From e0c615dbd08f896900031ec7ea2a41ec0156f99b Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Fri, 3 Nov 2023 21:44:05 +0800
Subject: [PATCH] feat: v0.2.1

---
 yubikey-ca-java/README.md                           | 13 +++++++++++++
 .../hatter/tools/yubikeyca/YubikeyCaConstant.java   |  2 +-
 .../me/hatter/tools/yubikeyca/YubikeyCaMain.java    | 11 +++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/yubikey-ca-java/README.md b/yubikey-ca-java/README.md
index 3774705..3457a8e 100644
--- a/yubikey-ca-java/README.md
+++ b/yubikey-ca-java/README.md
@@ -4,11 +4,24 @@ ENV:
 * SIGN_REQUEST_SLOT - Sign request slot, default `82`
 
 # Generate Keypair
+> Generate `secp256r1` or `secp384r1` keypair
 
 ```shell
 $ java -jar yubikey-ca-java.jar --generate-keypair --keypair-type secp256r1
 ```
 
+# Write Keypair to Yubikey
+
+## Write private key to Yubikey
+```shell
+$ ykman piv keys import --pin-policy ONCE --touch-policy CACHED $SLOT$ private.pem
+```
+
+## Write public key to Yubikey and generate certificate
+```shell
+$ ykman piv certificates generate $SLOT$ public.pem -s 'O=Org,OU=OrgUnit,CN=CommonName'
+```
+
 # Issue ROOT CA
 
 ```shell
diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java
index 9632cb1..8390ff1 100644
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaConstant.java
@@ -2,5 +2,5 @@ package me.hatter.tools.yubikeyca;
 
 public interface YubikeyCaConstant {
     String NAME = "yubikey-ca";
-    String VERSION = "0.2.0";
+    String VERSION = "0.2.1";
 }
diff --git a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
index 24460c6..d2552ca 100644
--- a/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
+++ b/yubikey-ca-java/src/main/java/me/hatter/tools/yubikeyca/YubikeyCaMain.java
@@ -1,5 +1,6 @@
 package me.hatter.tools.yubikeyca;
 
+import me.hatter.tools.commons.io.RFile;
 import me.hatter.tools.commons.log.LogConfig;
 import me.hatter.tools.commons.log.LogTool;
 import me.hatter.tools.commons.log.LogTools;
@@ -186,6 +187,16 @@ public class YubikeyCaMain {
 
         System.out.println("Private key:\n" + KeyUtil.serializePrivateKeyToPEM(keyPair.getPrivate()) + "\n");
         System.out.println("Public key: \n" + KeyUtil.serializePublicKeyToPEM(keyPair.getPublic()) + "\n");
+
+        final RFile privateKeyFile = RFile.from("private.pem");
+        final RFile publicKeyFile = RFile.from("public.pem");
+        if (privateKeyFile.exists() || publicKeyFile.exists()) {
+            log.error("Key files exists (private.pem or public.pem).");
+            return;
+        }
+        privateKeyFile.write(KeyUtil.serializePrivateKeyToPEM(keyPair.getPrivate()) + "\n");
+        publicKeyFile.write(KeyUtil.serializePublicKeyToPEM(keyPair.getPublic()) + "\n");
+        log.info("Write files succeed: private.pem and public.pem");
     }
 
     private static PKType getPkTypeFromArgs(YubikeyCaArgs args) {