mirror of
https://github.com/Yubico/yubioath-flutter.git
synced 2024-12-23 10:11:52 +03:00
PIV: Prevent import of unsupported keys
This commit is contained in:
parent
f03054886e
commit
5f476b612d
@ -479,6 +479,7 @@
|
||||
"l_import_nothing": null,
|
||||
"l_importing_file": null,
|
||||
"s_file_imported": null,
|
||||
"l_unsupported_key_type": null,
|
||||
"l_delete_certificate": null,
|
||||
"l_delete_certificate_desc": null,
|
||||
"s_issuer": null,
|
||||
|
@ -479,6 +479,7 @@
|
||||
"l_import_nothing": "Nothing to import",
|
||||
"l_importing_file": "Importing file\u2026",
|
||||
"s_file_imported": "File imported",
|
||||
"l_unsupported_key_type": "Unsupported key type",
|
||||
"l_delete_certificate": "Delete certificate",
|
||||
"l_delete_certificate_desc": "Remove the certificate from your YubiKey",
|
||||
"s_issuer": "Issuer",
|
||||
|
@ -479,6 +479,7 @@
|
||||
"l_import_nothing": null,
|
||||
"l_importing_file": "Importation d'un fichier\u2026",
|
||||
"s_file_imported": "Fichier importé",
|
||||
"l_unsupported_key_type": null,
|
||||
"l_delete_certificate": "Supprimer un certificat",
|
||||
"l_delete_certificate_desc": "Supprimer un certificat de votre YubiKey",
|
||||
"s_issuer": "Émetteur",
|
||||
|
@ -479,6 +479,7 @@
|
||||
"l_import_nothing": null,
|
||||
"l_importing_file": "ファイルのインポート中\u2026",
|
||||
"s_file_imported": "ファイル をインポートしました",
|
||||
"l_unsupported_key_type": null,
|
||||
"l_delete_certificate": "証明書を削除",
|
||||
"l_delete_certificate_desc": "YubiKeyか証明書の削除",
|
||||
"s_issuer": "発行者",
|
||||
|
@ -479,6 +479,7 @@
|
||||
"l_import_nothing": null,
|
||||
"l_importing_file": "Importowanie pliku\u2026",
|
||||
"s_file_imported": "Plik został zaimportowany",
|
||||
"l_unsupported_key_type": null,
|
||||
"l_delete_certificate": "Usuń certyfikat",
|
||||
"l_delete_certificate_desc": "Usuń certyfikat z klucza YubiKey",
|
||||
"s_issuer": "Wydawca",
|
||||
|
@ -30,6 +30,7 @@ import '../keys.dart' as keys;
|
||||
import '../models.dart';
|
||||
import '../state.dart';
|
||||
import 'overwrite_confirm_dialog.dart';
|
||||
import 'utils.dart';
|
||||
|
||||
class GenerateKeyDialog extends ConsumerStatefulWidget {
|
||||
final DevicePath devicePath;
|
||||
@ -65,19 +66,6 @@ class _GenerateKeyDialogState extends ConsumerState<GenerateKeyDialog> {
|
||||
_validToMax = DateTime.utc(now.year + 10, now.month, now.day);
|
||||
}
|
||||
|
||||
List<KeyType> _getSupportedKeyTypes(bool isFips) => [
|
||||
if (!isFips) KeyType.rsa1024,
|
||||
KeyType.rsa2048,
|
||||
if (widget.pivState.version.isAtLeast(5, 7)) ...[
|
||||
KeyType.rsa3072,
|
||||
KeyType.rsa4096,
|
||||
KeyType.ed25519,
|
||||
if (!isFips) KeyType.x25519,
|
||||
],
|
||||
KeyType.eccp256,
|
||||
KeyType.eccp384,
|
||||
];
|
||||
|
||||
@override
|
||||
Widget build(BuildContext context) {
|
||||
final l10n = AppLocalizations.of(context)!;
|
||||
@ -202,7 +190,8 @@ class _GenerateKeyDialogState extends ConsumerState<GenerateKeyDialog> {
|
||||
runSpacing: 8.0,
|
||||
children: [
|
||||
ChoiceFilterChip<KeyType>(
|
||||
items: _getSupportedKeyTypes(isFips),
|
||||
items:
|
||||
getSupportedKeyTypes(widget.pivState.version, isFips),
|
||||
value: _keyType,
|
||||
selected: _keyType != defaultKeyType,
|
||||
itemBuilder: (value) => Text(value.getDisplayName(l10n)),
|
||||
|
@ -31,6 +31,7 @@ import '../models.dart';
|
||||
import '../state.dart';
|
||||
import 'cert_info_view.dart';
|
||||
import 'overwrite_confirm_dialog.dart';
|
||||
import 'utils.dart';
|
||||
|
||||
class ImportFileDialog extends ConsumerStatefulWidget {
|
||||
final DevicePath devicePath;
|
||||
@ -86,10 +87,13 @@ class _ImportFileDialogState extends ConsumerState<ImportFileDialog> {
|
||||
Widget build(BuildContext context) {
|
||||
final l10n = AppLocalizations.of(context)!;
|
||||
final textTheme = Theme.of(context).textTheme;
|
||||
final colorScheme = Theme.of(context).colorScheme;
|
||||
// This is what ListTile uses for subtitle
|
||||
final subtitleStyle = textTheme.bodyMedium!.copyWith(
|
||||
color: Theme.of(context).colorScheme.onSurfaceVariant,
|
||||
color: colorScheme.onSurfaceVariant,
|
||||
);
|
||||
// This is what TextInput errors look like
|
||||
final errorStyle = textTheme.labelLarge!.copyWith(color: colorScheme.error);
|
||||
final state = _state;
|
||||
if (state == null) {
|
||||
return ResponsiveDialog(
|
||||
@ -166,116 +170,142 @@ class _ImportFileDialogState extends ConsumerState<ImportFileDialog> {
|
||||
),
|
||||
),
|
||||
),
|
||||
result: (_, keyType, certInfo) => ResponsiveDialog(
|
||||
title: Text(l10n.l_import_file),
|
||||
actions: [
|
||||
TextButton(
|
||||
key: keys.unlockButton,
|
||||
onPressed: (keyType == null && certInfo == null) || _importing
|
||||
? null
|
||||
: () async {
|
||||
final withContext = ref.read(withContextProvider);
|
||||
result: (_, keyType, certInfo) {
|
||||
final isFips =
|
||||
ref.watch(currentDeviceDataProvider).valueOrNull?.info.isFips ??
