
|
import '../../app/message.dart';
|
2023-11-27 13:41:05 +03:00
|
|
|
import '../../app/models.dart';
|
2023-04-27 10:13:38 +03:00
|
|
|
import '../../app/shortcuts.dart';
|
|
|
|
import '../../app/state.dart';
|
2023-09-29 15:12:11 +03:00
|
|
|
import '../../core/state.dart';
|
2023-11-27 13:41:05 +03:00
|
|
|
import '../features.dart' as features;
|
|
|
|
import '../keys.dart' as keys;
|
2023-04-27 10:13:38 +03:00
|
|
|
import '../models.dart';
|
|
|
|
import '../state.dart';
|
|
|
|
import 'authentication_dialog.dart';
|
|
|
|
import 'delete_certificate_dialog.dart';
|
|
|
|
import 'generate_key_dialog.dart';
|
|
|
|
import 'import_file_dialog.dart';
|
2024-03-20 16:35:17 +03:00
|
|
|
import 'move_key_dialog.dart';
|
2023-04-27 10:13:38 +03:00
|
|
|
import 'pin_dialog.dart';
|
|
|
|
|
|
|
|
class GenerateIntent extends Intent {
|
2024-01-17 18:29:28 +03:00
|
|
|
final PivSlot slot;
|
|
|
|
const GenerateIntent(this.slot);
|
2023-04-27 10:13:38 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
class ImportIntent extends Intent {
|
2024-01-17 18:29:28 +03:00
|
|
|
final PivSlot slot;
|
|
|
|
const ImportIntent(this.slot);
|
2023-04-27 10:13:38 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
class ExportIntent extends Intent {
|
2024-01-17 18:29:28 +03:00
|
|
|
final PivSlot slot;
|
|
|
|
const ExportIntent(this.slot);
|
2023-04-27 10:13:38 +03:00
|
|
|
}
|
|
|
|
|
2024-03-20 16:35:17 +03:00
|
|
|
class MoveIntent extends Intent {
|
|
|
|
final PivSlot slot;
|
|
|
|
const MoveIntent(this.slot);
|
|
|
|
}
|
|
|
|
|
2024-03-06 16:09:12 +03:00
|
|
|
Future<bool> _authIfNeeded(BuildContext context, WidgetRef ref,
|
|
|
|
DevicePath devicePath, PivState pivState) async {
|
2023-04-27 10:13:38 +03:00
|
|
|
if (pivState.needsAuth) {
|
2024-03-06 16:09:12 +03:00
|
|
|
if (pivState.protectedKey &&
|
|
|
|
pivState.metadata?.pinMetadata.defaultValue == true) {
|
2024-03-19 13:43:49 +03:00
|
|
|
return await ref
|
2024-03-06 16:09:12 +03:00
|
|
|
.read(pivStateProvider(devicePath).notifier)
|
2024-03-19 13:43:49 +03:00
|
|
|
.verifyPin(defaultPin) is PinSuccess;
|
2024-03-06 16:09:12 +03:00
|
|
|
}
|
|
|
|
return await showBlurDialog(
|
|
|
|
context: context,
|
|
|
|
builder: (context) => pivState.protectedKey
|
|
|
|
? PinDialog(devicePath)
|
|
|
|
: AuthenticationDialog(
|
|
|
|
devicePath,
|
|
|
|
pivState,
|
|
|
|
),
|
|
|
|
) ??
