yubikey 0.4
This commit is contained in:
+3
-4
@@ -1,10 +1,9 @@
|
||||
use rand::{rngs::OsRng, RngCore};
|
||||
use x509::RelativeDistinguishedName;
|
||||
use yubikey_piv::{
|
||||
use yubikey::{
|
||||
certificate::{Certificate, PublicKeyInfo},
|
||||
key::{generate as yubikey_generate, AlgorithmId, RetiredSlotId, SlotId},
|
||||
policy::{PinPolicy, TouchPolicy},
|
||||
Key, YubiKey,
|
||||
piv::{generate as yubikey_generate, AlgorithmId, RetiredSlotId, SlotId},
|
||||
Key, PinPolicy, TouchPolicy, YubiKey,
|
||||
};
|
||||
|
||||
use crate::{
|
||||
|
||||
+6
-6
@@ -1,6 +1,6 @@
|
||||
use std::fmt;
|
||||
use std::io;
|
||||
use yubikey_piv::{key::RetiredSlotId, Serial};
|
||||
use yubikey::{piv::RetiredSlotId, Serial};
|
||||
|
||||
use crate::util::slot_to_ui;
|
||||
|
||||
@@ -21,7 +21,7 @@ pub enum Error {
|
||||
SlotIsNotEmpty(RetiredSlotId),
|
||||
TimedOut,
|
||||
UseListForSingleSlot,
|
||||
YubiKey(yubikey_piv::Error),
|
||||
YubiKey(yubikey::Error),
|
||||
}
|
||||
|
||||
impl From<io::Error> for Error {
|
||||
@@ -30,8 +30,8 @@ impl From<io::Error> for Error {
|
||||
}
|
||||
}
|
||||
|
||||
impl From<yubikey_piv::error::Error> for Error {
|
||||
fn from(e: yubikey_piv::error::Error) -> Self {
|
||||
impl From<yubikey::Error> for Error {
|
||||
fn from(e: yubikey::Error) -> Self {
|
||||
Error::YubiKey(e)
|
||||
}
|
||||
}
|
||||
@@ -100,10 +100,10 @@ impl fmt::Debug for Error {
|
||||
writeln!(f, "Use --list to print the recipient for a single slot.")?
|
||||
}
|
||||
Error::YubiKey(e) => match e {
|
||||
yubikey_piv::error::Error::NotFound => {
|
||||
yubikey::Error::NotFound => {
|
||||
writeln!(f, "Please insert the YubiKey you want to set up")?
|
||||
}
|
||||
yubikey_piv::error::Error::WrongPin { tries } => writeln!(
|
||||
yubikey::Error::WrongPin { tries } => writeln!(
|
||||
f,
|
||||
"Invalid PIN ({} tries remaining before it is blocked)",
|
||||
tries
|
||||
|
||||
+11
-13
@@ -15,13 +15,11 @@ use std::io;
|
||||
use std::iter;
|
||||
use std::thread::sleep;
|
||||
use std::time::{Duration, SystemTime};
|
||||
use yubikey_piv::{
|
||||
use yubikey::{
|
||||
certificate::{Certificate, PublicKeyInfo},
|
||||
key::{decrypt_data, AlgorithmId, RetiredSlotId, SlotId},
|
||||
policy::PinPolicy,
|
||||
readers::Reader,
|
||||
yubikey::Serial,
|
||||
MgmKey, Readers, YubiKey,
|
||||
piv::{decrypt_data, AlgorithmId, RetiredSlotId, SlotId},
|
||||
reader::{Context, Reader},
|
||||
MgmKey, PinPolicy, Serial, YubiKey,
|
||||
};
|
||||
|
||||
use crate::{
|
||||
@@ -56,11 +54,11 @@ pub(crate) fn filter_connected(reader: &Reader) -> bool {
|
||||
}
|
||||
}
|
||||
|
||||
pub(crate) fn wait_for_readers() -> Result<Readers, Error> {
|
||||
pub(crate) fn wait_for_readers() -> Result<Context, Error> {
|
||||
// Start a 15-second timer waiting for a YubiKey to be inserted (if necessary).
|
||||
let start = SystemTime::now();
|
||||
loop {
|
||||
let mut readers = Readers::open()?;
|
||||
let mut readers = Context::open()?;
|
||||
if readers.iter()?.any(is_connected) {
|
||||
break Ok(readers);
|
||||
}
|
||||
@@ -73,7 +71,7 @@ pub(crate) fn wait_for_readers() -> Result<Readers, Error> {
|
||||
}
|
||||
|
||||
pub(crate) fn open(serial: Option<Serial>) -> Result<YubiKey, Error> {
|
||||
if !Readers::open()?.iter()?.any(is_connected) {
|
||||
if !Context::open()?.iter()?.any(is_connected) {
|
||||
if let Some(serial) = serial {
|
||||
eprintln!("⏳ Please insert the YubiKey with serial {}.", serial);
|
||||
} else {
|
||||
@@ -157,7 +155,7 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||
.map_err(|_| Error::CustomManagementKey)?;
|
||||
|
||||
// Migrate to a PIN-protected management key.
