feat: update external_sign

src/cmd_external_sign.rs

@@ -68,8 +68,7 @@ fn sign(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
             let pin_opt = pivutil::check_read_pin(&mut yk, key.slot, sub_arg_matches);
 
             // FIXME Check Yubikey slot algorithm
-            let jwt_algorithm = get_jwt_algorithm(alg)?;
-            check_algorithm(&key, alg, jwt_algorithm)?;
+            let jwt_algorithm = get_jwt_algorithm(&key, alg)?;
 
             let raw_in = digest_by_jwt_algorithm(jwt_algorithm, &message_bytes)?;
 
@@ -88,7 +87,13 @@ fn sign(sub_arg_matches: &ArgMatches) -> XResult<Vec<u8>> {
     }
 }
 
-fn check_algorithm(key: &YubikeyPivKey, alg: &str, jwt_algorithm: AlgorithmType) -> XResult<()> {
+fn get_jwt_algorithm(key: &YubikeyPivKey, alg: &str) -> XResult<AlgorithmType> {
+    let jwt_algorithm = match alg {
+        "ES256" => AlgorithmType::Es256,
+        "ES384" => AlgorithmType::Es384,
+        "RS256" => AlgorithmType::Rs256,
+        _ => return simple_error!("Invalid alg: {}", alg),
+    };
     if key.algorithm == AlgorithmId::Rsa1024 {
         return simple_error!("Invalid algorithm: RSA1024");
     }
@@ -102,14 +107,5 @@ fn check_algorithm(key: &YubikeyPivKey, alg: &str, jwt_algorithm: AlgorithmType)
     if is_p256_mismatch || is_p384_mismatch || is_rsa_mismatch {
         return simple_error!("Invalid algorithm: {} vs {}", key.algorithm.to_str(), alg);
     }
-    Ok(())
-}
-
-fn get_jwt_algorithm(alg: &str) -> XResult<AlgorithmType> {
-    Ok(match alg {
-        "ES256" => AlgorithmType::Es256,
-        "ES384" => AlgorithmType::Es384,
-        "RS256" => AlgorithmType::Rs256,
-        _ => return simple_error!("Invalid alg: {}", alg),
-    })
+    Ok(jwt_algorithm)
 }