feat: byte_to_pem
This commit is contained in:
@@ -3,15 +3,15 @@ use std::time::Duration;
|
|||||||
use chrono::Local;
|
use chrono::Local;
|
||||||
use clap::{App, Arg, ArgMatches, SubCommand};
|
use clap::{App, Arg, ArgMatches, SubCommand};
|
||||||
use digest::Digest;
|
use digest::Digest;
|
||||||
use pem::Pem;
|
|
||||||
use rust_util::util_clap::{Command, CommandError};
|
use rust_util::util_clap::{Command, CommandError};
|
||||||
use rust_util::util_msg::MessageType;
|
|
||||||
use rust_util::XResult;
|
use rust_util::XResult;
|
||||||
use sha2::Sha256;
|
use sha2::Sha256;
|
||||||
use x509_parser::parse_x509_certificate;
|
use x509_parser::parse_x509_certificate;
|
||||||
use yubikey::{Certificate, YubiKey};
|
use yubikey::{Certificate, YubiKey};
|
||||||
use yubikey::piv::SlotId;
|
use yubikey::piv::SlotId;
|
||||||
|
|
||||||
|
use crate::pkiutil::bytes_to_pem;
|
||||||
|
|
||||||
pub struct CommandImpl;
|
pub struct CommandImpl;
|
||||||
|
|
||||||
impl Command for CommandImpl {
|
impl Command for CommandImpl {
|
||||||
@@ -59,7 +59,10 @@ impl Command for CommandImpl {
|
|||||||
Err(e) => failure!("Get PIV keys failed: {}", e)
|
Err(e) => failure!("Get PIV keys failed: {}", e)
|
||||||
}
|
}
|
||||||
|
|
||||||
for slot in yubikey::piv::SLOTS.iter().cloned() {
|
// replace of yubikey::piv::SLOTS
|
||||||
|
let slots = vec![SlotId::Authentication, SlotId::Signature,
|
||||||
|
SlotId::KeyManagement, SlotId::CardAuthentication];
|
||||||
|
for slot in slots {
|
||||||
print_cert_info(&mut yk, slot, detail_output).ok();
|
print_cert_info(&mut yk, slot, detail_output).ok();
|
||||||
}
|
}
|
||||||
Ok(None)
|
Ok(None)
|
||||||
@@ -84,16 +87,8 @@ fn print_cert_info(yubikey: &mut YubiKey, slot: SlotId, detail_output: bool) ->
|
|||||||
let slot_id: u8 = slot.into();
|
let slot_id: u8 = slot.into();
|
||||||
success!("Slot: {:?}, id: {:x}, algorithm: {:?}", slot, slot_id, cert.subject_pki().algorithm());
|
success!("Slot: {:?}, id: {:x}, algorithm: {:?}", slot, slot_id, cert.subject_pki().algorithm());
|
||||||
|
|
||||||
let cert_pem_obj = Pem {
|
|
||||||
tag: String::from("CERTIFICATE"),
|
|
||||||
contents: buf.to_vec(),
|
|
||||||
};
|
|
||||||
if detail_output {
|
if detail_output {
|
||||||
information!("{}", pem::encode(&cert_pem_obj).trim());
|
information!("{}", bytes_to_pem("CERTIFICATE", buf));
|
||||||
} else {
|
|
||||||
rust_util::util_msg::when(MessageType::DEBUG, || {
|
|
||||||
debugging!("{}", pem::encode(&cert_pem_obj).trim());
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
match parse_x509_certificate(&buf) {
|
match parse_x509_certificate(&buf) {
|
||||||
@@ -101,16 +96,9 @@ fn print_cert_info(yubikey: &mut YubiKey, slot: SlotId, detail_output: bool) ->
|
|||||||
information!("Algorithm: {}", cert.tbs_certificate.subject_pki.algorithm.algorithm);
|
information!("Algorithm: {}", cert.tbs_certificate.subject_pki.algorithm.algorithm);
|
||||||
|
|
||||||
let public_key_fingerprint_sha256 = Sha256::digest(cert.tbs_certificate.subject_pki.raw);
|
let public_key_fingerprint_sha256 = Sha256::digest(cert.tbs_certificate.subject_pki.raw);
|
||||||
let cert_public_key_pem_obj = Pem {
|
|
||||||
tag: String::from("PUBLIC KEY"),
|
|
||||||
contents: cert.tbs_certificate.subject_pki.raw.to_vec(),
|
|
||||||
};
|
|
||||||
if detail_output {
|
if detail_output {
|
||||||
information!("{}", pem::encode(&cert_public_key_pem_obj).trim());
|
information!("{}", bytes_to_pem("PUBLIC KEY", cert.tbs_certificate.subject_pki.raw));
|
||||||
} else {
|
|
||||||
rust_util::util_msg::when(MessageType::DEBUG, || {
|
|
||||||
debugging!("{}", pem::encode(&cert_pem_obj).trim());
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
information!("Subject: {}", cert.tbs_certificate.subject);
|
information!("Subject: {}", cert.tbs_certificate.subject);
|
||||||
|
|||||||
@@ -6,6 +6,14 @@ use sequoia_openpgp::crypto::mpi::PublicKey;
|
|||||||
|
|
||||||
use crate::digest::sha256_bytes;
|
use crate::digest::sha256_bytes;
|
||||||
|
|
||||||
|
pub fn bytes_to_pem<T>(tag: &str, contents: T) -> String where T: Into<Vec<u8>> {
|
||||||
|
let cert_public_key_pem_obj = Pem {
|
||||||
|
tag: tag.to_string(),
|
||||||
|
contents: contents.into(),
|
||||||
|
};
|
||||||
|
pem::encode(&cert_public_key_pem_obj).trim().to_string()
|
||||||
|
}
|
||||||
|
|
||||||
pub fn sequoia_openpgp_public_key_pem(public_key: &PublicKey) -> Option<(Vec<u8>, String)> {
|
pub fn sequoia_openpgp_public_key_pem(public_key: &PublicKey) -> Option<(Vec<u8>, String)> {
|
||||||
match public_key {
|
match public_key {
|
||||||
PublicKey::RSA { e, n } => {
|
PublicKey::RSA { e, n } => {
|
||||||
@@ -37,9 +45,5 @@ fn internal_rsa_public_key_pem(n: &[u8], e: &[u8]) -> (Vec<u8>, String) {
|
|||||||
);
|
);
|
||||||
let rsa_pub_key_bytes = rsa_pub_key.unwrap().public_key_to_der().unwrap();
|
let rsa_pub_key_bytes = rsa_pub_key.unwrap().public_key_to_der().unwrap();
|
||||||
let rsa_pub_key_bytes_sha256 = sha256_bytes(&rsa_pub_key_bytes);
|
let rsa_pub_key_bytes_sha256 = sha256_bytes(&rsa_pub_key_bytes);
|
||||||
let pub_key_pem_obj = Pem {
|
(rsa_pub_key_bytes_sha256, bytes_to_pem("PUBLIC KEY", rsa_pub_key_bytes))
|
||||||
tag: String::from("PUBLIC KEY"),
|
|
||||||
contents: rsa_pub_key_bytes,
|
|
||||||
};
|
|
||||||
(rsa_pub_key_bytes_sha256, pem::encode(&pub_key_pem_obj))
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user