From 81753c41d8059866e768481ee59b1177704c97c6 Mon Sep 17 00:00:00 2001
From: Krishnaswamy Subramanian <jskswamy@gmail.com>
Date: Fri, 5 Oct 2018 00:49:40 +0530
Subject: [PATCH] Suport hardware keys

---
 README.md       | 13 +++++++++++++
 lazy-connect.sh | 52 +++++++++++++++++++++++++++++++++++++++++++------
 2 files changed, 59 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index a75fbcd..e42d66a 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,19 @@ lazy-connect - Shell function to fuzzy search an IPSec VPN by name
 -h    - Show this help
 ```
 
+### YubiKey Support
+
+#### Prerequisite
+
+1. [yubikey-manager](https://github.com/Yubico/yubikey-manager)
+
+To use `TOTP` from YubiKey set the following environment variable
+
+```sh
+export LAZY_CONNECT_TOTP_GENERATOR=yubikey
+export LAZY_CONNECT_TOTP_QUERY=<name of the issuer>
+```
+
 ### Warning
 
 - The secret key to generate TOTP is stored as plain text in `~/.config/lazy-connect/secret`
diff --git a/lazy-connect.sh b/lazy-connect.sh
index 1546b36..d1b184e 100755
--- a/lazy-connect.sh
+++ b/lazy-connect.sh
@@ -1,13 +1,19 @@
 #!/bin/bash
 
+TOTP_MODE=${LAZY_CONNECT_TOTP_GENERATOR:-oathtool}
+
 _lazy_connect_config_dir=~/.config/lazy-connect
 _lazy_connect_project_dir=~/.lazy-connect
 
 function _lazy_connect_init() {
-  echo -n "Secret Key: "
-  read -s secret_key
-  echo "**********"
-  echo $secret_key > $_lazy_connect_config_dir/secret
+  case $TOTP_MODE in
+  oathtool)
+    echo -n "Secret Key: "
+    read -s secret_key
+    echo "**********"
+    echo $secret_key >$_lazy_connect_config_dir/secret
+    ;;
+  esac
   _lazy_connect_vpn_refresh
 }
 
@@ -60,10 +66,44 @@ lazy-connect - Shell function to fuzzy search an IPSec VPN by name
 EOF
 }
 
+function _lazy_connect_get_totp() {
+  secret_key=$1
+  case $TOTP_MODE in
+  oathtool)
+    password=$(oathtool --totp --base32 $secret_key)
+    return 0
+    ;;
+  yubikey)
+    if ! [ -x "$(command -v ykman)" ]; then
+      echo 'Error: ykman tool not installed.' >&2
+      exit 1
+    fi
+    if [ -z "$LAZY_CONNECT_TOTP_QUERY" ]; then
+      echo "Error: LAZY_CONNECT_TOTP_QUERY not set"
+      exit 1
+    else
+      password=$(ykman oath code $LAZY_CONNECT_TOTP_QUERY 2>/dev/null | awk '{print $2}')
+    fi
+    ;;
+  esac
+}
+
 function _lazy_connect() {
   vpn_name=$1
-  secret_key=$2
-  password=$(oathtool --totp --base32 $secret_key)
+  _lazy_connect_get_totp $2
+
+  if [ -z "$password" ]; then
+    case $TOTP_MODE in
+    oathtool)
+      echo "Error: Unable to generate otp using oathtool"
+      return 1
+      ;;
+    yubikey)
+      echo "Error: No YubiKey found"
+      return 1
+      ;;
+    esac
+  fi
 
   osascript <<EOF
     on connectVpn(vpnName, password)