feat: update

yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java

@@ -35,23 +35,16 @@ public class YubikeyCaMain {
         }
         if (args.generateKeypair) {
             generateKeyPair(args);
-            return;
-        }
-        if (args.issueRootCa) {
+        } else if (args.issueRootCa) {
             issueRootCa(args);
-            return;
-        }
-        if (args.issueIntermediateCa) {
+        } else if (args.issueIntermediateCa) {
             issueIntermediateCa(args);
-            return;
-        }
-        if (args.issueServerCa || args.issueClientCa) {
+        } else if (args.issueServerCa || args.issueClientCa) {
             issueServerClientCa(args);
-            return;
-        }
-
+        } else {
             log.error("Unknown command, use --help for help");
         }
+    }
 
     private static void issueServerClientCa(YubikeyCaArgs args) {
         if (checkCertificateArgs(args)) return;
@@ -68,11 +61,10 @@ public class YubikeyCaMain {
             return;
         }
 
-
         final PKType pkType = getPkTypeFromArgs(args);
         if (pkType == null) return;
 
-        final X509Certificate intermediateCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId);
+        final X509Certificate interCertificate = CertificateUtil.getCertificate(args.pin, args.intermediateCaId);
 
         final Tuple2<String, PublicKey> signPivPublicKey = CardCliUtil.getPivPublicKey(args.signSlot);
         final String signAlgorithm = signPivPublicKey.getVal1();
@@ -82,7 +74,7 @@ public class YubikeyCaMain {
         final String cardCliCmd = CardCliUtil.getCardCliCmd();
         final CertificateAuthority ca = CertificateAuthority.instance()
                 .subject(args.subject)
-                .signCert(intermediateCertificate)
+                .signCert(interCertificate)
                 .certPubKey(keyPair.getPublic())
                 .validYears(2)
                 .customerSigner(new CardCliPivCustomerSigner(args.pin, args.signSlot, signAlgorithm, cardCliCmd));

yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/cardcli/CardCliUtil.java

@@ -84,7 +84,14 @@ public class CardCliUtil {
         final String outputs;
         final String errorOutputs;
         try {
-            log.info("Run command: " + pb.command());
+            final List<String> commandList = new ArrayList<>(pb.command());
+            for (int i = 0; i < commandList.size(); i++) {
+                final String c = commandList.get(i);
+                if (StringUtil.equals("--pin", c) && ((i + 1) < commandList.size())) {
+                    commandList.set(i + 1, "******");
+                }
+            }
+            log.info("Run command: " + StringUtil.join(commandList, " "));
             final Process p = pb.start();
             final byte[] outputsBytes = IOUtil.readToBytes(p.getInputStream());
             final byte[] errorOutputsByes = IOUtil.readToBytes(p.getErrorStream());

yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/hatterink/CertificateUtil.java

@@ -20,6 +20,7 @@ public class CertificateUtil {
     private static final LogTool log = LogTools.getLogTool(CertificateUtil.class);
 
     public static void addCertificate(String pin, String parentId, String memo, String certificatePem, String privateKeyPem) {
+        log.info("Add certificate to remote...");
         final String authBeforeMillis = String.valueOf(System.currentTimeMillis() + Duration.ofMinutes(5).toMillis());
         memo = StringUtil.def(memo, "Added at: " + new Date());
         final String tobeSigned = StringUtil.join(Arrays.asList(
@@ -46,6 +47,7 @@ public class CertificateUtil {
     }
 
     public static X509Certificate getCertificate(String pin, String id) {
+        log.info("Get certificate " + id + " from remote...");
         final String authBeforeMillis = String.valueOf(System.currentTimeMillis() + Duration.ofMinutes(5).toMillis());
         final String tobeSigned = authBeforeMillis + ";" + id;