Move verify_pin after Stub::connect
If all we want is to determine the recipient, we don't need to verify the PIN. Closes str4d/age-plugin-yubikey#30.
This commit is contained in:
@@ -213,6 +213,11 @@ impl IdentityPluginV1 for IdentityPlugin {
|
||||
}
|
||||
};
|
||||
|
||||
if let Err(e) = conn.request_pin(&mut callbacks)? {
|
||||
callbacks.error(e)?.unwrap();
|
||||
continue;
|
||||
}
|
||||
|
||||
for (&file_index, stanzas) in files {
|
||||
if file_keys.contains_key(&file_index) {
|
||||
// We decrypted this file with an earlier YubiKey.
|
||||
|
||||
+30
-19
@@ -316,30 +316,12 @@ impl Stub {
|
||||
}
|
||||
};
|
||||
|
||||
let pin = match callbacks.request_secret(&format!(
|
||||
"Enter PIN for YubiKey with serial {}",
|
||||
self.serial
|
||||
))? {
|
||||
Ok(pin) => pin,
|
||||
Err(_) => {
|
||||
return Ok(Err(identity::Error::Identity {
|
||||
index: self.identity_index,
|
||||
message: format!("A PIN is required for YubiKey with serial {}", self.serial),
|
||||
}))
|
||||
}
|
||||
};
|
||||
if let Err(e) = yubikey.verify_pin(pin.expose_secret().as_bytes()) {
|
||||
return Ok(Err(identity::Error::Identity {
|
||||
index: self.identity_index,
|
||||
message: format!("{:?}", Error::YubiKey(e)),
|
||||
}));
|
||||
}
|
||||
|
||||
Ok(Ok(Connection {
|
||||
yubikey,
|
||||
pk,
|
||||
slot: self.slot,
|
||||
tag: self.tag,
|
||||
identity_index: self.identity_index,
|
||||
}))
|
||||
}
|
||||
}
|
||||
@@ -349,6 +331,7 @@ pub(crate) struct Connection {
|
||||
pk: Recipient,
|
||||
slot: RetiredSlotId,
|
||||
tag: [u8; 4],
|
||||
identity_index: usize,
|
||||
}
|
||||
|
||||
impl Connection {
|
||||
@@ -356,6 +339,34 @@ impl Connection {
|
||||
&self.pk
|
||||
}
|
||||
|
||||
pub(crate) fn request_pin<E>(
|
||||
&mut self,
|
||||
callbacks: &mut dyn Callbacks<E>,
|
||||
) -> io::Result<Result<(), identity::Error>> {
|
||||
let pin = match callbacks.request_secret(&format!(
|
||||
"Enter PIN for YubiKey with serial {}",
|
||||
self.yubikey.serial()
|
||||
))? {
|
||||
Ok(pin) => pin,
|
||||
Err(_) => {
|
||||
return Ok(Err(identity::Error::Identity {
|
||||
index: self.identity_index,
|
||||
message: format!(
|
||||
"A PIN is required for YubiKey with serial {}",
|
||||
self.yubikey.serial()
|
||||
),
|
||||
}))
|
||||
}
|
||||
};
|
||||
if let Err(e) = self.yubikey.verify_pin(pin.expose_secret().as_bytes()) {
|
||||
return Ok(Err(identity::Error::Identity {
|
||||
index: self.identity_index,
|
||||
message: format!("{:?}", Error::YubiKey(e)),
|
||||
}));
|
||||
}
|
||||
Ok(Ok(()))
|
||||
}
|
||||
|
||||
pub(crate) fn unwrap_file_key(&mut self, line: &RecipientLine) -> Result<FileKey, ()> {
|
||||
assert_eq!(self.tag, line.tag);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user