feat: update parse_ecdsa_private_key

src/cmd_external_sign.rs

@@ -10,6 +10,7 @@ use rust_util::XResult;
 use serde_json::Value;
 use std::collections::BTreeMap;
 use yubikey::piv::{sign_data, AlgorithmId};
+use crate::cmd_sign_jwt_soft::parse_ecdsa_private_key;
 
 pub struct CommandImpl;
 
@@ -70,14 +71,14 @@ fn sign(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
             // FIXME Check Yubikey slot algorithm
             let jwt_algorithm = get_jwt_algorithm(&key, alg)?;
 
-            let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &message_bytes)?;
-
             if let Some(pin) = pin_opt {
                 opt_result!(
                     yk.verify_pin(pin.as_bytes()),
                     "YubiKey verify pin failed: {}"
                 );
             }
+
+            let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &message_bytes)?;
             let signed_data = opt_result!(
                 sign_data(&mut yk, &raw_in, key.algorithm, key.slot),
                 "Sign YubiKey failed: {}"
@@ -86,24 +87,14 @@ fn sign(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
         }
         KeyUri::YubikeyHmacEncSoftKey(key) => {
             let private_key = hmacutil::try_hmac_decrypt_to_string(&key.hmac_enc_private_key)?;
-
+            let (jwt_algorithm, private_key_d) = parse_ecdsa_private_key(&private_key)?;
-            let p256_private_key_d = ecdsautil::parse_p256_private_key(&private_key).ok();
-            let p384_private_key_d = ecdsautil::parse_p384_private_key(&private_key).ok();
-
-            let (jwt_algorithm, private_key_d) = match (p256_private_key_d, p384_private_key_d) {
-                (Some(p256_private_key_d), None) => (AlgorithmType::Es256, p256_private_key_d),
-                (None, Some(p384_private_key_d)) => (AlgorithmType::Es384, p384_private_key_d),
-                _ => return simple_error!("Invalid private key: {}", private_key),
-            };
 
             let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &message_bytes)?;
-
             let signed_data = match jwt_algorithm {
                 AlgorithmType::Es256 => ecdsautil::sign_p256_der(&private_key_d, &raw_in)?,
                 AlgorithmType::Es384 => ecdsautil::sign_p384_der(&private_key_d, &raw_in)?,
                 _ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm),
             };
-
             Ok(signed_data)
         }
     }

src/cmd_sign_jwt_soft.rs

@@ -65,14 +65,7 @@ fn sign_jwt(
     payload: &Option<String>,
     claims: &Map<String, Value>,
 ) -> XResult<String> {
-    let p256_private_key_d = ecdsautil::parse_p256_private_key(private_key).ok();
+    let (jwt_algorithm, private_key_d) = parse_ecdsa_private_key(private_key)?;
-    let p384_private_key_d = ecdsautil::parse_p384_private_key(private_key).ok();
-
-    let (jwt_algorithm, private_key_d) = match (p256_private_key_d, p384_private_key_d) {
-        (Some(p256_private_key_d), None) => (AlgorithmType::Es256, p256_private_key_d),
-        (None, Some(p384_private_key_d)) => (AlgorithmType::Es384, p384_private_key_d),
-        _ => return simple_error!("Invalid private key: {}", private_key),
-    };
 
     header.algorithm = jwt_algorithm;
     debugging!("Header: {:?}", header);
@@ -94,3 +87,15 @@ fn sign_jwt(
 
     Ok([&*header, &*claims, &signature].join(SEPARATOR))
 }
+
+pub fn parse_ecdsa_private_key(private_key: &str) -> XResult<(AlgorithmType, Vec<u8>)> {
+    let p256_private_key_d = ecdsautil::parse_p256_private_key(private_key).ok();
+    let p384_private_key_d = ecdsautil::parse_p384_private_key(private_key).ok();
+
+    let (jwt_algorithm, private_key_d) = match (p256_private_key_d, p384_private_key_d) {
+        (Some(p256_private_key_d), None) => (AlgorithmType::Es256, p256_private_key_d),
+        (None, Some(p384_private_key_d)) => (AlgorithmType::Es384, p384_private_key_d),
+        _ => return simple_error!("Invalid private key: {}", private_key),
+    };
+    Ok((jwt_algorithm, private_key_d))
+}