feat: v0.2.6, support --cert-public-ke

2025-07-12 11:04:17 +08:00
parent 5ab4ad7a18
commit 8d99d47558
4 changed files with 25 additions and 9 deletions
--- a/yubikey-ca-java/README.md
+++ b/yubikey-ca-java/README.md
@@ -35,8 +35,9 @@ $ java -jar yubikey-ca-java.jar --issue-root-ca \

 ```shell
 $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \
-       --sign-slot 88 --subject 'CN=Hatter EC Intermediate CA' \
+       --sign-slot 88 \
       --cert-slot 89 --root-ca-id 43 \
+       --subject 'CN=Hatter EC Intermediate CA' \
       [--pin ******] \
       [--add-to-remote]
 ```
@@ -45,11 +46,12 @@ $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \

 ```shell
 $ java -jar yubikey-ca-java.jar --issue-server-ca \
-       --sign-slot 89 --subject 'CN=hatter-test' \
+       --sign-slot 89 \
       --intermediate-ca-id 44 --keypair-type secp256r1 \
+       --subject 'CN=hatter-test' \
       --dns-name a.example.com --dns-name b.example.com \
       [--pin ******] \
-       [--cert-slot NN | --cert-file <CERT-FILE-PEM>] \
+       [--cert-slot NN | --cert-file <CERT-FILE-PEM>] | --cert-public-key '-----BEGIN PUBLIC KEY-----...' \
       [--add-to-remote]
 ```

@@ -57,8 +59,9 @@ $ java -jar yubikey-ca-java.jar --issue-server-ca \

 ```shell
 $ java -jar yubikey-ca-java.jar --issue-client-ca \
-       --sign-slot 89 --subject 'CN=hatter-test' \
+       --sign-slot 89 \
       --intermediate-ca-id 44 --keypair-type secp256r1 \
+       --subject 'CN=hatter-test' \
       [--pin ******] \
       [--add-to-remote]
 ```
@@ -67,8 +70,9 @@ $ java -jar yubikey-ca-java.jar --issue-client-ca \

 ```shell
 $ java -jar yubikey-ca-java.jar --issue-client-code-ca \
-       --sign-slot 89 --subject 'CN=hatter-test-code' \
+       --sign-slot 89 \
       --intermediate-ca-id 44 --keypair-type secp256r1 \
+       --subject 'CN=hatter-test-code' \
       [--pin ******] \
       [--add-to-remote]
 ```
@@ -77,8 +81,9 @@ or

 ```shell
 $ java -jar yubikey-ca-java.jar --issue-client-code-ca \
-       --sign-slot 89 --cert-slot 90 --subject 'CN=Hatter Signing CA' --valid-years 10 \
+       --sign-slot 89 --cert-slot 90 \
       --intermediate-ca-id 44 \
+       --subject 'CN=Hatter Signing CA' --valid-years 10 \
       --pin ****** \
       [--add-to-remote]
 ```
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java
@@ -53,9 +53,12 @@ public class YubikeyCaArgs {
    @Option(names = {"--cert-slot"}, description = "Slot for cert")
    String certSlot;

-    @Option(names = {"--cert-file"}, description = "File for cert(PEM)")
+    @Option(names = {"--cert-file"}, description = "File for cert(Public key PEM)")
    String certFile;

+    @Option(names = {"--cert-public-key"}, description = "PEM for cert(Public key PEM)")
+    String certPublicKey;
+
    @Option(names = {"--pin"}, description = "Yubikey PIV PIN")
    String pin;

--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java
@@ -2,5 +2,5 @@ package me.hatter.tools.yubikeyca;

 public interface YubikeyCaConstant {
    String NAME = "yubikey-ca";
-    String VERSION = "0.2.5";
+    String VERSION = "0.2.6";
 }
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
@@ -1,5 +1,6 @@
 package me.hatter.tools.yubikeyca;

+import me.hatter.tools.commons.bytes.Bytes;
 import me.hatter.tools.commons.datetime.DateTimeUtil;
 import me.hatter.tools.commons.io.RFile;
 import me.hatter.tools.commons.log.LogConfig;
@@ -56,7 +57,8 @@ public class YubikeyCaMain {
            log.error("Intermediate CA id is required.");
            return;
        }
-        if (StringUtil.isEmpty(args.keypairType) && StringUtil.isEmpty(args.certSlot)) {
+        if (StringUtil.isEmpty(args.keypairType) && StringUtil.isEmpty(args.certFile)
+                && StringUtil.isEmpty(args.certPublicKey) && StringUtil.isEmpty(args.certSlot)) {
            log.error("Keypair type or cert slot is required.");
            return;
        }
@@ -75,6 +77,12 @@ public class YubikeyCaMain {
        if (StringUtil.isNotEmpty(args.certFile)) {
            final String certPem = RFile.from(args.certFile).string();
            publicKey = KeyUtil.parsePublicKeyPEM(certPem);
+        } else if (StringUtil.isNotEmpty(args.certPublicKey)) {
+            if (args.certPublicKey.contains("-----")) {
+                publicKey = KeyUtil.parsePublicKeyPEM(args.certPublicKey);
+            } else {
+                publicKey = KeyUtil.parsePublicKey(Bytes.fromBase64(args.certPublicKey));
+            }
        } else if (StringUtil.isNotEmpty(args.certSlot)) {
            final PivMeta certPivMeta = CardCliUtil.getPivPublicKey(args.certSlot);
            publicKey = certPivMeta.getPublicKey();