feat: add piv meta

2023-05-21 00:09:55 +08:00
parent 2314062147
commit 9608d14d8c
3 changed files with 42 additions and 17 deletions
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
@@ -12,6 +12,7 @@ import me.hatter.tools.commons.string.StringUtil;
 import me.hatter.tools.crypto.ca.CertificateAuthority;
 import me.hatter.tools.yubikeyca.cardcli.CardCliPivCustomerSigner;
 import me.hatter.tools.yubikeyca.cardcli.CardCliUtil;
+import me.hatter.tools.yubikeyca.cardcli.PivMeta;
 import me.hatter.tools.yubikeyca.hatterink.CertificateUtil;

 import java.security.KeyPair;
@@ -65,8 +66,7 @@ public class YubikeyCaMain {

        final X509Certificate interCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId);

-        final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
-        final String signAlgorithm = signPivPublicKey.getVal1();
+        final PivMeta signPivMeta = CardCliUtil.getPivPublicKey(args.signSlot);

        final KeyPair keyPair = KeyPairTool.instance(pkType).generateKeyPair().getKeyPair();

@@ -76,7 +76,8 @@ public class YubikeyCaMain {
                .signCert(interCertificate)
                .certPubKey(keyPair.getPublic())
                .validYears(2)
-                .customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd));
+                .customerSigner(new CardCliPivCustomerSigner(
+                        args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd));

        final X509Certificate cert;
        if (args.issueServerCa) {
@@ -108,17 +109,16 @@ public class YubikeyCaMain {

        final X509Certificate rootCertificate = CertificateUtil.getCertificate(args.pin, args.rootCaId);

-        final Tuple2<String, PublicKey> certPivPublicKey = CardCliUtil.getPivPublicKey(args.certSlot);
-        final String signAlgorithm = certPivPublicKey.getVal1();
-        final PublicKey certPublicKey = certPivPublicKey.getVal2();
+        final PivMeta certPivMeta = CardCliUtil.getPivPublicKey(args.certSlot);

        final String cardCliCmd = CardCliUtil.getCardCliCmd();
        final X509Certificate intermediateCa = CertificateAuthority.instance()
                .subject(args.subject)
                .signCert(rootCertificate)
-                .certPubKey(certPublicKey)
+                .certPubKey(certPivMeta.getPublicKey())
                .validYears(10)
-                .customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd))
+                .customerSigner(new CardCliPivCustomerSigner(
+                        args.pin, args.signSlot, certPivMeta.getAlgorithm(), cardCliCmd))
                .createIntermediateCert();
        final String intermediateCaPem = X509CertUtil.serializeX509CertificateToPEM(intermediateCa);

@@ -131,16 +131,15 @@ public class YubikeyCaMain {
    private static void issueRootCa(YubikeyCaArgs args) {
        if (checkCertificateArgs(args)) return;

-        final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
-        final String signAlgorithm = signPivPublicKey.getVal1();
-        final PublicKey certPublicKey = signPivPublicKey.getVal2();
+        final PivMeta signPivMeta = CardCliUtil.getPivPublicKey(args.signSlot);

        final String cardCliCmd = CardCliUtil.getCardCliCmd();
        final X509Certificate rootCa = CertificateAuthority.instance()
                .subject(args.subject)
-                .certPubKey(certPublicKey)
+                .certPubKey(signPivMeta.getPublicKey())
                .validYears(40)
-                .customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd))
+                .customerSigner(new CardCliPivCustomerSigner(
+                        args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd))
                .createCA();
        final String rootCaPem = X509CertUtil.serializeX509CertificateToPEM(rootCa);

--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
@@ -34,12 +34,14 @@ public class CardCliUtil {
        return Bytes.fromBase64(signJsonObject.getString("signed_data_base64")).bytes();
    }

-    public static Tuple2<String, PublicKey> getPivPublicKey(String slot) {
+    public static PivMeta getPivPublicKey(String slot) {
        final JSONObject signPivMetaJsonObject = CardCliUtil.getPivMeta(slot);
-        final String algorithm = signPivMetaJsonObject.getString("algorithm");
+
+        final PivMeta pivMeta = new PivMeta();
+        pivMeta.setAlgorithm(signPivMetaJsonObject.getString("algorithm"));
        final String publicKeyPem = signPivMetaJsonObject.getString("public_key_pem");
-        final PublicKey publicKey = KeyUtil.parsePublicKeyPEM(publicKeyPem);
-        return Tuple2.of(algorithm, publicKey);
+        pivMeta.setPublicKey(KeyUtil.parsePublicKeyPEM(publicKeyPem));
+        return pivMeta;
    }

    public static JSONObject getPivMeta(String slot) {
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/PivMeta.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/PivMeta.java
@@ -0,0 +1,24 @@
+package me.hatter.tools.yubikeyca.cardcli;
+
+import java.security.PublicKey;
+
+public class PivMeta {
+    private String algorithm;
+    private PublicKey publicKey;
+
+    public String getAlgorithm() {
+        return algorithm;
+    }
+
+    public void setAlgorithm(String algorithm) {
+        this.algorithm = algorithm;
+    }
+
+    public PublicKey getPublicKey() {
+        return publicKey;
+    }
+
+    public void setPublicKey(PublicKey publicKey) {
+        this.publicKey = publicKey;
+    }
+}