def fido_change_pin(self, current_pin, new_pin):
try:
with self._open_device(TRANSPORT.FIDO) as dev:
controller = Fido2Controller(dev.driver)
controller.change_pin(old_pin=current_pin, new_pin=new_pin)
return {'success': True, 'error': None}
except CtapError as e:
if e.code == CtapError.ERR.INVALID_LENGTH:
return {
'success': False,
'error': 'Too long PIN, maximum size is 128 bytes.'
}
if e.code == CtapError.ERR.PIN_INVALID:
return {'success': False, 'error': 'The current PIN is wrong.'}
if e.code == CtapError.ERR.PIN_AUTH_BLOCKED:
return {
'success':
False,
'error':
'PIN authentication is currently blocked. '
'Remove and re-insert the YubiKey.'
}
if e.code == CtapError.ERR.PIN_BLOCKED:
return {'success': False, 'error': 'PIN is blocked.'}
logger.error('Failed to set PIN', exc_info=e)
return {'success': False, 'error': str(e)}
except Exception as e:
logger.error('Failed to set PIN', exc_info=e)
return {'success': False, 'error': str(e)}
def fido_has_pin(self):
try:
with self._open_device(TRANSPORT.FIDO) as dev:
dev = self._descriptor.open_device(TRANSPORT.FIDO)
controller = Fido2Controller(dev.driver)
return {'hasPin': controller.has_pin, 'error': None}
except Exception as e:
logger.error('Failed to read if PIN is set', exc_info=e)
return {'hasPin': None, 'error': str(e)}
def fido_set_pin(self, new_pin):
try:
with self._open_device(TRANSPORT.FIDO) as dev:
dev = self._descriptor.open_device(TRANSPORT.FIDO)
controller = Fido2Controller(dev.driver)
controller.set_pin(new_pin)
return {'success': True, 'error': None}
except CtapError as e:
if e.code == CtapError.ERR.INVALID_LENGTH:
return {'success': False, 'error': 'too long'}
logger.error('Failed to set PIN', exc_info=e)
return {'success': False, 'error': str(e)}
except Exception as e:
logger.error('Failed to set PIN', exc_info=e)
return {'success': False, 'error': str(e)}
def fido_reset(self):
try:
with self._open_device(TRANSPORT.FIDO) as dev:
controller = Fido2Controller(dev.driver)
controller.reset()
return {'success': True, 'error': None}
except CtapError as e:
if e.code == CtapError.ERR.NOT_ALLOWED:
return {'success': False, 'error': 'not allowed'}
if e.code == CtapError.ERR.ACTION_TIMEOUT:
return {'success': False, 'error': 'touch timeout'}
else:
logger.error('Reset throwed an exception', exc_info=e)
return {'success': False, 'error': str(e)}
except Exception as e:
logger.error('Reset throwed an exception', exc_info=e)
return {'success': False, 'error': str(e)}
def fido_change_pin(self, current_pin, new_pin):
try:
with self._open_device(TRANSPORT.FIDO) as dev:
controller = Fido2Controller(dev.driver)
controller.change_pin(old_pin=current_pin, new_pin=new_pin)
return {'success': True, 'error': None}
except CtapError as e:
if e.code == CtapError.ERR.INVALID_LENGTH:
return {'success': False, 'error': 'too long'}
if e.code == CtapError.ERR.PIN_INVALID:
return {'success': False, 'error': 'wrong pin'}
if e.code == CtapError.ERR.PIN_AUTH_BLOCKED:
return {'success': False, 'error': 'currently blocked'}
if e.code == CtapError.ERR.PIN_BLOCKED:
return {'success': False, 'error': 'blocked.'}
logger.error('Failed to set PIN', exc_info=e)
return {'success': False, 'error': str(e)}
except Exception as e:
logger.error('Failed to set PIN', exc_info=e)
return {'success': False, 'error': str(e)}
def fido_pin_retries(self):
try:
with self._open_device(TRANSPORT.FIDO) as dev:
dev = self._descriptor.open_device(TRANSPORT.FIDO)
controller = Fido2Controller(dev.driver)
return {'retries': controller.get_pin_retries(), 'error': None}
except CtapError as e:
if e.code == CtapError.ERR.PIN_AUTH_BLOCKED:
return {
'retries':
None,
'error':
'PIN authentication is currently blocked. '
'Remove and re-insert the YubiKey.'
}
if e.code == CtapError.ERR.PIN_BLOCKED:
return {'retries': None, 'error': 'PIN is blocked.'}
except Exception as e:
logger.error('Failed to read PIN retries', exc_info=e)
return {'retries': None, 'error': str(e)}
def __enter__(self):
return Fido2Controller(self._dev.driver)