Provide a better error message when management key authentication fails
We now indicate to the user that AES management key algorithms are not yet supported, and tell them how to change their management key to use TDES. Closes str4d/age-plugin-yubikey#135.
This commit is contained in:
+22
-3
@@ -21,6 +21,7 @@ pub enum Error {
|
||||
InvalidSlot(u8),
|
||||
InvalidTouchPolicy(String),
|
||||
Io(io::Error),
|
||||
ManagementKeyAuth,
|
||||
MultipleCommands,
|
||||
MultipleYubiKeys,
|
||||
NoEmptySlots(Serial),
|
||||
@@ -50,12 +51,19 @@ impl From<yubikey::Error> for Error {
|
||||
// manually to provide the error output we want.
|
||||
impl fmt::Debug for Error {
|
||||
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
|
||||
const CHANGE_MGMT_KEY_CMD: &str =
|
||||
"ykman piv access change-management-key -a TDES --protect";
|
||||
const CHANGE_MGMT_KEY_URL: &str = "https://developers.yubico.com/yubikey-manager/";
|
||||
|
||||
match self {
|
||||
Error::CustomManagementKey => {
|
||||
wlnfl!(f, "err-custom-mgmt-key")?;
|
||||
let cmd = "ykman piv access change-management-key --protect";
|
||||
let url = "https://developers.yubico.com/yubikey-manager/";
|
||||
wlnfl!(f, "rec-custom-mgmt-key", cmd = cmd, url = url)?;
|
||||
wlnfl!(
|
||||
f,
|
||||
"rec-change-mgmt-key",
|
||||
cmd = CHANGE_MGMT_KEY_CMD,
|
||||
url = CHANGE_MGMT_KEY_URL
|
||||
)?;
|
||||
}
|
||||
Error::InvalidFlagCommand(flag, command) => wlnfl!(
|
||||
f,
|
||||
@@ -78,6 +86,17 @@ impl fmt::Debug for Error {
|
||||
expected = "always, cached, never",
|
||||
)?,
|
||||
Error::Io(e) => wlnfl!(f, "err-io", err = e.to_string())?,
|
||||
Error::ManagementKeyAuth => {
|
||||
let aes_url = "https://github.com/str4d/age-plugin-yubikey/issues/92";
|
||||
wlnfl!(f, "err-mgmt-key-auth")?;
|
||||
wlnfl!(f, "rec-mgmt-key-auth", aes_url = aes_url)?;
|
||||
wlnfl!(
|
||||
f,
|
||||
"rec-change-mgmt-key",
|
||||
cmd = CHANGE_MGMT_KEY_CMD,
|
||||
url = CHANGE_MGMT_KEY_URL
|
||||
)?;
|
||||
}
|
||||
Error::MultipleCommands => wlnfl!(f, "err-multiple-commands")?,
|
||||
Error::MultipleYubiKeys => wlnfl!(f, "err-multiple-yubikeys")?,
|
||||
Error::NoEmptySlots(serial) => {
|
||||
|
||||
Reference in New Issue
Block a user