Skip to content

Commit

Permalink
PIV: Make PUBLIC-KEY optional when generating certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
@dainnilsson
dainnilsson committed Aug 6, 2024
1 parent ac60ca9 commit 334ac5e
Showing 1 changed file with 10 additions and 3 deletions.
13 changes: 10 additions & 3 deletions ykman/_cli/piv.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1120,7 +1120,9 @@ def export_certificate(ctx, format, slot, certificate):
@click_management_key_option
@click_pin_option
@click_slot_argument
@click.argument("public-key", type=click.File("rb"), metavar="PUBLIC-KEY")
@click.argument(
"public-key", type=click.File("rb"), metavar="PUBLIC-KEY", required=False
)
@click.option(
"-s",
"--subject",
Expand Down Expand Up @@ -1164,8 +1166,13 @@ def generate_certificate(
except NotSupportedError:
timeout = 1.0

data = public_key.read()
public_key = serialization.load_pem_public_key(data, default_backend())
if public_key:
data = public_key.read()
public_key = serialization.load_pem_public_key(data, default_backend())
elif session.version < (5, 4, 0):
raise CliFail("PUBLIC-KEY required for YubiKey prior to 5.4.")
else:
public_key = session.get_slot_metadata(slot).public_key

now = datetime.datetime.now(datetime.timezone.utc)
valid_to = now + datetime.timedelta(days=valid_days)
Expand Down

0 comments on commit 334ac5e

Please sign in to comment.