From 67e9f9b9a002015112d62692b1e70a7a31058af4 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Fri, 22 Apr 2022 15:21:42 +0200
Subject: [PATCH] Implement CA Fingerprints

---
 openpgp-card/src/card_do.rs | 28 +++++++++++++++++++---------
 openpgp-card/src/openpgp.rs | 21 +++++++++++++++++++++
 2 files changed, 40 insertions(+), 9 deletions(-)

diff --git a/openpgp-card/src/card_do.rs b/openpgp-card/src/card_do.rs
index 3e39ab0..f18add8 100644
--- a/openpgp-card/src/card_do.rs
+++ b/openpgp-card/src/card_do.rs
@@ -150,11 +150,22 @@ impl ApplicationRelatedData {
         }
     }
 
-    // FIXME
-    // #[allow(dead_code)]
-    // fn ca_fingerprints() {
-    //     unimplemented!()
-    // }
+    pub fn ca_fingerprints(&self) -> Result<[Option<Fingerprint>; 3], Error> {
+        let fp = self.0.find(&[0xc6].into());
+
+        if let Some(fp) = fp {
+            // FIXME: using a KeySet is a weird hack
+            let fp: KeySet<Fingerprint> = (&fp.serialize()[..]).try_into()?;
+
+            let fp = [fp.signature, fp.decryption, fp.authentication];
+
+            log::trace!("CA Fp: {:x?}", fp);
+
+            Ok(fp)
+        } else {
+            Err(Error::NotFound("Failed to get CA fingerprints.".into()))
+        }
+    }
 
     /// Generation dates/times of key pairs
     pub fn key_generation_times(&self) -> Result<KeySet<KeyGenerationTime>, crate::Error> {
@@ -173,10 +184,9 @@ impl ApplicationRelatedData {
         }
     }
 
-    // #[allow(dead_code)]
-    // fn key_information() {
-    //     unimplemented!()
-    // }
+    fn key_information() {
+        unimplemented!()
+    }
 
     pub fn uif_pso_cds(&self) -> Result<Option<UIF>, Error> {
         let uif = self.0.find(&[0xd6].into());
diff --git a/openpgp-card/src/openpgp.rs b/openpgp-card/src/openpgp.rs
index fabcd89..7a15674 100644
--- a/openpgp-card/src/openpgp.rs
+++ b/openpgp-card/src/openpgp.rs
@@ -660,6 +660,27 @@ impl<'a> OpenPgpTransaction<'a> {
         apdu::send_command(self.tx(), fp_cmd, false)?.try_into()
     }
 
+    pub fn set_ca_fingerprint_1(&mut self, fp: Fingerprint) -> Result<(), Error> {
+        log::info!("OpenPgpTransaction: set_ca_fingerprint_1");
+
+        let fp_cmd = commands::put_data(&[0xCA], fp.as_bytes().to_vec());
+        apdu::send_command(self.tx(), fp_cmd, false)?.try_into()
+    }
+
+    pub fn set_ca_fingerprint_2(&mut self, fp: Fingerprint) -> Result<(), Error> {
+        log::info!("OpenPgpTransaction: set_ca_fingerprint_2");
+
+        let fp_cmd = commands::put_data(&[0xCB], fp.as_bytes().to_vec());
+        apdu::send_command(self.tx(), fp_cmd, false)?.try_into()
+    }
+
+    pub fn set_ca_fingerprint_3(&mut self, fp: Fingerprint) -> Result<(), Error> {
+        log::info!("OpenPgpTransaction: set_ca_fingerprint_3");
+
+        let fp_cmd = commands::put_data(&[0xCC], fp.as_bytes().to_vec());
+        apdu::send_command(self.tx(), fp_cmd, false)?.try_into()
+    }
+
     /// Set PW Status Bytes.
     ///
     /// If `long` is false, send 1 byte to the card, otherwise 4.