|
|
|
|
false;
|
2023-04-27 10:13:38 +03:00
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2024-01-18 16:46:15 +03:00
|
|
|
class PivActions extends ConsumerWidget {
|
|
|
|
final DevicePath devicePath;
|
|
|
|
final PivState pivState;
|
|
|
|
final Map<Type, Action<Intent>> Function(BuildContext context)? actions;
|
|
|
|
final Widget Function(BuildContext context) builder;
|
|
|
|
const PivActions(
|
|
|
|
{super.key,
|
|
|
|
required this.devicePath,
|
|
|
|
required this.pivState,
|
|
|
|
this.actions,
|
|
|
|
required this.builder});
|
|
|
|
|
|
|
|
@override
|
|
|
|
Widget build(BuildContext context, WidgetRef ref) {
|
|
|
|
final withContext = ref.read(withContextProvider);
|
|
|
|
final hasFeature = ref.read(featureProvider);
|
|
|
|
|
|
|
|
return Actions(
|
|
|
|
actions: {
|
|
|
|
if (hasFeature(features.slotsGenerate))
|
|
|
|
GenerateIntent:
|
|
|
|
CallbackAction<GenerateIntent>(onInvoke: (intent) async {
|
2024-03-06 16:09:12 +03:00
|
|
|
//Verify management key and maybe PIN
|
|
|
|
if (!await withContext((context) =>
|
|
|
|
_authIfNeeded(context, ref, devicePath, pivState))) {
|
2024-01-18 16:46:15 +03:00
|
|
|
return false;
|
|
|
|
}
|
2024-03-06 16:09:12 +03:00
|
|
|
// Verify PIN, unless already done above
|
2024-01-18 16:46:15 +03:00
|
|
|
// TODO: Avoid asking for PIN if not needed?
|
2024-03-06 16:09:12 +03:00
|
|
|
if (!pivState.protectedKey) {
|
|
|
|
bool verified;
|
|
|
|
if (pivState.metadata?.pinMetadata.defaultValue == true) {
|
2024-03-19 13:43:49 +03:00
|
|
|
verified = await ref
|
2024-03-06 16:09:12 +03:00
|
|
|
.read(pivStateProvider(devicePath).notifier)
|
2024-03-19 13:43:49 +03:00
|
|
|
.verifyPin(defaultPin) is PinSuccess;
|
2024-03-06 16:09:12 +03:00
|
|
|
} else {
|
|
|
|
verified = await withContext((context) async =>
|
|
|
|
await showBlurDialog(
|
|
|
|
context: context,
|
|
|
|
builder: (context) => PinDialog(devicePath))) ??
|
|
|
|
false;
|
|
|
|
}
|
2024-01-18 16:46:15 +03:00
|
|
|
|
2024-03-06 16:09:12 +03:00
|
|
|
if (!verified) {
|
|
|
|
return false;
|
|
|
|
}
|
2024-01-18 16:46:15 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return await withContext((context) async {
|
|
|
|
final l10n = AppLocalizations.of(context)!;
|
|
|
|
final PivGenerateResult? result = await showBlurDialog(
|
|
|
|
context: context,
|
|
|
|
builder: (context) => GenerateKeyDialog(
|
|
|
|
devicePath,
|
|
|
|
pivState,
|
|
|
|
intent.slot,
|
|
|
|
),
|
|
|
|
);
|
|
|
|
|
2024-02-07 16:48:51 +03:00
|
|
|
if (result != null) {
|
|
|
|
final (fileExt, title, data) = switch (result.generateType) {
|
|
|
|
GenerateType.publicKey => (
|
|
|
|
'pem',
|
|
|
|
l10n.l_export_public_key_file,
|
|
|
|
result.publicKey,
|
|
|
|
),
|
|
|
|
GenerateType.csr => (
|
|
|
|
'csr',
|
|
|
|
l10n.l_export_csr_file,
|
|
|
|
result.result,
|
|
|
|
),
|
|
|
|
_ => (null, null, null),
|
|
|
|
};
|
|
|
|
|
|
|
|
if (fileExt != null) {
|
2024-01-18 16:46:15 +03:00
|
|
|
final filePath = await FilePicker.platform.saveFile(
|
2024-02-07 16:48:51 +03:00
|
|
|
dialogTitle: title,
|
|
|
|
allowedExtensions: [fileExt],
|
2024-01-18 16:46:15 +03:00
|
|
|
type: FileType.custom,
|
|
|
|
lockParentWindow: true,
|
|
|
|
);
|
|
|
|
if (filePath != null) {
|
|
|
|
final file = File(filePath);
|
2024-02-07 16:48:51 +03:00
|
|
|
await file.writeAsString(data!, flush: true);
|
2024-01-18 16:46:15 +03:00
|
|
|
}
|
2024-02-07 16:48:51 +03:00
|
|
|
}
|
2024-01-18 16:46:15 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return result != null;
