feat: v1.12.3

src/cmd_external_sign.rs

@@ -10,7 +10,8 @@ use rust_util::XResult;
 use serde_json::Value;
 use std::collections::BTreeMap;
 use yubikey::piv::{sign_data, AlgorithmId};
-use crate::cmd_sign_jwt_soft::parse_ecdsa_private_key;
+use crate::cmd_sign_jwt_soft::{convert_jwt_algorithm_to_ecdsa_algorithm, parse_ecdsa_private_key};
+use crate::ecdsautil::EcdsaSignType;
 
 pub struct CommandImpl;
 
@@ -68,7 +69,7 @@ fn sign(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
             let mut yk = yubikeyutil::open_yubikey_with_args(sub_arg_matches)?;
             let pin_opt = pivutil::check_read_pin(&mut yk, key.slot, sub_arg_matches);
 
-            // FIXME Check Yubikey slot algorithm
+            // FIXME Check YubiKey slot algorithm
             let jwt_algorithm = get_jwt_algorithm(&key, alg)?;
 
             if let Some(pin) = pin_opt {
@@ -90,11 +91,9 @@ fn sign(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
             let (jwt_algorithm, private_key_d) = parse_ecdsa_private_key(&private_key)?;
 
             let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &message_bytes)?;
-            let signed_data = match jwt_algorithm {
-                AlgorithmType::Es256 => ecdsautil::sign_p256_der(&private_key_d, &raw_in)?,
-                AlgorithmType::Es384 => ecdsautil::sign_p384_der(&private_key_d, &raw_in)?,
-                _ => return simple_error!("SHOULD NOT HAPPEN: {:?}", jwt_algorithm),
-            };
+            let ecdsa_algorithm = convert_jwt_algorithm_to_ecdsa_algorithm(jwt_algorithm)?;
+            let signed_data = ecdsautil::ecdsa_sign(ecdsa_algorithm, &private_key_d, &raw_in, EcdsaSignType::Der)?;
+
             Ok(signed_data)
         }
     }