feat: v1.7.11, pending add sign jwt

src/cmd_signjwt.rs

@@ -0,0 +1,82 @@
+use std::collections::BTreeMap;
+
+use clap::{App, Arg, ArgMatches, SubCommand};
+use jwt::{AlgorithmType, Error, SigningAlgorithm, SignWithKey};
+use rust_util::util_clap::{Command, CommandError};
+use yubikey::piv::{AlgorithmId, sign_data};
+use yubikey::YubiKey;
+
+use crate::{digest, pivutil, util};
+
+const SEPARATOR: &str = ".";
+
+// TODO pending ...
+struct XSign {}
+
+impl SigningAlgorithm for XSign {
+    fn algorithm_type(&self) -> AlgorithmType {
+        AlgorithmType::Es256
+    }
+
+    fn sign(&self, header: &str, claims: &str) -> Result<String, Error> {
+        let mut tobe_signed = vec![];
+        tobe_signed.extend_from_slice(header.as_bytes());
+        tobe_signed.extend_from_slice(SEPARATOR.as_bytes());
+        tobe_signed.extend_from_slice(claims.as_bytes());
+        let sha256 = digest::sha256_bytes(&tobe_signed);
+
+        let slot = "82";
+        let mut yk = match YubiKey::open() {
+            Ok(yk) => yk,
+            Err(e) => {
+                failure!("Find YubiKey failed: {}", e);
+                return Err(Error::NoSignatureComponent);
+            }
+        };
+        let slot_id = match pivutil::get_slot_id(slot) {
+            Ok(slot_id) => slot_id,
+            Err(e) => {
+                failure!("Find slot id failed: {}", e);
+                return Err(Error::NoSignatureComponent);
+            }
+        };
+        let algorithm = AlgorithmId::EccP256;
+
+        let signed_data = match sign_data(&mut yk, &sha256, algorithm, slot_id) {
+            Ok(signed_data) => signed_data,
+            Err(e) => {
+                failure!("Find YubiKey failed: {}", e);
+                return Err(Error::NoSignatureComponent);
+            }
+        };
+
+        let sign = util::base64_encode_url_safe_no_pad(signed_data);
+        Ok(sign)
+    }
+}
+
+pub struct CommandImpl;
+
+impl Command for CommandImpl {
+    fn name(&self) -> &str { "sign-jwt" }
+
+    fn subcommand<'a>(&self) -> App<'a, 'a> {
+        SubCommand::with_name(self.name()).about("Sign JWT subcommand")
+            // .arg(Arg::with_name("pub-key-in").long("pub-key-in").takes_value(true).help("Public key in"))
+            // .arg(Arg::with_name("signature").long("signature").takes_value(true).help("Signature HEX"))
+            // .arg(Arg::with_name("in").short("i").long("in").takes_value(true).help("File in"))
+            // .arg(Arg::with_name("hash").long("hash").takes_value(true).possible_values(&[
+            //     "sha256", "sha384", "sha512"
+            // ]).default_value("sha256").help("Hash"))
+            .arg(Arg::with_name("json").long("json").help("JSON output"))
+    }
+
+    fn run(&self, _arg_matches: &ArgMatches, _sub_arg_matches: &ArgMatches) -> CommandError {
+        let mut claims = BTreeMap::new();
+        claims.insert("sub", "someone");
+        let j = claims.sign_with_key(&XSign {}).unwrap();
+        println!("{}", j);
+
+        Ok(None)
+    }
+}

src/main.rs

@@ -41,6 +41,7 @@ mod cmd_chall;
 mod cmd_challconfig;
 mod cmd_sshagent;
 mod cmd_pgpageaddress;
+mod cmd_signjwt;
 
 pub struct DefaultCommandImpl;
 
@@ -94,6 +95,7 @@ fn inner_main() -> CommandError {
         Box::new(cmd_u2fsign::CommandImpl),
         Box::new(cmd_sshagent::CommandImpl),
         Box::new(cmd_pgpageaddress::CommandImpl),
+        Box::new(cmd_signjwt::CommandImpl),
     ];
     let mut app = App::new(env!("CARGO_PKG_NAME"))
         .version(env!("CARGO_PKG_VERSION"))

src/util.rs

@@ -1,10 +1,14 @@
 use base64::{DecodeError, Engine};
-use base64::engine::general_purpose::STANDARD;
+use base64::engine::general_purpose::{STANDARD, URL_SAFE_NO_PAD};
 
 pub fn base64_encode<T: AsRef<[u8]>>(input: T) -> String {
     STANDARD.encode(input)
 }
 
+pub fn base64_encode_url_safe_no_pad<T: AsRef<[u8]>>(input: T) -> String {
+    URL_SAFE_NO_PAD.encode(input)
+}
+
 pub fn base64_decode<T: AsRef<[u8]>>(input: T) -> Result<Vec<u8>, DecodeError> {
     STANDARD.decode(input)
 }