feat: yubikey-ca-java

2023-05-20 12:22:19 +08:00
parent 6b16b6c365
commit ee50f598e0
7 changed files with 132 additions and 1 deletions
--- a/yubikey-ca-rs/Cargo.lock
+++ b/yubikey-ca-rs/Cargo.lock
--- a/yubikey-ca-rs/Cargo.toml
+++ b/yubikey-ca-rs/Cargo.toml
@@ -0,0 +1,12 @@
+[package]
+name = "yubikey-ca"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+picky = "6.3"
+rust_util = "0.6.41"
+yubikey = { version = "0.7", features = ["untested"] }
+zeroize = "1.6"
--- a/yubikey-ca-rs/src/main.rs
+++ b/yubikey-ca-rs/src/main.rs
@@ -0,0 +1,95 @@
+use picky::hash::HashAlgorithm;
+use picky::key::PrivateKey;
+use picky::signature::SignatureAlgorithm;
+use picky::x509::certificate::{CertificateBuilder, CertType};
+use picky::x509::date::UTCDate;
+use picky::x509::{Csr, KeyIdGenMethod};
+use picky::x509::name::DirectoryName;
+use rust_util::XResult;
+
+const root_key_pem_str: &'static str = "-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCkd2pFHVhY1jUE
+jWx1umIYStJSzeyippNiV0Igzi6eh7sKjzors/GJKG2MI8NOpKkavZ5qkJOj6sNL
+bFNBtNgif96k6qTmUI5JbUlbu1mrroku+ZM4oPoQ2gGiGdLkUjGIys/0Yt+OmauQ
+9Eno6uX8oZ9o2x9dNx6MZAKsFKbssyF0mMG6xDpHnoEuLYN5zlmooR9Cktjx0Il3
+5NchEs5RRGwixlvyKq2J3qRhalEKhkCNqbtQJ3n4/Eiia2v7Byt1c5dCoaVyxIl4
+AIpF/hY+or9O9E2LRLxeqh/0t2rCQm8JANYA+48+38UZGrQhAwp48ZWML4LuE3By
+7+yIj1MpAgMBAAECggEAErQV3MhKjMfHfb4LkJPipfqUUqBigdjJuAxOU+a+vH6Z
+EclaBzBOjpePZbmHc4EcThM0WdAZSjHfhctK6JUFY18BVeXtXNfaZpVMG2eB+hk+
+Np5hVLZR2erA9stTBW4nffP6lENOQyxMq45sfVWBVCqZM1aACZzEF5kkCKfMl+xU
+fEpK9w/LOZVWtA3PIqKvoj+S8x16iupFpikMJvcat1gYhpbaLt2S9rDPlSgIlpxF
+HJpzPqbQV7yJSYjtwAqx3LqgUbSEpXhRKEgckiNdtCzYVEcNipMGtEBwHZhSExnN
+5jGnhiqH+HVvSTJ/Qq3sFe1jEnwvj4ChQ4GpjTw9NQKBgQDPlPDUQPNJ+zVv/9dp
+/DTuV+Ne/HaqGOEsjADFTjlDGgDUx1M4cLsNf9o5JqmvHHLK4LFGX16F51ArIJ8f
+lcGWKTIARuwbQhs5u2wbze2AuZHjypYqsYIGglSS+UUGTnbrPatKryANupxQiOnd
+Uv7IsFQqg/iCaofO8dQhluDu8wKBgQDK0/wtCvtH1w5pTlTkEDSHNW1MxS9lRsD5
+FvCqMYo+bm8vHr4p8EC+xaMQynIe1WspQSGK/SYA/+JIO/W/U7RTikXhtuFSeiJe
+YgcXl8VMIfOKcz++bZybtjyZ3J8Fxe019d9/cPmxkheRDQVfVZWPPrBpsmc50Wg5
+u4m9lgMUcwKBgHNIp3tp2vPyZNofv1XoMMlR3D/LfGe5S4z+8AqkB99BWMbTMF+/
+E9NKdzqYQ1KyPPp5UVrg6lD5hyd8hYL4G7w2gsNun///dblZYpAKjOWZqfFVeJKb
+ZLgSt7+sWm5HM3owFKp0mhul0NxVPXSifEeezg+SnXhoi6Yd3g8NiTyLAoGAMr/j
+4ylSQmFu+65b00yyt/oIRSM5fq+7bRfuU8ddfc2ICFQ65Kd2q8UrzfG5qDliPMpN
+KEe7EJj193j5PkwlXJnGbnmh208v9km02JRjC2+bTlMT6gPnIZbxhtYK/BjQB6Zj
+q7GK6IFTYDnP1FDHwTXAUlIPPgpFd9yS1FsKnj0CgYABMsHhjwTH2WNmG8EcrfMJ
+4bs1RvJK0UM4k7EVFXoZb9PqTKTdXeiPkIqX9FBqs5FLRKKFTA9VkI/m/5FbP1pu
