feat: v1.4.4, add piv-meta
This commit is contained in:
3
Cargo.lock
generated
3
Cargo.lock
generated
@@ -336,7 +336,7 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "card-cli"
|
||||
version = "1.4.3"
|
||||
version = "1.4.4"
|
||||
dependencies = [
|
||||
"authenticator",
|
||||
"base64 0.13.1",
|
||||
@@ -359,6 +359,7 @@ dependencies = [
|
||||
"sha1",
|
||||
"sha2",
|
||||
"simpledateformat",
|
||||
"spki 0.7.0",
|
||||
"ssh-agent",
|
||||
"u2f",
|
||||
"x509",
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "card-cli"
|
||||
version = "1.4.3"
|
||||
version = "1.4.4"
|
||||
authors = ["Hatter Jiang <jht5945@gmail.com>"]
|
||||
edition = "2018"
|
||||
|
||||
@@ -32,6 +32,7 @@ x509 = "0.2"
|
||||
x509-parser = "0.13"
|
||||
ssh-agent = { version = "0.2", features = ["agent"] }
|
||||
p256 = { version = "0.13.0", features = ["pem", "ecdh"] }
|
||||
spki = { version = "0.7.0", features = ["pem"] }
|
||||
#lazy_static = "1.4.0"
|
||||
#ssh-key = "0.4.0"
|
||||
#ctap-hid-fido2 = "2.1.3"
|
||||
|
||||
151
src/cmd_pivmeta.rs
Normal file
151
src/cmd_pivmeta.rs
Normal file
@@ -0,0 +1,151 @@
|
||||
use std::collections::BTreeMap;
|
||||
use std::str::FromStr;
|
||||
|
||||
use clap::{App, Arg, ArgMatches, SubCommand};
|
||||
use hex::ToHex;
|
||||
use rust_util::util_clap::{Command, CommandError};
|
||||
use rust_util::util_msg;
|
||||
use rust_util::util_msg::MessageType;
|
||||
use x509::SubjectPublicKeyInfo;
|
||||
use yubikey::{Key, PinPolicy, TouchPolicy, YubiKey};
|
||||
use yubikey::certificate::PublicKeyInfo;
|
||||
use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, metadata, Origin, RetiredSlotId, SlotId};
|
||||
|
||||
pub struct CommandImpl;
|
||||
|
||||
impl Command for CommandImpl {
|
||||
fn name(&self) -> &str { "piv-meta" }
|
||||
|
||||
fn subcommand<'a>(&self) -> App<'a, 'a> {
|
||||
SubCommand::with_name(self.name()).about("PIV meta subcommand")
|
||||
.arg(Arg::with_name("slot").short("s").long("slot").takes_value(true).help("PIV slot, e.g. 82, 83 ..."))
|
||||
.arg(Arg::with_name("json").long("json").help("JSON output"))
|
||||
}
|
||||
|
||||
fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError {
|
||||
let json_output = sub_arg_matches.is_present("json");
|
||||
if json_output { util_msg::set_logger_std_out(false); }
|
||||
|
||||
let mut json = BTreeMap::<&'_ str, String>::new();
|
||||
|
||||
let slot = opt_value_result!(sub_arg_matches.value_of("slot"), "--slot must assigned, e.g. 82, 83 ...");
|
||||
|
||||
let mut yk = opt_result!(YubiKey::open(), "YubiKey not found: {}");
|
||||
|
||||
let retired_slot_id = opt_result!(RetiredSlotId::from_str(slot), "Slot not found: {}");
|
||||
debugging!("Slot id: {}", retired_slot_id);
|
||||
let slot_id = SlotId::Retired(retired_slot_id);
|
||||
|
||||
json.insert("slot", slot.to_string());
|
||||
if let Ok(meta) = metadata(&mut yk, slot_id) {
|
||||
debugging!("PIV meta: {:?}", meta);
|
||||
let algorithm_str = match meta.algorithm {
|
||||
ManagementAlgorithmId::PinPuk => "pin_puk",
|
||||
ManagementAlgorithmId::ThreeDes => "three_des",
|
||||
ManagementAlgorithmId::Asymmetric(AlgorithmId::Rsa1024) => "rsa1024",
|
||||
ManagementAlgorithmId::Asymmetric(AlgorithmId::Rsa2048) => "rsa2048",
|
||||
ManagementAlgorithmId::Asymmetric(AlgorithmId::EccP256) => "p256",
|
||||
ManagementAlgorithmId::Asymmetric(AlgorithmId::EccP384) => "p384",
|
||||
};
|
||||
if json_output {
|
||||
json.insert("algorithm", algorithm_str.to_string());
|
||||
} else {
|
||||
information!("Algorithm: {}", algorithm_str);
|
||||
}
|
||||
|
||||
if let Some((pin_policy, touch_policy)) = meta.policy {
|
||||
let pin_policy_str = match pin_policy {
|
||||
PinPolicy::Default => "default",
|
||||
PinPolicy::Never => "never",
|
||||
PinPolicy::Once => "once",
|
||||
PinPolicy::Always => "always",
|
||||
};
|
||||
