mirror of
https://github.com/Yubico/yubioath-flutter.git
synced 2024-12-23 18:22:39 +03:00
PIV: Prevent import of unsupported keys
This commit is contained in:
parent
f03054886e
commit
5f476b612d
@ -479,6 +479,7 @@
|
|||||||
"l_import_nothing": null,
|
"l_import_nothing": null,
|
||||||
"l_importing_file": null,
|
"l_importing_file": null,
|
||||||
"s_file_imported": null,
|
"s_file_imported": null,
|
||||||
|
"l_unsupported_key_type": null,
|
||||||
"l_delete_certificate": null,
|
"l_delete_certificate": null,
|
||||||
"l_delete_certificate_desc": null,
|
"l_delete_certificate_desc": null,
|
||||||
"s_issuer": null,
|
"s_issuer": null,
|
||||||
|
@ -479,6 +479,7 @@
|
|||||||
"l_import_nothing": "Nothing to import",
|
"l_import_nothing": "Nothing to import",
|
||||||
"l_importing_file": "Importing file\u2026",
|
"l_importing_file": "Importing file\u2026",
|
||||||
"s_file_imported": "File imported",
|
"s_file_imported": "File imported",
|
||||||
|
"l_unsupported_key_type": "Unsupported key type",
|
||||||
"l_delete_certificate": "Delete certificate",
|
"l_delete_certificate": "Delete certificate",
|
||||||
"l_delete_certificate_desc": "Remove the certificate from your YubiKey",
|
"l_delete_certificate_desc": "Remove the certificate from your YubiKey",
|
||||||
"s_issuer": "Issuer",
|
"s_issuer": "Issuer",
|
||||||
|
@ -479,6 +479,7 @@
|
|||||||
"l_import_nothing": null,
|
"l_import_nothing": null,
|
||||||
"l_importing_file": "Importation d'un fichier\u2026",
|
"l_importing_file": "Importation d'un fichier\u2026",
|
||||||
"s_file_imported": "Fichier importé",
|
"s_file_imported": "Fichier importé",
|
||||||
|
"l_unsupported_key_type": null,
|
||||||
"l_delete_certificate": "Supprimer un certificat",
|
"l_delete_certificate": "Supprimer un certificat",
|
||||||
"l_delete_certificate_desc": "Supprimer un certificat de votre YubiKey",
|
"l_delete_certificate_desc": "Supprimer un certificat de votre YubiKey",
|
||||||
"s_issuer": "Émetteur",
|
"s_issuer": "Émetteur",
|
||||||
|
@ -479,6 +479,7 @@
|
|||||||
"l_import_nothing": null,
|
"l_import_nothing": null,
|
||||||
"l_importing_file": "ファイルのインポート中\u2026",
|
"l_importing_file": "ファイルのインポート中\u2026",
|
||||||
"s_file_imported": "ファイル をインポートしました",
|
"s_file_imported": "ファイル をインポートしました",
|
||||||
|
"l_unsupported_key_type": null,
|
||||||
"l_delete_certificate": "証明書を削除",
|
"l_delete_certificate": "証明書を削除",
|
||||||
"l_delete_certificate_desc": "YubiKeyか証明書の削除",
|
"l_delete_certificate_desc": "YubiKeyか証明書の削除",
|
||||||
"s_issuer": "発行者",
|
"s_issuer": "発行者",
|
||||||
|
@ -479,6 +479,7 @@
|
|||||||
"l_import_nothing": null,
|
"l_import_nothing": null,
|
||||||
"l_importing_file": "Importowanie pliku\u2026",
|
"l_importing_file": "Importowanie pliku\u2026",
|
||||||
"s_file_imported": "Plik został zaimportowany",
|
"s_file_imported": "Plik został zaimportowany",
|
||||||
|
"l_unsupported_key_type": null,
|
||||||
"l_delete_certificate": "Usuń certyfikat",
|
"l_delete_certificate": "Usuń certyfikat",
|
||||||
"l_delete_certificate_desc": "Usuń certyfikat z klucza YubiKey",
|
"l_delete_certificate_desc": "Usuń certyfikat z klucza YubiKey",
|
||||||
"s_issuer": "Wydawca",
|
"s_issuer": "Wydawca",
|
||||||
|
@ -30,6 +30,7 @@ import '../keys.dart' as keys;
|
|||||||
import '../models.dart';
|
import '../models.dart';
|
||||||
import '../state.dart';
|
import '../state.dart';
|
||||||
import 'overwrite_confirm_dialog.dart';
|
import 'overwrite_confirm_dialog.dart';
|
||||||
|
import 'utils.dart';
|
||||||
|
|
||||||
class GenerateKeyDialog extends ConsumerStatefulWidget {
|
class GenerateKeyDialog extends ConsumerStatefulWidget {
