hatter/yubikey-ca
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: updates

Browse Source
This commit is contained in:
Hatter Jiang
2023-10-29 22:49:31 +08:00
parent 5e3a8f4348
commit d2257e4640
4 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
yubikey-ca-java/README.md
View File

@@ -13,7 +13,7 @@ $ java -jar yubikey-ca-java.jar --generate-keypair --keypair-type secp256r1
```shell ```shell
$ java -jar yubikey-ca-java.jar --issue-root-ca \ $ java -jar yubikey-ca-java.jar --issue-root-ca \
--sign-slot 88 --subject 'CN=Hatter Yubikey EC Root CA' \ --sign-slot 88 --subject 'CN=Hatter EC Root CA' \
--pin ****** \ --pin ****** \
[--add-to-remote] [--add-to-remote]
``` ```
@@ -22,8 +22,8 @@ $ java -jar yubikey-ca-java.jar --issue-root-ca \
```shell ```shell
$ java -jar yubikey-ca-java.jar --issue-intermediate-ca \ $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \
--sign-slot 88 --subject 'CN=Hatter Yubikey EC Intermediate CA' \ --sign-slot 88 --subject 'CN=Hatter EC Intermediate CA' \
--cert-slot 89 --root-ca-id 39 \ --cert-slot 89 --root-ca-id 43 \
--pin ****** \ --pin ****** \
[--add-to-remote] [--add-to-remote]
``` ```
@@ -33,7 +33,7 @@ $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \
```shell ```shell
$ java -jar yubikey-ca-java.jar --issue-server-ca \ $ java -jar yubikey-ca-java.jar --issue-server-ca \
--sign-slot 89 --subject 'CN=hatter-test' \ --sign-slot 89 --subject 'CN=hatter-test' \
--intermediate-ca-id 40 --keypair-type secp256r1 \ --intermediate-ca-id 44 --keypair-type secp256r1 \
--dns-name a.example.com --dns-name b.example.com \ --dns-name a.example.com --dns-name b.example.com \
--pin ****** \ --pin ****** \
[--add-to-remote] [--add-to-remote]
@@ -44,7 +44,7 @@ $ java -jar yubikey-ca-java.jar --issue-server-ca \
```shell ```shell
$ java -jar yubikey-ca-java.jar --issue-client-ca \ $ java -jar yubikey-ca-java.jar --issue-client-ca \
--sign-slot 89 --subject 'CN=hatter-test' \ --sign-slot 89 --subject 'CN=hatter-test' \
--intermediate-ca-id 40 --keypair-type secp256r1 \ --intermediate-ca-id 44 --keypair-type secp256r1 \
--pin ****** \ --pin ****** \
[--add-to-remote] [--add-to-remote]
``` ```

3
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java
View File

@@ -59,6 +59,9 @@ public class YubikeyCaArgs {
@Option(names = {"--add-to-remote"}, description = "Add certificate to remote") @Option(names = {"--add-to-remote"}, description = "Add certificate to remote")
boolean addToRemote = false; boolean addToRemote = false;
@Option(names = {"--valid-years"}, description = "Certificate valid years")
Integer validYears;
@Option(names = {"-h", "--help"}, usageHelp = true, description = "Display a help message") @Option(names = {"-h", "--help"}, usageHelp = true, description = "Display a help message")
boolean helpRequested = false; boolean helpRequested = false;

10
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
View File

@@ -72,7 +72,7 @@ public class YubikeyCaMain {
.subject(args.subject) .subject(args.subject)
.signCert(interCertificate) .signCert(interCertificate)
.certPubKey(keyPair.getPublic()) .certPubKey(keyPair.getPublic())
.validYears(2) .validYears(validYears(args, 2))
.customerSigner(new CardCliPivCustomerSigner( .customerSigner(new CardCliPivCustomerSigner(
args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd)); args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd));
@@ -113,7 +113,7 @@ public class YubikeyCaMain {
.subject(args.subject) .subject(args.subject)
.signCert(rootCertificate) .signCert(rootCertificate)
.certPubKey(certPivMeta.getPublicKey()) .certPubKey(certPivMeta.getPublicKey())
.validYears(10) .validYears(validYears(args, 10))
.customerSigner(new CardCliPivCustomerSigner( .customerSigner(new CardCliPivCustomerSigner(
args.pin, args.signSlot, certPivMeta.getAlgorithm(), cardCliCmd)) args.pin, args.signSlot, certPivMeta.getAlgorithm(), cardCliCmd))
.createIntermediateCert(); .createIntermediateCert();
@@ -134,7 +134,7 @@ public class YubikeyCaMain {
final X509Certificate rootCa = CertificateAuthority.instance() final X509Certificate rootCa = CertificateAuthority.instance()
.subject(args.subject) .subject(args.subject)
.certPubKey(signPivMeta.getPublicKey()) .certPubKey(signPivMeta.getPublicKey())
.validYears(40) .validYears(validYears(args, 40))
.customerSigner(new CardCliPivCustomerSigner( .customerSigner(new CardCliPivCustomerSigner(
args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd)) args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd))
.createCA(); .createCA();
@@ -184,4 +184,8 @@ public class YubikeyCaMain {
} }
return pkType; return pkType;
} }
private static int validYears(YubikeyCaArgs args, int validYears) {
return (args.validYears != null) ? args.validYears : validYears;
}
} }

2
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
View File

@@ -5,7 +5,6 @@ import com.alibaba.fastjson.JSONObject;
import me.hatter.tools.commons.assertion.AssertUtil; import me.hatter.tools.commons.assertion.AssertUtil;
import me.hatter.tools.commons.bytes.Bytes; import me.hatter.tools.commons.bytes.Bytes;
import me.hatter.tools.commons.collection.CollectionUtil; import me.hatter.tools.commons.collection.CollectionUtil;
import me.hatter.tools.commons.collection.Tuple2;
import me.hatter.tools.commons.io.IOUtil; import me.hatter.tools.commons.io.IOUtil;
import me.hatter.tools.commons.log.LogTool; import me.hatter.tools.commons.log.LogTool;
import me.hatter.tools.commons.log.LogTools; import me.hatter.tools.commons.log.LogTools;
@@ -13,7 +12,6 @@ import me.hatter.tools.commons.security.key.KeyUtil;
import me.hatter.tools.commons.string.StringUtil; import me.hatter.tools.commons.string.StringUtil;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;