feat: add piv meta
This commit is contained in:
@@ -12,6 +12,7 @@ import me.hatter.tools.commons.string.StringUtil;
|
|||||||
import me.hatter.tools.crypto.ca.CertificateAuthority;
|
import me.hatter.tools.crypto.ca.CertificateAuthority;
|
||||||
import me.hatter.tools.yubikeyca.cardcli.CardCliPivCustomerSigner;
|
import me.hatter.tools.yubikeyca.cardcli.CardCliPivCustomerSigner;
|
||||||
import me.hatter.tools.yubikeyca.cardcli.CardCliUtil;
|
import me.hatter.tools.yubikeyca.cardcli.CardCliUtil;
|
||||||
|
import me.hatter.tools.yubikeyca.cardcli.PivMeta;
|
||||||
import me.hatter.tools.yubikeyca.hatterink.CertificateUtil;
|
import me.hatter.tools.yubikeyca.hatterink.CertificateUtil;
|
||||||
|
|
||||||
import java.security.KeyPair;
|
import java.security.KeyPair;
|
||||||
@@ -65,8 +66,7 @@ public class YubikeyCaMain {
|
|||||||
|
|
||||||
final X509Certificate interCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId);
|
final X509Certificate interCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId);
|
||||||
|
|
||||||
final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
|
final PivMeta signPivMeta = CardCliUtil.getPivPublicKey(args.signSlot);
|
||||||
final String signAlgorithm = signPivPublicKey.getVal1();
|
|
||||||
|
|
||||||
final KeyPair keyPair = KeyPairTool.instance(pkType).generateKeyPair().getKeyPair();
|
final KeyPair keyPair = KeyPairTool.instance(pkType).generateKeyPair().getKeyPair();
|
||||||
|
|
||||||
@@ -76,7 +76,8 @@ public class YubikeyCaMain {
|
|||||||
.signCert(interCertificate)
|
.signCert(interCertificate)
|
||||||
.certPubKey(keyPair.getPublic())
|
.certPubKey(keyPair.getPublic())
|
||||||
.validYears(2)
|
.validYears(2)
|
||||||
.customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd));
|
.customerSigner(new CardCliPivCustomerSigner(
|
||||||
|
args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd));
|
||||||
|
|
||||||
final X509Certificate cert;
|
final X509Certificate cert;
|
||||||
if (args.issueServerCa) {
|
if (args.issueServerCa) {
|
||||||
@@ -108,17 +109,16 @@ public class YubikeyCaMain {
|
|||||||
|
|
||||||
final X509Certificate rootCertificate = CertificateUtil.getCertificate(args.pin, args.rootCaId);
|
final X509Certificate rootCertificate = CertificateUtil.getCertificate(args.pin, args.rootCaId);
|
||||||
|
|
||||||
final Tuple2<String, PublicKey> certPivPublicKey = CardCliUtil.getPivPublicKey(args.certSlot);
|
final PivMeta certPivMeta = CardCliUtil.getPivPublicKey(args.certSlot);
|
||||||
final String signAlgorithm = certPivPublicKey.getVal1();
|
|
||||||
final PublicKey certPublicKey = certPivPublicKey.getVal2();
|
|
||||||
|
|
||||||
final String cardCliCmd = CardCliUtil.getCardCliCmd();
|
final String cardCliCmd = CardCliUtil.getCardCliCmd();
|
||||||
final X509Certificate intermediateCa = CertificateAuthority.instance()
|
final X509Certificate intermediateCa = CertificateAuthority.instance()
|
||||||
.subject(args.subject)
|
.subject(args.subject)
|
||||||
.signCert(rootCertificate)
|
.signCert(rootCertificate)
|
||||||
.certPubKey(certPublicKey)
|
.certPubKey(certPivMeta.getPublicKey())
|
||||||
.validYears(10)
|
.validYears(10)
|
||||||
.customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd))
|
.customerSigner(new CardCliPivCustomerSigner(
|
||||||
|
args.pin, args.signSlot, certPivMeta.getAlgorithm(), cardCliCmd))
|
||||||
.createIntermediateCert();
|
.createIntermediateCert();
|
||||||
final String intermediateCaPem = X509CertUtil.serializeX509CertificateToPEM(intermediateCa);
|
