feat: add code sign

yubikey-ca-java/README.md

@@ -48,3 +48,13 @@ $ java -jar yubikey-ca-java.jar --issue-client-ca \
        --pin ****** \
        [--add-to-remote]
 ```
+
+# Issue Client Code CA
+
+```shell
+$ java -jar yubikey-ca-java.jar --issue-client-code-ca \
+       --sign-slot 89 --subject 'CN=hatter-test-code' \
+       --intermediate-ca-id 44 --keypair-type secp256r1 \
+       --pin ****** \
+       [--add-to-remote]
+```

yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java

@@ -26,6 +26,9 @@ public class YubikeyCaArgs {
     @Option(names = {"--issue-client-ca"}, description = "Issue client CA")
     boolean issueClientCa = false;
 
+    @Option(names = {"--issue-client-code-ca"}, description = "Issue client code CA")
+    boolean issueClientCodeCa = false;
+
     @Option(names = {"--subject"}, description = "Certificate subject")
     String subject;
 

yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java

@@ -36,7 +36,7 @@ public class YubikeyCaMain {
             issueRootCa(args);
         } else if (args.issueIntermediateCa) {
             issueIntermediateCa(args);
-        } else if (args.issueServerCa || args.issueClientCa) {
+        } else if (args.issueServerCa || args.issueClientCa || args.issueClientCodeCa) {
             issueServerClientCa(args);
         } else {
             log.error("Unknown command, use --help for help");
@@ -79,6 +79,8 @@ public class YubikeyCaMain {
         final X509Certificate cert;
         if (args.issueServerCa) {
             cert = ca.createServerCert(Arrays.asList(args.dnsNames));
+        } else if (args.issueClientCodeCa) {
+            cert = ca.createCodeSigningCert();
         } else {
             cert = ca.createClientCert();
         }