From b6f322a99f5c864868ad1450bfeb342e7dae3222 Mon Sep 17 00:00:00 2001
From: Robin Krahl <robin.krahl@ireas.org>
Date: Thu, 27 Dec 2018 16:56:23 +0100
Subject: Implement the pws get subcommand
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This patch implements the pws get subcommand that provides read access
to a slot of the password safe.  Per default, all available information
– slot name, login and password – are printed.  If one or more of the
options --name, --login and --password are set, only the selected fields
are printed.  If --quiet is set, the field description is omitted such
that the output can be easily parsed by other applications.
---
 nitrocli/src/commands.rs | 52 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

(limited to 'nitrocli/src/commands.rs')

diff --git a/nitrocli/src/commands.rs b/nitrocli/src/commands.rs
index b018a58..125b344 100644
--- a/nitrocli/src/commands.rs
+++ b/nitrocli/src/commands.rs
@@ -49,6 +49,21 @@ fn get_storage_device() -> Result<nitrokey::Storage> {
   })
 }
 
+/// Open the password safe on the given device.
+fn get_password_safe(device: &dyn Device) -> Result<nitrokey::PasswordSafe<'_>> {
+  try_with_passphrase_and_data(
+    pinentry::PinType::User,
+    "Could not access the password safe",
+    (),
+    |_, passphrase| {
+      device
+        .get_password_safe(passphrase)
+        .map_err(|err| ((), err))
+    },
+  )
+  .map_err(|(_, err)| err)
+}
+
 /// Authenticate the given device using the given PIN type and operation.
 ///
 /// If an error occurs, the error message `msg` is used.
@@ -532,6 +547,43 @@ pub fn pin_unblock() -> Result<()> {
   )
 }
 
+fn print_pws_data(
+  description: &'static str,
+  result: result::Result<String, nitrokey::CommandError>,
+  quiet: bool,
+) -> Result<()> {
+  let value = result.map_err(|err| get_error("Could not access PWS slot", &err))?;
+  if quiet {
+    println!("{}", value);
+  } else {
+    println!("{} {}", description, value);
+  }
+  Ok(())
+}
+
+/// Read a PWS slot.
+pub fn pws_get(
+  slot: u8,
+  show_name: bool,
+  show_login: bool,
+  show_password: bool,
+  quiet: bool,
+) -> Result<()> {
+  let device = get_device()?;
+  let pws = get_password_safe(&device)?;
+  let show_all = !show_name && !show_login && !show_password;
+  if show_all || show_name {
+    print_pws_data("name:    ", pws.get_slot_name(slot), quiet)?;
+  }
+  if show_all || show_login {
+    print_pws_data("login:   ", pws.get_slot_login(slot), quiet)?;
+  }
+  if show_all || show_password {
+    print_pws_data("password:", pws.get_slot_password(slot), quiet)?;
+  }
+  Ok(())
+}
+
 #[cfg(test)]
 mod tests {
   use super::*;
-- 
cgit v1.2.1