From 16ceca8461bd7ed925eabff5394bc823d88ce2ee Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Fri, 13 Dec 2024 13:22:02 -0800 Subject: [PATCH] Cleanup command line options for auth / share input. Not sure this is the "right" way since we're duplicating a structure, just w/ different clap stuff ... it works. --- src/main.rs | 12 ++++++------ src/secret_reader.rs | 43 ++++++++++++++++++++++++++----------------- 2 files changed, 32 insertions(+), 23 deletions(-) diff --git a/src/main.rs b/src/main.rs index da97a61..b3fc9df 100644 --- a/src/main.rs +++ b/src/main.rs @@ -26,7 +26,7 @@ use oks::{ }, hsm::Hsm, secret_reader::{ - self, PasswordReader, SecretInputArg, StdioPasswordReader, + self, AuthInputArg, PasswordReader, ShareInputArg, StdioPasswordReader, }, secret_writer::{self, SecretOutputArg}, util, @@ -75,7 +75,7 @@ struct Args { enum Command { Ca { #[clap(flatten)] - auth_method: SecretInputArg, + auth_method: AuthInputArg, #[command(subcommand)] command: CaCommand, @@ -159,7 +159,7 @@ enum HsmCommand { /// Generate keys in YubiHSM from specification. Generate { #[clap(flatten)] - auth_method: SecretInputArg, + auth_method: AuthInputArg, #[clap(long, env, default_value = "input")] key_spec: PathBuf, @@ -185,7 +185,7 @@ enum HsmCommand { backups: PathBuf, #[clap(flatten)] - share_method: SecretInputArg, + share_method: ShareInputArg, #[clap(long, env, default_value = "input/verifier.json")] verifier: PathBuf, @@ -194,7 +194,7 @@ enum HsmCommand { /// Get serial number from YubiHSM and dump to console. SerialNumber { #[clap(flatten)] - auth_method: SecretInputArg, + auth_method: AuthInputArg, }, } @@ -239,7 +239,7 @@ fn get_auth_id(auth_id: Option, command: &HsmCommand) -> Id { /// the user with a password prompt. fn get_passwd( auth_id: Option, - auth_method: &SecretInputArg, + auth_method: &AuthInputArg, command: &HsmCommand, ) -> Result> { let passwd = match env::var(ENV_PASSWORD).ok() { diff --git a/src/secret_reader.rs b/src/secret_reader.rs index 89b5a65..fe5a1b4 100644 --- a/src/secret_reader.rs +++ b/src/secret_reader.rs @@ -28,15 +28,6 @@ pub enum SecretInput { Stdio, } -#[derive(Args, Clone, Debug, Default, PartialEq)] -pub struct SecretInputArg { - #[clap(long, env)] - auth_method: SecretInput, - - #[clap(long, env)] - auth_dev: Option, -} - impl From for ArgPredicate { fn from(val: SecretInput) -> Self { let rep = match val { @@ -58,20 +49,29 @@ impl From for &str { } } +#[derive(Args, Clone, Debug, Default, PartialEq)] +pub struct AuthInputArg { + #[clap(long = "auth-method", env)] + method: SecretInput, + + #[clap(long = "auth-device", env)] + device: Option, +} + pub trait PasswordReader { fn read(&mut self, prompt: &str) -> Result>; } pub fn get_passwd_reader( - input: &SecretInputArg, + input: &AuthInputArg, ) -> Result> { - Ok(match input.auth_method { + Ok(match input.method { SecretInput::Cdr => { - let cdr = CdReader::new(input.auth_dev.as_ref()); + let cdr = CdReader::new(input.device.as_ref()); Box::new(CdrPasswordReader::new(cdr)) } SecretInput::Iso => { - Box::new(IsoPasswordReader::new(input.auth_dev.as_ref())?) + Box::new(IsoPasswordReader::new(input.device.as_ref())?) } SecretInput::Stdio => Box::new(StdioPasswordReader {}), }) @@ -139,17 +139,26 @@ impl PasswordReader for CdrPasswordReader { } } +#[derive(Args, Clone, Debug, Default, PartialEq)] +pub struct ShareInputArg { + #[clap(long = "share-method", env)] + method: SecretInput, + + #[clap(long = "share-device", env)] + device: Option, +} + pub fn get_share_reader( - input: &SecretInputArg, + input: &ShareInputArg, verifier: Verifier, ) -> Result>>>> { - Ok(match input.auth_method { + Ok(match input.method { SecretInput::Cdr => { - let cdr = CdReader::new(input.auth_dev.as_ref()); + let cdr = CdReader::new(input.device.as_ref()); Box::new(CdrShareReader::new(cdr, verifier)) } SecretInput::Iso => { - Box::new(IsoShareReader::new(input.auth_dev.as_ref(), verifier)?) + Box::new(IsoShareReader::new(input.device.as_ref(), verifier)?) } SecretInput::Stdio => Box::new(StdioShareReader::new(verifier)), })