feat: add pgp card admin

2022-03-27 15:11:11 +08:00
parent 03dfbe40d8
commit 4804f30b69
7 changed files with 83 additions and 53 deletions
--- a/src/pgpcardutil.rs
+++ b/src/pgpcardutil.rs
@@ -1,37 +1,43 @@
-use openpgp_card::{OpenPGPCard, OpenPGPCardUser};
+use openpgp_card::{OpenPGPCard, OpenPGPCardAdmin, OpenPGPCardUser};
 use rust_util::XResult;

-pub fn get_card_user_sw1_81(pass: &str) -> XResult<OpenPGPCardUser> {
-    match OpenPGPCard::list_cards() {
-        Ok(list) => {
-            // pw1_81 for signature
-            // openssl dgst -sha256 -verify aa -signature sig LICENSE
-            if list.is_empty() {
-                return simple_error!("Cannot find any card");
-            }
-            match list.into_iter().next().unwrap().verify_pw1_81(pass) {
-                Result::Ok(user) => Ok(user),
-                Result::Err(_) => simple_error!("Verify pw1_81 OpenPGP card failed"),
-            }
-        }
-        Err(e) => simple_error!("Read OpenPGP card failed: {}", e),
+pub fn get_card_user_sw1_81(pin: &str) -> XResult<OpenPGPCardUser> {
+    // pw1_81 for signature
+    // openssl dgst -sha256 -verify aa -signature sig LICENSE
+    get_card_user(|open_pgp_card: OpenPGPCard| open_pgp_card.verify_pw1_81(pin), "pw1_81")
+}
+
+pub fn get_card_user_sw1_82(pin: &str) -> XResult<OpenPGPCardUser> {
+    // pw1_82 for decrypt
+    // PKCSv1.5
+    get_card_user(|open_pgp_card: OpenPGPCard| open_pgp_card.verify_pw1_82(pin), "pw1_82")
+}
+
+pub fn get_card_admin(pin: &str) -> XResult<OpenPGPCardAdmin> {
+    let card = get_card()?;
+    match card.verify_pw3(pin) {
+        Result::Ok(admin) => Ok(admin),
+        Result::Err(_) => simple_error!("Verify pw3 OpenPGP card failed"),
    }
 }

-pub fn get_card_user_sw1_82(pass: &str) -> XResult<OpenPGPCardUser> {
-    match OpenPGPCard::list_cards() {
-        Ok(list) => {
-            // pw1_82 for decrypt
-            // PKCSv1.5
-            if list.is_empty() {
-                return simple_error!("Cannot find any card");
-            }
-            match list.into_iter().next().unwrap().verify_pw1_82(pass) {
-                Result::Ok(user) => Ok(user),
-                Result::Err(_) => simple_error!("Verify pw1_82 OpenPGP card failed"),
-            }
-        }
-        Err(e) => simple_error!("Read OpenPGP card failed: {}", e),
+fn get_card_user(process_fn: impl Fn(OpenPGPCard) -> Result<OpenPGPCardUser, OpenPGPCard>, tag: &str) -> XResult<OpenPGPCardUser> {
+    let card = get_card()?;
+    match process_fn(card) {
+        Result::Ok(user) => Ok(user),
+        Result::Err(_) => simple_error!("Verify {} OpenPGP card failed", tag),
    }
 }

+fn get_card() -> XResult<OpenPGPCard> {
+    let card_list = opt_result!(OpenPGPCard::list_cards(),
+        "Read OpenPGP card list failed: {}");
+    if card_list.is_empty() {
+        return simple_error!("Cannot find any card");
+    }
+    if card_list.len() > 0 {
+        warning!("Find {} OpenPGP cards, will use first card", card_list.len());
+    }
+    Ok(opt_value_result!(card_list.into_iter().next(), "Get first card failed"))
+}
+