cli/command/
certificate.rs1use crate::{
6 cli::SubCommand, command::CommandError, device::with_device, handle::Handle, job::Job,
7};
8use clap::Args;
9use tpm2_protocol::data::TpmPt;
10
11#[derive(Args, Debug)]
13pub struct Certificate {
14 #[arg(value_name = "nv-index")]
16 pub nv_index: Handle,
17}
18
19impl SubCommand for Certificate {
20 fn run(&self, job: &mut Job) -> Result<(), CommandError> {
21 with_device(job.device.clone(), |device| {
22 let max_read_size = device.get_tpm_property(TpmPt::NvBufferMax)? as usize;
23 let handle = self.nv_index.value();
24 let auths = vec![job.auth_list.first().cloned().unwrap_or_default()];
25 if let Some(cert_bytes) = job.read_certificate(device, &auths, handle, max_read_size)? {
26 let pem_cert = pem::encode(&pem::Pem::new("CERTIFICATE", cert_bytes));
27 writeln!(job.writer, "{pem_cert}")?;
28 } else {
29 log::warn!("{handle:08x}: no certificate");
30 }
31 Ok(())
32 })
33 }
34}