sergey/fido2-manage
1
0
Fork 0
mirror of https://github.com/token2/fido2-manage.git synced 2026-04-09 10:45:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update fido2-manage-mac.sh

Browse Source
This commit is contained in:
Token2
2025-09-06 19:22:58 +02:00
committed by GitHub
parent 5e475bab18
commit ed024567bf
1 changed files with 124 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
fido2-manage-mac.sh
View File

@@ -1,15 +1,12 @@
#!/bin/bash #!/bin/bash
# Determine the path to fido2-token2 binary # Determine the path to fido2-token2 binary
# Check if we're running from a bundle or development environment # Enhanced version to align with Python gui-mac.py search logic
# Resolve the real script location (in case we're called via symlink)
SCRIPT_PATH="${BASH_SOURCE[0]}" SCRIPT_PATH="${BASH_SOURCE[0]}"
if [[ -L "$SCRIPT_PATH" ]]; then if [[ -L "$SCRIPT_PATH" ]]; then
# We're called via symlink, resolve the real path
REAL_SCRIPT_PATH="$(readlink "$SCRIPT_PATH")" REAL_SCRIPT_PATH="$(readlink "$SCRIPT_PATH")"
if [[ "$REAL_SCRIPT_PATH" != /* ]]; then if [[ "$REAL_SCRIPT_PATH" != /* ]]; then
# Relative path, make it absolute
REAL_SCRIPT_PATH="$(cd "$(dirname "$SCRIPT_PATH")" && cd "$(dirname "$REAL_SCRIPT_PATH")" && pwd)/$(basename "$REAL_SCRIPT_PATH")" REAL_SCRIPT_PATH="$(cd "$(dirname "$SCRIPT_PATH")" && cd "$(dirname "$REAL_SCRIPT_PATH")" && pwd)/$(basename "$REAL_SCRIPT_PATH")"
fi fi
SCRIPT_DIR="$(cd "$(dirname "$REAL_SCRIPT_PATH")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "$REAL_SCRIPT_PATH")" && pwd)"
@@ -18,47 +15,41 @@ else
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
fi fi
# Try bundled binary first (self-contained), then development build, then system installation # Candidate paths (bundled first, then dev, then fallback)
# Prioritize MacOS directory where binary and libraries are together candidate_paths=(
if [[ -f "$SCRIPT_DIR/fido2-token2" ]]; then "$SCRIPT_DIR/fido2-token2"
FIDO2_TOKEN_CMD="$SCRIPT_DIR/fido2-token2" "$SCRIPT_DIR/../Frameworks/fido2-token2"
echo "[INFO] Using bundled fido2-token2 binary from MacOS directory" "$SCRIPT_DIR/../MacOS/fido2-token2"
elif [[ -f "$SCRIPT_DIR/../Frameworks/fido2-token2" ]]; then "$SCRIPT_DIR/../Resources/fido2-token2"
FIDO2_TOKEN_CMD="$SCRIPT_DIR/../Frameworks/fido2-token2" "$SCRIPT_DIR/Contents/MacOS/fido2-token2"
echo "[INFO] Using bundled fido2-token2 binary from Frameworks" "$SCRIPT_DIR/Contents/Frameworks/fido2-token2"
elif [[ -f "$SCRIPT_DIR/../tools/fido2-token2" ]]; then "$(dirname "$SCRIPT_DIR")/fido2-token2"
FIDO2_TOKEN_CMD="$SCRIPT_DIR/../tools/fido2-token2" "$(dirname "$SCRIPT_DIR")/MacOS/fido2-token2"
echo "[INFO] Using development build fido2-token2 binary" "$(dirname "$SCRIPT_DIR")/Frameworks/fido2-token2"
elif [[ -f "$SCRIPT_DIR/build/tools/fido2-token2" ]]; then "$SCRIPT_DIR/build/staging/fido2-token2"
FIDO2_TOKEN_CMD="$SCRIPT_DIR/build/tools/fido2-token2" "$SCRIPT_DIR/staging/fido2-token2"
echo "[INFO] Using development build fido2-token2 binary" "$SCRIPT_DIR/build/tools/fido2-token2"
else "$SCRIPT_DIR/tools/fido2-token2"
# Look in common bundle locations )
for bundle_path in \
"$SCRIPT_DIR/../Frameworks/fido2-token2" \ FIDO2_TOKEN_CMD=""
"$SCRIPT_DIR/../MacOS/fido2-token2" \ for path in "${candidate_paths[@]}"; do
"$SCRIPT_DIR/../Resources/fido2-token2" \ if [[ -f "$path" ]]; then
"$(dirname "$SCRIPT_DIR")/fido2-token2" \ FIDO2_TOKEN_CMD="$path"
"$(dirname "$SCRIPT_DIR")/Frameworks/fido2-token2"; do echo "[INFO] Using fido2-token2 binary at $path"
