diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java index 5e2f755..c943563 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java @@ -12,6 +12,7 @@ import me.hatter.tools.commons.string.StringUtil; import me.hatter.tools.crypto.ca.CertificateAuthority; import me.hatter.tools.yubikeyca.cardcli.CardCliPivCustomerSigner; import me.hatter.tools.yubikeyca.cardcli.CardCliUtil; +import me.hatter.tools.yubikeyca.cardcli.PivMeta; import me.hatter.tools.yubikeyca.hatterink.CertificateUtil; import java.security.KeyPair; @@ -65,8 +66,7 @@ public class YubikeyCaMain { final X509Certificate interCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId); - final Tuple2 signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot); - final String signAlgorithm = signPivPublicKey.getVal1(); + final PivMeta signPivMeta = CardCliUtil.getPivPublicKey(args.signSlot); final KeyPair keyPair = KeyPairTool.instance(pkType).generateKeyPair().getKeyPair(); @@ -76,7 +76,8 @@ public class YubikeyCaMain { .signCert(interCertificate) .certPubKey(keyPair.getPublic()) .validYears(2) - .customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd)); + .customerSigner(new CardCliPivCustomerSigner( + args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd)); final X509Certificate cert; if (args.issueServerCa) { @@ -108,17 +109,16 @@ public class YubikeyCaMain { final X509Certificate rootCertificate = CertificateUtil.getCertificate(args.pin, args.rootCaId); - final Tuple2 certPivPublicKey = CardCliUtil.getPivPublicKey(args.certSlot); - final String signAlgorithm = certPivPublicKey.getVal1(); - final PublicKey certPublicKey = certPivPublicKey.getVal2(); + final PivMeta certPivMeta = CardCliUtil.getPivPublicKey(args.certSlot); final String cardCliCmd = CardCliUtil.getCardCliCmd(); final X509Certificate intermediateCa = CertificateAuthority.instance() .subject(args.subject) .signCert(rootCertificate) - .certPubKey(certPublicKey) + .certPubKey(certPivMeta.getPublicKey()) .validYears(10) - .customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd)) + .customerSigner(new CardCliPivCustomerSigner( + args.pin, args.signSlot, certPivMeta.getAlgorithm(), cardCliCmd)) .createIntermediateCert(); final String intermediateCaPem = X509CertUtil.serializeX509CertificateToPEM(intermediateCa); @@ -131,16 +131,15 @@ public class YubikeyCaMain { private static void issueRootCa(YubikeyCaArgs args) { if (checkCertificateArgs(args)) return; - final Tuple2 signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot); - final String signAlgorithm = signPivPublicKey.getVal1(); - final PublicKey certPublicKey = signPivPublicKey.getVal2(); + final PivMeta signPivMeta = CardCliUtil.getPivPublicKey(args.signSlot); final String cardCliCmd = CardCliUtil.getCardCliCmd(); final X509Certificate rootCa = CertificateAuthority.instance() .subject(args.subject) - .certPubKey(certPublicKey) + .certPubKey(signPivMeta.getPublicKey()) .validYears(40) - .customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd)) + .customerSigner(new CardCliPivCustomerSigner( + args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd)) .createCA(); final String rootCaPem = X509CertUtil.serializeX509CertificateToPEM(rootCa); diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java index 73f85da..4d15817 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java @@ -34,12 +34,14 @@ public class CardCliUtil { return Bytes.fromBase64(signJsonObject.getString("signed_data_base64")).bytes(); } - public static Tuple2 getPivPublicKey(String slot) { + public static PivMeta getPivPublicKey(String slot) { final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(slot); - final String algorithm = signPivMetaJsonObject.getString("algorithm"); + + final PivMeta pivMeta = new PivMeta(); + pivMeta.setAlgorithm(signPivMetaJsonObject.getString("algorithm")); final String publicKeyPem = signPivMetaJsonObject.getString("public_key_pem"); - final PublicKey publicKey = KeyUtil.parsePublicKeyPEM(publicKeyPem); - return Tuple2.of(algorithm, publicKey); + pivMeta.setPublicKey(KeyUtil.parsePublicKeyPEM(publicKeyPem)); + return pivMeta; } public static JSONObject getPivMeta(String slot) { diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/PivMeta.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/PivMeta.java new file mode 100644 index 0000000..c307712 --- /dev/null +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/PivMeta.java @@ -0,0 +1,24 @@ +package me.hatter.tools.yubikeyca.cardcli; + +import java.security.PublicKey; + +public class PivMeta { + private String algorithm; + private PublicKey publicKey; + + public String getAlgorithm() { + return algorithm; + } + + public void setAlgorithm(String algorithm) { + this.algorithm = algorithm; + } + + public PublicKey getPublicKey() { + return publicKey; + } + + public void setPublicKey(PublicKey publicKey) { + this.publicKey = publicKey; + } +}