diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java index 5db1db5..f7fba37 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java @@ -53,6 +53,9 @@ public class YubikeyCaArgs { @Option(names = {"--cert-slot"}, description = "Slot for cert") String certSlot; + @Option(names = {"--cert-file"}, description = "File for cert(PEM)") + String certFile; + @Option(names = {"--pin"}, description = "Yubikey PIV PIN") String pin; diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java index d2552ca..d769d37 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java @@ -67,15 +67,18 @@ public class YubikeyCaMain { final PublicKey publicKey; PrivateKey privateKey = null; - if (StringUtil.isEmpty(args.certSlot)) { + if (StringUtil.isNotEmpty(args.certFile)) { + final String certPem = RFile.from(args.certFile).string(); + publicKey = KeyUtil.parsePublicKeyPEM(certPem); + } else if (StringUtil.isNotEmpty(args.certSlot)) { + final PivMeta certPivMeta = CardCliUtil.getPivPublicKey(args.certSlot); + publicKey = certPivMeta.getPublicKey(); + } else { final PKType pkType = getPkTypeFromArgs(args); if (pkType == null) return; final KeyPair keyPair = KeyPairTool.instance(pkType).generateKeyPair().getKeyPair(); publicKey = keyPair.getPublic(); privateKey = keyPair.getPrivate(); - } else { - final PivMeta certPivMeta = CardCliUtil.getPivPublicKey(args.certSlot); - publicKey = certPivMeta.getPublicKey(); } final String cardCliCmd = CardCliUtil.getCardCliCmd();