if [[ -f "$bundle_path" ]]; then
FIDO2_TOKEN_CMD="$bundle_path"
echo "[INFO] Using bundled fido2-token2 binary at $bundle_path"
break break
fi fi
done done
# Skip system installation fallback when called via CLI installer # Fallback to PATH if nothing found
# (This prevents using the broken system binary with Homebrew dependencies)
# Default fallback
if [[ -z "$FIDO2_TOKEN_CMD" ]]; then if [[ -z "$FIDO2_TOKEN_CMD" ]]; then
FIDO2_TOKEN_CMD="fido2-token2" FIDO2_TOKEN_CMD="fido2-token2"
echo "[WARNING] fido2-token2 binary not found - using PATH lookup" echo "[WARNING] fido2-token2 binary not found in bundle/dev paths - using PATH lookup"
fi
fi fi
echo "[INFO] FIDO2_TOKEN_CMD set to: $FIDO2_TOKEN_CMD" echo "[INFO] FIDO2_TOKEN_CMD set to: $FIDO2_TOKEN_CMD"
list=false list=false
info=false info=false
device="" device=""
@@ -74,6 +65,8 @@ reset=false
uvs=false uvs=false
uvd=false uvd=false
fingerprint=false fingerprint=false
forcePINchange=false
setMinimumPIN=""
help=false help=false
show_message() { show_message() {
@@ -99,6 +92,8 @@ while [[ "$#" -gt 0 ]]; do
-reset) reset=true ;; -reset) reset=true ;;
-uvs) uvs=true ;; -uvs) uvs=true ;;
-uvd) uvd=true ;; -uvd) uvd=true ;;
-forcePINchange) forcePINchange=true ;;
-setMinimumPIN) setMinimumPIN="$2"; shift ;;
-help) help=true ;; -help) help=true ;;
*) show_message "Unknown parameter: $1" "Error"; exit 1 ;; *) show_message "Unknown parameter: $1" "Error"; exit 1 ;;
esac esac
@@ -110,12 +105,12 @@ done
show_help() { show_help() {
cat << EOF cat << EOF
FIDO2 Token Management Tool FIDO2 Token Management Tool
v 0.2.2 v 0.2.3
This is a wrapper for libfido2 library - modified for macOS This is a wrapper for libfido2 library - modified for macOS
(c) Token2 Sarl (c) Token2 Sarl
Usage: fido2-manage [-list] [-info -device <number>] [-storage -device <number>] [-residentKeys -device <number> -domain <domain>] [-uvs] [-uvd] [-delete -device <number> -credential <credential>] [-help] Usage: fido2-manage [-list] [-info -device <number>] [-storage -device <number>] [-residentKeys -device <number> -domain <domain>] [-uvs] [-uvd] [-delete -device <number> -credential <credential>] [-forcePINchange -device <number>] [-setMinimumPIN <min> -device <number>] [-help]
Examples: Examples:
- List available devices: - List available devices:
@@ -139,7 +134,13 @@ Examples:
- Sets PIN of a specific device: - Sets PIN of a specific device:
fido2-manage -setPIN -device 1 fido2-manage -setPIN -device 1
- Enrolls a fingerprint to a specific device (biometric models only, simplified method - does not allow deleting fingerprints): - Force user to change PIN on next use:
fido2-manage -forcePINchange -device 1
- Set minimum PIN length to 8 characters:
fido2-manage -setMinimumPIN 8 -device 1
- Enroll a fingerprint to a specific device (biometric models only, simplified method - does not allow deleting fingerprints):
fido2-manage -fingerprint -device 1 fido2-manage -fingerprint -device 1
- Perform a factory reset on a specific device: - Perform a factory reset on a specific device:
@@ -163,7 +164,7 @@ if $help; then
fi fi
# Check if no arguments are specified, then show help # Check if no arguments are specified, then show help
if ! $list && ! $info && [[ -z $device ]] && ! $fingerprint && ! $storage && ! $residentKeys && [[ -z $domain ]] && ! $delete && [[ -z $credential ]] && ! $changePIN && ! $setPIN && ! $reset && ! $uvs && ! $uvd && ! $help; then if ! $list && ! $info && [[ -z $device ]] && ! $fingerprint && ! $storage && ! $residentKeys && [[ -z $domain ]] && ! $delete && [[ -z $credential ]] && ! $changePIN && ! $setPIN && ! $reset && ! $uvs && ! $uvd && ! $forcePINchange && [[ -z $setMinimumPIN ]] && ! $help; then
