Refactors for reusability across supported recipients

This commit is contained in:
Jack Grigg
2025-12-08 02:34:04 +00:00
parent 1f1f257ede
commit 5b44faec44
8 changed files with 135 additions and 62 deletions
+8 -12
View File
@@ -20,11 +20,10 @@ use yubikey::{
use crate::{
error::Error,
fl,
p256::{Recipient, TAG_BYTES},
piv_p256,
fl, piv_p256,
recipient::TAG_BYTES,
util::{otp_serial_prefix, Metadata},
IDENTITY_PREFIX,
Recipient, IDENTITY_PREFIX,
};
const ONE_SECOND: Duration = Duration::from_secs(1);
@@ -394,7 +393,8 @@ pub(crate) fn list_slots(
match key.slot() {
SlotId::Retired(slot) => {
// Only P-256 keys are compatible with us.
let recipient = Recipient::from_certificate(key.certificate());
let recipient = piv_p256::Recipient::from_certificate(key.certificate())
.map(Recipient::PivP256);
Some((key, slot, recipient))
}
_ => None,
@@ -449,7 +449,7 @@ impl Stub {
Stub {
serial,
slot,
tag: recipient.tag(),
tag: recipient.static_tag(),
identity_index: 0,
}
}
@@ -476,10 +476,6 @@ impl Stub {
bytes
}
pub(crate) fn matches(&self, line: &piv_p256::RecipientLine) -> bool {
self.tag == line.tag
}
/// Returns:
/// - `Ok(Ok(Some(connection)))` if we successfully connected to this YubiKey.
/// - `Ok(Ok(None))` if the user told us to skip this YubiKey.
@@ -601,9 +597,9 @@ impl Stub {
let (cert, pk) = match Certificate::read(&mut yubikey, SlotId::Retired(self.slot))
.ok()
.and_then(|cert| {
Recipient::from_certificate(&cert)
piv_p256::Recipient::from_certificate(&cert)
.filter(|pk| pk.tag() == self.tag)
.map(|pk| (cert, pk))
.map(|pk| (cert, Recipient::PivP256(pk)))
}) {
Some(pk) => pk,
None => {