From 0bc671be7b323ebc116c9fdec486152f5086a29f Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Mon, 9 Jun 2025 22:42:12 +0800
Subject: [PATCH] feat: v1.13.13

---
 Cargo.lock           |  2 +-
 Cargo.toml           |  2 +-
 src/cmd_ssh_agent.rs | 62 ++++++++++++++++++++++----------------------
 3 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index ba4b8da..a23e14e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -519,7 +519,7 @@ dependencies = [
 
 [[package]]
 name = "card-cli"
-version = "1.13.12"
+version = "1.13.13"
 dependencies = [
  "aes-gcm-stream",
  "authenticator 0.3.1",
diff --git a/Cargo.toml b/Cargo.toml
index 875d87c..13654ad 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "card-cli"
-version = "1.13.12"
+version = "1.13.13"
 authors = ["Hatter Jiang <jht5945@gmail.com>"]
 edition = "2018"
 
diff --git a/src/cmd_ssh_agent.rs b/src/cmd_ssh_agent.rs
index f3106ea..01329c5 100644
--- a/src/cmd_ssh_agent.rs
+++ b/src/cmd_ssh_agent.rs
@@ -1,9 +1,8 @@
 use std::fs::remove_file;
 use std::path::PathBuf;
 
-use crate::ecdsautil::{
-    generate_ecdsa_keypair, parse_ec_public_key_to_point, parse_ecdsa_r_and_s, EcdsaAlgorithm,
-};
+use crate::cmdutil;
+use crate::ecdsautil::{parse_ec_public_key_to_point, parse_ecdsa_r_and_s};
 use crate::util::base64_encode;
 use clap::{App, Arg, ArgMatches, SubCommand};
 use rsa::RsaPublicKey;
@@ -23,16 +22,15 @@ use tokio::net::UnixListener as Listener;
 
 #[derive(Default, Clone)]
 struct MySshAgent {
-    private_key_pem: String,
+    parameter: String,
     comment: String,
 }
 
 impl MySshAgent {
-    fn new() -> XResult<Self> {
-        let (_, private_key_pem, _, _, _) = generate_ecdsa_keypair(EcdsaAlgorithm::P256)?;
+    fn new(parameter: &str) -> XResult<Self> {
         Ok(MySshAgent {
-            private_key_pem,
-            comment: "test".to_string(),
+            parameter: parameter.to_string(),
+            comment: parameter.to_string(),
         })
     }
 }
@@ -41,16 +39,12 @@ impl MySshAgent {
 impl Session for MySshAgent {
     async fn request_identities(&mut self) -> Result<Vec<Identity>, AgentError> {
         information!("request_identities");
-        // let p256_private_key_d = ecdsautil::parse_p256_private_key(&self.private_key_pem).unwrap();
-        let public_key_point = hex::decode(
-            "04\
-f17326c188b9d0cffeddd8ff935f24f2074bbef128ac5b04b9cac05de967df5dbfd065698dce3b8c1f451bb9a1593ace\
-13360bbc49c51f5213777fd873932efa44763bfcc1c764b122a8a8977bcb3e0ad099d652e63db1c5a1bda02120a16dc5",
-        )
-        .unwrap();
-        let identity = Identity {
-            pubkey: KeyData::Ecdsa(EcdsaPublicKey::from_sec1_bytes(&public_key_point).unwrap()),
-            comment: "test".to_string(),
+        let identity = match get_identity(&self.parameter, &self.comment) {
+            Ok(identity) => identity,
+            Err(e) => {
+                failure!("Get identity failed: {}", e);
+                return Err(AgentError::Failure);
+            }
         };
         let mut writer = vec![];
         identity.pubkey.encode(&mut writer).unwrap();
@@ -96,7 +90,7 @@ f17326c188b9d0cffeddd8ff935f24f2074bbef128ac5b04b9cac05de967df5dbfd065698dce3b8c
 
         let signature = external_command_rs::external_sign(
             "card-cli",
-            "key://yubikey4-5010220:piv/p384::authentication",
+            self.parameter.as_str(),
             "ES384",
             &request.data,
         )
@@ -123,20 +117,24 @@ f17326c188b9d0cffeddd8ff935f24f2074bbef128ac5b04b9cac05de967df5dbfd065698dce3b8c
     }
 }
 
-fn get_identity(uri: &str) -> XResult<Identity> {
+fn get_identity(uri: &str, comment: &str) -> XResult<Identity> {
     let public_key_bytes = external_command_rs::external_public_key("card-cli", uri)?;
 
-    let ec_point = parse_ec_public_key_to_point(&public_key_bytes).unwrap(); // TODO ...
-    let identity = Identity {
-        pubkey: KeyData::Ecdsa(EcdsaPublicKey::from_sec1_bytes(&ec_point).unwrap()),
-        comment: "test".to_string(),
-    };
+    if let Ok(ec_point) = parse_ec_public_key_to_point(&public_key_bytes) {
+        let identity = Identity {
+            pubkey: KeyData::Ecdsa(EcdsaPublicKey::from_sec1_bytes(&ec_point).unwrap()),
+            comment: comment.to_string(),
+        };
+        return Ok(identity);
+    }
 
-    let rsa_public_key = RsaPublicKey::from_public_key_der(&public_key_bytes).unwrap();
-    let identity = Identity {
-        pubkey: KeyData::Rsa(ssh_key::public::RsaPublicKey::try_from(&rsa_public_key).unwrap()),
-        comment: "test".to_string(),
-    };
+    if let Ok(rsa_public_key) = RsaPublicKey::from_public_key_der(&public_key_bytes) {
+        let identity = Identity {
+            pubkey: KeyData::Rsa(ssh_key::public::RsaPublicKey::try_from(&rsa_public_key).unwrap()),
+            comment: comment.to_string(),
+        };
+        return Ok(identity);
+    }
 
     simple_error!("Unknown uri algorithm: {}", uri)
 }
@@ -157,6 +155,7 @@ impl Command for CommandImpl {
                     .default_value("connect.ssh")
                     .help("Sock file, usage SSH_AUTH_SOCK=sock-file ssh ..."),
             )
+            .arg(cmdutil::build_parameter_arg())
     }
 
     fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
@@ -164,6 +163,7 @@ impl Command for CommandImpl {
 
         debugging!("Sub args: {:?}", sub_arg_matches);
 
+        let parameter = sub_arg_matches.value_of("parameter").unwrap();
         let sock_file = sub_arg_matches.value_of("sock-file").unwrap();
         information!("Sock file: {}", sock_file);
 
@@ -192,7 +192,7 @@ impl Command for CommandImpl {
         rt.block_on(async move {
             listen(
                 Listener::bind(sock_file).unwrap(),
-                MySshAgent::new().unwrap(),
+                MySshAgent::new(parameter).unwrap(),
             )
             .await
             .unwrap();