show_help show_help
exit 1 exit 1
fi fi
@@ -179,9 +180,7 @@ if $list; then
echo "$command_output" | while read -r line; do echo "$command_output" | while read -r line; do
if [[ $line =~ ^([^:]+) ]]; then if [[ $line =~ ^([^:]+) ]]; then
echo "Device [$device_count] : $(echo "${line}" | grep -o '([^)]*)' | sed 's/[()]//g')" echo "Device [$device_count] : $(echo "${line}" | grep -o '([^)]*)' | sed 's/[()]//g')"
device_count=$((device_count + 1)) device_count=$((device_count + 1))
fi fi
done done
@@ -199,9 +198,7 @@ if [[ -n $device ]]; then
if [[ $command_output =~ pcsc://slot0: ]]; then if [[ $command_output =~ pcsc://slot0: ]]; then
device_string="pcsc://slot0" device_string="pcsc://slot0"
else else
#device_string=$(echo "$command_output" | sed -n "$((device_index + 1))p" | cut -d ':' -f 1)
device_string=$(echo "$command_output" | sed -n "$((device_index + 1))p" | awk -F':' '{print $1":"$2}') device_string=$(echo "$command_output" | sed -n "$((device_index + 1))p" | awk -F':' '{print $1":"$2}')
fi fi
if $reset; then if $reset; then
@@ -257,6 +254,18 @@ fi
exit 0 exit 0
fi fi
if $forcePINchange; then
show_message "Forcing PIN change on device $device"
"$FIDO2_TOKEN_CMD" -S -f "$device_string"
exit 0
fi
if [[ -n $setMinimumPIN ]]; then
show_message "Setting minimum PIN length to $setMinimumPIN on device $device"
"$FIDO2_TOKEN_CMD" -S -l "$setMinimumPIN" "$device_string"
exit 0
fi
if $setPIN; then if $setPIN; then
show_message "Enter and confirm the PIN as prompted below." show_message "Enter and confirm the PIN as prompted below."
"$FIDO2_TOKEN_CMD" -S "$device_string" "$FIDO2_TOKEN_CMD" -S "$device_string"
@@ -283,20 +292,16 @@ echo "Enrolling fingerprints (for bio models only)"
"$FIDO2_TOKEN_CMD" $pin_option -S -e "$device_string" "$FIDO2_TOKEN_CMD" $pin_option -S -e "$device_string"
exit 0 exit 0
fi fi
# Main logic # Main logic
if $storage; then if $storage; then
"$FIDO2_TOKEN_CMD" -I -c $pin_option "$device_string" "$FIDO2_TOKEN_CMD" -I -c $pin_option "$device_string"
exit 0 exit 0
elif $residentKeys; then elif $residentKeys; then
if [[ -n $domain ]]; then if [[ -n $domain ]]; then
domain_command="\"$FIDO2_TOKEN_CMD\" -L -k \"$domain\" $pin_option \"$device_string\"" domain_command="\"$FIDO2_TOKEN_CMD\" -L -k \"$domain\" $pin_option \"$device_string\""
#echo $domain_command
domain_output=$(eval $domain_command) domain_output=$(eval $domain_command)
# Process the output line by line
echo "$domain_output" | while read -r line; do echo "$domain_output" | while read -r line; do
key_id=$(echo "$line" | awk '{print $1}') key_id=$(echo "$line" | awk '{print $1}')
credential_id=$(echo "$line" | awk '{print $2}') credential_id=$(echo "$line" | awk '{print $2}')
@@ -307,7 +312,6 @@ elif $residentKeys; then
user_field="" user_field=""
fi fi
# Determine if user_field is an email
if [[ "$user_field" == *"@"* ]]; then if [[ "$user_field" == *"@"* ]]; then
email=$user_field email=$user_field
user="" user=""
@@ -324,12 +328,10 @@ elif $residentKeys; then
exit 0 exit 0
fi fi
if $info; then if $info; then
command_output=$("$FIDO2_TOKEN_CMD" -I "$device_string") command_output=$("$FIDO2_TOKEN_CMD" -I "$device_string")
show_message "Device $device Information:" show_message "Device $device Information:"
echo "$command_output" echo "$command_output"
exit 0 exit 0
fi fi
fi fi