diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java index 4147c38..193ea16 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java @@ -35,22 +35,15 @@ public class YubikeyCaMain { } if (args.generateKeypair) { generateKeyPair(args); - return; - } - if (args.issueRootCa) { + } else if (args.issueRootCa) { issueRootCa(args); - return; - } - if (args.issueIntermediateCa) { + } else if (args.issueIntermediateCa) { issueIntermediateCa(args); - return; - } - if (args.issueServerCa || args.issueClientCa) { + } else if (args.issueServerCa || args.issueClientCa) { issueServerClientCa(args); - return; + } else { + log.error("Unknown command, use --help for help"); } - - log.error("Unknown command, use --help for help"); } private static void issueServerClientCa(YubikeyCaArgs args) { @@ -68,11 +61,10 @@ public class YubikeyCaMain { return; } - final PKType pkType = getPkTypeFromArgs(args); if (pkType == null) return; - final X509Certificate intermediateCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId); + final X509Certificate interCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId); final Tuple2 signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot); final String signAlgorithm = signPivPublicKey.getVal1(); @@ -82,7 +74,7 @@ public class YubikeyCaMain { final String cardCliCmd = CardCliUtil.getCardCliCmd(); final CertificateAuthority ca = CertificateAuthority.instance() .subject(args.subject) - .signCert(intermediateCertificate) + .signCert(interCertificate) .certPubKey(keyPair.getPublic()) .validYears(2) .customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd)); diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java index 6d86d24..6ac4384 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java @@ -84,7 +84,14 @@ public class CardCliUtil { final String outputs; final String errorOutputs; try { - log.info("Run command: " + pb.command()); + final List commandList = new ArrayList<>(pb.command()); + for (int i = 0; i < commandList.size(); i++) { + final String c = commandList.get(i); + if (StringUtil.equals("--pin", c) && ((i + 1) < commandList.size())) { + commandList.set(i + 1, "******"); + } + } + log.info("Run command: " + StringUtil.join(commandList, " ")); final Process p = pb.start(); final byte[] outputsBytes = IOUtil.readToBytes(p.getInputStream()); final byte[] errorOutputsByes = IOUtil.readToBytes(p.getErrorStream()); diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/hatterink/CertificateUtil.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/hatterink/CertificateUtil.java index 5296bc9..3755f02 100644 --- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/hatterink/CertificateUtil.java +++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/hatterink/CertificateUtil.java @@ -20,6 +20,7 @@ public class CertificateUtil { private static final LogTool log = LogTools.getLogTool(CertificateUtil.class); public static void addCertificate(String pin, String parentId, String memo, String certificatePem, String privateKeyPem) { + log.info("Add certificate to remote..."); final String authBeforeMillis = String.valueOf(System.currentTimeMillis() + Duration.ofMinutes(5).toMillis()); memo = StringUtil.def(memo, "Added at: " + new Date()); final String tobeSigned = StringUtil.join(Arrays.asList( @@ -46,6 +47,7 @@ public class CertificateUtil { } public static X509Certificate getCertificate(String pin, String id) { + log.info("Get certificate " + id + " from remote..."); final String authBeforeMillis = String.valueOf(System.currentTimeMillis() + Duration.ofMinutes(5).toMillis()); final String tobeSigned = authBeforeMillis + ";" + id;