From 203d19095599bf72db079739d56ca2f008b4cb6f Mon Sep 17 00:00:00 2001
From: ryan <ryan@distrust.co>
Date: Mon, 8 Jan 2024 13:13:08 -0500
Subject: [PATCH] keyfork wizard generate-shard-secret: cache all seen cards
 instead of last seen card

---
 keyfork/src/cli/wizard.rs | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/keyfork/src/cli/wizard.rs b/keyfork/src/cli/wizard.rs
index 298ce03..2ee296e 100644
--- a/keyfork/src/cli/wizard.rs
+++ b/keyfork/src/cli/wizard.rs
@@ -1,13 +1,9 @@
 use super::Keyfork;
 use clap::{Parser, Subcommand};
+use std::collections::HashSet;
 
 use card_backend_pcsc::PcscBackend;
-use openpgp_card::card_do::ApplicationIdentifier;
-use openpgp_card_sequoia::{
-    state::Open,
-    types::KeyType,
-    Card,
-};
+use openpgp_card_sequoia::{state::Open, types::KeyType, Card};
 
 use keyfork_derive_openpgp::openpgp::{self, packet::UserID, types::KeyFlags, Cert};
 use keyfork_derive_util::{
@@ -49,7 +45,7 @@ fn derive_key(seed: &[u8], index: u8) -> Result<Cert> {
 // TODO: extract into crate
 /// Factory reset the current card so long as it does not match the last-used backend.
 fn factory_reset_current_card(
-    previous_backend: &mut Option<ApplicationIdentifier>,
+    seen_cards: &mut HashSet<String>,
     cert: &Cert,
 ) -> Result<()> {
     let policy = openpgp::policy::NullPolicy::new();
@@ -75,12 +71,12 @@ fn factory_reset_current_card(
     if let Some(current_backend) = PcscBackend::cards(None)?.next().transpose()? {
         let mut card = Card::<Open>::new(current_backend)?;
         let mut transaction = card.transaction()?;
-        let application_identifier = transaction.application_identifier()?;
-        if previous_backend.is_some_and(|pb| pb == application_identifier) {
+        let application_identifier = transaction.application_identifier()?.ident();
+        if seen_cards.contains(&application_identifier) {
             // we were given the same card, error
             panic!("Previously used card {application_identifier} was reused");
         } else {
-            let _ = previous_backend.insert(application_identifier);
+            seen_cards.insert(application_identifier);
         }
         transaction.factory_reset()?;
         let mut admin = transaction.to_admin_card("12345678")?;
@@ -98,15 +94,17 @@ fn generate_shard_secret(threshold: u8, max: u8, keys_per_shard: u8) -> Result<(
     let seed = keyfork_plumbing::generate_entropy_of_size(256 / 8)?;
     let mut pm = PromptManager::new(std::io::stdin(), std::io::stderr())?;
     let mut certs = vec![];
-    let mut last_card = None;
+    let mut seen_cards: HashSet<String> = HashSet::new();
 
     for index in 0..max {
         let cert = derive_key(&seed, index)?;
         for i in 0..keys_per_shard {
             pm.prompt_message(&Message::Text(format!(
-                "Please insert user {index} key {i}"
+                "Please insert key #{} for user #{}",
+                i + 1,
+                index + 1,
             )))?;
-            factory_reset_current_card(&mut last_card, &cert)?;
+            factory_reset_current_card(&mut seen_cards, &cert)?;
         }
         certs.push(cert);
     }