let touch_policy_str = match touch_policy {
|
||||
TouchPolicy::Default => "default",
|
||||
TouchPolicy::Never => "never",
|
||||
TouchPolicy::Always => "always",
|
||||
TouchPolicy::Cached => "cached",
|
||||
};
|
||||
if json_output {
|
||||
json.insert("pin_policy", pin_policy_str.to_string());
|
||||
json.insert("touch_policy", touch_policy_str.to_string());
|
||||
} else {
|
||||
information!("PIN policy: {}", pin_policy_str);
|
||||
information!("Touch policy: {}", touch_policy_str);
|
||||
}
|
||||
}
|
||||
|
||||
let origin_str = match meta.origin {
|
||||
None => "none",
|
||||
Some(Origin::Imported) => "imported",
|
||||
Some(Origin::Generated) => "generated",
|
||||
};
|
||||
if json_output {
|
||||
json.insert("origin", origin_str.to_string());
|
||||
} else {
|
||||
information!("Origin: {}", origin_str);
|
||||
}
|
||||
|
||||
if let Some(public_key) = &meta.public {
|
||||
match public_key {
|
||||
PublicKeyInfo::Rsa { algorithm, pubkey } => {
|
||||
failure_and_exit!("RSA not supported, {:?}, {:?}", algorithm, pubkey);
|
||||
}
|
||||
PublicKeyInfo::EcP256(pubkey) => {
|
||||
if json_output {
|
||||
json.insert("pk_point_hex", hex::encode(pubkey.as_bytes()));
|
||||
} else {
|
||||
information!("EC-P256, {}", hex::encode(pubkey.as_bytes()));
|
||||
}
|
||||
}
|
||||
PublicKeyInfo::EcP384(pubkey) => {
|
||||
if json_output {
|
||||
json.insert("pk_point_hex", hex::encode(pubkey.as_bytes()));
|
||||
} else {
|
||||
information!("EC-P384, {}", hex::encode(pubkey.as_bytes()));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} else {
|
||||
warning!("Get slot: {} meta data failed", slot);
|
||||
}
|
||||
|
||||
match Key::list(&mut yk) {
|
||||
Err(e) => warning!("List keys failed: {}", e),
|
||||
Ok(keys) => for k in &keys {
|
||||
let slot_str = format!("{:x}", Into::<u8>::into(k.slot()));
|
||||
if slot_str == slot {
|
||||
if !json.contains_key("pk_point_hex") {
|
||||
let public_key_hex = &k.certificate().subject_pki().public_key();
|
||||
json.insert("pk_point_hex", hex::encode(&public_key_hex));
|
||||
let algorithm_str = match k.certificate().subject_pki().algorithm() {
|
||||
AlgorithmId::Rsa1024 => "rsa1024",
|
||||
AlgorithmId::Rsa2048 => "rsa2048",
|
||||
AlgorithmId::EccP256 => "p256",
|
||||
AlgorithmId::EccP384 => "p384",
|
||||
};
|
||||
json.insert("algorithm", algorithm_str.to_string());
|
||||
}
|
||||
json.insert("subject", k.certificate().subject().to_string());
|
||||
json.insert("issuer", k.certificate().issuer().to_string());
|
||||
json.insert("serial", k.certificate().serial().to_string());
|
||||
json.insert("certificate_hex", k.certificate().encode_hex::<String>());
|
||||
} else {
|
||||
util_msg::when(MessageType::DEBUG, || {
|
||||
debugging!("Slot: {:x}", Into::<u8>::into(k.slot()));
|
||||
let cert_hex = k.certificate().encode_hex::<String>();
|
||||
let public_key_hex = &k.certificate().subject_pki().public_key();
|
||||
debugging!("Certificate: {}", &cert_hex);
|
||||
debugging!("Public key: {}", hex::encode(&public_key_hex));
|
||||
});
|
||||
}
|
||||
},
|
||||
}
|
||||
|
||||
if json_output {
|
||||
println!("{}", serde_json::to_string_pretty(&json).unwrap());
|
||||
}
|
||||
Ok(None)
|
||||
}
|
||||
}
|
||||
@@ -23,6 +23,7 @@ mod cmd_pgpcardsign;
|
||||
mod cmd_pgpcarddecrypt;
|
||||
mod cmd_pgpcardmake;
|
||||
mod cmd_piv;
|
||||
mod cmd_pivmeta;
|
||||
mod cmd_pivsign;
|
||||
mod cmd_pivecdh;
|
||||
mod cmd_pivdecrypt;
|
||||
@@ -66,6 +67,7 @@ fn inner_main() -> CommandError {
|
||||
Box::new(cmd_pgpcarddecrypt::CommandImpl),
|
||||
Box::new(cmd_pgpcardmake::CommandImpl),
|
||||
Box::new(cmd_piv::CommandImpl),
|
||||
Box::new(cmd_pivmeta::CommandImpl),
|
||||
Box::new(cmd_pivsign::CommandImpl),
|
||||
Box::new(cmd_pivecdh::CommandImpl),
|
||||
Box::new(cmd_pivdecrypt::CommandImpl),
|
||||
|
||||
Reference in New Issue
Block a user