Improved Management application documentation.

Yubico · Jun 5, 2024 · 5c021dc · 5c021dc
1 parent 3fbbdee
commit 5c021dc
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 11 deletions.
diff --git a/YubiKit/YubiKit/Management/DeviceConfig.swift b/YubiKit/YubiKit/Management/DeviceConfig.swift
@@ -18,9 +18,20 @@ import CryptoTokenKit
 /// Describes the configuration of a YubiKey which can be altered via the Management application.
 public struct DeviceConfig {
 
+    /// The timeout used when in CCID-only mode with flag eject enabled.
     public let autoEjectTimeout: TimeInterval?
+
+    /// The timeout value used by the YubiOTP application when waiting for a user presence check (physical touch).
     public let challengeResponseTimeout: TimeInterval?
+
+    /// The device flags that are set.
     public let deviceFlags: UInt8?
+
+    /// The currently enabled capabilities for a given ``DeviceTransport``. The enabled capabilities are represented as
+    /// ``Capability`` bits being set (1) or not (0).
+    ///
+    ///>Note: This method will return null if the given transport is not supported by the YubiKey, OR if the enabled
+    /// capabilities state isn't readable. The YubiKey 4 series, for example, does not return enabled-status for USB
     public let enabledCapabilities: [DeviceTransport: UInt]
     public let isNFCRestricted: Bool?
 

diff --git a/YubiKit/YubiKit/Management/DeviceInfo.swift b/YubiKit/YubiKit/Management/DeviceInfo.swift
@@ -61,26 +61,25 @@ stmVersion: \(String(describing: stmVersion))
 """
     }
 
-    /// Returns the serial number of the YubiKey, if available.
+    /// The serial number of the YubiKey, if available.
     ///
     /// The serial number can be read if the YubiKey has a serial number, and one of the YubiOTP slots
     /// is configured with the SERIAL_API_VISIBLE flag.
     public let serialNumber: UInt
-    /// Returns the version number of the YubiKey firmware.
+    /// The version number of the YubiKey firmware.
     public let version: Version
-    /// Returns the form factor of the YubiKey.
+    /// the form factor of the YubiKey.
     public let formFactor: FormFactor
-
+    /// The part number of the YubiKey.
     public let partNumber: String?
-
+    /// FIPS capable flags.
     public let isFIPSCapable: UInt
-
+    /// FIPS approved flags.
     public let isFIPSApproved: UInt
-
+    /// The FPS version.
     public let fpsVersion: Version?
-
+    /// The STM version
     public let stmVersion: Version?
-
     /// Returns the supported (not necessarily enabled) capabilities for a given transport.
     public let supportedCapabilities: [DeviceTransport: UInt]
     /// Returns whether or not a Configuration Lock is set for the Management application on the YubiKey.
@@ -93,7 +92,7 @@ stmVersion: \(String(describing: stmVersion))
     public let config: DeviceConfig
     /// PIN complexity
     public let pinComplexity: Bool
-
+    /// The reset blocked flag.
     public let isResetBlocked: UInt
 
     internal let tagUSBSupported: TKTLVTag = 0x01

diff --git a/YubiKit/YubiKit/Management/ManagementSession.swift b/YubiKit/YubiKit/Management/ManagementSession.swift
@@ -78,6 +78,8 @@ public final actor ManagementSession: Session, InternalSession {
     }
 
     /// Returns the DeviceInfo for the connected YubiKey.
+    ///
+    /// >Note: This functionality requires support for device info available on YubiKey 4.1 or later.
     public func getDeviceInfo() async throws -> DeviceInfo {
         Logger.management.debug("\(String(describing: self).lastComponent), \(#function)")
         guard self.supports(ManagementFeature.deviceInfo) else { throw SessionError.notSupported }
@@ -100,6 +102,16 @@ public final actor ManagementSession: Session, InternalSession {
         return try DeviceInfo(withTlvs: result, fallbackVersion: version)
     }
 
+    /// Write device config to a YubiKey 5 or later.
+    ///
+    /// >Note: This functionality requires support for device config, available on YubiKey 5 or later.
+    /// 
+    /// - Parameters:
+    ///   - config: The device configuration to write.
+    ///   - reboot: If true cause the YubiKey to immediately reboot, applying the new configuration.
+    ///   - lockCode: The current lock code. Required if a configuration lock code is set.
+    ///   - newLockCode: Changes or removes (if 16 byte all-zero) the configuration lock code.
+    ///
     public func updateDeviceConfig(_ config: DeviceConfig, reboot: Bool, lockCode: Data? = nil, newLockCode: Data? = nil) async throws {
         Logger.management.debug("\(String(describing: self).lastComponent), \(#function)")
         guard self.supports(ManagementFeature.deviceConfig) else { throw SessionError.notSupported }

diff --git a/YubiKit/YubiKit/YubiKit.docc/Resources/ManagementSessionExtension.md b/YubiKit/YubiKit/YubiKit.docc/Resources/ManagementSessionExtension.md
@@ -14,6 +14,7 @@
 ### Running commands in the Management application
 
 - ``getDeviceInfo()``
+- ``updateDeviceConfig(_:reboot:lockCode:newLockCode:)``
 - ``isApplicationSupported(_:overTransport:)``
 - ``isApplicationEnabled(_:overTransport:)``
 - ``setEnabled(_:application:overTransport:reboot:)``
@@ -27,7 +28,7 @@
 
 ### Enumerations
 
-- ``ApplicationType``
+- ``Capability``
 - ``DeviceTransport``
 - ``FormFactor``