|
||||||
final DevicePath devicePath;
|
final DevicePath devicePath;
|
||||||
@ -65,19 +66,6 @@ class _GenerateKeyDialogState extends ConsumerState<GenerateKeyDialog> {
|
|||||||
_validToMax = DateTime.utc(now.year + 10, now.month, now.day);
|
_validToMax = DateTime.utc(now.year + 10, now.month, now.day);
|
||||||
}
|
}
|
||||||
|
|
||||||
List<KeyType> _getSupportedKeyTypes(bool isFips) => [
|
|
||||||
if (!isFips) KeyType.rsa1024,
|
|
||||||
KeyType.rsa2048,
|
|
||||||
if (widget.pivState.version.isAtLeast(5, 7)) ...[
|
|
||||||
KeyType.rsa3072,
|
|
||||||
KeyType.rsa4096,
|
|
||||||
KeyType.ed25519,
|
|
||||||
if (!isFips) KeyType.x25519,
|
|
||||||
],
|
|
||||||
KeyType.eccp256,
|
|
||||||
KeyType.eccp384,
|
|
||||||
];
|
|
||||||
|
|
||||||
@override
|
@override
|
||||||
Widget build(BuildContext context) {
|
Widget build(BuildContext context) {
|
||||||
final l10n = AppLocalizations.of(context)!;
|
final l10n = AppLocalizations.of(context)!;
|
||||||
@ -202,7 +190,8 @@ class _GenerateKeyDialogState extends ConsumerState<GenerateKeyDialog> {
|
|||||||
runSpacing: 8.0,
|
runSpacing: 8.0,
|
||||||
children: [
|
children: [
|
||||||
ChoiceFilterChip<KeyType>(
|
ChoiceFilterChip<KeyType>(
|
||||||
items: _getSupportedKeyTypes(isFips),
|
items:
|
||||||
|
getSupportedKeyTypes(widget.pivState.version, isFips),
|
||||||
value: _keyType,
|
value: _keyType,
|
||||||
selected: _keyType != defaultKeyType,
|
selected: _keyType != defaultKeyType,
|
||||||
itemBuilder: (value) => Text(value.getDisplayName(l10n)),
|
itemBuilder: (value) => Text(value.getDisplayName(l10n)),
|
||||||
|
@ -31,6 +31,7 @@ import '../models.dart';
|
|||||||
import '../state.dart';
|
import '../state.dart';
|
||||||
import 'cert_info_view.dart';
|
import 'cert_info_view.dart';
|
||||||
import 'overwrite_confirm_dialog.dart';
|
import 'overwrite_confirm_dialog.dart';
|
||||||
|
import 'utils.dart';
|
||||||
|
|
||||||
class ImportFileDialog extends ConsumerStatefulWidget {
|
class ImportFileDialog extends ConsumerStatefulWidget {
|
||||||
final DevicePath devicePath;
|
final DevicePath devicePath;
|
||||||
@ -86,10 +87,13 @@ class _ImportFileDialogState extends ConsumerState<ImportFileDialog> {
|
|||||||
Widget build(BuildContext context) {
|
Widget build(BuildContext context) {
|
||||||
final l10n = AppLocalizations.of(context)!;
|
final l10n = AppLocalizations.of(context)!;
|
||||||
final textTheme = Theme.of(context).textTheme;
|
final textTheme = Theme.of(context).textTheme;
|
||||||
|
final colorScheme = Theme.of(context).colorScheme;
|
||||||
// This is what ListTile uses for subtitle
|
// This is what ListTile uses for subtitle
|
||||||
final subtitleStyle = textTheme.bodyMedium!.copyWith(
|
final subtitleStyle = textTheme.bodyMedium!.copyWith(
|
||||||
color: Theme.of(context).colorScheme.onSurfaceVariant,
|
color: colorScheme.onSurfaceVariant,
|
||||||
);
|
);
|
||||||
|
// This is what TextInput errors look like
|
||||||
|
final errorStyle = textTheme.labelLarge!.copyWith(color: colorScheme.error);
|
||||||
final state = _state;
|
final state = _state;
|
||||||
if (state == null) {
|
if (state == null) {
|
||||||
return ResponsiveDialog(
|
return ResponsiveDialog(
|
||||||
@ -166,116 +170,142 @@ class _ImportFileDialogState extends ConsumerState<ImportFileDialog> {
|
|||||||
),
|
),
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
result: (_, keyType, certInfo) => ResponsiveDialog(
|
result: (_, keyType, certInfo) {
|
||||||
title: Text(l10n.l_import_file),
|
final isFips =
|
||||||
actions: [
|
ref.watch(currentDeviceDataProvider).valueOrNull?.info.isFips ??