|
||||
false;
|
||||
final unsupportedKey = keyType != null &&
|
||||
!getSupportedKeyTypes(widget.pivState.version, isFips)
|
||||
.contains(keyType);
|
||||
return ResponsiveDialog(
|
||||
title: Text(l10n.l_import_file),
|
||||
actions: [
|
||||
TextButton(
|
||||
key: keys.unlockButton,
|
||||
onPressed: (keyType == null && certInfo == null) ||
|
||||
_importing ||
|
||||
unsupportedKey
|
||||
? null
|
||||
: () async {
|
||||
final withContext = ref.read(withContextProvider);
|
||||
|
||||
if (!await confirmOverwrite(
|
||||
context,
|
||||
widget.pivSlot,
|
||||
writeKey: keyType != null,
|
||||
writeCert: certInfo != null,
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
if (!await confirmOverwrite(
|
||||
context,
|
||||
widget.pivSlot,
|
||||
writeKey: keyType != null,
|
||||
writeCert: certInfo != null,
|
||||
)) {
|
||||
return;
|
||||
}
|
||||
|
||||
setState(() {
|
||||
_importing = true;
|
||||
});
|
||||
|
||||
void Function()? close;
|
||||
try {
|
||||
close = await withContext<void Function()>(
|
||||
(context) async => showMessage(
|
||||
context,
|
||||
l10n.l_importing_file,
|
||||
duration: const Duration(seconds: 30),
|
||||
));
|
||||
await ref
|
||||
.read(pivSlotsProvider(widget.devicePath).notifier)
|
||||
.import(widget.pivSlot.slot, _data,
|
||||
password:
|
||||
_password.isNotEmpty ? _password : null);
|
||||
await withContext(
|
||||
(context) async {
|
||||
Navigator.of(context).pop(true);
|
||||
showMessage(context, l10n.s_file_imported);
|
||||
},
|
||||
);
|
||||
} catch (err) {
|
||||
// TODO: More error cases
|
||||
setState(() {
|
||||
_passwordIsWrong = true;
|
||||
_importing = false;
|
||||
_importing = true;
|
||||
});
|
||||
} finally {
|
||||
close?.call();
|
||||
}
|
||||
},
|
||||
child: Text(l10n.s_import),
|
||||
),
|
||||
],
|
||||
child: Padding(
|
||||
padding: const EdgeInsets.symmetric(horizontal: 18.0),
|
||||
child: Column(
|
||||
crossAxisAlignment: CrossAxisAlignment.start,
|
||||
children: [
|
||||
Text(l10n.p_import_items_desc(
|
||||
widget.pivSlot.slot.getDisplayName(l10n))),
|
||||
if (keyType == null && certInfo == null) ...[
|
||||
Text(
|
||||
l10n.l_import_nothing,
|
||||
style: subtitleStyle,
|
||||
softWrap: true,
|
||||
textAlign: TextAlign.center,
|
||||
),
|
||||
],
|
||||
if (keyType != null) ...[
|
||||
Text(
|
||||
l10n.s_private_key,
|
||||
style: textTheme.bodyLarge,
|
||||
softWrap: true,
|
||||
textAlign: TextAlign.center,
|
||||
),
|
||||
Row(
|
||||
mainAxisSize: MainAxisSize.min,
|
||||
children: [
|
||||
Text(l10n.s_algorithm),
|
||||
const SizedBox(width: 8),
|
||||
Text(
|
||||
keyType.name.toUpperCase(),
|
||||
style: subtitleStyle,
|
||||
|
||||
void Function()? close;
|
||||
try {
|
||||
close = await withContext<void Function()>(
|
||||
(context) async => showMessage(
|
||||
context,
|
||||
l10n.l_importing_file,
|
||||
duration: const Duration(seconds: 30),
|
||||
));
|
||||
await ref
|
||||
.read(pivSlotsProvider(widget.devicePath).notifier)
|
||||
.import(widget.pivSlot.slot, _data,
|
||||
password:
|
||||
_password.isNotEmpty ? _password : null);
|
||||
await withContext(
|
||||
(context) async {
|
||||
Navigator.of(context).pop(true);
|
||||
showMessage(context, l10n.s_file_imported);
