feat: piv summary
This commit is contained in:
@@ -6,11 +6,11 @@ use rust_util::util_clap::{Command, CommandError};
|
||||
use rust_util::util_msg;
|
||||
use rust_util::util_msg::MessageType;
|
||||
use x509_parser::parse_x509_certificate;
|
||||
use yubikey::{Key, PinPolicy, TouchPolicy, YubiKey};
|
||||
use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, metadata, Origin};
|
||||
use yubikey::{Key, YubiKey};
|
||||
use yubikey::piv::{AlgorithmId, metadata, Origin};
|
||||
|
||||
use crate::pivutil;
|
||||
use crate::pivutil::{get_algorithm_id, slot_equals};
|
||||
use crate::pivutil::{get_algorithm_id, slot_equals, ToStr};
|
||||
use crate::pkiutil::bytes_to_pem;
|
||||
|
||||
pub struct CommandImpl;
|
||||
@@ -39,14 +39,7 @@ impl Command for CommandImpl {
|
||||
json.insert("slot", slot.to_string());
|
||||
if let Ok(meta) = metadata(&mut yk, slot_id) {
|
||||
debugging!("PIV meta: {:?}", meta);
|
||||
let algorithm_str = match meta.algorithm {
|
||||
ManagementAlgorithmId::PinPuk => "pin_puk",
|
||||
ManagementAlgorithmId::ThreeDes => "three_des",
|
||||
ManagementAlgorithmId::Asymmetric(AlgorithmId::Rsa1024) => "rsa1024",
|
||||
ManagementAlgorithmId::Asymmetric(AlgorithmId::Rsa2048) => "rsa2048",
|
||||
ManagementAlgorithmId::Asymmetric(AlgorithmId::EccP256) => "p256",
|
||||
ManagementAlgorithmId::Asymmetric(AlgorithmId::EccP384) => "p384",
|
||||
};
|
||||
let algorithm_str = meta.algorithm.to_str();
|
||||
if json_output {
|
||||
json.insert("algorithm", algorithm_str.to_string());
|
||||
} else {
|
||||
@@ -54,18 +47,8 @@ impl Command for CommandImpl {
|
||||
}
|
||||
|
||||
if let Some((pin_policy, touch_policy)) = meta.policy {
|
||||
let pin_policy_str = match pin_policy {
|
||||
PinPolicy::Default => "default",
|
||||
PinPolicy::Never => "never",
|
||||
PinPolicy::Once => "once",
|
||||
PinPolicy::Always => "always",
|
||||
};
|
||||
let touch_policy_str = match touch_policy {
|
||||
TouchPolicy::Default => "default",
|
||||
TouchPolicy::Never => "never",
|
||||
TouchPolicy::Always => "always",
|
||||
TouchPolicy::Cached => "cached",
|
||||
};
|
||||
let pin_policy_str = pin_policy.to_str();
|
||||
let touch_policy_str = touch_policy.to_str();
|
||||
if json_output {
|
||||
json.insert("pin_policy", pin_policy_str.to_string());
|
||||
json.insert("touch_policy", touch_policy_str.to_string());
|
||||
@@ -96,12 +79,7 @@ impl Command for CommandImpl {
|
||||
let slot_str = format!("{:x}", Into::<u8>::into(k.slot()));
|
||||
if slot_equals(&slot_id, &slot_str) {
|
||||
if let Ok(algorithm_id) = get_algorithm_id(&k.certificate().cert.tbs_certificate.subject_public_key_info) {
|
||||
let algorithm_str = match algorithm_id {
|
||||
AlgorithmId::Rsa1024 => "rsa1024",
|
||||
AlgorithmId::Rsa2048 => "rsa2048",
|
||||
AlgorithmId::EccP256 => "p256",
|
||||
AlgorithmId::EccP384 => "p384",
|
||||
};
|
||||
let algorithm_str = algorithm_id.to_str();
|
||||
json.insert("algorithm", algorithm_str.to_string());
|
||||
|
||||
let public_key_bit_string = &cert.subject_public_key_info.subject_public_key;
|
||||
|
||||
@@ -6,9 +6,9 @@ use tabled::{Table, Tabled};
|
||||
use tabled::settings::Style;
|
||||
use x509_parser::parse_x509_certificate;
|
||||
use yubikey::{Certificate, YubiKey};
|
||||
use yubikey::piv::SlotId;
|
||||
use yubikey::piv::{metadata, SlotId};
|
||||
|
||||
use crate::pivutil::get_algorithm_id;
|
||||
use crate::pivutil::{get_algorithm_id, ToStr};
|
||||
|
||||
#[derive(Tabled)]
|
||||
struct PivSlot {
|
||||
@@ -16,6 +16,8 @@ struct PivSlot {
|
||||
id: String,
|
||||
algorithm: String,
|
||||
subject: String,
|
||||
pin_policy: String,
|
||||
touch_policy: String,
|
||||
}
|
||||
|
||||
|
||||
@@ -73,6 +75,14 @@ impl Command for CommandImpl {
|
||||
|
||||
fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<PivSlot>, show_all: bool, show_table: bool) -> XResult<()> {
