use std::env;

use sshcerts::yubikey::piv::Yubikey;
use sshcerts::yubikey::piv::{RetiredSlotId, SlotId};

use std::convert::TryFrom;

fn help() {
    println!("Print the SSH key fingerprint for all Yubikey slots");
    println!("Usage: yk-fingerprint");
}

fn main() {
    if env::args().len() > 1 {
        return help();
    }
    let mut yk = Yubikey::new().unwrap();

    println!("Normal Slots:");
    for slot in [0x9a, 0x9c, 0x9e, 0x9d, 0x9e, 0xf9]
        .iter()
        .map(|x| *x as u8)
    {
        let slot = SlotId::try_from(slot).unwrap();
        match (yk.fetch_subject(&slot), yk.ssh_cert_fetch_pubkey(&slot)) {
            (Ok(subj), Ok(cert)) => {
                let attest = yk.fetch_attestation(&slot);
                println!(
                    "\t{:?}:\t[Fingerprint: {}] [Attest: {}] Subject: [{}]",
                    &slot,
                    cert.fingerprint().hash,
                    if attest.is_ok() { "Yes" } else { "No " },
                    subj
                )
            }
            _ => println!("\t{:?}:\tNo cert found", slot),
        }
    }

    println!("Retired Slots:");
    for slot in 0x82..0x96_u8 {
        let slot = SlotId::Retired(RetiredSlotId::try_from(slot).unwrap());
        match (yk.fetch_subject(&slot), yk.ssh_cert_fetch_pubkey(&slot)) {
            (Ok(subj), Ok(cert)) => {
                let attest = yk.fetch_attestation(&slot);
                println!(
                    "\t{:?}:\t[Fingerprint: {}] [Attest: {}] Subject: [{}]",
                    slot,
                    cert.fingerprint().hash,
                    if attest.is_ok() { "Yes" } else { "No " },
                    subj,
                )
            }
            _ => println!("\t{:?}:\tNo cert found", slot),
        }
    }
}