+kSvHNwF67xzFi/QC4/oKNdZ2TPuiskxY0hSr9LKPIj0x4vhpbLEqmmPnnoE1gBdU
+/LCUqlcJNNtk6/sN/IShpw==
+-----END PRIVATE KEY-----";
+
+const intermediate_key_pem_str: &'static str = root_key_pem_str;
+const leaf_key_pem_str: &'static str = root_key_pem_str;
+
+fn main() -> XResult<()> {
+    let root_key = PrivateKey::from_pem_str(root_key_pem_str)?;
+
+    let root = CertificateBuilder::new()
+        .validity(UTCDate::ymd(2020, 9, 28).unwrap(),
+                  UTCDate::ymd(2023, 9, 28).unwrap())
+        .self_signed(DirectoryName::new_common_name("My Root CA"), &root_key)
+        .ca(true)
+        .signature_hash_type(SignatureAlgorithm::RsaPkcs1v15(HashAlgorithm::SHA2_512))
+        .key_id_gen_method(KeyIdGenMethod::SPKFullDER(HashAlgorithm::SHA2_384))
+        .build()?;
+    assert_eq!(root.ty(), CertType::Root);
+    println!("{}", root.to_pem().unwrap());
+
+
+    let intermediate_key = PrivateKey::from_pem_str(intermediate_key_pem_str)?;
+
+    let intermediate = CertificateBuilder::new()
+        .validity(UTCDate::ymd(2020, 10, 15).unwrap(),
+                  UTCDate::ymd(2021, 10, 15).unwrap())
+        .subject(DirectoryName::new_common_name("My Authority"),
+                 intermediate_key.to_public_key())
+        .issuer_cert(&root, &root_key)
+        .signature_hash_type(SignatureAlgorithm::RsaPkcs1v15(HashAlgorithm::SHA2_224))
+        .key_id_gen_method(KeyIdGenMethod::SPKValueHashedLeftmost160(HashAlgorithm::SHA1))
+        .ca(true)
+        .pathlen(0)
+        .build()?;
+    assert_eq!(intermediate.ty(), CertType::Intermediate);
+    println!("{}", intermediate.to_pem().unwrap());
+
+
+    let leaf_key = PrivateKey::from_pem_str(leaf_key_pem_str)?;
+
+    let csr = Csr::generate(
+        DirectoryName::new_common_name("My Leaf"),
+        &leaf_key,
+        SignatureAlgorithm::RsaPkcs1v15(HashAlgorithm::SHA1),
+    )?;
+
+    let signed_leaf = CertificateBuilder::new()
+        .validity(UTCDate::ymd(2020, 11, 1).unwrap(),
+                  UTCDate::ymd(2021, 1, 1).unwrap())
+        .subject_from_csr(csr)
+        .issuer_cert(&intermediate, &intermediate_key)
+        .signature_hash_type(SignatureAlgorithm::RsaPkcs1v15(HashAlgorithm::SHA2_384))
+        .key_id_gen_method(KeyIdGenMethod::SPKFullDER(HashAlgorithm::SHA2_512))
+        .build()?;
+
+    assert_eq!(signed_leaf.ty(), CertType::Leaf);
+    println!("{}", signed_leaf.to_pem().unwrap());
+
+    Ok(())
+}