|
||||||
TextButton(
|
false;
|
||||||
key: keys.unlockButton,
|
final unsupportedKey = keyType != null &&
|
||||||
onPressed: (keyType == null && certInfo == null) || _importing
|
!getSupportedKeyTypes(widget.pivState.version, isFips)
|
||||||
? null
|
.contains(keyType);
|
||||||
: () async {
|
return ResponsiveDialog(
|
||||||
final withContext = ref.read(withContextProvider);
|
title: Text(l10n.l_import_file),
|
||||||
|
actions: [
|
||||||
|
TextButton(
|
||||||
|
key: keys.unlockButton,
|
||||||
|
onPressed: (keyType == null && certInfo == null) ||
|
||||||
|
_importing ||
|
||||||
|
unsupportedKey
|
||||||
|
? null
|
||||||
|
: () async {
|
||||||
|
final withContext = ref.read(withContextProvider);
|
||||||
|
|
||||||
if (!await confirmOverwrite(
|
if (!await confirmOverwrite(
|
||||||
context,
|
context,
|
||||||
widget.pivSlot,
|
widget.pivSlot,
|
||||||
writeKey: keyType != null,
|
writeKey: keyType != null,
|
||||||
writeCert: certInfo != null,
|
writeCert: certInfo != null,
|
||||||
)) {
|
)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
setState(() {
|
|
||||||
_importing = true;
|
|
||||||
});
|
|
||||||
|
|
||||||
void Function()? close;
|
|
||||||
try {
|
|
||||||
close = await withContext<void Function()>(
|
|
||||||
(context) async => showMessage(
|
|
||||||
context,
|
|
||||||
l10n.l_importing_file,
|
|
||||||
duration: const Duration(seconds: 30),
|
|
||||||
));
|
|
||||||
await ref
|
|
||||||
.read(pivSlotsProvider(widget.devicePath).notifier)
|
|
||||||
.import(widget.pivSlot.slot, _data,
|
|
||||||
password:
|
|
||||||
_password.isNotEmpty ? _password : null);
|
|
||||||
await withContext(
|
|
||||||
(context) async {
|
|
||||||
Navigator.of(context).pop(true);
|
|
||||||
showMessage(context, l10n.s_file_imported);
|
|
||||||
},
|
|
||||||
);
|
|
||||||
} catch (err) {
|
|
||||||
// TODO: More error cases
|
|
||||||
setState(() {
|
setState(() {
|
||||||
_passwordIsWrong = true;
|
_importing = true;
|
||||||
_importing = false;
|
|
||||||
});
|
});
|
||||||
} finally {
|
|
||||||
close?.call();
|
void Function()? close;
|
||||||
}
|
try {
|
||||||
},
|
close = await withContext<void Function()>(
|
||||||
child: Text(l10n.s_import),
|
(context) async => showMessage(
|
||||||
),
|
context,
|
||||||
],
|
l10n.l_importing_file,
|
||||||
child: Padding(
|
duration: const Duration(seconds: 30),
|
||||||
padding: const EdgeInsets.symmetric(horizontal: 18.0),
|
));
|
||||||
child: Column(
|
await ref
|
||||||
crossAxisAlignment: CrossAxisAlignment.start,
|
.read(pivSlotsProvider(widget.devicePath).notifier)
|
||||||
children: [
|
.import(widget.pivSlot.slot, _data,
|
||||||
Text(l10n.p_import_items_desc(
|
password:
|
||||||
widget.pivSlot.slot.getDisplayName(l10n))),
|
_password.isNotEmpty ? _password : null);
|
||||||
if (keyType == null && certInfo == null) ...[
|
await withContext(
|
||||||
Text(
|
(context) async {
|
||||||
l10n.l_import_nothing,
|
Navigator.of(context).pop(true);
|
||||||
style: subtitleStyle,
|
showMessage(context, l10n.s_file_imported);
|
||||||
softWrap: true,
|
},
|
||||||
textAlign: TextAlign.center,
|
);
|
||||||
),
|
} catch (err) {
|
||||||
],
|
// TODO: More error cases
|
||||||
if (keyType != null) ...[
|
setState(() {
|
||||||
Text(
|
_passwordIsWrong = true;
|
||||||
l10n.s_private_key,
|
_importing = false;
|
||||||
style: textTheme.bodyLarge,
|
});
|
||||||
softWrap: true,
|
} finally {
|
||||||
textAlign: TextAlign.center,