|
||||
},
|
||||
);
|
||||
} catch (err) {
|
||||
// TODO: More error cases
|
||||
setState(() {
|
||||
_passwordIsWrong = true;
|
||||
_importing = false;
|
||||
});
|
||||
} finally {
|
||||
close?.call();
|
||||
}
|
||||
},
|
||||
child: Text(l10n.s_import),
|
||||
),
|
||||
],
|
||||
child: Padding(
|
||||
padding: const EdgeInsets.symmetric(horizontal: 18.0),
|
||||
child: Column(
|
||||
crossAxisAlignment: CrossAxisAlignment.start,
|
||||
children: [
|
||||
Text(l10n.p_import_items_desc(
|
||||
widget.pivSlot.slot.getDisplayName(l10n))),
|
||||
if (keyType == null && certInfo == null) ...[
|
||||
Row(
|
||||
children: [
|
||||
Icon(Icons.error, color: colorScheme.error),
|
||||
const SizedBox(width: 8),
|
||||
Text(
|
||||
l10n.l_import_nothing,
|
||||
style: errorStyle,
|
||||
),
|
||||
],
|
||||
),
|
||||
],
|
||||
if (keyType != null) ...[
|
||||
Text(
|
||||
l10n.s_private_key,
|
||||
style: textTheme.bodyLarge,
|
||||
softWrap: true,
|
||||
textAlign: TextAlign.center,
|
||||
),
|
||||
Row(
|
||||
mainAxisSize: MainAxisSize.min,
|
||||
children: [
|
||||
Text(l10n.s_algorithm),
|
||||
const SizedBox(width: 8),
|
||||
Text(
|
||||
keyType.name.toUpperCase(),
|
||||
style: subtitleStyle,
|
||||
),
|
||||
],
|
||||
),
|
||||
if (unsupportedKey)
|
||||
Row(
|
||||
children: [
|
||||
Icon(Icons.error, color: colorScheme.error),
|
||||
const SizedBox(width: 8),
|
||||
Text(
|
||||
l10n.l_unsupported_key_type,
|
||||
style: errorStyle,
|
||||
),
|
||||
],
|
||||
),
|
||||
],
|
||||
)
|
||||
],
|
||||
if (certInfo != null) ...[
|
||||
Text(
|
||||
l10n.s_certificate,
|
||||
style: textTheme.bodyLarge,
|
||||
softWrap: true,
|
||||
textAlign: TextAlign.center,
|
||||
),
|
||||
SizedBox(
|
||||
height: 140, // Needed for layout, adapt if text sizes changes
|
||||
child: CertInfoTable(certInfo, null),
|
||||
),
|
||||
],
|
||||
if (certInfo != null) ...[
|
||||
Text(
|
||||
l10n.s_certificate,
|
||||
style: textTheme.bodyLarge,
|
||||
softWrap: true,
|
||||
textAlign: TextAlign.center,
|
||||
),
|
||||
SizedBox(
|
||||
height:
|
||||
140, // Needed for layout, adapt if text sizes changes
|
||||
child: CertInfoTable(certInfo, null),
|
||||
),
|
||||
]
|
||||
]
|
||||
]
|
||||
.map((e) => Padding(
|
||||
padding: const EdgeInsets.symmetric(vertical: 8.0),
|
||||
child: e,
|
||||
))
|
||||
.toList(),
|
||||
.map((e) => Padding(
|
||||
padding: const EdgeInsets.symmetric(vertical: 8.0),
|
||||
child: e,
|
||||
))
|
||||
.toList(),
|
||||
),
|
||||
),
|
||||
),
|
||||
),
|
||||
);
|
||||
},
|
||||
);
|
||||
}
|
||||
}
|
||||
|
31
lib/piv/views/utils.dart
Normal file
31
lib/piv/views/utils.dart
Normal file
@ -0,0 +1,31 @@
|
||||
/*
|
||||
* Copyright (C) 2024 Yubico.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
import '../../core/models.dart';
|
||||
import '../models.dart';
|
||||
|
||||
List<KeyType> getSupportedKeyTypes(Version version, bool isFips) => [
|
||||
if (!isFips) KeyType.rsa1024,
|
||||
KeyType.rsa2048,
|
||||
if (version.isAtLeast(5, 7)) ...[
|
||||
KeyType.rsa3072,
|
||||
KeyType.rsa4096,
|
||||
KeyType.ed25519,
|
||||
if (!isFips) KeyType.x25519,
|
||||
],
|
||||
KeyType.eccp256,
|
||||
KeyType.eccp384,
|
||||
];
|
Loading…
Reference in New Issue
Block a user