From 1d0fe631a2943b85b66951c74577822ad3a277ea Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Thu, 5 Oct 2023 21:56:48 +0800
Subject: [PATCH] feat: piv-summary

---
 src/cmd_pivsummary.rs | 45 +++++++++++++++++++++++++++++--------------
 src/pivutil.rs        | 11 ++++++++++-
 2 files changed, 41 insertions(+), 15 deletions(-)

diff --git a/src/cmd_pivsummary.rs b/src/cmd_pivsummary.rs
index da4b79a..474a3b7 100644
--- a/src/cmd_pivsummary.rs
+++ b/src/cmd_pivsummary.rs
@@ -10,11 +10,15 @@ use yubikey::piv::{metadata, SlotId};
 
 use crate::pivutil::{get_algorithm_id, ToStr};
 
+const NA: &str = "N/A";
+
 #[derive(Tabled)]
 struct PivSlot {
     name: String,
     id: String,
     algorithm: String,
+    origin: String,
+    retries: String,
     subject: String,
     pin_policy: String,
     touch_policy: String,
@@ -75,12 +79,20 @@ impl Command for CommandImpl {
 
 fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<PivSlot>, show_all: bool, show_table: bool) -> XResult<()> {
     let slot_id: u8 = slot.into();
-    let mut pin_policy = Some("N/A".to_string());
-    let mut touch_policy = Some("N/A".to_string());
+    let mut origin = NA.to_string();
+    let mut retries = NA.to_string();
+    let mut pin_policy = NA.to_string();
+    let mut touch_policy = NA.to_string();
     if let Ok(metadata) = metadata(yubikey, slot) {
         if let Some((p_policy, t_policy)) = &metadata.policy {
-            pin_policy = Some(p_policy.to_str().to_string());
-            touch_policy = Some(t_policy.to_str().to_string());
+            pin_policy = p_policy.to_str().to_string();
+            touch_policy = t_policy.to_str().to_string();
+        }
+        if let Some(o) = &metadata.origin {
+            origin = o.to_str().to_string();
+        }
+        if let Some(r) = &metadata.retries {
+            retries = format!("{}/{}", r.retry_count, r.remaining_count);
         }
     }
     let cert = match Certificate::read(yubikey, slot) {
@@ -91,10 +103,12 @@ fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<P
                     piv_slots.push(PivSlot {
                         name: slot.to_string(),
                         id: format!("{:x}", slot_id),
-                        algorithm: "N/A".to_string(),
-                        subject: "N/A".to_string(),
-                        pin_policy: pin_policy.as_ref().unwrap().to_string(),
-                        touch_policy: touch_policy.as_ref().unwrap().to_string(),
+                        algorithm: NA.to_string(),
+                        origin: origin.to_string(),
+                        retries: retries.to_string(),
+                        subject: NA.to_string(),
+                        pin_policy: pin_policy.to_string(),
+                        touch_policy: touch_policy.to_string(),
                     });
                 } else {
                     warning!("Slot: {:?}, id: {:x}, certificate not found",  slot, slot_id);
@@ -116,18 +130,21 @@ fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<P
             name: slot.to_string(),
             id: format!("{:x}", slot_id),
             algorithm: algorithm_id,
+            origin: origin.to_string(),
+            retries: retries.to_string(),
             subject: cert_subject,
-            pin_policy: pin_policy.as_ref().unwrap().to_string(),
-            touch_policy: touch_policy.as_ref().unwrap().to_string(),
+            pin_policy: pin_policy.to_string(),
+            touch_policy: touch_policy.to_string(),
         });
     } else {
-        success!("Slot: {:x},  algorithm: {}, name: {:?}, subject: {}, pin policy: {}, touch policy: {}",
+        success!("Slot: {:x},  algorithm: {}, name: {:?}, origin: {}, subject: {}, pin policy: {}, touch policy: {}",
             slot_id,
             algorithm_id,
             slot,
-            cert_subject,
-            pin_policy.as_ref().unwrap(),
-            touch_policy.as_ref().unwrap(),
+            &origin,
+            &cert_subject,
+            &pin_policy,
+            &touch_policy,
         );
     }
 
diff --git a/src/pivutil.rs b/src/pivutil.rs
index 12c2ff6..b566415 100644
--- a/src/pivutil.rs
+++ b/src/pivutil.rs
@@ -4,7 +4,7 @@ use spki::der::{Decode, Encode};
 use x509_parser::prelude::FromDer;
 use x509_parser::public_key::RSAPublicKey;
 use yubikey::{PinPolicy, TouchPolicy};
-use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, RetiredSlotId};
+use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, Origin, RetiredSlotId};
 use yubikey::piv::SlotId;
 
 const RSA: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1");
@@ -67,6 +67,15 @@ impl ToStr for ManagementAlgorithmId {
     }
 }
 
+impl ToStr for Origin {
+    fn to_str(&self) -> &str {
+        match self {
+            Origin::Imported => "imported",
+            Origin::Generated => "generated",
+        }
+    }
+}
+
 pub fn get_algorithm_id(public_key_info: &SubjectPublicKeyInfoOwned) -> XResult<AlgorithmId> {
     if public_key_info.algorithm.oid == RSA {
         let rsa_public_key = opt_result!(