|
|
|
|
});
|
|
|
|
}),
|
|
|
|
if (hasFeature(features.slotsImport))
|
|
|
|
ImportIntent: CallbackAction<ImportIntent>(onInvoke: (intent) async {
|
2024-03-06 16:09:12 +03:00
|
|
|
if (!await withContext((context) =>
|
|
|
|
_authIfNeeded(context, ref, devicePath, pivState))) {
|
2024-01-18 16:46:15 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
final picked = await withContext(
|
|
|
|
(context) async {
|
|
|
|
final l10n = AppLocalizations.of(context)!;
|
|
|
|
return await FilePicker.platform.pickFiles(
|
|
|
|
allowedExtensions: [
|
|
|
|
'pem',
|
|
|
|
'der',
|
|
|
|
'pfx',
|
|
|
|
'p12',
|
|
|
|
'key',
|
|
|
|
'crt'
|
|
|
|
],
|
|
|
|
type: FileType.custom,
|
|
|
|
allowMultiple: false,
|
|
|
|
lockParentWindow: true,
|
|
|
|
dialogTitle: l10n.l_select_import_file);
|
|
|
|
},
|
|
|
|
);
|
|
|
|
if (picked == null || picked.files.isEmpty) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return await withContext((context) async =>
|
|
|
|
await showBlurDialog(
|
|
|
|
context: context,
|
|
|
|
builder: (context) => ImportFileDialog(
|
|
|
|
devicePath,
|
|
|
|
pivState,
|
|
|
|
intent.slot,
|
|
|
|
File(picked.paths.first!),
|
|
|
|
),
|
|
|
|
) ??
|
|
|
|
false);
|
|
|
|
}),
|
|
|
|
if (hasFeature(features.slotsExport))
|
|
|
|
ExportIntent: CallbackAction<ExportIntent>(onInvoke: (intent) async {
|
2024-02-08 17:06:46 +03:00
|
|
|
final l10n = AppLocalizations.of(context)!;
|
|
|
|
final (metadata, cert) = await ref
|
2024-01-18 16:46:15 +03:00
|
|
|
.read(pivSlotsProvider(devicePath).notifier)
|
|
|
|
.read(intent.slot.slot);
|
|
|
|
|
2024-02-08 17:06:46 +03:00
|
|
|
String title;
|
|
|
|
String message;
|
|
|
|
String data;
|
|
|
|
if (cert != null) {
|
|
|
|
title = l10n.l_export_certificate_file;
|
|
|
|
message = l10n.l_certificate_exported;
|
|
|
|
data = cert;
|
|
|
|
} else if (metadata != null) {
|
|
|
|
title = l10n.l_export_public_key_file;
|
|
|
|
message = l10n.l_public_key_exported;
|
|
|
|
data = metadata.publicKey;
|
|
|
|
} else {
|
2024-01-18 16:46:15 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
final filePath = await withContext((context) async {
|
|
|
|
return await FilePicker.platform.saveFile(
|
2024-02-08 17:06:46 +03:00
|
|
|
dialogTitle: title,
|
2024-01-18 16:46:15 +03:00
|
|
|
allowedExtensions: ['pem'],
|
|
|
|
type: FileType.custom,
|
|
|
|
lockParentWindow: true,
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
|
|
|
if (filePath == null) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
final file = File(filePath);
|
2024-02-08 17:06:46 +03:00
|
|
|
await file.writeAsString(data, flush: true);
|
2024-01-18 16:46:15 +03:00
|
|
|
|
|
|
|
await withContext((context) async {
|
2024-02-08 17:06:46 +03:00
|
|
|
showMessage(context, message);
|
2024-01-18 16:46:15 +03:00
|
|
|
});
|
|
|
|
return true;
|
|
|
|
}),
|
|
|
|
if (hasFeature(features.slotsDelete))
|
|
|
|
DeleteIntent<PivSlot>:
|
|
|
|
CallbackAction<DeleteIntent<PivSlot>>(onInvoke: (intent) async {
|
2024-03-06 16:09:12 +03:00
|
|
|
if (!await withContext((context) =>
|
|
|
|
_authIfNeeded(context, ref, devicePath, pivState))) {
|
2024-01-18 16:46:15 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
final bool? deleted = await withContext((context) async =>
|
|
|
|
await showBlurDialog(
|
|
|
|
context: context,
|
|
|
|
builder: (context) => DeleteCertificateDialog(
|
|
|
|
devicePath,
|
2024-03-18 13:32:03 +03:00
|
|
|
pivState,
|
2024-01-18 16:46:15 +03:00
|
|
|
intent.target,
|
|
|
|
),
|
|
|
|
) ??
