diff --git a/yubikey-ca-java/README.md b/yubikey-ca-java/README.md index 8276b2b..5956fc2 100644 --- a/yubikey-ca-java/README.md +++ b/yubikey-ca-java/README.md @@ -35,8 +35,9 @@ $ java -jar yubikey-ca-java.jar --issue-root-ca \ ```shell $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \ - --sign-slot 88 --subject 'CN=Hatter EC Intermediate CA' \ + --sign-slot 88 \ --cert-slot 89 --root-ca-id 43 \ + --subject 'CN=Hatter EC Intermediate CA' \ [--pin ******] \ [--add-to-remote] ``` @@ -45,11 +46,12 @@ $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \ ```shell $ java -jar yubikey-ca-java.jar --issue-server-ca \ - --sign-slot 89 --subject 'CN=hatter-test' \ + --sign-slot 89 \ --intermediate-ca-id 44 --keypair-type secp256r1 \ + --subject 'CN=hatter-test' \ --dns-name a.example.com --dns-name b.example.com \ [--pin ******] \ - [--cert-slot NN | --cert-file ] \ + [--cert-slot NN | --cert-file ] | --cert-public-key '-----BEGIN PUBLIC KEY-----...' \ [--add-to-remote] ``` @@ -57,8 +59,9 @@ $ java -jar yubikey-ca-java.jar --issue-server-ca \ ```shell $ java -jar yubikey-ca-java.jar --issue-client-ca \ - --sign-slot 89 --subject 'CN=hatter-test' \ + --sign-slot 89 \ --intermediate-ca-id 44 --keypair-type secp256r1 \ + --subject 'CN=hatter-test' \ [--pin ******] \ [--add-to-remote] ``` @@ -67,8 +70,9 @@ $ java -jar yubikey-ca-java.jar --issue-client-ca \ ```shell $ java -jar yubikey-ca-java.jar --issue-client-code-ca \ - --sign-slot 89 --subject 'CN=hatter-test-code' \ + --sign-slot 89 \ --intermediate-ca-id 44 --keypair-type secp256r1 \ + --subject 'CN=hatter-test-code' \ [--pin ******] \ [--add-to-remote] ``` @@ -77,8 +81,9 @@ or ```shell $ java -jar yubikey-ca-java.jar --issue-client-code-ca \ - --sign-slot 89 --cert-slot 90 --subject 'CN=Hatter Signing CA' --valid-years 10 \ + --sign-slot 89 --cert-slot 90 \ --intermediate-ca-id 44 \ + --subject 'CN=Hatter Signing CA' --valid-years 10 \ --pin ****** \ [--add-to-remote] ``` diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java index f7fba37..46bfb51 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java @@ -53,9 +53,12 @@ public class YubikeyCaArgs { @Option(names = {"--cert-slot"}, description = "Slot for cert") String certSlot; - @Option(names = {"--cert-file"}, description = "File for cert(PEM)") + @Option(names = {"--cert-file"}, description = "File for cert(Public key PEM)") String certFile; + @Option(names = {"--cert-public-key"}, description = "PEM for cert(Public key PEM)") + String certPublicKey; + @Option(names = {"--pin"}, description = "Yubikey PIV PIN") String pin; diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java index 5d5ea06..4a17e24 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java @@ -2,5 +2,5 @@ package me.hatter.tools.yubikeyca; public interface YubikeyCaConstant { String NAME = "yubikey-ca"; - String VERSION = "0.2.5"; + String VERSION = "0.2.6"; } diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java index 5783e40..4de31a6 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java @@ -1,5 +1,6 @@ package me.hatter.tools.yubikeyca; +import me.hatter.tools.commons.bytes.Bytes; import me.hatter.tools.commons.datetime.DateTimeUtil; import me.hatter.tools.commons.io.RFile; import me.hatter.tools.commons.log.LogConfig; @@ -56,7 +57,8 @@ public class YubikeyCaMain { log.error("Intermediate CA id is required."); return; } - if (StringUtil.isEmpty(args.keypairType) && StringUtil.isEmpty(args.certSlot)) { + if (StringUtil.isEmpty(args.keypairType) && StringUtil.isEmpty(args.certFile) + && StringUtil.isEmpty(args.certPublicKey) && StringUtil.isEmpty(args.certSlot)) { log.error("Keypair type or cert slot is required."); return; } @@ -75,6 +77,12 @@ public class YubikeyCaMain { if (StringUtil.isNotEmpty(args.certFile)) { final String certPem = RFile.from(args.certFile).string(); publicKey = KeyUtil.parsePublicKeyPEM(certPem); + } else if (StringUtil.isNotEmpty(args.certPublicKey)) { + if (args.certPublicKey.contains("-----")) { + publicKey = KeyUtil.parsePublicKeyPEM(args.certPublicKey); + } else { + publicKey = KeyUtil.parsePublicKey(Bytes.fromBase64(args.certPublicKey)); + } } else if (StringUtil.isNotEmpty(args.certSlot)) { final PivMeta certPivMeta = CardCliUtil.getPivPublicKey(args.certSlot); publicKey = certPivMeta.getPublicKey();