|
||||
let mgm_key = MgmKey::generate()?;
|
||||
let mgm_key = MgmKey::generate();
|
||||
eprintln!();
|
||||
eprintln!("✨ Your YubiKey is using the default management key.");
|
||||
eprintln!("✨ We'll migrate it to a PIN-protected management key.");
|
||||
@@ -247,7 +245,7 @@ impl Stub {
|
||||
) -> io::Result<Result<Connection, identity::Error>> {
|
||||
let mut yubikey = match YubiKey::open_by_serial(self.serial) {
|
||||
Ok(yk) => yk,
|
||||
Err(yubikey_piv::Error::NotFound) => {
|
||||
Err(yubikey::Error::NotFound) => {
|
||||
if callbacks
|
||||
.message(&format!(
|
||||
"Please insert YubiKey with serial {}",
|
||||
@@ -266,7 +264,7 @@ impl Stub {
|
||||
loop {
|
||||
match YubiKey::open_by_serial(self.serial) {
|
||||
Ok(yubikey) => break yubikey,
|
||||
Err(yubikey_piv::Error::NotFound) => (),
|
||||
Err(yubikey::Error::NotFound) => (),
|
||||
Err(_) => {
|
||||
return Ok(Err(identity::Error::Identity {
|
||||
index: self.identity_index,
|
||||
@@ -425,7 +423,7 @@ impl Connection {
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use yubikey_piv::{key::RetiredSlotId, Serial};
|
||||
use yubikey::{piv::RetiredSlotId, Serial};
|
||||
|
||||
use super::Stub;
|
||||
|
||||
|
||||
+6
-6
@@ -5,11 +5,11 @@ use std::io::{self, Write};
|
||||
use age_plugin::run_state_machine;
|
||||
use dialoguer::{Confirm, Input, Select};
|
||||
use gumdrop::Options;
|
||||
use yubikey_piv::{
|
||||
use yubikey::{
|
||||
certificate::PublicKeyInfo,
|
||||
key::{RetiredSlotId, SlotId},
|
||||
policy::{PinPolicy, TouchPolicy},
|
||||
Key, Readers, Serial,
|
||||
piv::{RetiredSlotId, SlotId},
|
||||
reader::Context,
|
||||
Key, PinPolicy, Serial, TouchPolicy,
|
||||
};
|
||||
|
||||
mod builder;
|
||||
@@ -201,7 +201,7 @@ fn print_multiple(
|
||||
all: bool,
|
||||
printer: impl Fn(key::Stub, p256::Recipient, util::Metadata),
|
||||
) -> Result<(), Error> {
|
||||
let mut readers = Readers::open()?;
|
||||
let mut readers = Context::open()?;
|
||||
|
||||
let mut printed = 0;
|
||||
for reader in readers.iter()?.filter(key::filter_connected) {
|
||||
@@ -350,7 +350,7 @@ fn main() -> Result<(), Error> {
|
||||
eprintln!("make your choice, or press [Esc] or [q] to quit.");
|
||||
eprintln!();
|
||||
|
||||
if !Readers::open()?.iter()?.any(key::is_connected) {
|
||||
if !Context::open()?.iter()?.any(key::is_connected) {
|
||||
eprintln!("⏳ Please insert the YubiKey you want to set up.");
|
||||
};
|
||||
let mut readers = key::wait_for_readers()?;
|
||||
|
||||
+4
-5
@@ -1,10 +1,9 @@
|
||||
use std::fmt;
|
||||
|
||||
use x509_parser::{certificate::X509Certificate, der_parser::oid::Oid};
|
||||
use yubikey_piv::{
|
||||
key::{RetiredSlotId, SlotId},
|
||||
policy::{PinPolicy, TouchPolicy},
|
||||
Serial, YubiKey,
|
||||
use yubikey::{
|
||||
piv::{RetiredSlotId, SlotId},
|
||||
PinPolicy, Serial, TouchPolicy, YubiKey,
|
||||
};
|
||||
|
||||
use crate::{error::Error, key::Stub, p256::Recipient, BINARY_NAME, USABLE_SLOTS};
|
||||
@@ -144,7 +143,7 @@ impl Metadata {
|
||||
// We can extract the PIN and touch policies via an attestation. This
|
||||
// is slow, but the user has asked for all compatible keys, so...
|
||||
let (pin_policy, touch_policy) =
|
||||
yubikey_piv::key::attest(yubikey, SlotId::Retired(slot))
|
||||
yubikey::piv::attest(yubikey, SlotId::Retired(slot))
|
||||
.ok()
|
||||
.and_then(|buf| {
|
||||
x509_parser::parse_x509_certificate(&buf)
|
||||
|
||||
Reference in New Issue
Block a user