feat: piv-summary
This commit is contained in:
@@ -10,11 +10,15 @@ use yubikey::piv::{metadata, SlotId};
|
|||||||
|
|
||||||
use crate::pivutil::{get_algorithm_id, ToStr};
|
use crate::pivutil::{get_algorithm_id, ToStr};
|
||||||
|
|
||||||
|
const NA: &str = "N/A";
|
||||||
|
|
||||||
#[derive(Tabled)]
|
#[derive(Tabled)]
|
||||||
struct PivSlot {
|
struct PivSlot {
|
||||||
name: String,
|
name: String,
|
||||||
id: String,
|
id: String,
|
||||||
algorithm: String,
|
algorithm: String,
|
||||||
|
origin: String,
|
||||||
|
retries: String,
|
||||||
subject: String,
|
subject: String,
|
||||||
pin_policy: String,
|
pin_policy: String,
|
||||||
touch_policy: String,
|
touch_policy: String,
|
||||||
@@ -75,12 +79,20 @@ impl Command for CommandImpl {
|
|||||||
|
|
||||||
fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<PivSlot>, show_all: bool, show_table: bool) -> XResult<()> {
|
fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<PivSlot>, show_all: bool, show_table: bool) -> XResult<()> {
|
||||||
let slot_id: u8 = slot.into();
|
let slot_id: u8 = slot.into();
|
||||||
let mut pin_policy = Some("N/A".to_string());
|
let mut origin = NA.to_string();
|
||||||
let mut touch_policy = Some("N/A".to_string());
|
let mut retries = NA.to_string();
|
||||||
|
let mut pin_policy = NA.to_string();
|
||||||
|
let mut touch_policy = NA.to_string();
|
||||||
if let Ok(metadata) = metadata(yubikey, slot) {
|
if let Ok(metadata) = metadata(yubikey, slot) {
|
||||||
if let Some((p_policy, t_policy)) = &metadata.policy {
|
if let Some((p_policy, t_policy)) = &metadata.policy {
|
||||||
pin_policy = Some(p_policy.to_str().to_string());
|
pin_policy = p_policy.to_str().to_string();
|
||||||
touch_policy = Some(t_policy.to_str().to_string());
|
touch_policy = t_policy.to_str().to_string();
|
||||||
|
}
|
||||||
|
if let Some(o) = &metadata.origin {
|
||||||
|
origin = o.to_str().to_string();
|
||||||
|
}
|
||||||
|
if let Some(r) = &metadata.retries {
|
||||||
|
retries = format!("{}/{}", r.retry_count, r.remaining_count);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
let cert = match Certificate::read(yubikey, slot) {
|
let cert = match Certificate::read(yubikey, slot) {
|
||||||
@@ -91,10 +103,12 @@ fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<P
|
|||||||
piv_slots.push(PivSlot {
|
piv_slots.push(PivSlot {
|
||||||
name: slot.to_string(),
|
name: slot.to_string(),
|
||||||
id: format!("{:x}", slot_id),
|
id: format!("{:x}", slot_id),
|
||||||
algorithm: "N/A".to_string(),
|
algorithm: NA.to_string(),
|
||||||
subject: "N/A".to_string(),
|
origin: origin.to_string(),
|
||||||
pin_policy: pin_policy.as_ref().unwrap().to_string(),
|
retries: retries.to_string(),
|
||||||
touch_policy: touch_policy.as_ref().unwrap().to_string(),
|
subject: NA.to_string(),
|
||||||
|
pin_policy: pin_policy.to_string(),
|
||||||
|
touch_policy: touch_policy.to_string(),
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
warning!("Slot: {:?}, id: {:x}, certificate not found", slot, slot_id);
|
warning!("Slot: {:?}, id: {:x}, certificate not found", slot, slot_id);
|
||||||
@@ -116,18 +130,21 @@ fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<P
|
|||||||
name: slot.to_string(),
|
name: slot.to_string(),
|
||||||
id: format!("{:x}", slot_id),
|
id: format!("{:x}", slot_id),
|
||||||
algorithm: algorithm_id,
|
algorithm: algorithm_id,
|
||||||
|
origin: origin.to_string(),
|
||||||
|
retries: retries.to_string(),
|
||||||
subject: cert_subject,
|
subject: cert_subject,
|
||||||
pin_policy: pin_policy.as_ref().unwrap().to_string(),
|
pin_policy: pin_policy.to_string(),
|
||||||
touch_policy: touch_policy.as_ref().unwrap().to_string(),
|
touch_policy: touch_policy.to_string(),
|
||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
success!("Slot: {:x}, algorithm: {}, name: {:?}, subject: {}, pin policy: {}, touch policy: {}",
|
success!("Slot: {:x}, algorithm: {}, name: {:?}, origin: {}, subject: {}, pin policy: {}, touch policy: {}",
|
||||||
slot_id,
|
slot_id,
|
||||||
algorithm_id,
|
algorithm_id,
|
||||||
slot,
|
slot,
|
||||||
cert_subject,
|
&origin,
|
||||||
pin_policy.as_ref().unwrap(),
|
&cert_subject,
|
||||||
touch_policy.as_ref().unwrap(),
|
&pin_policy,
|
||||||
|
&touch_policy,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -4,7 +4,7 @@ use spki::der::{Decode, Encode};
|
|||||||
use x509_parser::prelude::FromDer;
|
use x509_parser::prelude::FromDer;
|
||||||
use x509_parser::public_key::RSAPublicKey;
|
use x509_parser::public_key::RSAPublicKey;
|
||||||
use yubikey::{PinPolicy, TouchPolicy};
|
use yubikey::{PinPolicy, TouchPolicy};
|
||||||
use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, RetiredSlotId};
|
use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, Origin, RetiredSlotId};
|
||||||
use yubikey::piv::SlotId;
|
use yubikey::piv::SlotId;
|
||||||
|
|
||||||
const RSA: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1");
|
const RSA: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1");
|
||||||
@@ -67,6 +67,15 @@ impl ToStr for ManagementAlgorithmId {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
impl ToStr for Origin {
|
||||||
|
fn to_str(&self) -> &str {
|
||||||
|
match self {
|
||||||
|
Origin::Imported => "imported",
|
||||||
|
Origin::Generated => "generated",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
pub fn get_algorithm_id(public_key_info: &SubjectPublicKeyInfoOwned) -> XResult<AlgorithmId> {
|
pub fn get_algorithm_id(public_key_info: &SubjectPublicKeyInfoOwned) -> XResult<AlgorithmId> {
|
||||||
if public_key_info.algorithm.oid == RSA {
|
if public_key_info.algorithm.oid == RSA {
|
||||||
let rsa_public_key = opt_result!(
|
let rsa_public_key = opt_result!(
|
||||||
|
|||||||
Reference in New Issue
Block a user