Package org.apache.sshd.certificate
Class OpenSshCertificateBuilder
- java.lang.Object
-
- org.apache.sshd.certificate.OpenSshCertificateBuilder
-
public class OpenSshCertificateBuilder extends java.lang.Object
Holds all the data necessary to create a signed OpenSSH Certificate
-
-
Field Summary
Fields Modifier and Type Field Description protected java.util.List<OpenSshCertificate.CertificateOption>
criticalOptions
protected java.util.List<OpenSshCertificate.CertificateOption>
extensions
protected java.lang.String
id
protected byte[]
nonce
protected java.util.Collection<java.lang.String>
principals
protected java.security.PublicKey
publicKey
protected long
serial
protected static java.util.Map<java.lang.String,java.lang.String>
SIGNATURE_ALGORITHM_MAP
protected OpenSshCertificate.Type
type
protected long
validAfter
protected long
validBefore
-
Constructor Summary
Constructors Modifier Constructor Description protected
OpenSshCertificateBuilder(OpenSshCertificate.Type type)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description OpenSshCertificateBuilder
criticalOptions(java.util.List<OpenSshCertificate.CertificateOption> criticalOptions)
OpenSshCertificateBuilder
extensions(java.util.List<OpenSshCertificate.CertificateOption> extensions)
static OpenSshCertificateBuilder
hostCertificate()
OpenSshCertificateBuilder
id(java.lang.String id)
private java.util.List<OpenSshCertificate.CertificateOption>
lexicallyOrderOptions(java.util.List<OpenSshCertificate.CertificateOption> options)
Lexically orders certificate options by name.OpenSshCertificateBuilder
nonce(byte[] nonce)
OpenSshCertificateBuilder
principals(java.util.Collection<java.lang.String> principals)
OpenSshCertificateBuilder
publicKey(java.security.PublicKey publicKey)
OpenSshCertificateBuilder
serial(long serial)
OpenSshCertificate
sign(java.security.KeyPair caKeypair)
Creates a certificate signed with the given CA key.OpenSshCertificate
sign(java.security.KeyPair caKeypair, java.lang.String signatureAlgorithm)
Creates a certificate signed with the given CA key using the specified signature algorithm.static OpenSshCertificateBuilder
userCertificate()
OpenSshCertificateBuilder
validAfter(long validAfter)
OpenSshCertificateBuilder
validAfter(java.time.Instant validAfter)
If null, usesOpenSshCertificate.MIN_EPOCH
protected void
validate()
private void
validateOptions(java.util.List<OpenSshCertificate.CertificateOption> options)
Validates that there are no duplicate options.OpenSshCertificateBuilder
validBefore(long validBefore)
OpenSshCertificateBuilder
validBefore(java.time.Instant validBefore)
If null, usesOpenSshCertificate.INFINITY
-
-
-
Field Detail
-
SIGNATURE_ALGORITHM_MAP
protected static final java.util.Map<java.lang.String,java.lang.String> SIGNATURE_ALGORITHM_MAP
-
type
protected final OpenSshCertificate.Type type
-
publicKey
protected java.security.PublicKey publicKey
-
serial
protected long serial
-
id
protected java.lang.String id
-
principals
protected java.util.Collection<java.lang.String> principals
-
criticalOptions
protected java.util.List<OpenSshCertificate.CertificateOption> criticalOptions
-
extensions
protected java.util.List<OpenSshCertificate.CertificateOption> extensions
-
validAfter
protected long validAfter
-
validBefore
protected long validBefore
-
nonce
protected byte[] nonce
-
-
Constructor Detail
-
OpenSshCertificateBuilder
protected OpenSshCertificateBuilder(OpenSshCertificate.Type type)
-
-
Method Detail
-
userCertificate
public static OpenSshCertificateBuilder userCertificate()
-
hostCertificate
public static OpenSshCertificateBuilder hostCertificate()
-
publicKey
public OpenSshCertificateBuilder publicKey(java.security.PublicKey publicKey)
-
serial
public OpenSshCertificateBuilder serial(long serial)
-
id
public OpenSshCertificateBuilder id(java.lang.String id)
-
principals
public OpenSshCertificateBuilder principals(java.util.Collection<java.lang.String> principals)
-
criticalOptions
public OpenSshCertificateBuilder criticalOptions(java.util.List<OpenSshCertificate.CertificateOption> criticalOptions)
-
extensions
public OpenSshCertificateBuilder extensions(java.util.List<OpenSshCertificate.CertificateOption> extensions)
-
validAfter
public OpenSshCertificateBuilder validAfter(long validAfter)
-
nonce
public OpenSshCertificateBuilder nonce(byte[] nonce)
-
validAfter
public OpenSshCertificateBuilder validAfter(java.time.Instant validAfter)
If null, usesOpenSshCertificate.MIN_EPOCH
- Parameters:
validAfter
-Instant
to use for validBefore- Returns:
- Self reference
-
validBefore
public OpenSshCertificateBuilder validBefore(long validBefore)
-
validBefore
public OpenSshCertificateBuilder validBefore(java.time.Instant validBefore)
If null, usesOpenSshCertificate.INFINITY
- Parameters:
validBefore
-Instant
to use for validBefore- Returns:
- Self reference
-
validate
protected void validate()
-
sign
public OpenSshCertificate sign(java.security.KeyPair caKeypair) throws java.lang.Exception
Creates a certificate signed with the given CA key. For RSA keys "rsa-sha2-512" is used for the signature.- Parameters:
caKeypair
- CA key used to sign- Returns:
- the signed certificate
- Throws:
java.lang.Exception
- if an error occurred
-
sign
public OpenSshCertificate sign(java.security.KeyPair caKeypair, java.lang.String signatureAlgorithm) throws java.lang.Exception
Creates a certificate signed with the given CA key using the specified signature algorithm. If a signature algorithm is given, it must be appropriate for the CA key type, otherwise an exception is thrown. IfsignatureAlgorithm == null
, an appropriate signature algorithm is chosen automatically, for RSA keys "rsa-sha2-512" is used then.- Parameters:
caKeypair
- CA key used to signsignatureAlgorithm
- to use; ifnull
automatically chosen based on the CA key type- Returns:
- the signed certificate
- Throws:
java.lang.Exception
- if an error occurred
-
validateOptions
private void validateOptions(java.util.List<OpenSshCertificate.CertificateOption> options)
Validates that there are no duplicate options.- Parameters:
options
- the options to check- Throws:
java.lang.IllegalArgumentException
- if there are duplicates
-
lexicallyOrderOptions
private java.util.List<OpenSshCertificate.CertificateOption> lexicallyOrderOptions(java.util.List<OpenSshCertificate.CertificateOption> options)
Lexically orders certificate options by name.- Parameters:
options
- the options to order- Returns:
- a list containing the options in lexical order
-
-