hatter/yubikey-ca
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: save key and cert for client ca

Browse Source
This commit is contained in:
Hatter Jiang
2024-05-26 00:31:13 +08:00
parent 347effee07
commit b080d96258
2 changed files with 47 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java
View File

@@ -2,5 +2,5 @@ package me.hatter.tools.yubikeyca;
public interface YubikeyCaConstant { public interface YubikeyCaConstant {
String NAME = "yubikey-ca"; String NAME = "yubikey-ca";
String VERSION = "0.2.3"; String VERSION = "0.2.4";
} }

46
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
View File

@@ -1,5 +1,6 @@
package me.hatter.tools.yubikeyca; package me.hatter.tools.yubikeyca;
import me.hatter.tools.commons.datetime.DateTimeUtil;
import me.hatter.tools.commons.io.RFile; import me.hatter.tools.commons.io.RFile;
import me.hatter.tools.commons.log.LogConfig; import me.hatter.tools.commons.log.LogConfig;
import me.hatter.tools.commons.log.LogTool; import me.hatter.tools.commons.log.LogTool;
@@ -15,11 +16,14 @@ import me.hatter.tools.yubikeyca.cardcli.CardCliUtil;
import me.hatter.tools.yubikeyca.cardcli.PivMeta; import me.hatter.tools.yubikeyca.cardcli.PivMeta;
import me.hatter.tools.yubikeyca.hatterink.CertificateUtil; import me.hatter.tools.yubikeyca.hatterink.CertificateUtil;
import java.io.FileOutputStream;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.Arrays; import java.util.Arrays;
import java.util.Date;
public class YubikeyCaMain { public class YubikeyCaMain {
private static final LogTool log; private static final LogTool log;
@@ -110,6 +114,48 @@ public class YubikeyCaMain {
} else { } else {
log.info("Issued CA private Key: \n" + privateKeyPem); log.info("Issued CA private Key: \n" + privateKeyPem);
} }
final String suffix = DateTimeUtil.format("yyyyMMddHHmmss", new Date());
if (privateKey != null) {
log.info("Write key file: " + "key-" + suffix + ".pem" + "...");
RFile.from("key-" + suffix + ".pem").write(privateKeyPem);
}
log.info("Write cert file: " + "cert-" + suffix + ".pem" + "...");
RFile.from("cert-" + suffix + ".pem").write(certPem);
if (privateKey != null) {
log.info("Write PKCS#12 file: " + "p12-" + suffix + ".pfx" + "...");
try (final FileOutputStream fos = new FileOutputStream("p12-" + suffix + ".pfx")) {
final String defaultPin = "changeit";
final KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null, null);
final String privateKeyAlias = getCn(args.subject);
log.info("PKCS#12 private key alias: " + privateKeyAlias);
ks.setKeyEntry(
privateKeyAlias, privateKey, defaultPin.toCharArray(),
new X509Certificate[]{cert}
);
ks.store(fos, defaultPin.toCharArray());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
private static String getCn(String subject) {
if (StringUtil.isNotBlank(subject)) {
final int indexOfCn = subject.toUpperCase().indexOf("CN=");
if (indexOfCn >= 0) {
String name = subject.substring(indexOfCn + 3);
if (name.contains(",")) {
name = StringUtil.substringBefore(name, ",");
}
if (name.contains(";")) {
name = StringUtil.substringBefore(name, ";");
}
return name;
}
}
return "default";
} }
private static void issueIntermediateCa(YubikeyCaArgs args) { private static void issueIntermediateCa(YubikeyCaArgs args) {