|
|
|
|
false);
|
|
|
|
return deleted;
|
|
|
|
}),
|
2024-03-20 16:35:17 +03:00
|
|
|
if (hasFeature(features.slotsMove))
|
|
|
|
MoveIntent: CallbackAction<MoveIntent>(onInvoke: (intent) async {
|
|
|
|
if (!await withContext((context) =>
|
|
|
|
_authIfNeeded(context, ref, devicePath, pivState))) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
final bool? moved = await withContext((context) async =>
|
|
|
|
await showBlurDialog(
|
|
|
|
context: context,
|
|
|
|
builder: (context) => MoveKeyDialog(
|
|
|
|
devicePath,
|
|
|
|
pivState,
|
|
|
|
intent.slot,
|
|
|
|
),
|
|
|
|
) ??
|
|
|
|
false);
|
|
|
|
return moved;
|
|
|
|
}),
|
2024-01-18 16:46:15 +03:00
|
|
|
},
|
|
|
|
child: Builder(
|
|
|
|
// Builder to ensure new scope for actions, they can invoke parent actions
|
|
|
|
builder: (context) {
|
|
|
|
final child = Builder(builder: builder);
|
|
|
|
return actions != null
|
|
|
|
? Actions(actions: actions!(context), child: child)
|
|
|
|
: child;
|
|
|
|
},
|
|
|
|
),
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-03-18 13:32:03 +03:00
|
|
|
List<ActionItem> buildSlotActions(
|
2024-07-14 20:51:14 +03:00
|
|
|
PivState pivState, PivSlot slot, bool fipsUnready, AppLocalizations l10n) {
|
|
|
|
if (fipsUnready) {
|
2024-08-13 18:25:46 +03:00
|
|
|
// TODO: Decide on final look and move strings to .arb file.
