From d96e56651b88e26c8a7c4e6d944722315f43d822 Mon Sep 17 00:00:00 2001
From: Heiko Schaefer <heiko@schaefer.name>
Date: Tue, 31 May 2022 01:14:56 +0200
Subject: [PATCH] Add callback Fn for touch confirmation prompt to generate
 attestations.

---
 openpgp-card-sequoia/src/card.rs | 15 ++++++++++++++-
 tools/src/bin/opgpcard/main.rs   |  4 +++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/openpgp-card-sequoia/src/card.rs b/openpgp-card-sequoia/src/card.rs
index 604b648..9b6c276 100644
--- a/openpgp-card-sequoia/src/card.rs
+++ b/openpgp-card-sequoia/src/card.rs
@@ -379,7 +379,20 @@ impl<'app, 'open> Sign<'app, 'open> {
     }
 
     /// Generate Attestation (Yubico)
-    pub fn generate_attestation(&mut self, key_type: KeyType) -> Result<(), Error> {
+    pub fn generate_attestation(
+        &mut self,
+        key_type: KeyType,
+        touch_prompt: &'open (dyn Fn() + Send + Sync),
+    ) -> Result<(), Error> {
+        // Touch is required if:
+        // - the card supports the feature
+        // - and the policy is set to a value other than 'Off'
+        if let Some(uif) = self.oc.ard.uif_attestation()? {
+            if uif.touch_policy().touch_required() {
+                (touch_prompt)();
+            }
+        }
+
         self.oc.opt.generate_attestation(key_type)
     }
 }
diff --git a/tools/src/bin/opgpcard/main.rs b/tools/src/bin/opgpcard/main.rs
index 88cc7dc..ec3a942 100644
--- a/tools/src/bin/opgpcard/main.rs
+++ b/tools/src/bin/opgpcard/main.rs
@@ -115,7 +115,9 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
                         return Err(anyhow!("Unexpected Key Type {}", key).into());
                     }
                 };
-                sign.generate_attestation(kt)?;
+                sign.generate_attestation(kt, &|| {
+                    println!("Touch confirmation needed to generate an attestation")
+                })?;
             }
             cli::AttCommand::Statement { ident, key } => {
                 let mut card = pick_card_for_reading(ident)?;