feat: piv summary

src/cmd_pivmeta.rs

@@ -6,11 +6,11 @@ use rust_util::util_clap::{Command, CommandError};
 use rust_util::util_msg;
 use rust_util::util_msg::MessageType;
 use x509_parser::parse_x509_certificate;
-use yubikey::{Key, PinPolicy, TouchPolicy, YubiKey};
+use yubikey::{Key, YubiKey};
-use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, metadata, Origin};
+use yubikey::piv::{AlgorithmId, metadata, Origin};
 
 use crate::pivutil;
-use crate::pivutil::{get_algorithm_id, slot_equals};
+use crate::pivutil::{get_algorithm_id, slot_equals, ToStr};
 use crate::pkiutil::bytes_to_pem;
 
 pub struct CommandImpl;
@@ -39,14 +39,7 @@ impl Command for CommandImpl {
         json.insert("slot", slot.to_string());
         if let Ok(meta) = metadata(&mut yk, slot_id) {
             debugging!("PIV meta: {:?}", meta);
-            let algorithm_str = match meta.algorithm {
+            let algorithm_str = meta.algorithm.to_str();
-                ManagementAlgorithmId::PinPuk => "pin_puk",
-                ManagementAlgorithmId::ThreeDes => "three_des",
-                ManagementAlgorithmId::Asymmetric(AlgorithmId::Rsa1024) => "rsa1024",
-                ManagementAlgorithmId::Asymmetric(AlgorithmId::Rsa2048) => "rsa2048",
-                ManagementAlgorithmId::Asymmetric(AlgorithmId::EccP256) => "p256",
-                ManagementAlgorithmId::Asymmetric(AlgorithmId::EccP384) => "p384",
-            };
             if json_output {
                 json.insert("algorithm", algorithm_str.to_string());
             } else {
@@ -54,18 +47,8 @@ impl Command for CommandImpl {
             }
 
             if let Some((pin_policy, touch_policy)) = meta.policy {
-                let pin_policy_str = match pin_policy {
+                let pin_policy_str = pin_policy.to_str();
-                    PinPolicy::Default => "default",
+                let touch_policy_str = touch_policy.to_str();
-                    PinPolicy::Never => "never",
-                    PinPolicy::Once => "once",
-                    PinPolicy::Always => "always",
-                };
-                let touch_policy_str = match touch_policy {
-                    TouchPolicy::Default => "default",
-                    TouchPolicy::Never => "never",
-                    TouchPolicy::Always => "always",
-                    TouchPolicy::Cached => "cached",
-                };
                 if json_output {
                     json.insert("pin_policy", pin_policy_str.to_string());
                     json.insert("touch_policy", touch_policy_str.to_string());
@@ -96,12 +79,7 @@ impl Command for CommandImpl {
                 let slot_str = format!("{:x}", Into::<u8>::into(k.slot()));
                 if slot_equals(&slot_id, &slot_str) {
                     if let Ok(algorithm_id) = get_algorithm_id(&k.certificate().cert.tbs_certificate.subject_public_key_info) {
-                        let algorithm_str = match algorithm_id {
+                        let algorithm_str = algorithm_id.to_str();
-                            AlgorithmId::Rsa1024 => "rsa1024",
-                            AlgorithmId::Rsa2048 => "rsa2048",
-                            AlgorithmId::EccP256 => "p256",
-                            AlgorithmId::EccP384 => "p384",
-                        };
                         json.insert("algorithm", algorithm_str.to_string());
 
                         let public_key_bit_string = &cert.subject_public_key_info.subject_public_key;

src/cmd_pivsummary.rs

@@ -6,9 +6,9 @@ use tabled::{Table, Tabled};
 use tabled::settings::Style;
 use x509_parser::parse_x509_certificate;
 use yubikey::{Certificate, YubiKey};
-use yubikey::piv::SlotId;
+use yubikey::piv::{metadata, SlotId};
 
-use crate::pivutil::get_algorithm_id;
+use crate::pivutil::{get_algorithm_id, ToStr};
 
 #[derive(Tabled)]
 struct PivSlot {
@@ -16,6 +16,8 @@ struct PivSlot {
     id: String,
     algorithm: String,
     subject: String,
+    pin_policy: String,
+    touch_policy: String,
 }
 