|
2024-07-14 20:51:14 +03:00
|
|
|
return [
|
|
|
|
ActionItem(
|
|
|
|
icon: const Icon(Symbols.add),
|
|
|
|
title: 'Provision slot',
|
|
|
|
subtitle: 'Change from default PIN/PUK/Management key first'),
|
|
|
|
];
|
|
|
|
}
|
2024-01-17 18:29:28 +03:00
|
|
|
final hasCert = slot.certInfo != null;
|
2024-02-08 17:06:46 +03:00
|
|
|
final hasKey = slot.metadata != null;
|
2024-03-20 16:35:17 +03:00
|
|
|
final canDeleteOrMoveKey = hasKey && pivState.version.isAtLeast(5, 7);
|
2023-06-15 18:39:17 +03:00
|
|
|
return [
|
2024-03-20 17:42:17 +03:00
|
|
|
if (!slot.slot.isRetired) ...[
|
|
|
|
ActionItem(
|
|
|
|
key: keys.generateAction,
|
|
|
|
feature: features.slotsGenerate,
|
|
|
|
icon: const Icon(Symbols.add),
|
|
|
|
actionStyle: ActionStyle.primary,
|
|
|
|
title: l10n.s_generate_key,
|
|
|
|
subtitle: l10n.l_generate_desc,
|
|
|
|
intent: GenerateIntent(slot),
|
|
|
|
),
|
|
|
|
ActionItem(
|
|
|
|
key: keys.importAction,
|
|
|
|
feature: features.slotsImport,
|
|
|
|
icon: const Icon(Symbols.file_download),
|
|
|
|
title: l10n.l_import_file,
|
|
|
|
subtitle: l10n.l_import_desc,
|
|
|
|
intent: ImportIntent(slot),
|
|
|
|
),
|
|
|
|
],
|
2023-06-15 18:39:17 +03:00
|
|
|
if (hasCert) ...[
|
|
|
|
ActionItem(
|
|
|
|
key: keys.exportAction,
|
2023-09-29 15:12:11 +03:00
|
|
|
feature: features.slotsExport,
|
2024-03-08 11:30:47 +03:00
|
|
|
icon: const Icon(Symbols.file_upload),
|
2023-06-15 18:39:17 +03:00
|
|
|
title: l10n.l_export_certificate,
|
|
|
|
subtitle: l10n.l_export_certificate_desc,
|
2024-01-17 18:29:28 +03:00
|
|
|
intent: ExportIntent(slot),
|
2023-06-15 18:39:17 +03:00
|
|
|
),
|
2024-02-08 17:06:46 +03:00
|
|
|
] else if (hasKey) ...[
|
|
|
|
ActionItem(
|
|
|
|
key: keys.exportAction,
|
|
|
|
feature: features.slotsExport,
|
2024-03-08 11:30:47 +03:00
|
|
|
icon: const Icon(Symbols.file_upload),
|
2024-02-08 17:06:46 +03:00
|
|
|
title: l10n.l_export_public_key,
|
|
|
|
subtitle: l10n.l_export_public_key_desc,
|
|
|
|
intent: ExportIntent(slot),
|
|
|
|
),
|
2023-06-15 18:39:17 +03:00
|
|
|
],
|
2024-03-20 17:42:17 +03:00
|
|
|
if (canDeleteOrMoveKey)
|
|
|
|
ActionItem(
|
|
|
|
key: keys.moveAction,
|
|
|
|
feature: features.slotsMove,
|
|
|
|
actionStyle: ActionStyle.error,
|
|
|
|
icon: const Icon(Symbols.move_item),
|
|
|
|
title: l10n.l_move_key,
|
|
|
|
subtitle: l10n.l_move_key_desc,
|
|
|
|
intent: MoveIntent(slot),
|
|
|
|
),
|
2024-03-20 16:35:17 +03:00
|
|
|
if (hasCert || canDeleteOrMoveKey)
|
2024-03-18 13:32:03 +03:00
|
|
|
ActionItem(
|
|
|
|
key: keys.deleteAction,
|
|
|
|
feature: features.slotsDelete,
|
|
|
|
actionStyle: ActionStyle.error,
|
|
|
|
icon: const Icon(Symbols.delete),
|
2024-03-20 16:35:17 +03:00
|
|
|
title: hasCert && canDeleteOrMoveKey
|
2024-03-18 13:32:03 +03:00
|
|
|
? l10n.l_delete_certificate_or_key
|
|
|
|
: hasCert
|
|
|
|
? l10n.l_delete_certificate
|
|
|
|
: l10n.l_delete_key,
|
2024-03-20 16:35:17 +03:00
|
|
|
subtitle: hasCert && canDeleteOrMoveKey
|
2024-03-18 13:32:03 +03:00
|
|
|
? l10n.l_delete_certificate_or_key_desc
|
|
|
|
: hasCert
|
|
|
|
? l10n.l_delete_certificate_desc
|
|
|
|
: l10n.l_delete_key_desc,
|
|
|
|
intent: DeleteIntent(slot),
|
|
|
|
),
|
2023-06-15 18:39:17 +03:00
|
|
|
];
|
|
|
|
}
|