From a95fdb5d09588fedcc1c97a43aa6da185d301e39 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Sat, 30 Apr 2022 19:28:36 +0800
Subject: [PATCH] feat: v1.3.2, piv

---
 Cargo.lock     |  2 +-
 Cargo.toml     |  2 +-
 src/cmd_piv.rs |  7 +++++--
 src/pkiutil.rs | 31 +++++++++++++++++++++++++++++++
 4 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index a3f66cb..271d564 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -366,7 +366,7 @@ dependencies = [
 
 [[package]]
 name = "card-cli"
-version = "1.3.1"
+version = "1.3.2"
 dependencies = [
  "authenticator",
  "base64 0.13.0",
diff --git a/Cargo.toml b/Cargo.toml
index a166f65..ccc9bac 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "card-cli"
-version = "1.3.1"
+version = "1.3.2"
 authors = ["Hatter Jiang <jht5945@gmail.com>"]
 edition = "2018"
 
diff --git a/src/cmd_piv.rs b/src/cmd_piv.rs
index c715781..b574e67 100644
--- a/src/cmd_piv.rs
+++ b/src/cmd_piv.rs
@@ -10,7 +10,7 @@ use x509_parser::parse_x509_certificate;
 use yubikey::{Certificate, YubiKey};
 use yubikey::piv::SlotId;
 
-use crate::pkiutil::bytes_to_pem;
+use crate::pkiutil::{bytes_to_pem, get_pki_algorithm};
 
 pub struct CommandImpl;
 
@@ -92,7 +92,10 @@ fn print_cert_info(yubikey: &mut YubiKey, slot: SlotId, detail_output: bool) ->
 
         match parse_x509_certificate(buf) {
             Ok((_rem, cert)) => {
-                information!("Algorithm: {}", cert.tbs_certificate.subject_pki.algorithm.algorithm);
+                debugging!("Algorithm: {:?}", &cert.tbs_certificate.subject_pki.algorithm);
+                information!("Algorithm: {:?}", get_pki_algorithm(&cert.tbs_certificate.subject_pki.algorithm));
+
+                debugging!("Public key: {}", hex::encode(&cert.tbs_certificate.subject_pki.subject_public_key));
 
                 let public_key_fingerprint_sha256 = Sha256::digest(cert.tbs_certificate.subject_pki.raw);
 
diff --git a/src/pkiutil.rs b/src/pkiutil.rs
index 1ac99b4..2dc9aed 100644
--- a/src/pkiutil.rs
+++ b/src/pkiutil.rs
@@ -2,10 +2,41 @@ use openpgp_card::crypto_data::PublicKeyMaterial;
 use openssl::bn::BigNum;
 use openssl::rsa::Rsa;
 use pem::Pem;
+use rust_util::XResult;
 use sequoia_openpgp::crypto::mpi::PublicKey;
+use x509_parser::x509::AlgorithmIdentifier;
 
 use crate::digest::sha256_bytes;
 
+#[derive(Clone, Copy, Debug)]
+pub enum PkiAlgorithm {
+    RSA,
+    P256,
+    P384,
+    P521,
+}
+
+pub fn get_pki_algorithm(algorithm_identifier: &AlgorithmIdentifier) -> XResult<PkiAlgorithm> {
+    let algorithm_id_string = algorithm_identifier.algorithm.to_id_string();
+    if "1.2.840.113549.1.1.1" == algorithm_id_string {
+        return Ok(PkiAlgorithm::RSA);
+    }
+    if "1.2.840.10045.2.1" == algorithm_id_string {
+        if let Some(parameters) = &algorithm_identifier.parameters {
+            if let Ok(content) = parameters.content.as_oid() {
+                let content_id_string = content.to_id_string();
+                return match content_id_string.as_str() {
+                    "1.2.840.10045.3.1.7" => Ok(PkiAlgorithm::P256),
+                    "1.3.132.0.34" => Ok(PkiAlgorithm::P384),
+                    "1.3.132.0.35" => Ok(PkiAlgorithm::P521),
+                    unknown_ec_oid => simple_error!("Unknown EC curve: {}", unknown_ec_oid),
+                };
+            }
+        }
+    }
+    simple_error!("Unknown pki algorithm: {}", algorithm_id_string)
+}
+
 pub fn bytes_to_pem<T>(tag: &str, contents: T) -> String where T: Into<Vec<u8>> {
     let cert_public_key_pem_obj = Pem {
         tag: tag.to_string(),