 
@@ -73,6 +75,14 @@ impl Command for CommandImpl {
 
 fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<PivSlot>, show_all: bool, show_table: bool) -> XResult<()> {
     let slot_id: u8 = slot.into();
+    let mut pin_policy = Some("N/A".to_string());
+    let mut touch_policy = Some("N/A".to_string());
+    if let Ok(metadata) = metadata(yubikey, slot) {
+        if let Some((p_policy, t_policy)) = &metadata.policy {
+            pin_policy = Some(p_policy.to_str().to_string());
+            touch_policy = Some(t_policy.to_str().to_string());
+        }
+    }
     let cert = match Certificate::read(yubikey, slot) {
         Ok(c) => c,
         Err(e) => {
@@ -83,6 +93,8 @@ fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<P
                         id: format!("{:x}", slot_id),
                         algorithm: "N/A".to_string(),
                         subject: "N/A".to_string(),
+                        pin_policy: pin_policy.as_ref().unwrap().to_string(),
+                        touch_policy: touch_policy.as_ref().unwrap().to_string(),
                     });
                 } else {
                     warning!("Slot: {:?}, id: {:x}, certificate not found",  slot, slot_id);
@@ -105,6 +117,8 @@ fn print_summary_info(yubikey: &mut YubiKey, slot: SlotId, piv_slots: &mut Vec<P
             id: format!("{:x}", slot_id),
             algorithm: algorithm_id,
             subject: cert_subject,
+            pin_policy: pin_policy.as_ref().unwrap().to_string(),
+            touch_policy: touch_policy.as_ref().unwrap().to_string(),
         });
     } else {
         success!("Slot: {:x},  algorithm: {}, name: {:?},subject: {}", slot_id, algorithm_id, slot, cert_subject);

src/pivutil.rs

@@ -1,11 +1,10 @@
-use std::str::FromStr;
-
 use rust_util::XResult;
-use spki::der::{Decode, Encode};
 use spki::{ObjectIdentifier, SubjectPublicKeyInfoOwned};
+use spki::der::{Decode, Encode};
 use x509_parser::prelude::FromDer;
 use x509_parser::public_key::RSAPublicKey;
-use yubikey::piv::{AlgorithmId, RetiredSlotId};
+use yubikey::{PinPolicy, TouchPolicy};
+use yubikey::piv::{AlgorithmId, ManagementAlgorithmId, RetiredSlotId};
 use yubikey::piv::SlotId;
 
 const RSA: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.1");
@@ -20,6 +19,54 @@ const ECC: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.10045.2.1");
 const ECC_P256: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.10045.3.1.7");
 const ECC_P384: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.132.0.34");
 
+
+pub trait ToStr {
+    fn to_str(&self) -> &str;
+}
+
+impl ToStr for PinPolicy {
+    fn to_str(&self) -> &str {
+        match self {
+            PinPolicy::Default => "default",
+            PinPolicy::Never => "never",
+            PinPolicy::Once => "once",
+            PinPolicy::Always => "always",
+        }
+    }
+}
+
+impl ToStr for TouchPolicy {
+    fn to_str(&self) -> &str {
+        match self {
+            TouchPolicy::Default => "default",
+            TouchPolicy::Never => "never",
+            TouchPolicy::Always => "always",
+            TouchPolicy::Cached => "cached",
+        }
+    }
+}
+
+impl ToStr for AlgorithmId {
+    fn to_str(&self) -> &str {
+        match self {
+            AlgorithmId::Rsa1024 => "rsa1024",
+            AlgorithmId::Rsa2048 => "rsa2048",
+            AlgorithmId::EccP256 => "p256",
+            AlgorithmId::EccP384 => "p384",
+        }
+    }
+}
+
+impl ToStr for ManagementAlgorithmId {
+    fn to_str(&self) -> &str {
+        match self {
+            ManagementAlgorithmId::PinPuk => "pin_puk",
+            ManagementAlgorithmId::ThreeDes => "three_des",
+            ManagementAlgorithmId::Asymmetric(algo_id) => algo_id.to_str(),
+        }
+    }
+}
+
 pub fn get_algorithm_id(public_key_info: &SubjectPublicKeyInfoOwned) -> XResult<AlgorithmId> {
     if public_key_info.algorithm.oid == RSA {
         let rsa_public_key = opt_result!(