sergey/fido2-manage
1
0
Fork 0
mirror of https://github.com/token2/fido2-manage.git synced 2026-04-09 10:45:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update fido2-manage.sh

Browse Source
This commit is contained in:
Token2
2026-01-08 19:59:15 +01:00
committed by GitHub
parent fdbf170801
commit b2504f97f5
1 changed files with 45 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
fido2-manage.sh
View File

@@ -1,6 +1,5 @@
#!/bin/bash #!/bin/bash
FIDO2_TOKEN_CMD="/usr/local/bin/fido2-token2" FIDO2_TOKEN_CMD="/usr/local/bin/fido2-token2"
list=false list=false
@@ -34,7 +33,7 @@ while [[ "$#" -gt 0 ]]; do
-device) device="$2"; shift ;; -device) device="$2"; shift ;;
-pin) pin="$2"; shift ;; -pin) pin="$2"; shift ;;
-storage) storage=true ;; -storage) storage=true ;;
-fingerprint) fingerprint=true ;; -fingerprint) fingerprint=true ;;
-residentKeys) residentKeys=true ;; -residentKeys) residentKeys=true ;;
-domain) domain="$2"; shift ;; -domain) domain="$2"; shift ;;
-delete) delete=true ;; -delete) delete=true ;;
@@ -51,8 +50,6 @@ while [[ "$#" -gt 0 ]]; do
shift shift
done done
show_help() { show_help() {
cat << EOF cat << EOF
FIDO2 Token Management Tool FIDO2 Token Management Tool
@@ -84,10 +81,10 @@ Examples:
- Sets PIN of a specific device: - Sets PIN of a specific device:
./fido2-manage.sh -setPIN -device 1 ./fido2-manage.sh -setPIN -device 1
- Enrolls a fingerprint to a specific device (biometric models only, simplified method - does not allow deleting fingerprints): - Enrolls a fingerprint to a specific device (biometric models only, simplified method - does not allow deleting fingerprints):
./fido2-manage.sh -fingerprint -device 1 ./fido2-manage.sh -fingerprint -device 1
- Perform a factory reset on a specific device: - Perform a factory reset on a specific device:
./fido2-manage.sh -reset -device 1 ./fido2-manage.sh -reset -device 1
@@ -102,13 +99,11 @@ Examples:
EOF EOF
} }
# Display help if -help parameter is provided
if $help; then if $help; then
show_help show_help
exit 0 exit 0
fi fi
# Check if no arguments are specified, then show help
if ! $list && ! $info && [[ -z $device ]] && ! $fingerprint && ! $storage && ! $residentKeys && [[ -z $domain ]] && ! $delete && [[ -z $credential ]] && ! $changePIN && ! $setMinimumPIN && ! $setPIN && ! $reset && ! $uvs && ! $uvd && ! $help; then if ! $list && ! $info && [[ -z $device ]] && ! $fingerprint && ! $storage && ! $residentKeys && [[ -z $domain ]] && ! $delete && [[ -z $credential ]] && ! $changePIN && ! $setMinimumPIN && ! $setPIN && ! $reset && ! $uvs && ! $uvd && ! $help; then
show_help show_help
exit 1 exit 1
@@ -124,9 +119,7 @@ if $list; then
device_count=1 device_count=1
echo "$command_output" | while read -r line; do echo "$command_output" | while read -r line; do
if [[ $line =~ ^([^:]+) ]]; then if [[ $line =~ ^([^:]+) ]]; then
echo "Device [$device_count] : $(echo "${line}" | grep -oP '(?<=\()(.+)(?=\))')"
echo "Device [$device_count] : $(echo "${line}" | grep -oP '(?<=\()(.+)(?=\))')"
device_count=$((device_count + 1)) device_count=$((device_count + 1))
fi fi
done done
@@ -191,6 +184,10 @@ if [[ -n $device ]]; then
if [[ -n $setMinimumPIN ]]; then if [[ -n $setMinimumPIN ]]; then
show_message "Setting minimum PIN length to $setMinimumPIN on device $device" show_message "Setting minimum PIN length to $setMinimumPIN on device $device"
"$FIDO2_TOKEN_CMD" -S -l "$setMinimumPIN" "$device_string" "$FIDO2_TOKEN_CMD" -S -l "$setMinimumPIN" "$device_string"
if [ $? -ne 0 ]; then
show_message "Error: Failed to set minimum PIN length." "Error"
exit 1
fi
exit 0 exit 0
fi fi
@@ -206,51 +203,45 @@ if [[ -n $device ]]; then
exit 0 exit 0
fi fi
# Fingerprint enrollment if $fingerprint; then
if $fingerprint; then echo "Enrolling fingerprints (for bio models only)"
echo "Enrolling fingerprints (for bio models only)" $FIDO2_TOKEN_CMD -S -e "$device_string" $([[ -n $pin ]] && echo "-w $pin")
$FIDO2_TOKEN_CMD -S -e "$device_string" $([[ -n $pin ]] && echo "-w $pin") exit 0
exit 0
fi
# Main logic
if $storage; then
$FIDO2_TOKEN_CMD -I -c "$device_string" $([[ -n $pin ]] && echo "-w $pin")
exit 0
elif $residentKeys; then
if [[ -n $domain ]]; then
domain_command="$FIDO2_TOKEN_CMD -L -k \"$domain\" \"$device_string\" $([[ -n $pin ]] && echo "-w $pin")"
domain_output=$(eval $domain_command)
# Process the output line by line
echo "$domain_output" | while read -r line; do
key_id=$(echo "$line" | awk '{print $1}')
credential_id=$(echo "$line" | awk '{print $2}')
user_field=$(echo "$line" | awk '{print $3 , $4}')
email_field=$(echo "$line" | awk '{print $5, $6}')
if [[ "$user_field" == "(null)" ]]; then
user_field=""
fi
# Determine if user_field is an email
if [[ "$user_field" == *"@"* ]]; then
email=$user_field
user=""
else
user=$user_field
email=$email_field
fi
show_message "Credential ID: $credential_id, User: $user $email"
done
else
$FIDO2_TOKEN_CMD -L -r "$device_string" $(if [[ -n $pin ]]; then echo "-w $pin"; fi)
fi fi
exit 0
fi
if $storage; then
$FIDO2_TOKEN_CMD -I -c "$device_string" $([[ -n $pin ]] && echo "-w $pin")
exit 0
elif $residentKeys; then
if [[ -n $domain ]]; then
domain_command="$FIDO2_TOKEN_CMD -L -k \"$domain\" \"$device_string\" $([[ -n $pin ]] && echo "-w $pin")"
domain_output=$(eval $domain_command)
echo "$domain_output" | while read -r line; do
key_id=$(echo "$line" | awk '{print $1}')
credential_id=$(echo "$line" | awk '{print $2}')
user_field=$(echo "$line" | awk '{print $3 , $4}')
email_field=$(echo "$line" | awk '{print $5, $6}')
if [[ "$user_field" == "(null)" ]]; then
user_field=""
fi
if [[ "$user_field" == *"@"* ]]; then
email=$user_field
user=""
else
user=$user_field
email=$email_field
fi
show_message "Credential ID: $credential_id, User: $user $email"
done
else
$FIDO2_TOKEN_CMD -L -r "$device_string" $(if [[ -n $pin ]]; then echo "-w $pin"; fi)
fi
exit 0
fi
if $info; then if $info; then
command_output=$($FIDO2_TOKEN_CMD -I "$device_string") command_output=$($FIDO2_TOKEN_CMD -I "$device_string")