hatter/yubikey-ca
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: piv meta public key

Browse Source
This commit is contained in:
Hatter Jiang
2023-05-20 22:06:12 +08:00
parent 327ca8d2af
commit 4d28b8a8f6
2 changed files with 20 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
View File

@@ -1,6 +1,6 @@
package me.hatter.tools.yubikeyca;
import com.alibaba.fastjson.JSONObject;
import me.hatter.tools.commons.collection.Tuple2;
import me.hatter.tools.commons.log.LogConfig;
import me.hatter.tools.commons.log.LogTool;
import me.hatter.tools.commons.log.LogTools;
@@ -74,8 +74,8 @@ public class YubikeyCaMain {
final X509Certificate intermediateCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId);
final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(args.signSlot);
final String signAlgorithm = signPivMetaJsonObject.getString("algorithm");
final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
final String signAlgorithm = signPivPublicKey.getVal1();
final KeyPair keyPair = KeyPairTool.instance(pkType).generateKeyPair().getKeyPair();
@@ -117,10 +117,9 @@ public class YubikeyCaMain {
final X509Certificate rootCertificate = CertificateUtil.getCertificate(args.pin, args.rootCaId);
final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(args.certSlot);
final String signAlgorithm = signPivMetaJsonObject.getString("algorithm");
final String certPublicKeyPem = signPivMetaJsonObject.getString("public_key_pem");
final PublicKey certPublicKey = KeyUtil.parsePublicKeyPEM(certPublicKeyPem);
final Tuple2<String, PublicKey> certPivPublicKey = CardCliUtil.getPivPublicKey(args.certSlot);
final String signAlgorithm = certPivPublicKey.getVal1();
final PublicKey certPublicKey = certPivPublicKey.getVal2();
final String cardCliCmd = CardCliUtil.getCardCliCmd();
final X509Certificate intermediateCa = CertificateAuthority.instance()
@@ -141,10 +140,9 @@ public class YubikeyCaMain {
private static void issueRootCa(YubikeyCaArgs args) {
if (checkCertificateArgs(args)) return;
final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(args.signSlot);
final String signAlgorithm = signPivMetaJsonObject.getString("algorithm");
final String certPublicKeyPem = signPivMetaJsonObject.getString("public_key_pem");
final PublicKey certPublicKey = KeyUtil.parsePublicKeyPEM(certPublicKeyPem);
final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
final String signAlgorithm = signPivPublicKey.getVal1();
final PublicKey certPublicKey = signPivPublicKey.getVal2();
final String cardCliCmd = CardCliUtil.getCardCliCmd();
final X509Certificate rootCa = CertificateAuthority.instance()

11
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
View File

@@ -5,12 +5,15 @@ import com.alibaba.fastjson.JSONObject;
import me.hatter.tools.commons.assertion.AssertUtil;
import me.hatter.tools.commons.bytes.Bytes;
import me.hatter.tools.commons.collection.CollectionUtil;
import me.hatter.tools.commons.collection.Tuple2;
import me.hatter.tools.commons.io.IOUtil;
import me.hatter.tools.commons.log.LogTool;
import me.hatter.tools.commons.log.LogTools;
import me.hatter.tools.commons.security.key.KeyUtil;
import me.hatter.tools.commons.string.StringUtil;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -31,6 +34,14 @@ public class CardCliUtil {
return Bytes.fromBase64(signJsonObject.getString("signed_data_base64")).bytes();
}
public static Tuple2<String, PublicKey> getPivPublicKey(String slot) {
final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(slot);
final String algorithm = signPivMetaJsonObject.getString("algorithm");
final String publicKeyPem = signPivMetaJsonObject.getString("public_key_pem");
final PublicKey publicKey = KeyUtil.parsePublicKeyPEM(publicKeyPem);
return Tuple2.of(algorithm, publicKey);
}
public static JSONObject getPivMeta(String slot) {
AssertUtil.notEmpty(slot, "Slot cannot be empty.");
return runCardCliAsJsonObject(Arrays.asList(