Implement user and admin authentication

This patch implements authentication with the user or admin PIN.  This
is a preparation for the `otp get` and `otp set` commands which require
user and admin access to the Nitrokey.

1 files changed, 46 insertions, 0 deletions

diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
index b3e71a1..9761728 100644
--- a/nitrocli/src/commands.rs
+++ b/nitrocli/src/commands.rs
@@ -19,6 +19,8 @@
 
 use std::result;
 
+use nitrokey::Device;
+
 use crate::error::Error;
 use crate::pinentry;
 use crate::Result;
@@ -34,6 +36,50 @@ fn get_storage_device() -> Result<nitrokey::Storage> {
     .or_else(|_| Err(Error::Error("Nitrokey device not found".to_string())))
 }
 
+/// Authenticate the given device using the given PIN type and operation.
+///
+/// If an error occurs, the error message `msg` is used.
+fn authenticate<D, A, F>(
+  device: D,
+  pin_type: pinentry::PinType,
+  msg: &'static str,
+  op: F,
+) -> Result<A>
+where
+  D: Device,
+  F: Fn(D, &str) -> result::Result<A, (D, nitrokey::CommandError)>,
+{
+  try_with_passphrase_and_data(pin_type, msg, device, op).map_err(|(_device, err)| err)
+}
+
+/// Authenticate the given device with the user PIN.
+#[allow(unused)]
+fn authenticate_user<T>(device: T) -> Result<nitrokey::User<T>>
+where
+  T: Device,
+{
+  authenticate(
+    device,
+    pinentry::PinType::User,
+    "Could not authenticate as user",
+    |device, passphrase| device.authenticate_user(passphrase),
+  )
+}
+
+/// Authenticate the given device with the admin PIN.
+#[allow(unused)]
+fn authenticate_admin<T>(device: T) -> Result<nitrokey::Admin<T>>
+where
+  T: Device,
+{
+  authenticate(
+    device,
+    pinentry::PinType::Admin,
+    "Could not authenticate as admin",
+    |device, passphrase| device.authenticate_admin(passphrase),
+  )
+}
+
 /// Return a string representation of the given volume status.
 fn get_volume_status(status: &nitrokey::VolumeStatus) -> &'static str {
   if status.active {