Skip to content

Commit

Permalink
Better handling of YubiOTP when using the SmartCard extension togethe…
Browse files Browse the repository at this point in the history 
…r with a USB-C key.
  • Loading branch information
@jensutbult
jensutbult committed Dec 12, 2023
1 parent c620f01 commit b0e0655
Show file tree
Hide file tree
Showing 5 changed files with 246 additions and 20 deletions.
4 changes: 4 additions & 0 deletions Authenticator.xcodeproj/project.pbxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@
B40327762847AE0A00DF4DB0 /* Licensing.md in Resources */ = {isa = PBXBuildFile; fileRef = B40327752847AE0A00DF4DB0 /* Licensing.md */; };
B40D61A02AE7F37900467AE9 /* DisableOTPView.swift in Sources */ = {isa = PBXBuildFile; fileRef = B40D619F2AE7F37900467AE9 /* DisableOTPView.swift */; };
B40D61A22AE7F89500467AE9 /* DisableOTPModel.swift in Sources */ = {isa = PBXBuildFile; fileRef = B40D61A12AE7F89500467AE9 /* DisableOTPModel.swift */; };
B40F44452B27033A000D5E02 /* TokenRequestYubiOTPViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = B40F44442B27033A000D5E02 /* TokenRequestYubiOTPViewController.swift */; };
B411242F29D423A300D58001 /* ListStatusView.swift in Sources */ = {isa = PBXBuildFile; fileRef = B411242E29D423A300D58001 /* ListStatusView.swift */; };
B432B1BF28B65B8600A7182F /* YubiKit in Frameworks */ = {isa = PBXBuildFile; productRef = B432B1BE28B65B8600A7182F /* YubiKit */; };
B452EC1F2A1E4F460045E5D9 /* YubiOtpRowView.swift in Sources */ = {isa = PBXBuildFile; fileRef = B452EC1E2A1E4F460045E5D9 /* YubiOtpRowView.swift */; };
Expand Down Expand Up @@ -224,6 +225,7 @@
B40327752847AE0A00DF4DB0 /* Licensing.md */ = {isa = PBXFileReference; lastKnownFileType = net.daringfireball.markdown; path = Licensing.md; sourceTree = "<group>"; };
B40D619F2AE7F37900467AE9 /* DisableOTPView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DisableOTPView.swift; sourceTree = "<group>"; };
B40D61A12AE7F89500467AE9 /* DisableOTPModel.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = DisableOTPModel.swift; sourceTree = "<group>"; };
B40F44442B27033A000D5E02 /* TokenRequestYubiOTPViewController.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TokenRequestYubiOTPViewController.swift; sourceTree = "<group>"; };
B411242E29D423A300D58001 /* ListStatusView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ListStatusView.swift; sourceTree = "<group>"; };
B452EC1E2A1E4F460045E5D9 /* YubiOtpRowView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = YubiOtpRowView.swift; sourceTree = "<group>"; };
B452EC3C2A264A620045E5D9 /* ToastView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ToastView.swift; sourceTree = "<group>"; };
Expand Down Expand Up @@ -307,6 +309,7 @@
children = (
5156D05C265D2602007A94F8 /* TokenRequestViewController.swift */,
B4FE90D32A443D8400B59170 /* TokenRequestWrapper.swift */,
B40F44442B27033A000D5E02 /* TokenRequestYubiOTPViewController.swift */,
);
path = TokenSession;
sourceTree = "<group>";
Expand Down Expand Up @@ -720,6 +723,7 @@
A525965B23A45501006AA3C0 /* UIImageAdditions.swift in Sources */,
51A162862678A1F100C3FA1E /* OATHConfigurationController.swift in Sources */,
515542622649C88900B19C59 /* PasswordConfigurationViewModel.swift in Sources */,
B40F44452B27033A000D5E02 /* TokenRequestYubiOTPViewController.swift in Sources */,
B4C93E60299D156C00C2A8B8 /* ErrorAlertView.swift in Sources */,
A591411D23830EB800CCCF67 /* UIApplicationExtension.swift in Sources */,
81FA3C34231AF2D8009C22AB /* AdvancedSettingsViewController.swift in Sources */,
Expand Down
71 changes: 71 additions & 0 deletions Authenticator/Model/TokenRequestViewModel.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,77 @@ class TokenRequestViewModel: NSObject {
}
}


extension TokenRequestViewModel {

func isYubiOTPEnabledOverUSBC(completion: @escaping (Bool) -> Void) {
print(#function)
connection.smartCardConnection { connection in
print("got \(connection)")
connection?.managementSession { session, error in
print("got \(session)")
guard let session else { return }
session.getDeviceInfo { deviceInfo, error in
print("got \(deviceInfo)")
guard let deviceInfo, let configuration = deviceInfo.configuration else { return }
guard !configuration.isEnabled(.OTP, overTransport: .USB) || SettingsConfig.isOTPOverUSBIgnored(deviceId: deviceInfo.serialNumber + 1) else {
print("yubiotp enabled")
completion(true)
return
}
print("yubiotp disabled")
completion(false)
}
}
}
}

func disableOTP(completion: @escaping (Error?) -> Void) {
print(#function)
connection.smartCardConnection { connection in
connection?.managementSession { session, error in
print(session)
guard let session else { return }
session.getDeviceInfo { deviceInfo, error in
print(deviceInfo)
guard let deviceInfo, let configuration = deviceInfo.configuration else { return }
configuration.setEnabled(false, application: .OTP, overTransport: .USB)
session.write(configuration, reboot: true) { error in
print(error)
completion(error)
}
}
}
}
}

func waitForKeyRemoval(completion: @escaping () -> Void) {
print(#function)
connection.didDisconnect { _, _ in
print("")
completion()
}
}

func ignoreThisKey(handler: @escaping (Error?) -> Void) {
print(#function)
connection.smartCardConnection { connection in
print(connection)
connection?.managementSession { session, error in
print(session)
guard let session else { handler(error); return }
session.getDeviceInfo { deviceInfo, error in
print(deviceInfo)
guard let deviceInfo else { handler(error); return }
SettingsConfig.registerUSBCDeviceToIgnore(deviceId: deviceInfo.serialNumber)
handler(nil)
}
}
}
}

}

@available(iOS 14.0, *)
private extension YKFPIVSession {
func slotForObjectId(_ objectId: String, completion: @escaping (YKFPIVSlot?, TokenRequestViewModel.TokenError?) -> Void) {
Expand Down
Loading

0 comments on commit b0e0655

Please sign in to comment.