From d90223a8cac2524deba67948476047130512c1b9 Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Mon, 4 Apr 2022 15:59:35 +0800 Subject: [PATCH] feat: byte_to_pem --- src/cmd_piv.rs | 30 +++++++++--------------------- src/pkiutil.rs | 14 +++++++++----- 2 files changed, 18 insertions(+), 26 deletions(-) diff --git a/src/cmd_piv.rs b/src/cmd_piv.rs index 7acf7a5..dc09e2c 100644 --- a/src/cmd_piv.rs +++ b/src/cmd_piv.rs @@ -3,15 +3,15 @@ use std::time::Duration; use chrono::Local; use clap::{App, Arg, ArgMatches, SubCommand}; use digest::Digest; -use pem::Pem; use rust_util::util_clap::{Command, CommandError}; -use rust_util::util_msg::MessageType; use rust_util::XResult; use sha2::Sha256; use x509_parser::parse_x509_certificate; use yubikey::{Certificate, YubiKey}; use yubikey::piv::SlotId; +use crate::pkiutil::bytes_to_pem; + pub struct CommandImpl; impl Command for CommandImpl { @@ -59,7 +59,10 @@ impl Command for CommandImpl { Err(e) => failure!("Get PIV keys failed: {}", e) } - for slot in yubikey::piv::SLOTS.iter().cloned() { + // replace of yubikey::piv::SLOTS + let slots = vec![SlotId::Authentication, SlotId::Signature, + SlotId::KeyManagement, SlotId::CardAuthentication]; + for slot in slots { print_cert_info(&mut yk, slot, detail_output).ok(); } Ok(None) @@ -84,16 +87,8 @@ fn print_cert_info(yubikey: &mut YubiKey, slot: SlotId, detail_output: bool) -> let slot_id: u8 = slot.into(); success!("Slot: {:?}, id: {:x}, algorithm: {:?}", slot, slot_id, cert.subject_pki().algorithm()); - let cert_pem_obj = Pem { - tag: String::from("CERTIFICATE"), - contents: buf.to_vec(), - }; if detail_output { - information!("{}", pem::encode(&cert_pem_obj).trim()); - } else { - rust_util::util_msg::when(MessageType::DEBUG, || { - debugging!("{}", pem::encode(&cert_pem_obj).trim()); - }); + information!("{}", bytes_to_pem("CERTIFICATE", buf)); } match parse_x509_certificate(&buf) { @@ -101,16 +96,9 @@ fn print_cert_info(yubikey: &mut YubiKey, slot: SlotId, detail_output: bool) -> information!("Algorithm: {}", cert.tbs_certificate.subject_pki.algorithm.algorithm); let public_key_fingerprint_sha256 = Sha256::digest(cert.tbs_certificate.subject_pki.raw); - let cert_public_key_pem_obj = Pem { - tag: String::from("PUBLIC KEY"), - contents: cert.tbs_certificate.subject_pki.raw.to_vec(), - }; + if detail_output { - information!("{}", pem::encode(&cert_public_key_pem_obj).trim()); - } else { - rust_util::util_msg::when(MessageType::DEBUG, || { - debugging!("{}", pem::encode(&cert_pem_obj).trim()); - }); + information!("{}", bytes_to_pem("PUBLIC KEY", cert.tbs_certificate.subject_pki.raw)); } information!("Subject: {}", cert.tbs_certificate.subject); diff --git a/src/pkiutil.rs b/src/pkiutil.rs index 7c0e0ce..a6b688d 100644 --- a/src/pkiutil.rs +++ b/src/pkiutil.rs @@ -6,6 +6,14 @@ use sequoia_openpgp::crypto::mpi::PublicKey; use crate::digest::sha256_bytes; +pub fn bytes_to_pem(tag: &str, contents: T) -> String where T: Into> { + let cert_public_key_pem_obj = Pem { + tag: tag.to_string(), + contents: contents.into(), + }; + pem::encode(&cert_public_key_pem_obj).trim().to_string() +} + pub fn sequoia_openpgp_public_key_pem(public_key: &PublicKey) -> Option<(Vec, String)> { match public_key { PublicKey::RSA { e, n } => { @@ -37,9 +45,5 @@ fn internal_rsa_public_key_pem(n: &[u8], e: &[u8]) -> (Vec, String) { ); let rsa_pub_key_bytes = rsa_pub_key.unwrap().public_key_to_der().unwrap(); let rsa_pub_key_bytes_sha256 = sha256_bytes(&rsa_pub_key_bytes); - let pub_key_pem_obj = Pem { - tag: String::from("PUBLIC KEY"), - contents: rsa_pub_key_bytes, - }; - (rsa_pub_key_bytes_sha256, pem::encode(&pub_key_pem_obj)) + (rsa_pub_key_bytes_sha256, bytes_to_pem("PUBLIC KEY", rsa_pub_key_bytes)) }