hatter/yubikey-ca
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: update

Browse Source
This commit is contained in:
Hatter Jiang
2023-05-20 22:22:17 +08:00
parent 4d28b8a8f6
commit df9f61a34e
3 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
View File

@@ -35,22 +35,15 @@ public class YubikeyCaMain {
}
if (args.generateKeypair) {
generateKeyPair(args);
return;
}
if (args.issueRootCa) {
} else if (args.issueRootCa) {
issueRootCa(args);
return;
}
if (args.issueIntermediateCa) {
} else if (args.issueIntermediateCa) {
issueIntermediateCa(args);
return;
}
if (args.issueServerCa || args.issueClientCa) {
} else if (args.issueServerCa || args.issueClientCa) {
issueServerClientCa(args);
return;
} else {
log.error("Unknown command, use --help for help");
}
log.error("Unknown command, use --help for help");
}
private static void issueServerClientCa(YubikeyCaArgs args) {
@@ -68,11 +61,10 @@ public class YubikeyCaMain {
return;
}
final PKType pkType = getPkTypeFromArgs(args);
if (pkType == null) return;
final X509Certificate intermediateCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId);
final X509Certificate interCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId);
final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
final String signAlgorithm = signPivPublicKey.getVal1();
@@ -82,7 +74,7 @@ public class YubikeyCaMain {
final String cardCliCmd = CardCliUtil.getCardCliCmd();
final CertificateAuthority ca = CertificateAuthority.instance()
.subject(args.subject)
.signCert(intermediateCertificate)
.signCert(interCertificate)
.certPubKey(keyPair.getPublic())
.validYears(2)
.customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd));

9
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java
View File

@@ -84,7 +84,14 @@ public class CardCliUtil {
final String outputs;
final String errorOutputs;
try {
log.info("Run command: " + pb.command());
final List<String> commandList = new ArrayList<>(pb.command());
for (int i = 0; i < commandList.size(); i++) {
final String c = commandList.get(i);
if (StringUtil.equals("--pin", c) && ((i + 1) < commandList.size())) {
commandList.set(i + 1, "******");
}
}
log.info("Run command: " + StringUtil.join(commandList, " "));
final Process p = pb.start();
final byte[] outputsBytes = IOUtil.readToBytes(p.getInputStream());
final byte[] errorOutputsByes = IOUtil.readToBytes(p.getErrorStream());

2
yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/hatterink/CertificateUtil.java
View File

@@ -20,6 +20,7 @@ public class CertificateUtil {
private static final LogTool log = LogTools.getLogTool(CertificateUtil.class);
public static void addCertificate(String pin, String parentId, String memo, String certificatePem, String privateKeyPem) {
log.info("Add certificate to remote...");
final String authBeforeMillis = String.valueOf(System.currentTimeMillis() + Duration.ofMinutes(5).toMillis());
memo = StringUtil.def(memo, "Added at: " + new Date());
final String tobeSigned = StringUtil.join(Arrays.asList(
@@ -46,6 +47,7 @@ public class CertificateUtil {
}
public static X509Certificate getCertificate(String pin, String id) {
log.info("Get certificate " + id + " from remote...");
final String authBeforeMillis = String.valueOf(System.currentTimeMillis() + Duration.ofMinutes(5).toMillis());
final String tobeSigned = authBeforeMillis + ";" + id;