|
close?.call();
|
||||||
),
|
}
|
||||||
Row(
|
},
|
||||||
mainAxisSize: MainAxisSize.min,
|
child: Text(l10n.s_import),
|
||||||
children: [
|
),
|
||||||
Text(l10n.s_algorithm),
|
],
|
||||||
const SizedBox(width: 8),
|
child: Padding(
|
||||||
Text(
|
padding: const EdgeInsets.symmetric(horizontal: 18.0),
|
||||||
keyType.name.toUpperCase(),
|
child: Column(
|
||||||
style: subtitleStyle,
|
crossAxisAlignment: CrossAxisAlignment.start,
|
||||||
|
children: [
|
||||||
|
Text(l10n.p_import_items_desc(
|
||||||
|
widget.pivSlot.slot.getDisplayName(l10n))),
|
||||||
|
if (keyType == null && certInfo == null) ...[
|
||||||
|
Row(
|
||||||
|
children: [
|
||||||
|
Icon(Icons.error, color: colorScheme.error),
|
||||||
|
const SizedBox(width: 8),
|
||||||
|
Text(
|
||||||
|
l10n.l_import_nothing,
|
||||||
|
style: errorStyle,
|
||||||
|
),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
],
|
||||||
|
if (keyType != null) ...[
|
||||||
|
Text(
|
||||||
|
l10n.s_private_key,
|
||||||
|
style: textTheme.bodyLarge,
|
||||||
|
softWrap: true,
|
||||||
|
textAlign: TextAlign.center,
|
||||||
|
),
|
||||||
|
Row(
|
||||||
|
mainAxisSize: MainAxisSize.min,
|
||||||
|
children: [
|
||||||
|
Text(l10n.s_algorithm),
|
||||||
|
const SizedBox(width: 8),
|
||||||
|
Text(
|
||||||
|
keyType.name.toUpperCase(),
|
||||||
|
style: subtitleStyle,
|
||||||
|
),
|
||||||
|
],
|
||||||
|
),
|
||||||
|
if (unsupportedKey)
|
||||||
|
Row(
|
||||||
|
children: [
|
||||||
|
Icon(Icons.error, color: colorScheme.error),
|
||||||
|
const SizedBox(width: 8),
|
||||||
|
Text(
|
||||||
|
l10n.l_unsupported_key_type,
|
||||||
|
style: errorStyle,
|
||||||
|
),
|
||||||
|
],
|
||||||
),
|
),
|
||||||
],
|
],
|
||||||
)
|
if (certInfo != null) ...[
|
||||||
],
|
Text(
|
||||||
if (certInfo != null) ...[
|
l10n.s_certificate,
|
||||||
Text(
|
style: textTheme.bodyLarge,
|
||||||
l10n.s_certificate,
|
softWrap: true,
|
||||||
style: textTheme.bodyLarge,
|
textAlign: TextAlign.center,
|
||||||
softWrap: true,
|
),
|
||||||
textAlign: TextAlign.center,
|
SizedBox(
|
||||||
),
|
height:
|
||||||
SizedBox(
|
140, // Needed for layout, adapt if text sizes changes
|
||||||
height: 140, // Needed for layout, adapt if text sizes changes
|
child: CertInfoTable(certInfo, null),
|
||||||
child: CertInfoTable(certInfo, null),
|
),
|
||||||
),
|
]
|
||||||
]
|
]
|
||||||
]
|
.map((e) => Padding(
|
||||||
.map((e) => Padding(
|
padding: const EdgeInsets.symmetric(vertical: 8.0),
|
||||||
padding: const EdgeInsets.symmetric(vertical: 8.0),
|
child: e,
|
||||||
child: e,
|
))
|
||||||
))
|
.toList(),
|
||||||
.toList(),
|
),
|
||||||
),
|
),
|
||||||
),
|
);
|
||||||
),
|
},
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
31
lib/piv/views/utils.dart
Normal file
31
lib/piv/views/utils.dart
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (C) 2024 Yubico.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import '../../core/models.dart';
|
||||||
|
import '../models.dart';
|
||||||
|
|
||||||
|
List<KeyType> getSupportedKeyTypes(Version version, bool isFips) => [
|
||||||
|
if (!isFips) KeyType.rsa1024,
|
||||||
|
KeyType.rsa2048,
|
||||||
|
if (version.isAtLeast(5, 7)) ...[
|
||||||
|
KeyType.rsa3072,
|
||||||
|
KeyType.rsa4096,
|
||||||
|
KeyType.ed25519,
|
||||||
|
if (!isFips) KeyType.x25519,
|
||||||
|
],
|
||||||
|
KeyType.eccp256,
|
||||||
|
KeyType.eccp384,
|
||||||
|
];
|
Loading…
Reference in New Issue
Block a user