From 1a49de128adb6007196f34ca59d56aead3387253 Mon Sep 17 00:00:00 2001
From: Per Nilsson <per.nilsson@yubico.com>
Date: Wed, 21 Jun 2023 09:37:23 +0200
Subject: [PATCH] Add get-metadata action

---
 tool/cmdline.ggo       |  2 +-
 tool/yubico-piv-tool.c | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/tool/cmdline.ggo b/tool/cmdline.ggo
index 4a5b103d..ac92a7d2 100644
--- a/tool/cmdline.ggo
+++ b/tool/cmdline.ggo
@@ -33,7 +33,7 @@ option "action" a "Action to take" values="version","generate","set-mgm-key",
        "request-certificate","verify-pin","change-pin","change-puk","unblock-pin",
        "selfsign-certificate","delete-certificate","read-certificate","status",
        "test-signature","test-decipher","list-readers","set-ccc","write-object",
-       "read-object","attest" enum multiple
+       "read-object","attest","get-metadata" enum multiple
 text   "
        Multiple actions may be given at once and will be executed in order
        for example --action=verify-pin --action=request-certificate\n"
diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
index 0487bdb5..e15316d2 100644
--- a/tool/yubico-piv-tool.c
+++ b/tool/yubico-piv-tool.c
@@ -2062,6 +2062,30 @@ static bool attest(ykpiv_state *state, enum enum_slot slot,
   return ret;
 }
 
+static bool get_metadata(ykpiv_state *state, enum enum_slot slot) {
+  unsigned char data[2048] = {0};
+  size_t len = sizeof(data);
+
+  int key = get_slot_hex(slot);
+  if (ykpiv_get_metadata(state, key, data, &len) != YKPIV_OK) {
+    fprintf(stderr, "Failed to get metadata.\n");
+    return false;
+  }
+
+  ykpiv_metadata md = {0};
+  if(ykpiv_util_parse_metadata(data, len, &md) != YKPIV_OK) {
+    fprintf(stderr, "Failed to parse metadata.\n");
+    return false;
+  }
+  
+  printf("Algorithm: %u\n", md.algorithm);
+  printf("Origin: %u\n", md.origin);
+  printf("Pin policy: %u\n", md.pin_policy);
+  printf("Touch policy: %u\n", md.touch_policy);
+
+  return true;
+}
+
 static bool write_object(ykpiv_state *state, int id,
     const char *input_file_name, int verbosity, enum enum_format format) {
   bool ret = false;
@@ -2329,6 +2353,7 @@ int main(int argc, char *argv[]) {
       case action_arg_testMINUS_decipher:
       case action_arg_listMINUS_readers:
       case action_arg_attest:
+      case action_arg_getMINUS_metadata:
       case action_arg_readMINUS_object:
       case action__NULL:
       default:
@@ -2560,6 +2585,11 @@ int main(int argc, char *argv[]) {
           ret = EXIT_FAILURE;
         }
         break;
+      case action_arg_getMINUS_metadata:
+        if(get_metadata(state, args_info.slot_arg) == false) {
+          ret = EXIT_FAILURE;
+        }
+        break;
       case action__NULL:
       default:
         fprintf(stderr, "Wrong action. %d.\n", action);