final String intermediateCaPem = X509CertUtil.serializeX509CertificateToPEM(intermediateCa);
|
||||||
|
|
||||||
@@ -131,16 +131,15 @@ public class YubikeyCaMain {
|
|||||||
private static void issueRootCa(YubikeyCaArgs args) {
|
private static void issueRootCa(YubikeyCaArgs args) {
|
||||||
if (checkCertificateArgs(args)) return;
|
if (checkCertificateArgs(args)) return;
|
||||||
|
|
||||||
final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
|
final PivMeta signPivMeta = CardCliUtil.getPivPublicKey(args.signSlot);
|
||||||
final String signAlgorithm = signPivPublicKey.getVal1();
|
|
||||||
final PublicKey certPublicKey = signPivPublicKey.getVal2();
|
|
||||||
|
|
||||||
final String cardCliCmd = CardCliUtil.getCardCliCmd();
|
final String cardCliCmd = CardCliUtil.getCardCliCmd();
|
||||||
final X509Certificate rootCa = CertificateAuthority.instance()
|
final X509Certificate rootCa = CertificateAuthority.instance()
|
||||||
.subject(args.subject)
|
.subject(args.subject)
|
||||||
.certPubKey(certPublicKey)
|
.certPubKey(signPivMeta.getPublicKey())
|
||||||
.validYears(40)
|
.validYears(40)
|
||||||
.customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd))
|
.customerSigner(new CardCliPivCustomerSigner(
|
||||||
|
args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd))
|
||||||
.createCA();
|
.createCA();
|
||||||
final String rootCaPem = X509CertUtil.serializeX509CertificateToPEM(rootCa);
|
final String rootCaPem = X509CertUtil.serializeX509CertificateToPEM(rootCa);
|
||||||
|
|
||||||
|
|||||||
@@ -34,12 +34,14 @@ public class CardCliUtil {
|
|||||||
return Bytes.fromBase64(signJsonObject.getString("signed_data_base64")).bytes();
|
return Bytes.fromBase64(signJsonObject.getString("signed_data_base64")).bytes();
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Tuple2<String, PublicKey> getPivPublicKey(String slot) {
|
public static PivMeta getPivPublicKey(String slot) {
|
||||||
final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(slot);
|
final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(slot);
|
||||||
final String algorithm = signPivMetaJsonObject.getString("algorithm");
|
|
||||||
|
final PivMeta pivMeta = new PivMeta();
|
||||||
|
pivMeta.setAlgorithm(signPivMetaJsonObject.getString("algorithm"));
|
||||||
final String publicKeyPem = signPivMetaJsonObject.getString("public_key_pem");
|
final String publicKeyPem = signPivMetaJsonObject.getString("public_key_pem");
|
||||||
final PublicKey publicKey = KeyUtil.parsePublicKeyPEM(publicKeyPem);
|
pivMeta.setPublicKey(KeyUtil.parsePublicKeyPEM(publicKeyPem));
|
||||||
return Tuple2.of(algorithm, publicKey);
|
return pivMeta;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static JSONObject getPivMeta(String slot) {
|
public static JSONObject getPivMeta(String slot) {
|
||||||
|
|||||||
@@ -0,0 +1,24 @@
|
|||||||
|
package me.hatter.tools.yubikeyca.cardcli;
|
||||||
|
|
||||||
|
import java.security.PublicKey;
|
||||||
|
|
||||||
|
public class PivMeta {
|
||||||
|
private String algorithm;
|
||||||
|
private PublicKey publicKey;
|
||||||
|
|
||||||
|
public String getAlgorithm() {
|
||||||
|
return algorithm;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAlgorithm(String algorithm) {
|
||||||
|
this.algorithm = algorithm;
|
||||||
|
}
|
||||||
|
|
||||||
|
public PublicKey getPublicKey() {
|
||||||
|
return publicKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setPublicKey(PublicKey publicKey) {
|
||||||
|
this.publicKey = publicKey;
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user