use crate::keyutil::{parse_key_uri, KeyUri}; use crate::seutil; use crate::util::{base64_decode, base64_encode}; use clap::{App, Arg, ArgMatches, SubCommand}; use rust_util::util_clap::{Command, CommandError}; use rust_util::util_msg; use std::collections::BTreeMap; pub struct CommandImpl; impl Command for CommandImpl { fn name(&self) -> &str { "se-ecsign" } fn subcommand<'a>(&self) -> App<'a, 'a> { SubCommand::with_name(self.name()) .about("Secure Enclave EC sign subcommand") .arg( Arg::with_name("key") .long("key") .required(true) .takes_value(true) .help("Key uri"), ) .arg( Arg::with_name("message") .long("message") .takes_value(true) .help("Message"), ) .arg( Arg::with_name("message-base64") .long("message-base64") .takes_value(true) .help("Message in base64"), ) .arg(Arg::with_name("json").long("json").help("JSON output")) } fn run(&self, _arg_matches: &ArgMatches, sub_arg_matches: &ArgMatches) -> CommandError { if !seutil::is_support_se() { return simple_error!("Secure Enclave is NOT supported."); } let key = sub_arg_matches.value_of("key").unwrap(); let message_bytes = match sub_arg_matches.value_of("message") { None => match sub_arg_matches.value_of("message-base64") { None => return simple_error!("Argument --message or --message-base64 is required"), Some(message_base64) => base64_decode(message_base64)?, }, Some(message) => message.as_bytes().to_vec(), }; let json_output = sub_arg_matches.is_present("json"); if json_output { util_msg::set_logger_std_out(false); } let se_key_uri = match parse_key_uri(key)? { KeyUri::SecureEnclaveKey(se_key_uri) => se_key_uri, }; let signature = seutil::secure_enclave_p256_sign(&se_key_uri.private_key, &message_bytes)?; let signature_base64 = base64_encode(&signature); if json_output { let mut json = BTreeMap::<&'_ str, String>::new(); json.insert("signature", signature_base64); println!("{}", serde_json::to_string_pretty(&json).unwrap()); } else { success!("Signature: {}", signature_base64); } Ok(None) } }