From 8d99d47558bdd4d6a5b392f448f3129f9ec61436 Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Sat, 12 Jul 2025 11:04:17 +0800 Subject: [PATCH] feat: v0.2.6, support --cert-public-ke --- yubikey-ca-java/README.md | 17 +++++++++++------ .../hatter/tools/yubikeyca/YubikeyCaArgs.java | 5 ++++- .../tools/yubikeyca/YubikeyCaConstant.java | 2 +- .../hatter/tools/yubikeyca/YubikeyCaMain.java | 10 +++++++++- 4 files changed, 25 insertions(+), 9 deletions(-) diff --git a/yubikey-ca-java/README.md b/yubikey-ca-java/README.md index 8276b2b..5956fc2 100644 --- a/yubikey-ca-java/README.md +++ b/yubikey-ca-java/README.md @@ -35,8 +35,9 @@ $ java -jar yubikey-ca-java.jar --issue-root-ca \ ```shell $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \ - --sign-slot 88 --subject 'CN=Hatter EC Intermediate CA' \ + --sign-slot 88 \ --cert-slot 89 --root-ca-id 43 \ + --subject 'CN=Hatter EC Intermediate CA' \ [--pin ******] \ [--add-to-remote] ``` @@ -45,11 +46,12 @@ $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \ ```shell $ java -jar yubikey-ca-java.jar --issue-server-ca \ - --sign-slot 89 --subject 'CN=hatter-test' \ + --sign-slot 89 \ --intermediate-ca-id 44 --keypair-type secp256r1 \ + --subject 'CN=hatter-test' \ --dns-name a.example.com --dns-name b.example.com \ [--pin ******] \ - [--cert-slot NN | --cert-file ] \ + [--cert-slot NN | --cert-file ] | --cert-public-key '-----BEGIN PUBLIC KEY-----...' \ [--add-to-remote] ``` @@ -57,8 +59,9 @@ $ java -jar yubikey-ca-java.jar --issue-server-ca \ ```shell $ java -jar yubikey-ca-java.jar --issue-client-ca \ - --sign-slot 89 --subject 'CN=hatter-test' \ + --sign-slot 89 \ --intermediate-ca-id 44 --keypair-type secp256r1 \ + --subject 'CN=hatter-test' \ [--pin ******] \ [--add-to-remote] ``` @@ -67,8 +70,9 @@ $ java -jar yubikey-ca-java.jar --issue-client-ca \ ```shell $ java -jar yubikey-ca-java.jar --issue-client-code-ca \ - --sign-slot 89 --subject 'CN=hatter-test-code' \ + --sign-slot 89 \ --intermediate-ca-id 44 --keypair-type secp256r1 \ + --subject 'CN=hatter-test-code' \ [--pin ******] \ [--add-to-remote] ``` @@ -77,8 +81,9 @@ or ```shell $ java -jar yubikey-ca-java.jar --issue-client-code-ca \ - --sign-slot 89 --cert-slot 90 --subject 'CN=Hatter Signing CA' --valid-years 10 \ + --sign-slot 89 --cert-slot 90 \ --intermediate-ca-id 44 \ + --subject 'CN=Hatter Signing CA' --valid-years 10 \ --pin ****** \ [--add-to-remote] ``` diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java index f7fba37..46bfb51 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java @@ -53,9 +53,12 @@ public class YubikeyCaArgs { @Option(names = {"--cert-slot"}, description = "Slot for cert") String certSlot; - @Option(names = {"--cert-file"}, description = "File for cert(PEM)") + @Option(names = {"--cert-file"}, description = "File for cert(Public key PEM)") String certFile; + @Option(names = {"--cert-public-key"}, description = "PEM for cert(Public key PEM)") + String certPublicKey; + @Option(names = {"--pin"}, description = "Yubikey PIV PIN") String pin; diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java index 5d5ea06..4a17e24 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java @@ -2,5 +2,5 @@ package me.hatter.tools.yubikeyca; public interface YubikeyCaConstant { String NAME = "yubikey-ca"; - String VERSION = "0.2.5"; + String VERSION = "0.2.6"; } diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java index 5783e40..4de31a6 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java @@ -1,5 +1,6 @@ package me.hatter.tools.yubikeyca; +import me.hatter.tools.commons.bytes.Bytes; import me.hatter.tools.commons.datetime.DateTimeUtil; import me.hatter.tools.commons.io.RFile; import me.hatter.tools.commons.log.LogConfig; @@ -56,7 +57,8 @@ public class YubikeyCaMain { log.error("Intermediate CA id is required."); return; } - if (StringUtil.isEmpty(args.keypairType) && StringUtil.isEmpty(args.certSlot)) { + if (StringUtil.isEmpty(args.keypairType) && StringUtil.isEmpty(args.certFile) + && StringUtil.isEmpty(args.certPublicKey) && StringUtil.isEmpty(args.certSlot)) { log.error("Keypair type or cert slot is required."); return; } @@ -75,6 +77,12 @@ public class YubikeyCaMain { if (StringUtil.isNotEmpty(args.certFile)) { final String certPem = RFile.from(args.certFile).string(); publicKey = KeyUtil.parsePublicKeyPEM(certPem); + } else if (StringUtil.isNotEmpty(args.certPublicKey)) { + if (args.certPublicKey.contains("-----")) { + publicKey = KeyUtil.parsePublicKeyPEM(args.certPublicKey); + } else { + publicKey = KeyUtil.parsePublicKey(Bytes.fromBase64(args.certPublicKey)); + } } else if (StringUtil.isNotEmpty(args.certSlot)) { final PivMeta certPivMeta = CardCliUtil.getPivPublicKey(args.certSlot); publicKey = certPivMeta.getPublicKey();