feat: updates

2023-10-29 22:49:31 +08:00
parent 5e3a8f4348
commit d2257e4640
4 changed files with 15 additions and 10 deletions
--- a/yubikey-ca-java/README.md
+++ b/yubikey-ca-java/README.md
@@ -13,7 +13,7 @@ $ java -jar yubikey-ca-java.jar --generate-keypair --keypair-type secp256r1

 ```shell
 $ java -jar yubikey-ca-java.jar --issue-root-ca \
-       --sign-slot 88 --subject 'CN=Hatter Yubikey EC Root CA' \
+       --sign-slot 88 --subject 'CN=Hatter EC Root CA' \
       --pin ****** \
       [--add-to-remote]
 ```
@@ -22,8 +22,8 @@ $ java -jar yubikey-ca-java.jar --issue-root-ca \

 ```shell
 $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \
-       --sign-slot 88 --subject 'CN=Hatter Yubikey EC Intermediate CA' \
-       --cert-slot 89 --root-ca-id 39 \
+       --sign-slot 88 --subject 'CN=Hatter EC Intermediate CA' \
+       --cert-slot 89 --root-ca-id 43 \
       --pin ****** \
       [--add-to-remote]
 ```
@@ -33,7 +33,7 @@ $ java -jar yubikey-ca-java.jar --issue-intermediate-ca \
 ```shell
 $ java -jar yubikey-ca-java.jar --issue-server-ca \
       --sign-slot 89 --subject 'CN=hatter-test' \
-       --intermediate-ca-id 40 --keypair-type secp256r1 \
+       --intermediate-ca-id 44 --keypair-type secp256r1 \
       --dns-name a.example.com --dns-name b.example.com \
       --pin ****** \
       [--add-to-remote]
@@ -44,7 +44,7 @@ $ java -jar yubikey-ca-java.jar --issue-server-ca \
 ```shell
 $ java -jar yubikey-ca-java.jar --issue-client-ca \
       --sign-slot 89 --subject 'CN=hatter-test' \
-       --intermediate-ca-id 40 --keypair-type secp256r1 \
+       --intermediate-ca-id 44 --keypair-type secp256r1 \
       --pin ****** \
       [--add-to-remote]
 ```
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaArgs.java
@@ -59,6 +59,9 @@ public class YubikeyCaArgs {
    @Option(names = {"--add-to-remote"}, description = "Add certificate to remote")
    boolean addToRemote = false;

+    @Option(names = {"--valid-years"}, description = "Certificate valid years")
+    Integer validYears;
+
    @Option(names = {"-h", "--help"}, usageHelp = true, description = "Display a help message")
    boolean helpRequested = false;

--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
@@ -72,7 +72,7 @@ public class YubikeyCaMain {
                .subject(args.subject)
                .signCert(interCertificate)
                .certPubKey(keyPair.getPublic())
-                .validYears(2)
+                .validYears(validYears(args, 2))
                .customerSigner(new CardCliPivCustomerSigner(
                        args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd));

@@ -113,7 +113,7 @@ public class YubikeyCaMain {
                .subject(args.subject)
                .signCert(rootCertificate)
                .certPubKey(certPivMeta.getPublicKey())
-                .validYears(10)
+                .validYears(validYears(args, 10))
                .customerSigner(new CardCliPivCustomerSigner(
                        args.pin, args.signSlot, certPivMeta.getAlgorithm(), cardCliCmd))
                .createIntermediateCert();
@@ -134,7 +134,7 @@ public class YubikeyCaMain {
        final X509Certificate rootCa = CertificateAuthority.instance()
                .subject(args.subject)
                .certPubKey(signPivMeta.getPublicKey())
-                .validYears(40)
+                .validYears(validYears(args, 40))
                .customerSigner(new CardCliPivCustomerSigner(
                        args.pin, args.signSlot, signPivMeta.getAlgorithm(), cardCliCmd))
                .createCA();
@@ -184,4 +184,8 @@ public class YubikeyCaMain {
        }
        return pkType;
    }
+
+    private static int validYears(YubikeyCaArgs args, int validYears) {
+        return (args.validYears != null) ? args.validYears : validYears;
+    }
 }
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
@@ -5,7 +5,6 @@ import com.alibaba.fastjson.JSONObject;
 import me.hatter.tools.commons.assertion.AssertUtil;
 import me.hatter.tools.commons.bytes.Bytes;
 import me.hatter.tools.commons.collection.CollectionUtil;
-import me.hatter.tools.commons.collection.Tuple2;
 import me.hatter.tools.commons.io.IOUtil;
 import me.hatter.tools.commons.log.LogTool;
 import me.hatter.tools.commons.log.LogTools;
@@ -13,7 +12,6 @@ import me.hatter.tools.commons.security.key.KeyUtil;
 import me.hatter.tools.commons.string.StringUtil;

 import java.nio.charset.StandardCharsets;
-import java.security.PublicKey;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;