1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
use super::Pin;
use crate::{
ctap2::{
commands::{
authenticator_config::{AuthConfigCommand, AuthConfigResult},
bio_enrollment::BioTemplateId,
get_info::AuthenticatorInfo,
PinUvAuthResult,
},
server::{PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity},
},
BioEnrollmentResult, CredentialManagementResult,
};
use serde::{Deserialize, Serialize as DeriveSer, Serializer};
use std::sync::mpsc::Sender;
#[derive(Debug, Deserialize, DeriveSer)]
pub enum CredManagementCmd {
GetCredentials,
DeleteCredential(PublicKeyCredentialDescriptor),
UpdateUserInformation(PublicKeyCredentialDescriptor, PublicKeyCredentialUserEntity),
}
#[derive(Debug, Deserialize, DeriveSer)]
pub enum BioEnrollmentCmd {
GetFingerprintSensorInfo,
GetEnrollments,
StartNewEnrollment(Option<String>),
DeleteEnrollment(BioTemplateId),
ChangeName(BioTemplateId, String),
}
#[derive(Debug)]
pub enum InteractiveRequest {
Quit,
Reset,
ChangePIN(Pin, Pin),
SetPIN(Pin),
ChangeConfig(AuthConfigCommand, Option<PinUvAuthResult>),
CredentialManagement(CredManagementCmd, Option<PinUvAuthResult>),
BioEnrollment(BioEnrollmentCmd, Option<PinUvAuthResult>),
}
// Simply ignoring the Sender when serializing
pub(crate) fn serialize_pin_required<S>(_: &Sender<Pin>, s: S) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
s.serialize_none()
}
// Simply ignoring the Sender when serializing
pub(crate) fn serialize_pin_invalid<S>(
_: &Sender<Pin>,
retries: &Option<u8>,
s: S,
) -> Result<S::Ok, S::Error>
where
S: Serializer,
{
if let Some(r) = retries {
s.serialize_u8(*r)
} else {
s.serialize_none()
}
}
#[derive(Debug, DeriveSer)]
pub enum StatusPinUv {
#[serde(serialize_with = "serialize_pin_required")]
PinRequired(Sender<Pin>),
#[serde(serialize_with = "serialize_pin_invalid")]
InvalidPin(Sender<Pin>, Option<u8>),
PinIsTooShort,
PinIsTooLong(usize),
InvalidUv(Option<u8>),
// This SHOULD ever only happen for CTAP2.0 devices that
// use internal UV (e.g. fingerprint sensors) and failed (e.g. wrong
// finger used).
// PinAuthInvalid, // Folded into InvalidUv
PinAuthBlocked,
PinBlocked,
PinNotSet,
UvBlocked,
}
#[derive(Debug)]
pub enum InteractiveUpdate {
StartManagement((Sender<InteractiveRequest>, Option<AuthenticatorInfo>)),
// We provide the already determined PUAT to be able to issue more requests without
// forcing the user to enter another PIN.
BioEnrollmentUpdate((BioEnrollmentResult, Option<PinUvAuthResult>)),
CredentialManagementUpdate((CredentialManagementResult, Option<PinUvAuthResult>)),
AuthConfigUpdate((AuthConfigResult, Option<PinUvAuthResult>)),
}
#[derive(Debug)]
pub enum StatusUpdate {
/// We're waiting for the user to touch their token
PresenceRequired,
/// Sent if a PIN is needed (or was wrong), or some other kind of PIN-related
/// error occurred. The Sender is for sending back a PIN (if needed).
PinUvError(StatusPinUv),
/// Sent, if multiple devices are found and the user has to select one
SelectDeviceNotice,
/// Sent when a token was selected for interactive management
InteractiveManagement(InteractiveUpdate),
/// Sent when a token returns multiple results for a getAssertion request
SelectResultNotice(Sender<Option<usize>>, Vec<PublicKeyCredentialUserEntity>),
}
pub(crate) fn send_status(status: &Sender<StatusUpdate>, msg: StatusUpdate) {
match status.send(msg) {
Ok(_) => {}
Err(e) => error!("Couldn't send status: {:?}", e),
};
}
|
