Interface OpenSshCertificate
-
- All Superinterfaces:
javax.security.auth.Destroyable
,java.security.Key
,java.security.PrivateKey
,java.security.PublicKey
,java.io.Serializable
- All Known Implementing Classes:
OpenSshCertificateImpl
public interface OpenSshCertificate extends java.security.PublicKey, java.security.PrivateKey
An OpenSSH certificate key as specified by OpenSSH.- See Also:
- PROTOCOL.certkeys
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static class
OpenSshCertificate.CertificateOption
Certificate Options are a set of bytes that isstatic class
OpenSshCertificate.Type
OpenSshCertificate
s have a type indicating whether the certificate if for a host key (certifying a host identity) or for a user key (certifying a user identity).
-
Field Summary
Fields Modifier and Type Field Description static long
INFINITY
The maximumgetValidAfter()
orgetValidBefore()
value.static long
MIN_EPOCH
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Modifier and Type Method Description java.security.PublicKey
getCaPubKey()
Retrieves the CA public key of this certificate.java.security.PublicKey
getCertPubKey()
Retrieves the certified public key.java.util.List<OpenSshCertificate.CertificateOption>
getCriticalOptions()
Retrieves the critical options set in the certificate.java.util.List<OpenSshCertificate.CertificateOption>
getExtensions()
Retrieves the extensions set in the certificate.java.lang.String
getId()
Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.java.lang.String
getKeyType()
Retrieves the SSH key type of this certificate.byte[]
getMessage()
Retrieves the raw byte content of the certificate, minus the signature.byte[]
getNonce()
Retrieves the nonce of this certificate.java.util.Collection<java.lang.String>
getPrincipals()
Retrieves the principals mentioned in the certificate.java.lang.String
getRawKeyType()
Retrieves the raw SSH key type of this certificate.byte[]
getRawSignature()
Retrieves the raw signature bytes, without the signature algorithm.java.lang.String
getReserved()
Retrieves the "reserved" field of the certificate.long
getSerial()
Retrieves the serial number of this certificate.byte[]
getSignature()
Retrieves the signature of the certificate, including the signature algorithm.java.lang.String
getSignatureAlgorithm()
Retrieves the signature algorithm used for the signature.OpenSshCertificate.Type
getType()
Retrieves the type of certificate.long
getValidAfter()
Retrieves the time in number of seconds since theInstant.EPOCH
at which this certificate becomes or became valid.long
getValidBefore()
Retrieves the time in number of seconds since theInstant.EPOCH
at which this certificate becomes or became invalid.static boolean
isValidNow(OpenSshCertificate cert)
Determines whether the givenOpenSshCertificate
is valid at the current local system time.
-
-
-
Field Detail
-
MIN_EPOCH
static final long MIN_EPOCH
- See Also:
- Constant Field Values
-
INFINITY
static final long INFINITY
The maximumgetValidAfter()
orgetValidBefore()
value.Note that timestamps in OpenSSH certificates are unsigned 64-bit values.
-
-
Method Detail
-
getRawKeyType
java.lang.String getRawKeyType()
Retrieves the raw SSH key type of this certificate.- Returns:
- the key type, for instance "ssh-rsa" for a "ssh-rsa-cert-v01@openssh.com" certificate
-
getNonce
byte[] getNonce()
Retrieves the nonce of this certificate.- Returns:
- the nonce.
-
getKeyType
java.lang.String getKeyType()
Retrieves the SSH key type of this certificate.- Returns:
- the key type, for instance "ssh-rsa-cert-v01@openssh.com"
-
getCertPubKey
java.security.PublicKey getCertPubKey()
Retrieves the certified public key.- Returns:
- the
PublicKey
-
getSerial
long getSerial()
Retrieves the serial number of this certificate.- Returns:
- the serial number
-
getType
OpenSshCertificate.Type getType()
Retrieves the type of certificate.- Returns:
- the
OpenSshCertificate.Type
-
getId
java.lang.String getId()
Retrieves a free-form text set by the CA when the certificate was generated; intended to identify the identity principal in log message.- Returns:
- the id; never
null
but may be empty.
-
getPrincipals
java.util.Collection<java.lang.String> getPrincipals()
Retrieves the principals mentioned in the certificate.- Returns:
- the collection of principals, never
null
but possibly empty
-
getValidAfter
long getValidAfter()
Retrieves the time in number of seconds since theInstant.EPOCH
at which this certificate becomes or became valid.- Returns:
- the number of seconds since the
Instant.EPOCH
as an unsigned 64bit value - See Also:
isValidNow(OpenSshCertificate)
-
getValidBefore
long getValidBefore()
Retrieves the time in number of seconds since theInstant.EPOCH
at which this certificate becomes or became invalid.- Returns:
- the number of seconds since the
Instant.EPOCH
as an unsigned 64bit value - See Also:
isValidNow(OpenSshCertificate)
-
getCriticalOptions
java.util.List<OpenSshCertificate.CertificateOption> getCriticalOptions()
Retrieves the critical options set in the certificate.- Returns:
- the critical options as a list, never
null
but possibly empty
-
getExtensions
java.util.List<OpenSshCertificate.CertificateOption> getExtensions()
Retrieves the extensions set in the certificate.- Returns:
- the extensions as a list, never
null
but possibly empty
-
getReserved
java.lang.String getReserved()
Retrieves the "reserved" field of the certificate. OpenSSH currently doesn't use it and ignores it.- Returns:
- the "reserved" field.
-
getCaPubKey
java.security.PublicKey getCaPubKey()
Retrieves the CA public key of this certificate.- Returns:
- the
PublicKey
-
getMessage
byte[] getMessage()
Retrieves the raw byte content of the certificate, minus the signature. This is the data that was signed.- Returns:
- the part of the certificate raw data that was signed
-
getSignature
byte[] getSignature()
Retrieves the signature of the certificate, including the signature algorithm.- Returns:
- the signature bytes
- See Also:
getRawSignature()
-
getSignatureAlgorithm
java.lang.String getSignatureAlgorithm()
Retrieves the signature algorithm used for the signature.- Returns:
- the signature algorithm as recorded in the certificate
-
getRawSignature
byte[] getRawSignature()
Retrieves the raw signature bytes, without the signature algorithm.- Returns:
- the signature bytes
- See Also:
getSignature()
-
isValidNow
static boolean isValidNow(OpenSshCertificate cert)
Determines whether the givenOpenSshCertificate
is valid at the current local system time.- Parameters:
cert
- to check- Returns:
true
if the certificate is valid according to its timestamps,false
otherwise
-
-