|
||||
let slot_id: u8 = slot.into();
|
||||
let mut pin_policy = Some("N/A".to_string());
|
||||
let mut touch_policy = Some("N/A".to_string());
|
||||
if let Ok(metadata) = metadata(yubikey, slot) {
|
||||
if let Some((p_policy, t_policy)) = &metadata.policy {
|
||||
pin_policy = Some(p_policy.to_str().to_string());
|
||||
touch_policy = Some(t_policy.to_str().to_string());
|
||||
}
|
||||
}
|
||||
let cert = match Certificate::read(yubikey, slot) {
|
||||
Ok(c) => c,
|
||||
Err(e) => {
|
||||
@@ -83,6 +93,8 @@ fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<P
|
||||
id: format!("{:x}", slot_id),
|
||||
algorithm: "N/A".to_string(),
|
||||
subject: "N/A".to_string(),
|
||||
pin_policy: pin_policy.as_ref().unwrap().to_string(),
|
||||
touch_policy: touch_policy.as_ref().unwrap().to_string(),
|
||||
});
|
||||
} else {
|
||||
warning!("Slot: {:?}, id: {:x}, certificate not found", slot, slot_id);
|
||||
@@ -105,6 +117,8 @@ fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<P
|
||||
id: format!("{:x}", slot_id),
|
||||
algorithm: algorithm_id,
|
||||
subject: cert_subject,
|
||||
pin_policy: pin_policy.as_ref().unwrap().to_string(),
|
||||
touch_policy: touch_policy.as_ref().unwrap().to_string(),
|
||||
});
|
||||
} else {
|
||||
success!("Slot: {:x}, algorithm: {}, name: {:?},subject: {}", slot_id, algorithm_id, slot, cert_subject);
|
||||
|
||||
@@ -1,11 +1,10 @@
|
||||
use std::str::FromStr;
|
||||
|
||||
use rust_util::XResult;
|
||||
use spki::der::{Decode, Encode};
|
||||
use spki::{ObjectIdentifier, SubjectPublicKeyInfoOwned};
|
||||
use spki::der::{Decode, Encode};
|
||||
use x509_parser::prelude::FromDer;
|
||||
use x509_parser::public_key::RSAPublicKey;
|
||||
use yubikey::piv::{AlgorithmId, RetiredSlotId};
|
||||
use yubikey::{PinPolicy, TouchPolicy};
|
||||
use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, RetiredSlotId};
|
||||
use yubikey::piv::SlotId;
|
||||
|
||||
const RSA: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1");
|
||||
@@ -20,6 +19,54 @@ const ECC: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.10045.2.1");
|
||||
const ECC_P256: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.10045.3.1.7");
|
||||
const ECC_P384: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.132.0.34");
|
||||
|
||||
|
||||
pub trait ToStr {
|
||||
fn to_str(&self) -> &str;
|
||||
}
|
||||
|
||||
impl ToStr for PinPolicy {
|
||||
fn to_str(&self) -> &str {
|
||||
match self {
|
||||
PinPolicy::Default => "default",
|
||||
PinPolicy::Never => "never",
|
||||
PinPolicy::Once => "once",
|
||||
PinPolicy::Always => "always",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl ToStr for TouchPolicy {
|
||||
fn to_str(&self) -> &str {
|
||||
match self {
|
||||
TouchPolicy::Default => "default",
|
||||
TouchPolicy::Never => "never",
|
||||
TouchPolicy::Always => "always",
|
||||
TouchPolicy::Cached => "cached",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl ToStr for AlgorithmId {
|
||||
fn to_str(&self) -> &str {
|
||||
match self {
|
||||
AlgorithmId::Rsa1024 => "rsa1024",
|
||||
AlgorithmId::Rsa2048 => "rsa2048",
|
||||
AlgorithmId::EccP256 => "p256",
|
||||
AlgorithmId::EccP384 => "p384",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl ToStr for ManagementAlgorithmId {
|
||||
fn to_str(&self) -> &str {
|
||||
match self {
|
||||
ManagementAlgorithmId::PinPuk => "pin_puk",
|
||||
ManagementAlgorithmId::ThreeDes => "three_des",
|
||||
ManagementAlgorithmId::Asymmetric(algo_id) => algo_id.to_str(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub fn get_algorithm_id(public_key_info: &SubjectPublicKeyInfoOwned) -> XResult<AlgorithmId> {
|
||||
if public_key_info.algorithm.oid == RSA {
|
||||
let rsa_public_key = opt_result!(
|
||||
|
||||
Reference in New Issue
Block a user